Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

OCSP: parse signed certificate timestamps

Browse source 
With this change, we also parse signed certificate timestamps from OCSP
replies. This introduces a common base class between the OCSP and X509
analyzer, which now share a bit of common code. The event for signed
certificate timestamps is raised by both and thus renamed do:

x509_ocsp_ext_signed_certificate_timestamp
This commit is contained in:
Johanna Amann 2017-02-10 15:18:52 -08:00
parent b061a5db1a
commit c550521221
11 changed files with 404 additions and 391 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/file_analysis/analyzer/x509/OCSP.h
View file

@ -8,20 +8,19 @@
#include "Val.h"
#include "../File.h"
#include "Analyzer.h"
#include "X509Common.h"
#include <openssl/ocsp.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
namespace file_analysis {
class OCSP_RESPVal;
class OCSP : public file_analysis::Analyzer {
class OCSP : public file_analysis::X509Common {
public:
virtual bool DeliverStream(const u_char* data, uint64 len);
virtual bool Undelivered(uint64 offset, uint64 len);
virtual bool EndOfFile();
bool DeliverStream(const u_char* data, uint64 len) override;
bool Undelivered(uint64 offset, uint64 len) override;
bool EndOfFile() override;
static file_analysis::Analyzer* InstantiateRequest(RecordVal* args, File* file);
static file_analysis::Analyzer* InstantiateReply(RecordVal* args, File* file);
@ -32,7 +31,7 @@ protected:
private:
void ParseResponse(OCSP_RESPVal *, const char* fid = 0);
void ParseRequest(OCSP_REQUEST *, const char* fid = 0);
void ParseExtension(X509_EXTENSION*, bool global);
void ParseExtensionsSpecific(X509_EXTENSION* ex, bool, ASN1_OBJECT*, const char*) override;
std::string ocsp_data;
bool request = false; // true if ocsp request, false if reply