Botan  2.15.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::OCSP::CertID Class Referencefinal

#include <ocsp_types.h>

Inheritance diagram for Botan::OCSP::CertID:
Botan::ASN1_Object

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
 CertID ()=default
 
 CertID (const X509_Certificate &issuer, const BigInt &subject_serial)
 
void decode_from (class BER_Decoder &from) override
 
void encode_into (class DER_Encoder &to) const override
 
bool is_id_for (const X509_Certificate &issuer, const X509_Certificate &subject) const
 
const std::vector< uint8_t > & issuer_key_hash () const
 

Detailed Description

Definition at line 19 of file ocsp_types.h.

Constructor & Destructor Documentation

◆ CertID() [1/2]

Botan::OCSP::CertID::CertID ( )
default

◆ CertID() [2/2]

Botan::OCSP::CertID::CertID ( const X509_Certificate issuer,
const BigInt subject_serial 
)

Definition at line 18 of file ocsp_types.cpp.

References Botan::HashFunction::create_or_throw(), hash, Botan::X509_Certificate::raw_subject_dn(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::unlock(), and Botan::AlgorithmIdentifier::USE_NULL_PARAM.

20  {
21  /*
22  In practice it seems some responders, including, notably,
23  ocsp.verisign.com, will reject anything but SHA-1 here
24  */
25  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-160"));
26 
27  m_hash_id = AlgorithmIdentifier(hash->name(), AlgorithmIdentifier::USE_NULL_PARAM);
28  m_issuer_key_hash = unlock(hash->process(issuer.subject_public_key_bitstring()));
29  m_issuer_dn_hash = unlock(hash->process(issuer.raw_subject_dn()));
30  m_subject_serial = subject_serial;
31  }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:344
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
MechanismType hash

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 16 of file asn1_obj.cpp.

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSSR::config_for_x509(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

17  {
18  std::vector<uint8_t> output;
19  DER_Encoder der(output);
20  this->encode_into(der);
21  return output;
22  }
virtual void encode_into(DER_Encoder &to) const =0

◆ decode_from()

void Botan::OCSP::CertID::decode_from ( class BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 68 of file ocsp_types.cpp.

References Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().

69  {
70  from.start_cons(SEQUENCE)
71  .decode(m_hash_id)
72  .decode(m_issuer_dn_hash, OCTET_STRING)
73  .decode(m_issuer_key_hash, OCTET_STRING)
74  .decode(m_subject_serial)
75  .end_cons();
76 
77  }

◆ encode_into()

void Botan::OCSP::CertID::encode_into ( class DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 58 of file ocsp_types.cpp.

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

59  {
60  to.start_cons(SEQUENCE)
61  .encode(m_hash_id)
62  .encode(m_issuer_dn_hash, OCTET_STRING)
63  .encode(m_issuer_key_hash, OCTET_STRING)
64  .encode(m_subject_serial)
65  .end_cons();
66  }

◆ is_id_for()

bool Botan::OCSP::CertID::is_id_for ( const X509_Certificate issuer,
const X509_Certificate subject 
) const

Definition at line 33 of file ocsp_types.cpp.

References Botan::HashFunction::create_or_throw(), Botan::BigInt::decode(), Botan::AlgorithmIdentifier::get_oid(), hash, hash_algo, Botan::X509_Certificate::raw_issuer_dn(), Botan::X509_Certificate::serial_number(), Botan::X509_Certificate::subject_public_key_bitstring(), Botan::OID::to_formatted_string(), and Botan::unlock().

35  {
36  try
37  {
38  if(BigInt::decode(subject.serial_number()) != m_subject_serial)
39  return false;
40 
41  const std::string hash_algo = m_hash_id.get_oid().to_formatted_string();
42  std::unique_ptr<HashFunction> hash = HashFunction::create_or_throw(hash_algo);
43 
44  if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn())))
45  return false;
46 
47  if(m_issuer_key_hash != unlock(hash->process(issuer.subject_public_key_bitstring())))
48  return false;
49  }
50  catch(...)
51  {
52  return false;
53  }
54 
55  return true;
56  }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:344
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:72
std::string to_formatted_string() const
Definition: asn1_oid.cpp:110
static BigInt decode(const uint8_t buf[], size_t length)
Definition: bigint.h:805
const OID & get_oid() const
Definition: alg_id.h:37
MechanismType hash

◆ issuer_key_hash()

const std::vector<uint8_t>& Botan::OCSP::CertID::issuer_key_hash ( ) const
inline

Definition at line 34 of file ocsp_types.h.

34 { return m_issuer_key_hash; }

The documentation for this class was generated from the following files: