Botan 3.9.0
Crypto and TLS for C&
Botan::OCSP::CertID Class Referencefinal

#include <ocsp.h>

Inheritance diagram for Botan::OCSP::CertID:
Botan::ASN1_Object

Public Member Functions

std::vector< uint8_t > BER_encode () const
 CertID ()=default
 CertID (const X509_Certificate &issuer, const BigInt &subject_serial)
void decode_from (BER_Decoder &from) override
void encode_into (DER_Encoder &to) const override
bool is_id_for (const X509_Certificate &issuer, const X509_Certificate &subject) const
const std::vector< uint8_t > & issuer_key_hash () const

Detailed Description

Definition at line 25 of file ocsp.h.

Constructor & Destructor Documentation

◆ CertID() [1/2]

Botan::OCSP::CertID::CertID ( )
default

References CertID(), decode_from(), encode_into(), and is_id_for().

Referenced by CertID().

◆ CertID() [2/2]

Botan::OCSP::CertID::CertID ( const X509_Certificate & issuer,
const BigInt & subject_serial )

Definition at line 17 of file ocsp_types.cpp.

17 : m_subject_serial(subject_serial) {
18 /*
19 In practice it seems some responders, including, notably,
20 ocsp.verisign.com, will reject anything but SHA-1 here
21 */
22 auto hash = HashFunction::create_or_throw("SHA-1");
23
24 m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
25 m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
26 m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
27}
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:298
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:86

References Botan::HashFunction::create_or_throw(), Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::unlock(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 19 of file asn1_obj.cpp.

19 {
20 std::vector<uint8_t> output;
21 DER_Encoder der(output);
22 this->encode_into(der);
23 return output;
24}
virtual void encode_into(DER_Encoder &to) const =0

References encode_into().

Referenced by decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), Botan::PSS_Params::PSS_Params(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ decode_from()

void Botan::OCSP::CertID::decode_from ( BER_Decoder & from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 61 of file ocsp_types.cpp.

61 {
62 from.start_sequence()
63 .decode(m_hash_id)
64 .decode(m_issuer_dn_hash, ASN1_Type::OctetString)
65 .decode(m_issuer_key_hash, ASN1_Type::OctetString)
66 .decode(m_subject_serial)
67 .end_cons();
68}

References Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::OctetString, and Botan::BER_Decoder::start_sequence().

Referenced by CertID().

◆ encode_into()

void Botan::OCSP::CertID::encode_into ( DER_Encoder & to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 52 of file ocsp_types.cpp.

52 {
53 to.start_sequence()
54 .encode(m_hash_id)
55 .encode(m_issuer_dn_hash, ASN1_Type::OctetString)
56 .encode(m_issuer_key_hash, ASN1_Type::OctetString)
57 .encode(m_subject_serial)
58 .end_cons();
59}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OctetString, and Botan::DER_Encoder::start_sequence().

Referenced by CertID().

◆ is_id_for()

bool Botan::OCSP::CertID::is_id_for ( const X509_Certificate & issuer,
const X509_Certificate & subject ) const

Definition at line 29 of file ocsp_types.cpp.

29 {
30 try {
31 if(BigInt::from_bytes(subject.serial_number()) != m_subject_serial) {
32 return false;
33 }
34
35 const std::string hash_algo = m_hash_id.oid().to_formatted_string();
36 auto hash = HashFunction::create_or_throw(hash_algo);
37
38 if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) {
39 return false;
40 }
41
42 if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring()))) {
43 return false;
44 }
45 } catch(...) {
46 return false;
47 }
48
49 return true;
50}
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:87

References Botan::HashFunction::create_or_throw(), Botan::BigInt::from_bytes(), Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::serial_number(), Botan::X509_Certificate::subject_public_key_bitstring(), and Botan::unlock().

Referenced by CertID().

◆ issuer_key_hash()

const std::vector< uint8_t > & Botan::OCSP::CertID::issuer_key_hash ( ) const
inline

Definition at line 37 of file ocsp.h.

37{ return m_issuer_key_hash; }

The documentation for this class was generated from the following files: