Botan::TLS::Certificate_12 Class Reference

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_12:

Public Member Functions
const std::vector< X509_Certificate > &	cert_chain () const
	Certificate_12 (const std::vector< uint8_t > &buf, const Policy &policy)
	Certificate_12 (Handshake_IO &io, Handshake_Hash &hash, const std::vector< X509_Certificate > &certs)
size_t	count () const
bool	empty () const
std::vector< uint8_t >	serialize () const override
Handshake_Type	type () const override
std::string	type_string () const
virtual Handshake_Type	wire_type () const

Detailed Description

Certificate Message of TLS 1.2

Definition at line 522 of file tls_messages.h.

Constructor & Destructor Documentation

Certificate_12() [1/2]

Botan::TLS::Certificate_12::Certificate_12	(	Handshake_IO &	io,
		Handshake_Hash &	hash,
		const std::vector< X509_Certificate > &	cert_list )

Create a new Certificate message

Definition at line 24 of file msg_certificate_12.cpp.

                                                                                                                   :
      m_certs(cert_list) {
   hash.update(io.send(*this));
}

References Botan::TLS::Handshake_IO::send(), and Botan::TLS::Handshake_Hash::update().

Certificate_12() [2/2]

Botan::TLS::Certificate_12::Certificate_12	(	const std::vector< uint8_t > &	buf,
		const Policy &	policy )

Deserialize a Certificate message

Definition at line 32 of file msg_certificate_12.cpp.

                                                                                  {
   if(buf.size() < 3) {
      throw Decoding_Error("Certificate: Message malformed");
   }
 
   const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
 
   if(total_size != buf.size() - 3) {
      throw Decoding_Error("Certificate: Message malformed");
   }
 
   const size_t max_size = policy.maximum_certificate_chain_size();
   if(max_size > 0 && total_size > max_size) {
      throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
   }
 
   const uint8_t* certs = buf.data() + 3;
 
   while(size_t remaining_bytes = buf.data() + buf.size() - certs) {
      if(remaining_bytes < 3) {
         throw Decoding_Error("Certificate: Message malformed");
      }
 
      const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
 
      if(remaining_bytes < (3 + cert_size)) {
         throw Decoding_Error("Certificate: Message malformed");
      }
 
      DataSource_Memory cert_buf(&certs[3], cert_size);
      m_certs.push_back(X509_Certificate(cert_buf));
 
      certs += cert_size + 3;
   }
 
   /*
   * TLS 1.0 through 1.2 all seem to require that the certificate be
   * precisely a v3 certificate. In fact the strict wording would seem
   * to require that every certificate in the chain be v3. But often
   * the intermediates are outside of the control of the server.
   * But, require that the leaf certificate be v3
   */
   if(!m_certs.empty() && m_certs[0].x509_version() != 3) {
      throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3");
   }
}

References Botan::make_uint32(), and Botan::TLS::Policy::maximum_certificate_chain_size().

Member Function Documentation

cert_chain()

const std::vector< X509_Certificate > & Botan::TLS::Certificate_12::cert_chain ( ) const

inline

Definition at line 526 of file tls_messages.h.

{ return m_certs; }

count()

size_t Botan::TLS::Certificate_12::count ( ) const

inline

Definition at line 528 of file tls_messages.h.

{ return m_certs.size(); }

empty()

bool Botan::TLS::Certificate_12::empty ( ) const

inline

Definition at line 530 of file tls_messages.h.

{ return m_certs.empty(); }

serialize()

std::vector< uint8_t > Botan::TLS::Certificate_12::serialize ( ) const

overridevirtual

Serialize a Certificate message

Implements Botan::TLS::Handshake_Message.

Definition at line 82 of file msg_certificate_12.cpp.

                                                   {
   std::vector<uint8_t> buf(3);
 
   for(const auto& cert : m_certs) {
      const auto raw_cert = cert.BER_encode();
      const size_t cert_size = raw_cert.size();
      for(size_t j = 0; j != 3; ++j) {
         buf.push_back(get_byte_var(j + 1, static_cast<uint32_t>(cert_size)));
      }
      buf += raw_cert;
   }
 
   const size_t buf_size = buf.size() - 3;
   for(size_t i = 0; i != 3; ++i) {
      buf[i] = get_byte_var(i + 1, static_cast<uint32_t>(buf_size));
   }
 
   return buf;
}

References Botan::get_byte_var().

type()

Handshake_Type Botan::TLS::Certificate_12::type ( ) const

inlineoverridevirtual

Returns

the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 524 of file tls_messages.h.

{ return Handshake_Type::Certificate; }

References Botan::TLS::Certificate.

type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const

inherited

Returns

string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

                                               {
   return handshake_type_to_string(type());
}

References Botan::TLS::handshake_type_to_string(), and type().

wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const

inlinevirtualinherited

Returns

the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

                                               {
         // Usually equal to the Handshake_Type enum value,
         // with the exception of TLS 1.3 Hello Retry Request.
         return type();
      }

References type().

Referenced by Botan::TLS::Stream_Handshake_IO::send().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls_messages.h
• src/lib/tls/tls12/msg_certificate_12.cpp