This file is indexed.

/usr/include/digidocpp/crypto/ocsp/OCSP.h is in libdigidocpp-dev 0.3.0-0ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/*
 * libdigidocpp - a C++ library for creating and validating BDOC-1.0 documents
 *
 * Copyright (C) 2009-2010  Estonian Informatics Centre
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */

#if !defined(__OCSP_H_INCLUDED__)
#define __OCSP_H_INCLUDED__

#include "../../io/IOException.h"
#include "../OpenSSLHelpers.h"
#include "OCSPException.h"

#include <openssl/ocsp.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>

namespace digidoc
{
    /**
     * Implements OCSP request to the OCSP server. This class can be used to
     * check whether the certificate is valid or not.
     *
     * If <code>certStore</code> and/or <code>ocspCerts</code> is set, the
     * OCSP response certificate is checked, whether it comes from the correct
     * OCSP server or not.
     *
     * If <code>signCert</code> and <code>signKey</code> is set the OCSP request
     * is signed with the certificate provided.
     *
     * @author Janari Põld
     */
    class OCSP
    {

      public:
          enum CertStatus { GOOD, REVOKED, UNKNOWN };

          OCSP( const std::string &url ) throw(IOException);
          ~OCSP();
          void setUrl( const std::string& url ) throw(IOException);
          void setOCSPCerts(STACK_OF(X509)* ocspCerts);
          void setCertStore(X509_STORE* certStore);
          void setSignCert(X509* signCert, EVP_PKEY* signKey);
          void setSkew(long skew);
          void setMaxAge(long maxAge);
          CertStatus checkCert(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce) throw(IOException, OCSPException);
          CertStatus checkCert(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce,
                  std::vector<unsigned char>& ocspResponseDER, tm& producedAt) throw(IOException, OCSPException);

          void verifyResponse( const std::vector<unsigned char>& ocspResponseDER) const throw(IOException);
          std::vector<unsigned char> getNonce(const std::vector<unsigned char>& ocspResponseDER) const;

      private:
          CertStatus checkCert(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce,
                  OCSP_REQUEST** req, OCSP_RESPONSE** resp) throw(IOException, OCSPException);
          void connect() throw(IOException);
          void connectNoSSL() throw(IOException);
          void connectSSL() throw(IOException);
          OCSP_REQUEST* createRequest(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce) throw(IOException);
          OCSP_RESPONSE* sendRequest(OCSP_REQUEST* req) throw(IOException);
          CertStatus validateResponse(OCSP_REQUEST* req, OCSP_RESPONSE* resp, X509* cert, X509* issuer) throw(OCSPException);

          static tm convert(ASN1_GENERALIZEDTIME* time) throw(IOException);

          std::string url, host, port, path;
          bool ssl;

          long skew;
          long maxAge;

          BIO *connection;
          SSL_CTX *ctx;
          X509* ocspCert;
          STACK_OF(X509)* ocspCerts;
          X509_STORE* certStore;
          X509* signCert;
          EVP_PKEY* signKey;
    };
}

#endif // !defined(__OCSP_H_INCLUDED__)