Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::OCSP::CertID Class Referencefinal

#include <ocsp.h>

Inheritance diagram for Botan::OCSP::CertID:
Botan::ASN1_Object

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
 CertID ()=default
 
 CertID (const X509_Certificate &issuer, const BigInt &subject_serial)
 
void decode_from (BER_Decoder &from) override
 
void encode_into (DER_Encoder &to) const override
 
bool is_id_for (const X509_Certificate &issuer, const X509_Certificate &subject) const
 
const std::vector< uint8_t > & issuer_key_hash () const
 

Detailed Description

Definition at line 25 of file ocsp.h.

Constructor & Destructor Documentation

◆ CertID() [1/2]

Botan::OCSP::CertID::CertID ( )
default

◆ CertID() [2/2]

Botan::OCSP::CertID::CertID ( const X509_Certificate & issuer,
const BigInt & subject_serial )

Definition at line 17 of file ocsp_types.cpp.

17 {
18 /*
19 In practice it seems some responders, including, notably,
20 ocsp.verisign.com, will reject anything but SHA-1 here
21 */
22 auto hash = HashFunction::create_or_throw("SHA-1");
23
24 m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
25 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
26 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
27 m_subject_serial = subject_serial;
28}
Botan::HashFunction::create_or_throw
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:298
Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:75

References Botan::HashFunction::create_or_throw(), Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::unlock(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 19 of file asn1_obj.cpp.

19 {
20 std::vector<uint8_t> output;
21 DER_Encoder der(output);
22 this->encode_into(der);
23 return output;
24}
Botan::ASN1_Object::encode_into
virtual void encode_into(DER_Encoder &to) const =0

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSS_Params::decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ decode_from()

void Botan::OCSP::CertID::decode_from ( BER_Decoder & from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 62 of file ocsp_types.cpp.

62 {
63 from.start_sequence()
64 .decode(m_hash_id)
65 .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
66 .decode(m_issuer_key_hash, ASN1_Type::OctetString)
67 .decode(m_subject_serial)
68 .end_cons();
69}

References Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::OctetString, and Botan::BER_Decoder::start_sequence().

◆ encode_into()

void Botan::OCSP::CertID::encode_into ( DER_Encoder & to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 53 of file ocsp_types.cpp.

53 {
54 to.start_sequence()
55 .encode(m_hash_id)
56 .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
57 .encode(m_issuer_key_hash, ASN1_Type::OctetString)
58 .encode(m_subject_serial)
59 .end_cons();
60}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, and Botan::DER_Encoder::start_sequence().

◆ is_id_for()

bool Botan::OCSP::CertID::is_id_for ( const X509_Certificate & issuer,
const X509_Certificate & subject ) const

Definition at line 30 of file ocsp_types.cpp.

30 {
31 try {
32 if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {
33 return false;
34 }
35
36 const std::string hash_algo = m_hash_id.oid().to_formatted_string();
37 auto hash = HashFunction::create_or_throw(hash_algo);
38
39 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) {
40 return false;
41 }
42
43 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) {
44 return false;
45 }
46 } catch(...) {
47 return false;
48 }
49
50 return true;
51}
Botan::AlgorithmIdentifier::oid
const OID & oid() const
Definition asn1_obj.h:464
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:95
Botan::OID::to_formatted_string
std::string to_formatted_string() const
Definition asn1_oid.cpp:139

References Botan::HashFunction::create_or_throw(), Botan::BigInt::from_bytes(), Botan::AlgorithmIdentifier::oid(), Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::serial_number(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::OID::to_formatted_string(), and Botan::unlock().

◆ issuer_key_hash()

const std::vector< uint8_t > & Botan::OCSP::CertID::issuer_key_hash ( ) const
inline

Definition at line 37 of file ocsp.h.

37{ return m_issuer_key_hash; }
The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0