Botan 2.19.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::OCSP::CertID Class Referencefinal

#include <ocsp.h>

Inheritance diagram for Botan::OCSP::CertID:
Botan::ASN1_Object

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
 CertID ()=default
 
 CertID (const X509_Certificate &issuer, const BigInt &subject_serial)
 
void decode_from (class BER_Decoder &from) override
 
void encode_into (class DER_Encoder &to) const override
 
bool is_id_for (const X509_Certificate &issuer, const X509_Certificate &subject) const
 
const std::vector< uint8_t > & issuer_key_hash () const
 

Detailed Description

Definition at line 23 of file ocsp.h.

Constructor & Destructor Documentation

◆ CertID() [1/2]

Botan::OCSP::CertID::CertID ( )
default

◆ CertID() [2/2]

Botan::OCSP::CertID::CertID ( const X509_Certificate issuer,
const BigInt subject_serial 
)

Definition at line 18 of file ocsp_types.cpp.

20 {
21 /*
22 In practice it seems some responders, including, notably,
23 ocsp.verisign.com, will reject anything but SHA-1 here
24 */
25 std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
26
27 m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
28 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
29 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
30 m_subject_serial = subject_serial;
31 }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:344
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
MechanismType hash

References Botan::HashFunction::create_or_throw(), hash, Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::unlock(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 16 of file asn1_obj.cpp.

17 {
18 std::vector<uint8_t> output;
19 DER_Encoder der(output);
20 this->encode_into(der);
21 return output;
22 }
virtual void encode_into(DER_Encoder &to) const =0

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSSR::config_for_x509(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ decode_from()

void Botan::OCSP::CertID::decode_from ( class BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 68 of file ocsp_types.cpp.

69 {
70 from.start_cons(SEQUENCE)
71 .decode(m_hash_id)
72 .decode(m_issuer_dn_hash, OCTET_STRING)
73 .decode(m_issuer_key_hash, OCTET_STRING)
74 .decode(m_subject_serial)
75 .end_cons();
76
77 }
@ SEQUENCE
Definition: asn1_obj.h:42
@ OCTET_STRING
Definition: asn1_obj.h:38

References Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().

◆ encode_into()

void Botan::OCSP::CertID::encode_into ( class DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 58 of file ocsp_types.cpp.

59 {
60 to.start_cons(SEQUENCE)
61 .encode(m_hash_id)
62 .encode(m_issuer_dn_hash, OCTET_STRING)
63 .encode(m_issuer_key_hash, OCTET_STRING)
64 .encode(m_subject_serial)
65 .end_cons();
66 }

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

◆ is_id_for()

bool Botan::OCSP::CertID::is_id_for ( const X509_Certificate issuer,
const X509_Certificate subject 
) const

Definition at line 33 of file ocsp_types.cpp.

35 {
36 try
37 {
38 if(BigInt::decode(subject.serial_number()) != m_subject_serial)
39 return false;
40
41 const std::string hash_algo = m_hash_id.get_oid().to_formatted_string();
42 std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo);
43
44 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45 return false;
46
47 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48 return false;
49 }
50 catch(...)
51 {
52 return false;
53 }
54
55 return true;
56 }
const OID & get_oid() const
Definition: asn1_obj.h:445
static BigInt decode(const uint8_t buf[], size_t length)
Definition: bigint.h:805
std::string to_formatted_string() const
Definition: asn1_oid.cpp:111
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22

References Botan::HashFunction::create_or_throw(), Botan::BigInt::decode(), Botan::AlgorithmIdentifier::get_oid(), hash, hash_algo, Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::serial_number(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::OID::to_formatted_string(), and Botan::unlock().

◆ issuer_key_hash()

const std::vector< uint8_t > & Botan::OCSP::CertID::issuer_key_hash ( ) const
inline

Definition at line 38 of file ocsp.h.

38{ return m_issuer_key_hash; }

The documentation for this class was generated from the following files: