20850176387

Committed 09 Jan 2026 11:16AM UTC coverage: 90.428% (+0.005%) from 90.423%

Build # 20850176387

Build Type

Pull #5221

github

Committed by

web-flow

Commit Message

Merge cb0176e4e into 46ea9a2a3

Pull Request Pull Request #5221: FFI: Allow querying more X.509 Certificate Constraints

Run Details

101685 of 112449 relevant lines covered (90.43%)

12886206.41 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.75

/src/lib/ffi/ffi_cert.cpp

/*
* (C) 2015,2017,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/ffi.h>

#include <botan/internal/ffi_pkey.h>
#include <botan/internal/ffi_util.h>
#include <memory>

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   #include <botan/data_src.h>
   #include <botan/x509_crl.h>
   #include <botan/x509cert.h>
   #include <botan/x509path.h>
#endif

extern "C" {

using namespace Botan_FFI;

#if defined(BOTAN_HAS_X509_CERTIFICATES)

BOTAN_FFI_DECLARE_STRUCT(botan_x509_cert_struct, Botan::X509_Certificate, 0x8F628937);

#endif

int botan_x509_cert_load_file(botan_x509_cert_t* cert_obj, const char* cert_path) {
   if(cert_obj == nullptr || cert_path == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)

   return ffi_guard_thunk(__func__, [=]() -> int {
      auto c = std::make_unique<Botan::X509_Certificate>(cert_path);
      return ffi_new_object(cert_obj, std::move(c));
   });

#else
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_dup(botan_x509_cert_t* cert_obj, botan_x509_cert_t cert) {
   if(cert_obj == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)

   return ffi_guard_thunk(__func__, [=]() -> int {
      auto c = std::make_unique<Botan::X509_Certificate>(safe_get(cert));
      return ffi_new_object(cert_obj, std::move(c));
   });

#else
   BOTAN_UNUSED(cert);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_load(botan_x509_cert_t* cert_obj, const uint8_t cert_bits[], size_t cert_bits_len) {
   if(cert_obj == nullptr || cert_bits == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return ffi_guard_thunk(__func__, [=]() -> int {
      Botan::DataSource_Memory bits(cert_bits, cert_bits_len);
      auto c = std::make_unique<Botan::X509_Certificate>(bits);
      return ffi_new_object(cert_obj, std::move(c));
   });
#else
   BOTAN_UNUSED(cert_bits_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_is_ca(botan_x509_cert_t cert) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.is_CA_cert() ? BOTAN_FFI_SUCCESS : 1; });
#else
   BOTAN_UNUSED(cert);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_path_length_constraint(botan_x509_cert_t cert, size_t* path_limit) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
      if(Botan::any_null_pointers(path_limit)) {
         return BOTAN_FFI_ERROR_NULL_POINTER;
      }

      if(const auto path_len = c.path_length_constraint()) {
         *path_limit = path_len.value();
         return BOTAN_FFI_SUCCESS;
      } else {
         return BOTAN_FFI_ERROR_NO_VALUE;
      }
   });
#else
   BOTAN_UNUSED(cert, path_limit);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t* key) {
   if(key == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

   *key = nullptr;

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return ffi_guard_thunk(__func__, [=]() -> int {
      auto public_key = safe_get(cert).subject_public_key();
      return ffi_new_object(key, std::move(public_key));
   });
#else
   BOTAN_UNUSED(cert);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_issuer_dn(
   botan_x509_cert_t cert, const char* key, size_t index, uint8_t out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
      auto issuer_info = c.issuer_info(key);
      if(index < issuer_info.size()) {
         // TODO(Botan4) change the type of out and remove this cast
         return write_str_output(reinterpret_cast<char*>(out), out_len, c.issuer_info(key).at(index));
      } else {
         return BOTAN_FFI_ERROR_BAD_PARAMETER;
      }
   });
#else
   BOTAN_UNUSED(cert, key, index, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_subject_dn(
   botan_x509_cert_t cert, const char* key, size_t index, uint8_t out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
      auto subject_info = c.subject_info(key);
      if(index < subject_info.size()) {
         // TODO(Botan4) change the type of out and remove this cast
         return write_str_output(reinterpret_cast<char*>(out), out_len, c.subject_info(key).at(index));
      } else {
         return BOTAN_FFI_ERROR_BAD_PARAMETER;
      }
   });
#else
   BOTAN_UNUSED(cert, key, index, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_to_string(botan_x509_cert_t cert, char out[], size_t* out_len) {
   return copy_view_str(reinterpret_cast<uint8_t*>(out), out_len, botan_x509_cert_view_as_string, cert);
}

