Botan  1.11.10
Classes | Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Botan::X509_CRL Class Reference

#include <x509_crl.h>

Inheritance diagram for Botan::X509_CRL:
Botan::X509_Object Botan::ASN1_Object

Classes

struct  X509_CRL_Error
 

Public Member Functions

std::vector< byteauthority_key_id () const
 
std::vector< byteBER_encode () const
 
bool check_signature (const Public_Key &key) const
 
bool check_signature (const Public_Key *key) const
 
u32bit crl_number () const
 
void decode_from (class BER_Decoder &from) override
 
void encode_into (class DER_Encoder &to) const override
 
std::vector< CRL_Entryget_revoked () const
 
std::string hash_used_for_signature () const
 
bool is_revoked (const X509_Certificate &cert) const
 
X509_DN issuer_dn () const
 
X509_Time next_update () const
 
std::string PEM_encode () const
 
std::vector< bytesignature () const
 
AlgorithmIdentifier signature_algorithm () const
 
std::vector< bytetbs_data () const
 
X509_Time this_update () const
 
 X509_CRL (DataSource &source, bool throw_on_unknown_critical=false)
 
 X509_CRL (const std::string &filename, bool throw_on_unknown_critical=false)
 
 X509_CRL (const std::vector< byte > &vec, bool throw_on_unknown_critical=false)
 

Static Public Member Functions

static std::vector< bytemake_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< byte > &tbs)
 

Protected Member Functions

void do_decode ()
 

Protected Attributes

std::vector< bytesig
 
AlgorithmIdentifier sig_algo
 
std::vector< bytetbs_bits
 

Detailed Description

This class represents X.509 Certificate Revocation Lists (CRLs).

Definition at line 22 of file x509_crl.h.

Constructor & Destructor Documentation

Botan::X509_CRL::X509_CRL ( DataSource source,
bool  throw_on_unknown_critical = false 
)

Construct a CRL from a data source.

Parameters
sourcethe data source providing the DER or PEM encoded CRL.
throw_on_unknown_criticalshould we throw an exception if an unknown CRL extension marked as critical is encountered.

Definition at line 21 of file x509_crl.cpp.

References Botan::X509_Object::do_decode().

21  :
22  X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc)
23  {
24  do_decode();
25  }
Botan::X509_CRL::X509_CRL ( const std::string &  filename,
bool  throw_on_unknown_critical = false 
)

Construct a CRL from a file containing the DER or PEM encoded CRL.

Parameters
filenamethe name of the CRL file
throw_on_unknown_criticalshould we throw an exception if an unknown CRL extension marked as critical is encountered.

Definition at line 30 of file x509_crl.cpp.

References Botan::X509_Object::do_decode().

30  :
31  X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
32  {
33  do_decode();
34  }
Botan::X509_CRL::X509_CRL ( const std::vector< byte > &  vec,
bool  throw_on_unknown_critical = false 
)

Construct a CRL from a binary vector

Parameters
vecthe binary (DER) representation of the CRL
throw_on_unknown_criticalshould we throw an exception if an unknown CRL extension marked as critical is encountered.

Definition at line 36 of file x509_crl.cpp.

References Botan::X509_Object::do_decode().

36  :
37  X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
38  {
39  do_decode();
40  }

Member Function Documentation

std::vector< byte > Botan::X509_CRL::authority_key_id ( ) const

Get the AuthorityKeyIdentifier of this CRL.

Returns
this CRLs AuthorityKeyIdentifier

Definition at line 162 of file x509_crl.cpp.

References Botan::Data_Store::get1_memvec().

Referenced by is_revoked().

163  {
164  return info.get1_memvec("X509v3.AuthorityKeyIdentifier");
165  }
std::vector< byte > get1_memvec(const std::string &) const
Definition: datastor.cpp:92
std::vector< byte > Botan::X509_Object::BER_encode ( ) const
inherited
Returns
BER encoding of this

Definition at line 113 of file x509_obj.cpp.

References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().

Referenced by Botan::X509_Certificate::fingerprint(), and Botan::X509_Object::PEM_encode().

114  {
115  DER_Encoder der;
116  encode_into(der);
117  return der.get_contents_unlocked();
118  }
void encode_into(class DER_Encoder &to) const override
Definition: x509_obj.cpp:84
bool Botan::X509_Object::check_signature ( const Public_Key key) const
inherited

Check the signature on this data

Parameters
keythe public key purportedly used to sign this data
Returns
true if the signature is valid, otherwise false

Definition at line 185 of file x509_obj.cpp.

References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::sig_algo, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().

Referenced by Botan::X509_Object::check_signature().

