Botan 3.10.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Certificate_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_12:
Botan::TLS::Handshake_Message

Public Member Functions

const std::vector< X509_Certificate > & cert_chain () const
 Certificate_12 (const std::vector< uint8_t > &buf, const Policy &policy)
 Certificate_12 (Handshake_IO &io, Handshake_Hash &hash, const std::vector< X509_Certificate > &certs)
size_t count () const
bool empty () const
std::vector< uint8_t > serialize () const override
Handshake_Type type () const override
std::string type_string () const
virtual Handshake_Type wire_type () const

Detailed Description

Certificate Message of TLS 1.2

Definition at line 522 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_12() [1/2]

Botan::TLS::Certificate_12::Certificate_12 ( Handshake_IO & io,
Handshake_Hash & hash,
const std::vector< X509_Certificate > & cert_list )

Create a new Certificate message

Definition at line 23 of file msg_certificate_12.cpp.

23 :
24 m_certs(cert_list) {
25 hash.update(io.send(*this));
26}

References Botan::TLS::Handshake_IO::send(), and Botan::TLS::Handshake_Hash::update().

◆ Certificate_12() [2/2]

Botan::TLS::Certificate_12::Certificate_12 ( const std::vector< uint8_t > & buf,
const Policy & policy )

Deserialize a Certificate message

Definition at line 31 of file msg_certificate_12.cpp.

31 {
32 if(buf.size() < 3) {
33 throw Decoding_Error("Certificate: Message malformed");
34 }
35
36 const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
37
38 if(total_size != buf.size() - 3) {
39 throw Decoding_Error("Certificate: Message malformed");
40 }
41
42 const size_t max_size = policy.maximum_certificate_chain_size();
43 if(max_size > 0 && total_size > max_size) {
44 throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
45 }
46
47 const uint8_t* certs = buf.data() + 3;
48
49 while(size_t remaining_bytes = buf.data() + buf.size() - certs) {
50 if(remaining_bytes < 3) {
51 throw Decoding_Error("Certificate: Message malformed");
52 }
53
54 const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
55
56 if(remaining_bytes < (3 + cert_size)) {
57 throw Decoding_Error("Certificate: Message malformed");
58 }
59
60 DataSource_Memory cert_buf(&certs[3], cert_size);
61 m_certs.push_back(X509_Certificate(cert_buf));
62
63 certs += cert_size + 3;
64 }
65
66 /*
67 * TLS 1.0 through 1.2 all seem to require that the certificate be
68 * precisely a v3 certificate. In fact the strict wording would seem
69 * to require that every certificate in the chain be v3. But often
70 * the intermediates are outside of the control of the server.
71 * But, require that the leaf certificate be v3
72 */
73 if(!m_certs.empty() && m_certs[0].x509_version() != 3) {
74 throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3");
75 }
76}
Botan::make_uint32
constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition loadstor.h:104

References Botan::make_uint32(), and Botan::TLS::Policy::maximum_certificate_chain_size().

Member Function Documentation

◆ cert_chain()

const std::vector< X509_Certificate > & Botan::TLS::Certificate_12::cert_chain ( ) const
inline

Definition at line 526 of file tls_messages.h.

526{ return m_certs; }

◆ count()

size_t Botan::TLS::Certificate_12::count ( ) const
inline

Definition at line 528 of file tls_messages.h.

528{ return m_certs.size(); }

◆ empty()

bool Botan::TLS::Certificate_12::empty ( ) const
inline

Definition at line 530 of file tls_messages.h.

530{ return m_certs.empty(); }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_12::serialize ( ) const
overridevirtual

Serialize a Certificate message

Implements Botan::TLS::Handshake_Message.

Definition at line 81 of file msg_certificate_12.cpp.

81 {
82 std::vector<uint8_t> buf(3);
83
84 for(const auto& cert : m_certs) {
85 const auto raw_cert = cert.BER_encode();
86 const size_t cert_size = raw_cert.size();
87 for(size_t j = 0; j != 3; ++j) {
88 buf.push_back(get_byte_var(j + 1, static_cast<uint32_t>(cert_size)));
89 }
90 buf += raw_cert;
91 }
92
93 const size_t buf_size = buf.size() - 3;
94 for(size_t i = 0; i != 3; ++i) {
95 buf[i] = get_byte_var(i + 1, static_cast<uint32_t>(buf_size));
96 }
97
98 return buf;
99}
Botan::get_byte_var
constexpr uint8_t get_byte_var(size_t byte_num, T input)
Definition loadstor.h:69

References Botan::get_byte_var().

◆ type()

Handshake_Type Botan::TLS::Certificate_12::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 524 of file tls_messages.h.

524{ return Handshake_Type::Certificate; }

References Botan::TLS::Certificate.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 18 of file tls_handshake_state.cpp.

18 {
19 return handshake_type_to_string(type());
20}
Botan::TLS::Handshake_Message::type
virtual Handshake_Type type() const =0
Botan::TLS::handshake_type_to_string
const char * handshake_type_to_string(Handshake_Type type)
Definition tls_handshake_state.cpp:22

References Botan::TLS::handshake_type_to_string(), and type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

References type().

Referenced by Botan::TLS::Stream_Handshake_IO::send().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0