int botan_x509_cert_view_as_string(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return invoke_view_callback(view, ctx, c.to_string()); });
#else
   BOTAN_UNUSED(cert, ctx, view);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {
      const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
      if(c.allowed_usage(k)) {
         return BOTAN_FFI_SUCCESS;
      }
      return 1;
   });
#else
   BOTAN_UNUSED(cert, key_usage);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_allowed_extended_usage(botan_x509_cert_t cert, const char* oid) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int { return c.has_ex_constraint(oid) ? BOTAN_FFI_SUCCESS : 1; });
#else
   BOTAN_UNUSED(cert, oid);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_destroy(botan_x509_cert_t cert) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_CHECKED_DELETE(cert);
#else
   BOTAN_UNUSED(cert);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_time_starts(botan_x509_cert_t cert, char out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert,
                          [=](const auto& c) { return write_str_output(out, out_len, c.not_before().to_string()); });
#else
   BOTAN_UNUSED(cert, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_time_expires(botan_x509_cert_t cert, char out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert,
                          [=](const auto& c) { return write_str_output(out, out_len, c.not_after().to_string()); });
#else
   BOTAN_UNUSED(cert, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_not_before(botan_x509_cert_t cert, uint64_t* time_since_epoch) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_before().time_since_epoch(); });
#else
   BOTAN_UNUSED(cert, time_since_epoch);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_not_after(botan_x509_cert_t cert, uint64_t* time_since_epoch) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_after().time_since_epoch(); });
#else
   BOTAN_UNUSED(cert, time_since_epoch);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_serial_number(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.serial_number()); });
#else
   BOTAN_UNUSED(cert, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_fingerprint(botan_x509_cert_t cert, const char* hash, uint8_t out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   // TODO(Botan4) change the type of out and remove this cast

   return BOTAN_FFI_VISIT(cert, [=](const auto& c) {
      return write_str_output(reinterpret_cast<char*>(out), out_len, c.fingerprint(hash));
   });
#else
   BOTAN_UNUSED(cert, hash, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_authority_key_id(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.authority_key_id()); });
#else
   BOTAN_UNUSED(cert, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_subject_key_id(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.subject_key_id()); });
#else
   BOTAN_UNUSED(cert, out, out_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {
   return copy_view_bin(out, out_len, botan_x509_cert_view_public_key_bits, cert);
}

int botan_x509_cert_view_public_key_bits(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert,
                          [=](const auto& c) { return invoke_view_callback(view, ctx, c.subject_public_key_bits()); });
#else
   BOTAN_UNUSED(cert, ctx, view);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char* hostname) {
   if(hostname == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.matches_dns_name(hostname) ? 0 : -1; });
#else
   BOTAN_UNUSED(cert);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_verify(int* result_code,
                           botan_x509_cert_t cert,
                           const botan_x509_cert_t* intermediates,
                           size_t intermediates_len,
                           const botan_x509_cert_t* trusted,
                           size_t trusted_len,
                           const char* trusted_path,
                           size_t required_strength,
                           const char* hostname_cstr,
                           uint64_t reference_time) {
   if(required_strength == 0) {
      required_strength = 110;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return ffi_guard_thunk(__func__, [=]() -> int {
      const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
      const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;
      const auto validation_time = reference_time == 0
                                      ? std::chrono::system_clock::now()
                                      : std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));

      std::vector<Botan::X509_Certificate> end_certs;
      end_certs.push_back(safe_get(cert));
      for(size_t i = 0; i != intermediates_len; ++i) {
         end_certs.push_back(safe_get(intermediates[i]));
      }

      std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
      std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
      std::vector<Botan::Certificate_Store*> trusted_roots;

      if(trusted_path != nullptr && *trusted_path != 0) {
         trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
         trusted_roots.push_back(trusted_from_path.get());
      }

      if(trusted_len > 0) {
         trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
         for(size_t i = 0; i != trusted_len; ++i) {
            trusted_extra->add_certificate(safe_get(trusted[i]));
         }
         trusted_roots.push_back(trusted_extra.get());
      }

      const Botan::Path_Validation_Restrictions restrictions(false, required_strength);

      auto validation_result =
         Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);

      if(result_code != nullptr) {
         *result_code = static_cast<int>(validation_result.result());
      }

      if(validation_result.successful_validation()) {
         return 0;
      } else {
         return 1;
      }
   });
#else
   BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
   BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

const char* botan_x509_cert_validation_status(int code) {
   if(code < 0) {
      return nullptr;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   const Botan::Certificate_Status_Code sc = static_cast<Botan::Certificate_Status_Code>(code);
   return Botan::to_string(sc);
#else
   return nullptr;
#endif
}

#if defined(BOTAN_HAS_X509_CERTIFICATES)

BOTAN_FFI_DECLARE_STRUCT(botan_x509_crl_struct, Botan::X509_CRL, 0x2C628910);

#endif

int botan_x509_crl_load_file(botan_x509_crl_t* crl_obj, const char* crl_path) {
   if(crl_obj == nullptr || crl_path == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)

   return ffi_guard_thunk(__func__, [=]() -> int {
      auto c = std::make_unique<Botan::X509_CRL>(crl_path);
      return ffi_new_object(crl_obj, std::move(c));
   });

#else
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_crl_load(botan_x509_crl_t* crl_obj, const uint8_t crl_bits[], size_t crl_bits_len) {
   if(crl_obj == nullptr || crl_bits == nullptr) {
      return BOTAN_FFI_ERROR_NULL_POINTER;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return ffi_guard_thunk(__func__, [=]() -> int {
      Botan::DataSource_Memory bits(crl_bits, crl_bits_len);
      auto c = std::make_unique<Botan::X509_CRL>(bits);
      return ffi_new_object(crl_obj, std::move(c));
   });
#else
   BOTAN_UNUSED(crl_bits_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_crl_destroy(botan_x509_crl_t crl) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_CHECKED_DELETE(crl);
#else
   BOTAN_UNUSED(crl);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_is_revoked(botan_x509_crl_t crl, botan_x509_cert_t cert) {
#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return BOTAN_FFI_VISIT(crl, [=](const auto& c) { return c.is_revoked(safe_get(cert)) ? 0 : -1; });
#else
   BOTAN_UNUSED(cert);
   BOTAN_UNUSED(crl);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}

int botan_x509_cert_verify_with_crl(int* result_code,
                                    botan_x509_cert_t cert,
                                    const botan_x509_cert_t* intermediates,
                                    size_t intermediates_len,
                                    const botan_x509_cert_t* trusted,
                                    size_t trusted_len,
                                    const botan_x509_crl_t* crls,
                                    size_t crls_len,
                                    const char* trusted_path,
                                    size_t required_strength,
                                    const char* hostname_cstr,
                                    uint64_t reference_time) {
   if(required_strength == 0) {
      required_strength = 110;
   }

#if defined(BOTAN_HAS_X509_CERTIFICATES)
   return ffi_guard_thunk(__func__, [=]() -> int {
      const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);
      const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;
      const auto validation_time = reference_time == 0
                                      ? std::chrono::system_clock::now()
                                      : std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));

      std::vector<Botan::X509_Certificate> end_certs;
      end_certs.push_back(safe_get(cert));
      for(size_t i = 0; i != intermediates_len; ++i) {
         end_certs.push_back(safe_get(intermediates[i]));
      }

      std::unique_ptr<Botan::Certificate_Store> trusted_from_path;
      std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;
      std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;
      std::vector<Botan::Certificate_Store*> trusted_roots;

      if(trusted_path != nullptr && *trusted_path != 0) {
         trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);
         trusted_roots.push_back(trusted_from_path.get());
      }

      if(trusted_len > 0) {
         trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();
         for(size_t i = 0; i != trusted_len; ++i) {
            trusted_extra->add_certificate(safe_get(trusted[i]));
         }
         trusted_roots.push_back(trusted_extra.get());
      }

      if(crls_len > 0) {
         trusted_crls = std::make_unique<Botan::Certificate_Store_In_Memory>();
         for(size_t i = 0; i != crls_len; ++i) {
            trusted_crls->add_crl(safe_get(crls[i]));
         }
         trusted_roots.push_back(trusted_crls.get());
      }

      const Botan::Path_Validation_Restrictions restrictions(false, required_strength);

      auto validation_result =
         Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);

      if(result_code != nullptr) {
         *result_code = static_cast<int>(validation_result.result());
      }

      if(validation_result.successful_validation()) {
         return 0;
      } else {
         return 1;
      }
   });
#else
   BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
   BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
   return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}
}

1	/*
2	* (C) 2015,2017,2018 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include <botan/ffi.h>
8
9	#include <botan/internal/ffi_pkey.h>
10	#include <botan/internal/ffi_util.h>
11	#include <memory>
12
13	#if defined(BOTAN_HAS_X509_CERTIFICATES)
14	#include <botan/data_src.h>
15	#include <botan/x509_crl.h>
16	#include <botan/x509cert.h>
17	#include <botan/x509path.h>
18	#endif
19
20	extern "C" {
21
22	using namespace Botan_FFI;
23
24	#if defined(BOTAN_HAS_X509_CERTIFICATES)
25
26	BOTAN_FFI_DECLARE_STRUCT(botan_x509_cert_struct, Botan::X509_Certificate, 0x8F628937);	27✔
27
28	#endif
29
30	int botan_x509_cert_load_file(botan_x509_cert_t* cert_obj, const char* cert_path) {	26✔
31	if(cert_obj == nullptr \|\| cert_path == nullptr) {	26✔
32	return BOTAN_FFI_ERROR_NULL_POINTER;
33	}
34
35	#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
36
37	return ffi_guard_thunk(__func__, [=]() -> int {	26✔
38	auto c = std::make_unique<Botan::X509_Certificate>(cert_path);	26✔
39	return ffi_new_object(cert_obj, std::move(c));	26✔
40	});	52✔
41
42	#else
43	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
44	#endif
45	}
46
47	int botan_x509_cert_dup(botan_x509_cert_t* cert_obj, botan_x509_cert_t cert) {	1✔
48	if(cert_obj == nullptr) {	1✔
49	return BOTAN_FFI_ERROR_NULL_POINTER;
50	}
51
52	#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
53
54	return ffi_guard_thunk(__func__, [=]() -> int {	1✔
55	auto c = std::make_unique<Botan::X509_Certificate>(safe_get(cert));	1✔
56	return ffi_new_object(cert_obj, std::move(c));	1✔
57	});	2✔
58
59	#else
60	BOTAN_UNUSED(cert);
61	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
62	#endif
63	}
64
65	int botan_x509_cert_load(botan_x509_cert_t* cert_obj, const uint8_t cert_bits[], size_t cert_bits_len) {	×
66	if(cert_obj == nullptr \|\| cert_bits == nullptr) {	×
67	return BOTAN_FFI_ERROR_NULL_POINTER;
68	}
69
70	#if defined(BOTAN_HAS_X509_CERTIFICATES)
71	return ffi_guard_thunk(__func__, [=]() -> int {	×
72	Botan::DataSource_Memory bits(cert_bits, cert_bits_len);	×
73	auto c = std::make_unique<Botan::X509_Certificate>(bits);	×
74	return ffi_new_object(cert_obj, std::move(c));	×
75	});	×
76	#else
77	BOTAN_UNUSED(cert_bits_len);
78	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
79	#endif
80	}
81
82	int botan_x509_cert_is_ca(botan_x509_cert_t cert) {	2✔
83	#if defined(BOTAN_HAS_X509_CERTIFICATES)
84	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.is_CA_cert() ? BOTAN_FFI_SUCCESS : 1; });	4✔
85	#else
86	BOTAN_UNUSED(cert);
87	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
88	#endif
89	}
90
91	int botan_x509_cert_get_path_length_constraint(botan_x509_cert_t cert, size_t* path_limit) {	2✔
92	#if defined(BOTAN_HAS_X509_CERTIFICATES)
93	return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {	4✔
94	if(Botan::any_null_pointers(path_limit)) {
95	return BOTAN_FFI_ERROR_NULL_POINTER;
96	}
97
98	if(const auto path_len = c.path_length_constraint()) {
99	*path_limit = path_len.value();
100	return BOTAN_FFI_SUCCESS;
101	} else {
102	return BOTAN_FFI_ERROR_NO_VALUE;
103	}
104	});
105	#else
106	BOTAN_UNUSED(cert, path_limit);
107	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
108	#endif
109	}
110
111	int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t* key) {	2✔
112	if(key == nullptr) {	2✔
113	return BOTAN_FFI_ERROR_NULL_POINTER;
114	}
115
116	*key = nullptr;	2✔
117
118	#if defined(BOTAN_HAS_X509_CERTIFICATES)
119	return ffi_guard_thunk(__func__, [=]() -> int {	2✔
120	auto public_key = safe_get(cert).subject_public_key();	2✔
121	return ffi_new_object(key, std::move(public_key));	2✔
122	});	4✔
123	#else
124	BOTAN_UNUSED(cert);
125	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
126	#endif
127	}
128
129	int botan_x509_cert_get_issuer_dn(	8✔