186  {
187  try {
188  std::vector<std::string> sig_info =
190 
191  if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
192  return false;
193 
194  std::string padding = sig_info[1];
195  Signature_Format format =
196  (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
197 
198  PK_Verifier verifier(pub_key, padding, format);
199 
200  return verifier.verify_message(tbs_data(), signature());
201  }
202  catch(std::exception& e)
203  {
204  return false;
205  }
206  }
Signature_Format
Definition: pubkey.h:24
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:108
AlgorithmIdentifier sig_algo
Definition: x509_obj.h:96
std::vector< byte > signature() const
Definition: x509_obj.cpp:139
std::string lookup(const OID &oid)
Definition: oids.cpp:111
std::vector< byte > tbs_data() const
Definition: x509_obj.cpp:131
bool Botan::X509_Object::check_signature ( const Public_Key key) const
inherited

Check the signature on this data

Parameters
keythe public key purportedly used to sign this data the pointer will be deleted after use
Returns
true if the signature is valid, otherwise false

Definition at line 176 of file x509_obj.cpp.

References Botan::X509_Object::check_signature().

177  {
178  std::unique_ptr<const Public_Key> key(pub_key);
179  return check_signature(*key);
180  }
bool check_signature(const Public_Key &key) const
Definition: x509_obj.cpp:185
u32bit Botan::X509_CRL::crl_number ( ) const

Get the serial number of this CRL.

Returns
CRLs serial number

Definition at line 170 of file x509_crl.cpp.

References Botan::Data_Store::get1_u32bit().

Referenced by Botan::X509_CA::update_crl().

171  {
172  return info.get1_u32bit("X509v3.CRLNumber");
173  }
u32bit get1_u32bit(const std::string &, u32bit=0) const
Definition: datastor.cpp:109
void Botan::X509_Object::decode_from ( class BER_Decoder from)
overridevirtualinherited

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 98 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::BER_Decoder::start_cons(), Botan::X509_Object::tbs_bits, and Botan::BER_Decoder::verify_end().

99  {
100  from.start_cons(SEQUENCE)
101  .start_cons(SEQUENCE)
102  .raw_bytes(tbs_bits)
103  .end_cons()
104  .decode(sig_algo)
105  .decode(sig, BIT_STRING)
106  .verify_end()
107  .end_cons();
108  }
std::vector< byte > sig
Definition: x509_obj.h:97
AlgorithmIdentifier sig_algo
Definition: x509_obj.h:96
std::vector< byte > tbs_bits
Definition: x509_obj.h:97
void Botan::X509_Object::do_decode ( )
protectedinherited

Definition at line 228 of file x509_obj.cpp.

Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), and X509_CRL().

229  {
230  try {
231  force_decode();
232  }
233  catch(Decoding_Error& e)
234  {
235  throw Decoding_Error(PEM_label_pref + " decoding failed (" +
236  e.what() + ")");
237  }
238  catch(Invalid_Argument& e)
239  {
240  throw Decoding_Error(PEM_label_pref + " decoding failed (" +
241  e.what() + ")");
242  }
243  }
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
void Botan::X509_Object::encode_into ( class DER_Encoder to) const
overridevirtualinherited

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 84 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::DER_Encoder::start_cons(), and Botan::X509_Object::tbs_bits.

Referenced by Botan::X509_Object::BER_encode().

85  {
86  to.start_cons(SEQUENCE)
87  .start_cons(SEQUENCE)
88  .raw_bytes(tbs_bits)
89  .end_cons()
90  .encode(sig_algo)
91  .encode(sig, BIT_STRING)
92  .end_cons();
93  }
std::vector< byte > sig
Definition: x509_obj.h:97
AlgorithmIdentifier sig_algo
Definition: x509_obj.h:96
std::vector< byte > tbs_bits
Definition: x509_obj.h:97
std::vector< CRL_Entry > Botan::X509_CRL::get_revoked ( ) const

Get the entries of this CRL in the form of a vector.

Returns
vector containing the entries of this CRL.

Definition at line 146 of file x509_crl.cpp.

Referenced by Botan::X509_CA::update_crl().

147  {
148  return revoked;
149  }
std::string Botan::X509_Object::hash_used_for_signature ( ) const
inherited
Returns
hash algorithm that was used to generate signature

Definition at line 155 of file x509_obj.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), Botan::X509_Object::sig_algo, and Botan::split_on().

156  {
157  std::vector<std::string> sig_info =
159 
160  if(sig_info.size() != 2)
161  throw Internal_Error("Invalid name format found for " +
163 
164  std::vector<std::string> pad_and_hash =
165  parse_algorithm_name(sig_info[1]);
166 
167  if(pad_and_hash.size() != 2)
168  throw Internal_Error("Invalid name format " + sig_info[1]);
169 
170  return pad_and_hash[1];
171  }
std::vector< std::string > parse_algorithm_name(const std::string &namex)
Definition: parsing.cpp:55
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:108
AlgorithmIdentifier sig_algo
Definition: x509_obj.h:96
std::string lookup(const OID &oid)
Definition: oids.cpp:111
std::string as_string() const
Definition: asn1_oid.cpp:50
bool Botan::X509_CRL::is_revoked ( const X509_Certificate cert) const

Check if this particular certificate is listed in the CRL

Definition at line 45 of file x509_crl.cpp.

References authority_key_id(), Botan::X509_Certificate::authority_key_id(), Botan::X509_Certificate::issuer_dn(), issuer_dn(), Botan::REMOVE_FROM_CRL, and Botan::X509_Certificate::serial_number().

