Botan::OCSP::CertID Class Reference

#include <ocsp.h>

Inheritance diagram for Botan::OCSP::CertID:

Public Member Functions
std::vector< uint8_t >	BER_encode () const
	CertID ()=default
	CertID (const X509_Certificate &issuer, const BigInt &subject_serial)
void	decode_from (BER_Decoder &from) override
void	encode_into (DER_Encoder &to) const override
bool	is_id_for (const X509_Certificate &issuer, const X509_Certificate &subject) const
const std::vector< uint8_t > &	issuer_key_hash () const

Detailed Description

Definition at line 27 of file ocsp.h.

Constructor & Destructor Documentation

CertID() [1/2]

Botan::OCSP::CertID::CertID ( )

default

References CertID(), decode_from(), encode_into(), and is_id_for().

Referenced by CertID().

CertID() [2/2]

Botan::OCSP::CertID::CertID	(	const X509_Certificate &	issuer,
		const BigInt &	subject_serial )

Definition at line 25 of file ocsp.cpp.

                                                                           : m_subject_serial(subject_serial) {
   /*
   In practice it seems some responders, including, notably,
   ocsp.verisign.com, will reject anything but SHA-1 here
   */
   auto hash = HashFunction::create_or_throw("SHA-1");
 
   m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
   m_issuer_key_hash = hash->process<std::vector<uint8_t>>(issuer.subject_public_key_bitstring());
   m_issuer_dn_hash = hash->process<std::vector<uint8_t>>(issuer.raw_subject_dn());
}

References Botan::HashFunction::create_or_throw(), Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::subject_public_key_bitstring(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

Member Function Documentation

BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const

inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 20 of file asn1_obj.cpp.

                                                 {
   std::vector<uint8_t> output;
   DER_Encoder der(output);
   this->encode_into(der);
   return output;
}

References encode_into().

Referenced by decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), Botan::PSS_Params::PSS_Params(), and Botan::Certificate_Store_In_SQL::revoke_cert().

decode_from()

void Botan::OCSP::CertID::decode_from ( BER_Decoder & from )

overridevirtual

Decode whatever this object is from from

Parameters

from	the BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 80 of file ocsp.cpp.

                                          {
   /*
   * RFC 6960 Section 4.1.1
   *
   * CertID ::= SEQUENCE {
   *    hashAlgorithm       AlgorithmIdentifier,
   *    issuerNameHash      OCTET STRING,
   *    issuerKeyHash       OCTET STRING,
   *    serialNumber        CertificateSerialNumber }
   */
   from.start_sequence()
      .decode(m_hash_id)
      .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
      .decode(m_issuer_key_hash, ASN1_Type::OctetString)
      .decode(m_subject_serial)
      .end_cons();
}

References Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::OctetString, and Botan::BER_Decoder::start_sequence().

Referenced by CertID().

encode_into()

void Botan::OCSP::CertID::encode_into ( DER_Encoder & to ) const

overridevirtual

Encode whatever this object is into to

Parameters

to	the DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 71 of file ocsp.cpp.

                                              {
   to.start_sequence()
      .encode(m_hash_id)
      .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
      .encode(m_issuer_key_hash, ASN1_Type::OctetString)
      .encode(m_subject_serial)
      .end_cons();
}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, and Botan::DER_Encoder::start_sequence().

Referenced by CertID().

is_id_for()

bool Botan::OCSP::CertID::is_id_for	(	const X509_Certificate &	issuer,
		const X509_Certificate &	subject ) const

Definition at line 37 of file ocsp.cpp.

                                                                                            {
   try {
      if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {
         return false;
      }
 
      const std::string hash_algo = m_hash_id.oid().to_formatted_string();
 
      if(hash_algo != "SHA-1" && hash_algo != "SHA-256") {
         return false;
      }
 
      auto hash = HashFunction::create_or_throw(hash_algo);
 
      /*
      RFC 6960 4.1.1
         issuerNameHash is the hash of the issuer's distinguished name (DN).
         The hash shall be calculated over the DER encoding of the issuer's name
         field in the certificate being checked.
      */
      if(m_issuer_dn_hash != hash->process<std::vector<uint8_t>>(subject.raw_issuer_dn())) {
         return false;
      }
 
      if(m_issuer_key_hash != hash->process<std::vector<uint8_t>>(issuer.subject_public_key_bitstring())) {
         return false;
      }
   } catch(...) {
      return false;
   }
 
   return true;
}

References Botan::HashFunction::create_or_throw(), Botan::BigInt::from_bytes(), Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::serial_number(), and Botan::X509_Certificate::subject_public_key_bitstring().

Referenced by CertID().

issuer_key_hash()

const std::vector< uint8_t > & Botan::OCSP::CertID::issuer_key_hash ( ) const

inline

Definition at line 39 of file ocsp.h.

{ return m_issuer_key_hash; }

---

The documentation for this class was generated from the following files:

• src/lib/x509/ocsp.h
• src/lib/x509/ocsp.cpp