130	botan_x509_cert_t cert, const char* key, size_t index, uint8_t out[], size_t* out_len) {
131	#if defined(BOTAN_HAS_X509_CERTIFICATES)
132	return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {	16✔
133	auto issuer_info = c.issuer_info(key);
134	if(index < issuer_info.size()) {
135	// TODO(Botan4) change the type of out and remove this cast
136	return write_str_output(reinterpret_cast<char*>(out), out_len, c.issuer_info(key).at(index));
137	} else {
138	return BOTAN_FFI_ERROR_BAD_PARAMETER;
139	}
140	});
141	#else
142	BOTAN_UNUSED(cert, key, index, out, out_len);
143	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
144	#endif
145	}
146
147	int botan_x509_cert_get_subject_dn(	8✔
148	botan_x509_cert_t cert, const char* key, size_t index, uint8_t out[], size_t* out_len) {
149	#if defined(BOTAN_HAS_X509_CERTIFICATES)
150	return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {	16✔
151	auto subject_info = c.subject_info(key);
152	if(index < subject_info.size()) {
153	// TODO(Botan4) change the type of out and remove this cast
154	return write_str_output(reinterpret_cast<char*>(out), out_len, c.subject_info(key).at(index));
155	} else {
156	return BOTAN_FFI_ERROR_BAD_PARAMETER;
157	}
158	});
159	#else
160	BOTAN_UNUSED(cert, key, index, out, out_len);
161	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
162	#endif
163	}
164
165	int botan_x509_cert_to_string(botan_x509_cert_t cert, char out[], size_t* out_len) {	2✔
166	return copy_view_str(reinterpret_cast<uint8_t*>(out), out_len, botan_x509_cert_view_as_string, cert);	2✔
167	}
168
169	int botan_x509_cert_view_as_string(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_str_fn view) {	3✔
170	#if defined(BOTAN_HAS_X509_CERTIFICATES)
171	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return invoke_view_callback(view, ctx, c.to_string()); });	9✔
172	#else
173	BOTAN_UNUSED(cert, ctx, view);
174	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
175	#endif
176	}
177
178	int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage) {	7✔
179	#if defined(BOTAN_HAS_X509_CERTIFICATES)
180	return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int {	14✔
181	const Botan::Key_Constraints k = static_cast<Botan::Key_Constraints>(key_usage);
182	if(c.allowed_usage(k)) {
183	return BOTAN_FFI_SUCCESS;
184	}
185	return 1;
186	});
187	#else
188	BOTAN_UNUSED(cert, key_usage);
189	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
190	#endif
191	}
192
193	int botan_x509_cert_allowed_extended_usage(botan_x509_cert_t cert, const char* oid) {	12✔
194	#if defined(BOTAN_HAS_X509_CERTIFICATES)
195	return BOTAN_FFI_VISIT(cert, [=](const auto& c) -> int { return c.has_ex_constraint(oid) ? BOTAN_FFI_SUCCESS : 1; });	24✔
196	#else
197	BOTAN_UNUSED(cert, oid);
198	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
199	#endif
200	}
201
202	int botan_x509_cert_destroy(botan_x509_cert_t cert) {	27✔
203	#if defined(BOTAN_HAS_X509_CERTIFICATES)
204	return BOTAN_FFI_CHECKED_DELETE(cert);	27✔
205	#else
206	BOTAN_UNUSED(cert);
207	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
208	#endif
209	}
210
211	int botan_x509_cert_get_time_starts(botan_x509_cert_t cert, char out[], size_t* out_len) {	3✔
212	#if defined(BOTAN_HAS_X509_CERTIFICATES)
213	return BOTAN_FFI_VISIT(cert,	6✔
214	[=](const auto& c) { return write_str_output(out, out_len, c.not_before().to_string()); });
215	#else
216	BOTAN_UNUSED(cert, out, out_len);
217	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
218	#endif
219	}
220
221	int botan_x509_cert_get_time_expires(botan_x509_cert_t cert, char out[], size_t* out_len) {	2✔
222	#if defined(BOTAN_HAS_X509_CERTIFICATES)
223	return BOTAN_FFI_VISIT(cert,	4✔
224	[=](const auto& c) { return write_str_output(out, out_len, c.not_after().to_string()); });
225	#else
226	BOTAN_UNUSED(cert, out, out_len);
227	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
228	#endif
229	}
230
231	int botan_x509_cert_not_before(botan_x509_cert_t cert, uint64_t* time_since_epoch) {	2✔
232	#if defined(BOTAN_HAS_X509_CERTIFICATES)
233	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_before().time_since_epoch(); });	4✔
234	#else
235	BOTAN_UNUSED(cert, time_since_epoch);
236	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
237	#endif
238	}
239
240	int botan_x509_cert_not_after(botan_x509_cert_t cert, uint64_t* time_since_epoch) {	2✔
241	#if defined(BOTAN_HAS_X509_CERTIFICATES)
242	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { *time_since_epoch = c.not_after().time_since_epoch(); });	4✔
243	#else
244	BOTAN_UNUSED(cert, time_since_epoch);
245	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
246	#endif
247	}
248
249	int botan_x509_cert_get_serial_number(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {	3✔
250	#if defined(BOTAN_HAS_X509_CERTIFICATES)
251	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.serial_number()); });	6✔
252	#else
253	BOTAN_UNUSED(cert, out, out_len);
254	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
255	#endif
256	}
257
258	int botan_x509_cert_get_fingerprint(botan_x509_cert_t cert, const char* hash, uint8_t out[], size_t* out_len) {	3✔
259	#if defined(BOTAN_HAS_X509_CERTIFICATES)
260	// TODO(Botan4) change the type of out and remove this cast
261
262	return BOTAN_FFI_VISIT(cert, [=](const auto& c) {	6✔
263	return write_str_output(reinterpret_cast<char*>(out), out_len, c.fingerprint(hash));
264	});
265	#else
266	BOTAN_UNUSED(cert, hash, out, out_len);
267	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
268	#endif
269	}
270
271	int botan_x509_cert_get_authority_key_id(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {	1✔
272	#if defined(BOTAN_HAS_X509_CERTIFICATES)
273	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.authority_key_id()); });	2✔
274	#else
275	BOTAN_UNUSED(cert, out, out_len);
276	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
277	#endif
278	}
279
280	int botan_x509_cert_get_subject_key_id(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {	3✔
281	#if defined(BOTAN_HAS_X509_CERTIFICATES)
282	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return write_vec_output(out, out_len, c.subject_key_id()); });	6✔
283	#else
284	BOTAN_UNUSED(cert, out, out_len);
285	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
286	#endif
287	}
288
289	int botan_x509_cert_get_public_key_bits(botan_x509_cert_t cert, uint8_t out[], size_t* out_len) {	2✔
290	return copy_view_bin(out, out_len, botan_x509_cert_view_public_key_bits, cert);	2✔
291	}
292
293	int botan_x509_cert_view_public_key_bits(botan_x509_cert_t cert, botan_view_ctx ctx, botan_view_bin_fn view) {	3✔
294	#if defined(BOTAN_HAS_X509_CERTIFICATES)
295	return BOTAN_FFI_VISIT(cert,	6✔
296	[=](const auto& c) { return invoke_view_callback(view, ctx, c.subject_public_key_bits()); });
297	#else
298	BOTAN_UNUSED(cert, ctx, view);
299	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
300	#endif
301	}
302
303	int botan_x509_cert_hostname_match(botan_x509_cert_t cert, const char* hostname) {	6✔
304	if(hostname == nullptr) {	6✔
305	return BOTAN_FFI_ERROR_NULL_POINTER;
306	}
307
308	#if defined(BOTAN_HAS_X509_CERTIFICATES)
309	return BOTAN_FFI_VISIT(cert, [=](const auto& c) { return c.matches_dns_name(hostname) ? 0 : -1; });	12✔
310	#else
311	BOTAN_UNUSED(cert);
312	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
313	#endif
314	}
315
316	int botan_x509_cert_verify(int* result_code,	4✔
317	botan_x509_cert_t cert,
318	const botan_x509_cert_t* intermediates,
319	size_t intermediates_len,