46  {
47  /*
48  If the cert wasn't issued by the CRL issuer, it's possible the cert
49  is revoked, but not by this CRL. Maybe throw an exception instead?
50  */
51  if(cert.issuer_dn() != issuer_dn())
52  return false;
53 
54  std::vector<byte> crl_akid = authority_key_id();
55  std::vector<byte> cert_akid = cert.authority_key_id();
56 
57  if(!crl_akid.empty() && !cert_akid.empty())
58  if(crl_akid != cert_akid)
59  return false;
60 
61  std::vector<byte> cert_serial = cert.serial_number();
62 
63  bool is_revoked = false;
64 
65  for(size_t i = 0; i != revoked.size(); ++i)
66  {
67  if(cert_serial == revoked[i].serial_number())
68  {
69  if(revoked[i].reason_code() == REMOVE_FROM_CRL)
70  is_revoked = false;
71  else
72  is_revoked = true;
73  }
74  }
75 
76  return is_revoked;
77  }
bool is_revoked(const X509_Certificate &cert) const
Definition: x509_crl.cpp:45
X509_DN issuer_dn() const
Definition: x509_crl.cpp:154
std::vector< byte > authority_key_id() const
Definition: x509_crl.cpp:162
X509_DN Botan::X509_CRL::issuer_dn ( ) const

Get the issuer DN of this CRL.

Returns
CRLs issuer DN

Definition at line 154 of file x509_crl.cpp.

References Botan::create_dn().

Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and is_revoked().

155  {
156  return create_dn(info);
157  }
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:548
std::vector< byte > Botan::X509_Object::make_signed ( class PK_Signer signer,
RandomNumberGenerator rng,
const AlgorithmIdentifier alg_id,
const secure_vector< byte > &  tbs 
)
staticinherited

Create a signed X509 object.

Parameters
signerthe signer used to sign the object
rngthe random number generator to use
alg_idthe algorithm identifier of the signature scheme
tbsthe tbs bits to be signed
Returns
signed X509 object

Definition at line 211 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().

215  {
216  return DER_Encoder()
217  .start_cons(SEQUENCE)
218  .raw_bytes(tbs_bits)
219  .encode(algo)
220  .encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
221  .end_cons()
222  .get_contents_unlocked();
223  }
std::vector< byte > tbs_bits
Definition: x509_obj.h:97
X509_Time Botan::X509_CRL::next_update ( ) const

Get the CRL's nextUpdate value.

Returns
CRLs nextdUpdate

Definition at line 186 of file x509_crl.cpp.

References Botan::Data_Store::get1().

187  {
188  return info.get1("X509.CRL.end");
189  }
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
std::string Botan::X509_Object::PEM_encode ( ) const
inherited
Returns
PEM encoding of this

Definition at line 123 of file x509_obj.cpp.

References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().

124  {
125  return PEM_Code::encode(BER_encode(), PEM_label_pref);
126  }
std::vector< byte > BER_encode() const
Definition: x509_obj.cpp:113
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
std::vector< byte > Botan::X509_Object::signature ( ) const
inherited
Returns
signature on tbs_data()

Definition at line 139 of file x509_obj.cpp.

References Botan::X509_Object::sig.

Referenced by Botan::X509_Object::check_signature().

140  {
141  return sig;
142  }
std::vector< byte > sig
Definition: x509_obj.h:97
AlgorithmIdentifier Botan::X509_Object::signature_algorithm ( ) const
inherited
Returns
signature algorithm that was used to generate signature

Definition at line 147 of file x509_obj.cpp.

References Botan::X509_Object::sig_algo.

Referenced by Botan::X509_Certificate::to_string().

148  {
149  return sig_algo;
150  }
AlgorithmIdentifier sig_algo
Definition: x509_obj.h:96
std::vector< byte > Botan::X509_Object::tbs_data ( ) const
inherited

The underlying data that is to be or was signed

Returns
data that is or was signed

Definition at line 131 of file x509_obj.cpp.

References Botan::ASN1::put_in_sequence(), and Botan::X509_Object::tbs_bits.

Referenced by Botan::X509_Object::check_signature().

132  {
134  }
std::vector< byte > put_in_sequence(const std::vector< byte > &contents)
Definition: asn1_obj.cpp:34
std::vector< byte > tbs_bits
Definition: x509_obj.h:97
X509_Time Botan::X509_CRL::this_update ( ) const

Get the CRL's thisUpdate value.

Returns
CRLs thisUpdate

Definition at line 178 of file x509_crl.cpp.

References Botan::Data_Store::get1().

Referenced by Botan::Certificate_Store_In_Memory::add_crl().

179  {
180  return info.get1("X509.CRL.start");
181  }
std::string get1(const std::string &key) const
Definition: datastor.cpp:62

Member Data Documentation

std::vector<byte> Botan::X509_Object::sig
protectedinherited
AlgorithmIdentifier Botan::X509_Object::sig_algo
protectedinherited
std::vector<byte> Botan::X509_Object::tbs_bits
protectedinherited

The documentation for this class was generated from the following files: