Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

OCSP: split into two analysers in scriptland.

Browse source 
Instead of having an additional string argument specifying if we are
sending a request or a reply, we now have an ANALYZER_OCSP_REQUEST and
an ANALYZER_OCSP_REPLY
This commit is contained in:
Johanna Amann 2017-02-09 16:14:08 -08:00
parent e1bcc4509f
commit 1b19ab78b6
4 changed files with 19 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -74,21 +74,19 @@ void ocsp_add_cert_id(OCSP_CERTID *cert_id, val_list* vl, BIO* bio)
BIO_reset(bio);
}
file_analysis::Analyzer* OCSP::Instantiate(RecordVal* args, File* file)
file_analysis::Analyzer* OCSP::InstantiateRequest(RecordVal* args, File* file)
{
Val* ocsp_type = get_ocsp_type(args, "ocsp_type");
if (! ocsp_type )
return 0;
return new OCSP(args, file, ocsp_type->AsString()->CheckString());
return new OCSP(args, file, true);
}
file_analysis::OCSP::OCSP(RecordVal* args, file_analysis::File* file, const string& arg_ocsp_type)
: file_analysis::Analyzer(file_mgr->GetComponentTag("OCSP"), args, file)
file_analysis::Analyzer* OCSP::InstantiateReply(RecordVal* args, File* file)
{
return new OCSP(args, file, false);
}
file_analysis::OCSP::OCSP(RecordVal* args, file_analysis::File* file, bool arg_request)
: file_analysis::Analyzer(file_mgr->GetComponentTag("OCSP"), args, file), request(arg_request)
{
ocsp_type = arg_ocsp_type;
ocsp_data.clear();
}
bool file_analysis::OCSP::DeliverStream(const u_char* data, uint64 len)
@ -108,7 +106,7 @@ bool file_analysis::OCSP::EndOfFile()
{
const unsigned char* ocsp_char = reinterpret_cast<const unsigned char*>(ocsp_data.data());
if (ocsp_type == "request")
if ( request )
{
OCSP_REQUEST *req = d2i_OCSP_REQUEST(NULL, &ocsp_char, ocsp_data.size());
@ -121,7 +119,7 @@ bool file_analysis::OCSP::EndOfFile()
ParseRequest(req, GetFile()->GetID().c_str());
OCSP_REQUEST_free(req);
}
else if (ocsp_type == "response")
else
{
OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(NULL, &ocsp_char, ocsp_data.size());
if (!resp)
@ -134,11 +132,6 @@ bool file_analysis::OCSP::EndOfFile()
ParseResponse(resp_val, GetFile()->GetID().c_str());
Unref(resp_val);
}
else
{
reporter->Weird(fmt("the given argument of ocsp_type (%s) is not recognized", ocsp_type.c_str()));
return false;
}
return true;
}