Make OCSP analyzer part of the X.509 analyzer

This allows the easier integration of shared functionality. And it also
makes logical sense, given that OCSP is not interesting without X.509.

scripts/base/files/ocsp/README

@@ -1 +0,0 @@
-Support for ocsp file analysis framework.

scripts/base/files/ocsp/__load__.bro

@@ -1 +0,0 @@
-@load ./main

scripts/base/files/x509/README

@@ -1 +1,2 @@
 Support for X509 certificates with the file analysis framework.
+Also supposrts OCSP requests and responses.

scripts/base/files/x509/ocsp.bro

@@ -2,6 +2,8 @@
 @load base/utils/paths
 @load base/utils/queue
 
+# Note - this needs some cleaning up and is currently not loaded by default.
+
 module OCSP;
 
 export {

scripts/base/init-default.bro

@@ -77,7 +77,6 @@
 @load base/files/extract
 @load base/files/unified2
 @load base/files/x509
-@load base/files/ocsp
 
 @load base/misc/find-checksum-offloading
 @load base/misc/find-filtered-trace

scripts/policy/protocols/ssl/validate-ocsp.bro

@@ -1,4 +1,4 @@
-##! Perform OCSP response validation.
+##! Perform validation of stapled OCSP responses.
 
 @load base/frameworks/notice
 @load base/protocols/ssl

src/file_analysis/analyzer/CMakeLists.txt

@@ -5,4 +5,3 @@ add_subdirectory(hash)
 add_subdirectory(pe)
 add_subdirectory(unified2)
 add_subdirectory(x509)
-add_subdirectory(ocsp)

src/file_analysis/analyzer/ocsp/CMakeLists.txt

@@ -1,10 +0,0 @@
-
-include(BroPlugin)
-
-include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
-                           ${CMAKE_CURRENT_BINARY_DIR})
-
-bro_plugin_begin(Bro OCSP)
-bro_plugin_cc(OCSP.cc Plugin.cc)
-bro_plugin_bif(events.bif types.bif functions.bif)
-bro_plugin_end()

src/file_analysis/analyzer/ocsp/Plugin.cc

@@ -1,25 +0,0 @@
-// See the file  in the main distribution directory for copyright.
-
-
-#include "plugin/Plugin.h"
-
-#include "OCSP.h"
-
-namespace plugin {
-namespace Bro_OCSP {
-
-class Plugin : public plugin::Plugin {
-public:
-	plugin::Configuration Configure()
-		{
-		AddComponent(new ::file_analysis::Component("OCSP", ::file_analysis::OCSP::Instantiate));
-
-		plugin::Configuration config;
-		config.name = "Bro::OCSP";
-		config.description = "OCSP analyzer";
-		return config;
-		}
-} plugin;
-
-}
-}

src/file_analysis/analyzer/x509/CMakeLists.txt

@@ -5,6 +5,6 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}
                            ${CMAKE_CURRENT_BINARY_DIR})
 
 bro_plugin_begin(Bro X509)
-bro_plugin_cc(X509.cc Plugin.cc)
+bro_plugin_cc(X509.cc OCSP.cc Plugin.cc)
-bro_plugin_bif(events.bif types.bif functions.bif)
+bro_plugin_bif(events.bif types.bif functions.bif ocsp_events.bif ocsp_types.bif ocsp_functions.bif)
 bro_plugin_end()

src/file_analysis/analyzer/x509/OCSP.cc

@@ -5,8 +5,8 @@
 #include "OCSP.h"
 #include "Event.h"
 
-#include "events.bif.h"
+#include "ocsp_events.bif.h"
-#include "types.bif.h"
+#include "ocsp_types.bif.h"
 
 #include "file_analysis/Manager.h"
 

src/file_analysis/analyzer/x509/Plugin.cc

@@ -4,6 +4,7 @@
 #include "plugin/Plugin.h"
 
 #include "X509.h"
+#include "OCSP.h"
 
 namespace plugin {
 namespace Bro_X509 {
@@ -13,10 +14,11 @@ public:
 	plugin::Configuration Configure()
 		{
 		AddComponent(new ::file_analysis::Component("X509", ::file_analysis::X509::Instantiate));
+		AddComponent(new ::file_analysis::Component("OCSP", ::file_analysis::OCSP::Instantiate));
 
 		plugin::Configuration config;
 		config.name = "Bro::X509";
-		config.description = "X509 analyzer";
+		config.description = "X509 and OCSP analyzer";
 		return config;
 		}
 } plugin;

src/file_analysis/analyzer/x509/ocsp_functions.bif

@@ -1,6 +1,6 @@
 %%{
-#include "file_analysis/analyzer/ocsp/OCSP.h"
+#include "file_analysis/analyzer/x509/OCSP.h"
-#include "types.bif.h"
+#include "ocsp_types.bif.h"
 %%}
 
 ## Parses a OCSP response into an OCSP::Response structure.