320	const botan_x509_cert_t* trusted,
321	size_t trusted_len,
322	const char* trusted_path,
323	size_t required_strength,
324	const char* hostname_cstr,
325	uint64_t reference_time) {
326	if(required_strength == 0) {	4✔
327	required_strength = 110;	3✔
328	}
329
330	#if defined(BOTAN_HAS_X509_CERTIFICATES)
331	return ffi_guard_thunk(__func__, [=]() -> int {	4✔
332	const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);	4✔
333	const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;	4✔
334	const auto validation_time = reference_time == 0	4✔
335	? std::chrono::system_clock::now()	4✔
336	: std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));	×
337
338	std::vector<Botan::X509_Certificate> end_certs;	4✔
339	end_certs.push_back(safe_get(cert));	4✔
340	for(size_t i = 0; i != intermediates_len; ++i) {	9✔
341	end_certs.push_back(safe_get(intermediates[i]));	5✔
342	}
343
344	std::unique_ptr<Botan::Certificate_Store> trusted_from_path;	4✔
345	std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;	4✔
346	std::vector<Botan::Certificate_Store*> trusted_roots;	4✔
347
348	if(trusted_path != nullptr && *trusted_path != 0) {	4✔
349	trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);	×
350	trusted_roots.push_back(trusted_from_path.get());	×
351	}
352
353	if(trusted_len > 0) {	4✔
354	trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();	8✔
355	for(size_t i = 0; i != trusted_len; ++i) {	8✔
356	trusted_extra->add_certificate(safe_get(trusted[i]));	4✔
357	}
358	trusted_roots.push_back(trusted_extra.get());	4✔
359	}
360
361	const Botan::Path_Validation_Restrictions restrictions(false, required_strength);	8✔
362
363	auto validation_result =	4✔
364	Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);	4✔
365
366	if(result_code != nullptr) {	4✔
367	*result_code = static_cast<int>(validation_result.result());	4✔
368	}
369
370	if(validation_result.successful_validation()) {	4✔
371	return 0;
372	} else {
373	return 1;	3✔
374	}
375	});	4✔
376	#else
377	BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
378	BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time);
379	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
380	#endif
381	}
382
383	const char* botan_x509_cert_validation_status(int code) {	11✔
384	if(code < 0) {	11✔
385	return nullptr;
386	}
387
388	#if defined(BOTAN_HAS_X509_CERTIFICATES)
389	const Botan::Certificate_Status_Code sc = static_cast<Botan::Certificate_Status_Code>(code);	11✔
390	return Botan::to_string(sc);	11✔
391	#else
392	return nullptr;
393	#endif
394	}
395
396	#if defined(BOTAN_HAS_X509_CERTIFICATES)
397
398	BOTAN_FFI_DECLARE_STRUCT(botan_x509_crl_struct, Botan::X509_CRL, 0x2C628910);	7✔
399
400	#endif
401
402	int botan_x509_crl_load_file(botan_x509_crl_t* crl_obj, const char* crl_path) {	6✔
403	if(crl_obj == nullptr \|\| crl_path == nullptr) {	6✔
404	return BOTAN_FFI_ERROR_NULL_POINTER;
405	}
406
407	#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
408
409	return ffi_guard_thunk(__func__, [=]() -> int {	6✔
410	auto c = std::make_unique<Botan::X509_CRL>(crl_path);	6✔
411	return ffi_new_object(crl_obj, std::move(c));	12✔
412	});	12✔
413
414	#else
415	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
416	#endif
417	}
418
419	int botan_x509_crl_load(botan_x509_crl_t* crl_obj, const uint8_t crl_bits[], size_t crl_bits_len) {	1✔
420	if(crl_obj == nullptr \|\| crl_bits == nullptr) {	1✔
421	return BOTAN_FFI_ERROR_NULL_POINTER;
422	}
423
424	#if defined(BOTAN_HAS_X509_CERTIFICATES)
425	return ffi_guard_thunk(__func__, [=]() -> int {	1✔
426	Botan::DataSource_Memory bits(crl_bits, crl_bits_len);	1✔
427	auto c = std::make_unique<Botan::X509_CRL>(bits);	1✔
428	return ffi_new_object(crl_obj, std::move(c));	1✔
429	});	3✔
430	#else
431	BOTAN_UNUSED(crl_bits_len);
