Botan  2.8.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::OCSP::CertID Class Referencefinal

#include <ocsp_types.h>

Inheritance diagram for Botan::OCSP::CertID:
Botan::ASN1_Object

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
 CertID ()=default
 
 CertID (const X509_Certificate &issuer, const BigInt &subject_serial)
 
void decode_from (class BER_Decoder &from) override
 
void encode_into (class DER_Encoder &to) const override
 
bool is_id_for (const X509_Certificate &issuer, const X509_Certificate &subject) const
 
const std::vector< uint8_t > & issuer_key_hash () const
 

Detailed Description

Definition at line 19 of file ocsp_types.h.

Constructor & Destructor Documentation

◆ CertID() [1/2]

Botan::OCSP::CertID::CertID ( )
default

◆ CertID() [2/2]

Botan::OCSP::CertID::CertID ( const X509_Certificate issuer,
const BigInt subject_serial 
)

Definition at line 19 of file ocsp_types.cpp.

References Botan::HashFunction::create_or_throw(), hash, Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::unlock(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

21  {
22  /*
23  In practice it seems some responders, including, notably,
24  ocsp.verisign.com, will reject anything but SHA-1 here
25  */
26  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
27 
28  m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
29  m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
30  m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
31  m_subject_serial = subject_serial;
32  }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:359
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
MechanismType hash

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 16 of file asn1_obj.cpp.

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSSR::config_for_x509(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

17  {
18  std::vector<uint8_t> output;
19  DER_Encoder der(output);
20  this->encode_into(der);
21  return output;
22  }
virtual void encode_into(DER_Encoder &to) const =0

◆ decode_from()

void Botan::OCSP::CertID::decode_from ( class BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 68 of file ocsp_types.cpp.

References Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().

69  {
70  from.start_cons(SEQUENCE)
71  .decode(m_hash_id)
72  .decode(m_issuer_dn_hash, OCTET_STRING)
73  .decode(m_issuer_key_hash, OCTET_STRING)
74  .decode(m_subject_serial)
75  .end_cons();
76 
77  }

◆ encode_into()

void Botan::OCSP::CertID::encode_into ( class DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 58 of file ocsp_types.cpp.

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

59  {
60  to.start_cons(SEQUENCE)
61  .encode(m_hash_id)
62  .encode(m_issuer_dn_hash, OCTET_STRING)
63  .encode(m_issuer_key_hash, OCTET_STRING)
64  .encode(m_subject_serial)
65  .end_cons();
66  }

◆ is_id_for()

bool Botan::OCSP::CertID::is_id_for ( const X509_Certificate issuer,
const X509_Certificate subject 
) const

Definition at line 34 of file ocsp_types.cpp.

References Botan::HashFunction::create(), Botan::BigInt::decode(), Botan::AlgorithmIdentifier::get_oid(), hash, Botan::OIDS::lookup(), Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::serial_number(), Botan::X509_Certificate::subject_public_key_bitstring(), and Botan::unlock().

36  {
37  try
38  {
39  if(BigInt::decode(subject.serial_number()) != m_subject_serial)
40  return false;
41 
42  std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid())));
43 
44  if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45  return false;
46 
47  if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48  return false;
49  }
50  catch(...)
51  {
52  return false;
53  }
54 
55  return true;
56  }
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:110
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
static BigInt decode(const uint8_t buf[], size_t length)
Definition: bigint.h:713
const OID & get_oid() const
Definition: alg_id.h:37
std::string lookup(const OID &oid)
Definition: oids.cpp:113
MechanismType hash

◆ issuer_key_hash()

const std::vector<uint8_t>& Botan::OCSP::CertID::issuer_key_hash ( ) const
inline

Definition at line 34 of file ocsp_types.h.

34 { return m_issuer_key_hash; }

The documentation for this class was generated from the following files: