Make OCSP analyzer part of the X.509 analyzer

This allows the easier integration of shared functionality. And it also makes logical sense, given that OCSP is not interesting without X.509.
2025-10-04 07:38:19 +00:00 · 2017-02-08 10:57:30 -08:00 · 2017-02-08 10:57:30 -08:00 · c670613996
commit c670613996
parent dfc871f831
16 changed files with 13 additions and 47 deletions
--- a/src/file_analysis/analyzer/CMakeLists.txt
+++ b/src/file_analysis/analyzer/CMakeLists.txt
@ -5,4 +5,3 @@ add_subdirectory(hash)
 add_subdirectory(pe)
 add_subdirectory(unified2)
 add_subdirectory(x509)
-add_subdirectory(ocsp)
--- a/src/file_analysis/analyzer/ocsp/CMakeLists.txt
+++ b/src/file_analysis/analyzer/ocsp/CMakeLists.txt
@ -1,10 +0,0 @@
-
-include(BroPlugin)
-
-include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
-                           ${CMAKE_CURRENT_BINARY_DIR})
-
-bro_plugin_begin(Bro OCSP)
-bro_plugin_cc(OCSP.cc Plugin.cc)
-bro_plugin_bif(events.bif types.bif functions.bif)
-bro_plugin_end()
--- a/src/file_analysis/analyzer/ocsp/Plugin.cc
+++ b/src/file_analysis/analyzer/ocsp/Plugin.cc
@ -1,25 +0,0 @@
-// See the file  in the main distribution directory for copyright.
-
-
-#include "plugin/Plugin.h"
-
-#include "OCSP.h"
-
-namespace plugin {
-namespace Bro_OCSP {
-
-class Plugin : public plugin::Plugin {
-public:
-	plugin::Configuration Configure()
-		{
-		AddComponent(new ::file_analysis::Component("OCSP", ::file_analysis::OCSP::Instantiate));
-
-		plugin::Configuration config;
-		config.name = "Bro::OCSP";
-		config.description = "OCSP analyzer";
-		return config;
-		}
-} plugin;
-
-}
-}
--- a/src/file_analysis/analyzer/x509/CMakeLists.txt
+++ b/src/file_analysis/analyzer/x509/CMakeLists.txt
@ -5,6 +5,6 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
                           ${CMAKE_CURRENT_BINARY_DIR})

 bro_plugin_begin(Bro X509)
-bro_plugin_cc(X509.cc Plugin.cc)
-bro_plugin_bif(events.bif types.bif functions.bif)
+bro_plugin_cc(X509.cc OCSP.cc Plugin.cc)
+bro_plugin_bif(events.bif types.bif functions.bif ocsp_events.bif ocsp_types.bif ocsp_functions.bif)
 bro_plugin_end()
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -5,8 +5,8 @@
 #include "OCSP.h"
 #include "Event.h"

-#include "events.bif.h"
-#include "types.bif.h"
+#include "ocsp_events.bif.h"
+#include "ocsp_types.bif.h"

 #include "file_analysis/Manager.h"

--- a/src/file_analysis/analyzer/x509/OCSP.h
+++ b/src/file_analysis/analyzer/x509/OCSP.h
--- a/src/file_analysis/analyzer/x509/Plugin.cc
+++ b/src/file_analysis/analyzer/x509/Plugin.cc
@ -4,6 +4,7 @@
 #include "plugin/Plugin.h"

 #include "X509.h"
+#include "OCSP.h"

 namespace plugin {
 namespace Bro_X509 {
@ -13,10 +14,11 @@ public:
 	plugin::Configuration Configure()
 		{
 		AddComponent(new ::file_analysis::Component("X509", ::file_analysis::X509::Instantiate));
+		AddComponent(new ::file_analysis::Component("OCSP", ::file_analysis::OCSP::Instantiate));

 		plugin::Configuration config;
 		config.name = "Bro::X509";
-		config.description = "X509 analyzer";
+		config.description = "X509 and OCSP analyzer";
 		return config;
 		}
 } plugin;
--- a/src/file_analysis/analyzer/x509/ocsp_events.bif
+++ b/src/file_analysis/analyzer/x509/ocsp_events.bif
--- a/src/file_analysis/analyzer/x509/ocsp_functions.bif
+++ b/src/file_analysis/analyzer/x509/ocsp_functions.bif
@ -1,6 +1,6 @@
 %%{
-#include "file_analysis/analyzer/ocsp/OCSP.h"
-#include "types.bif.h"
+#include "file_analysis/analyzer/x509/OCSP.h"
+#include "ocsp_types.bif.h"
 %%}

 ## Parses a OCSP response into an OCSP::Response structure.
--- a/src/file_analysis/analyzer/x509/ocsp_types.bif
+++ b/src/file_analysis/analyzer/x509/ocsp_types.bif