432	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
433	#endif
434	}
435
436	int botan_x509_crl_destroy(botan_x509_crl_t crl) {	7✔
437	#if defined(BOTAN_HAS_X509_CERTIFICATES)
438	return BOTAN_FFI_CHECKED_DELETE(crl);	7✔
439	#else
440	BOTAN_UNUSED(crl);
441	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
442	#endif
443	}
444
445	int botan_x509_is_revoked(botan_x509_crl_t crl, botan_x509_cert_t cert) {	6✔
446	#if defined(BOTAN_HAS_X509_CERTIFICATES)
447	return BOTAN_FFI_VISIT(crl, [=](const auto& c) { return c.is_revoked(safe_get(cert)) ? 0 : -1; });	12✔
448	#else
449	BOTAN_UNUSED(cert);
450	BOTAN_UNUSED(crl);
451	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
452	#endif
453	}
454
455	int botan_x509_cert_verify_with_crl(int* result_code,	12✔
456	botan_x509_cert_t cert,
457	const botan_x509_cert_t* intermediates,
458	size_t intermediates_len,
459	const botan_x509_cert_t* trusted,
460	size_t trusted_len,
461	const botan_x509_crl_t* crls,
462	size_t crls_len,
463	const char* trusted_path,
464	size_t required_strength,
465	const char* hostname_cstr,
466	uint64_t reference_time) {
467	if(required_strength == 0) {	12✔
468	required_strength = 110;	2✔
469	}
470
471	#if defined(BOTAN_HAS_X509_CERTIFICATES)
472	return ffi_guard_thunk(__func__, [=]() -> int {	12✔
473	const std::string hostname((hostname_cstr == nullptr) ? "" : hostname_cstr);	14✔
474	const Botan::Usage_Type usage = Botan::Usage_Type::UNSPECIFIED;	12✔
475	const auto validation_time = reference_time == 0	12✔
476	? std::chrono::system_clock::now()	12✔
477	: std::chrono::system_clock::from_time_t(static_cast<time_t>(reference_time));	1✔
478
479	std::vector<Botan::X509_Certificate> end_certs;	12✔
480	end_certs.push_back(safe_get(cert));	12✔
481	for(size_t i = 0; i != intermediates_len; ++i) {	30✔
482	end_certs.push_back(safe_get(intermediates[i]));	18✔
483	}
484
485	std::unique_ptr<Botan::Certificate_Store> trusted_from_path;	12✔
486	std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_extra;	12✔
487	std::unique_ptr<Botan::Certificate_Store_In_Memory> trusted_crls;	12✔
488	std::vector<Botan::Certificate_Store*> trusted_roots;	12✔
489
490	if(trusted_path != nullptr && *trusted_path != 0) {	12✔
491	trusted_from_path = std::make_unique<Botan::Certificate_Store_In_Memory>(trusted_path);	2✔
492	trusted_roots.push_back(trusted_from_path.get());	2✔
493	}
494
495	if(trusted_len > 0) {	12✔
496	trusted_extra = std::make_unique<Botan::Certificate_Store_In_Memory>();	18✔
497	for(size_t i = 0; i != trusted_len; ++i) {	18✔
498	trusted_extra->add_certificate(safe_get(trusted[i]));	9✔
499	}
500	trusted_roots.push_back(trusted_extra.get());	9✔
501	}
502
503	if(crls_len > 0) {	12✔
504	trusted_crls = std::make_unique<Botan::Certificate_Store_In_Memory>();	10✔
505	for(size_t i = 0; i != crls_len; ++i) {	13✔
506	trusted_crls->add_crl(safe_get(crls[i]));	8✔
507	}
508	trusted_roots.push_back(trusted_crls.get());	5✔
509	}
510
511	const Botan::Path_Validation_Restrictions restrictions(false, required_strength);	24✔
512
513	auto validation_result =	12✔
514	Botan::x509_path_validate(end_certs, restrictions, trusted_roots, hostname, usage, validation_time);	12✔
515
516	if(result_code != nullptr) {	12✔
517	*result_code = static_cast<int>(validation_result.result());	12✔
518	}
519
520	if(validation_result.successful_validation()) {	12✔
521	return 0;
522	} else {
523	return 1;	8✔
524	}
525	});	14✔
526	#else
527	BOTAN_UNUSED(result_code, cert, intermediates, intermediates_len, trusted);
528	BOTAN_UNUSED(trusted_len, trusted_path, hostname_cstr, reference_time, crls, crls_len);
529	return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
530	#endif
531	}
532	}

randombit / botan / 20850176387

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous