#include <tls_messages.h>

Public Member Functions
const X509_Certificate &	certificate () const

	Certificate_Entry (std::shared_ptr< Public_Key > raw_public_key)

	Certificate_Entry (TLS_Data_Reader &reader, const Connection_Side side, const Certificate_Type cert_type)

	Certificate_Entry (X509_Certificate cert)

Extensions &	extensions ()

const Extensions &	extensions () const

bool	has_certificate () const

std::shared_ptr< const Public_Key >	public_key () const

std::vector< uint8_t >	serialize () const

Detailed Description

Definition at line 551 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_Entry() [1/3]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry	(	TLS_Data_Reader &	reader,
		const Connection_Side	side,
		const Certificate_Type	cert_type )

Definition at line 266 of file msg_certificate_13.cpp.

                                                                                       {
   switch(cert_type) {
      case Certificate_Type::X509:
         // RFC 8446 4.2.2
         //    [...] each CertificateEntry contains a DER-encoded X.509
         //    certificate.
         m_certificate = X509_Certificate(reader.get_tls_length_value(3));
         m_raw_public_key = m_certificate->subject_public_key();
         break;
      case Certificate_Type::RawPublicKey:
         // RFC 7250 3.
         //    This specification uses raw public keys whereby the already
         //    available encoding used in a PKIX certificate in the form of a
         //    SubjectPublicKeyInfo structure is reused.
         m_raw_public_key = X509::load_key(reader.get_tls_length_value(3));
         break;
      default:
         throw TLS_Exception(Alert::InternalError, "Unknown certificate type");
   }
 
   // Extensions are simply tacked at the end of the certificate entry. This
   // is a departure from the typical "tag-length-value" in a sense that the
   // Extensions deserializer needs the length value of the extensions.
   const auto extensions_length = reader.peek_uint16_t();
   const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
   TLS_Data_Reader exts_reader("extensions reader", exts_buf);
   m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate);
 
   if(cert_type == Certificate_Type::X509) {
      // RFC 8446 4.4.2
      //    Valid extensions for server certificates at present include the
      //    OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
      //    extension [RFC6962]; future extensions may be defined for this
      //    message as well.
      //
      // RFC 8446 4.4.2.1
      //    A server MAY request that a client present an OCSP response with its
      //    certificate by sending an empty "status_request" extension in its
      //    CertificateRequest message.
      if(m_extensions.contains_implemented_extensions_other_than({
            Extension_Code::CertificateStatusRequest,
            // Extension_Code::SignedCertificateTimestamp
         })) {
         throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
      }
   } else if(m_extensions.contains_implemented_extensions_other_than({})) {
      throw TLS_Exception(
         Alert::IllegalParameter,
         "Certificate Entry holding something else than a certificate contained unexpected extensions");
   }
}

References Botan::TLS::Certificate, Botan::TLS::Extensions::contains_implemented_extensions_other_than(), Botan::TLS::Extensions::deserialize(), Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::X509::load_key(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), Botan::TLS::RawPublicKey, and Botan::TLS::X509.

◆ Certificate_Entry() [2/3]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( X509_Certificate cert )

Definition at line 320 of file msg_certificate_13.cpp.

320 :

321 m_certificate(std::move(cert)), m_raw_public_key(m_certificate->subject_public_key()) {}

◆ Certificate_Entry() [3/3]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( std::shared_ptr< Public_Key > raw_public_key )

Definition at line 323 of file msg_certificate_13.cpp.

                                                                                           :
      m_certificate(std::nullopt), m_raw_public_key(std::move(raw_public_key)) {
   BOTAN_ASSERT_NONNULL(m_raw_public_key);
}

References BOTAN_ASSERT_NONNULL.

Member Function Documentation

◆ certificate()

const X509_Certificate & Botan::TLS::Certificate_13::Certificate_Entry::certificate ( ) const

Definition at line 328 of file msg_certificate_13.cpp.

                                                                           {
   BOTAN_STATE_CHECK(has_certificate());
   return m_certificate.value();
}

References BOTAN_STATE_CHECK.

◆ extensions() [1/2]

Extensions & Botan::TLS::Certificate_13::Certificate_Entry::extensions ( )

inline

Definition at line 564 of file tls_messages.h.

564{ return m_extensions; }

◆ extensions() [2/2]

const Extensions & Botan::TLS::Certificate_13::Certificate_Entry::extensions ( ) const

inline

Definition at line 566 of file tls_messages.h.

566{ return m_extensions; }

◆ has_certificate()

bool Botan::TLS::Certificate_13::Certificate_Entry::has_certificate ( ) const

inline

Definition at line 557 of file tls_messages.h.

557{ return m_certificate.has_value(); }

◆ public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::Certificate_Entry::public_key ( ) const

Definition at line 333 of file msg_certificate_13.cpp.

                                                                                  {
   BOTAN_ASSERT_NONNULL(m_raw_public_key);
   return m_raw_public_key;
}

References BOTAN_ASSERT_NONNULL.

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_13::Certificate_Entry::serialize ( ) const

Definition at line 338 of file msg_certificate_13.cpp.

                                                                    {
   return (has_certificate()) ? m_certificate->BER_encode() : X509::BER_encode(*m_raw_public_key);
}

References Botan::X509::BER_encode().

The documentation for this class was generated from the following files:

src/lib/tls/tls_messages.h
src/lib/tls/tls13/msg_certificate_13.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ Certificate_Entry() [1/3]

◆ Certificate_Entry() [2/3]

◆ Certificate_Entry() [3/3]

Member Function Documentation

◆ certificate()

◆ extensions() [1/2]

◆ extensions() [2/2]

◆ has_certificate()

◆ public_key()

◆ serialize()