Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Certificate_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_12:
Botan::TLS::Handshake_Message

Public Member Functions

const std::vector< X509_Certificate > & cert_chain () const
 
 Certificate_12 (const std::vector< uint8_t > &buf, const Policy &policy)
 
 Certificate_12 (Handshake_IO &io, Handshake_Hash &hash, const std::vector< X509_Certificate > &certs)
 
size_t count () const
 
bool empty () const
 
std::vector< uint8_t > serialize () const override
 
Handshake_Type type () const override
 
std::string type_string () const
 
virtual Handshake_Type wire_type () const
 

Detailed Description

Certificate Message of TLS 1.2

Definition at line 467 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_12() [1/2]

Botan::TLS::Certificate_12::Certificate_12 ( Handshake_IO io,
Handshake_Hash hash,
const std::vector< X509_Certificate > &  cert_list 
)

Create a new Certificate message

Definition at line 23 of file msg_certificate_12.cpp.

25 :
26 m_certs(cert_list)
27 {
28 hash.update(io.send(*this));
29 }
hash
MechanismType hash
Definition: p11_mechanism.cpp:67

References hash, and Botan::TLS::Handshake_IO::send().

◆ Certificate_12() [2/2]

Botan::TLS::Certificate_12::Certificate_12 ( const std::vector< uint8_t > &  buf,
const Policy policy 
)

Deserialize a Certificate message

Definition at line 34 of file msg_certificate_12.cpp.

35 {
36 if(buf.size() < 3)
37 throw Decoding_Error("Certificate: Message malformed");
38
39 const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
40
41 if(total_size != buf.size() - 3)
42 throw Decoding_Error("Certificate: Message malformed");
43
44 const size_t max_size = policy.maximum_certificate_chain_size();
45 if(max_size > 0 && total_size > max_size)
46 throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
47
48 const uint8_t* certs = buf.data() + 3;
49
50 while(size_t remaining_bytes = buf.data() + buf.size() - certs)
51 {
52 if(remaining_bytes < 3)
53 throw Decoding_Error("Certificate: Message malformed");
54
55 const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
56
57 if(remaining_bytes < (3 + cert_size))
58 throw Decoding_Error("Certificate: Message malformed");
59
60 DataSource_Memory cert_buf(&certs[3], cert_size);
61 m_certs.push_back(X509_Certificate(cert_buf));
62
63 certs += cert_size + 3;
64 }
65
66 /*
67 * TLS 1.0 through 1.2 all seem to require that the certificate be
68 * precisely a v3 certificate. In fact the strict wording would seem
69 * to require that every certificate in the chain be v3. But often
70 * the intermediates are outside of the control of the server.
71 * But, require that the leaf certificate be v3
72 */
73 if(!m_certs.empty() && m_certs[0].x509_version() != 3)
74 {
75 throw TLS_Exception(Alert::BAD_CERTIFICATE,
76 "The leaf certificate must be v3");
77 }
78 }
Botan::make_uint32
constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition: loadstor.h:78

References Botan::TLS::Alert::BAD_CERTIFICATE, Botan::make_uint32(), and Botan::TLS::Policy::maximum_certificate_chain_size().

Member Function Documentation

◆ cert_chain()

const std::vector< X509_Certificate > & Botan::TLS::Certificate_12::cert_chain ( ) const
inline

Definition at line 471 of file tls_messages.h.

471{ return m_certs; }

◆ count()

size_t Botan::TLS::Certificate_12::count ( ) const
inline

Definition at line 473 of file tls_messages.h.

473{ return m_certs.size(); }

◆ empty()

bool Botan::TLS::Certificate_12::empty ( ) const
inline

Definition at line 474 of file tls_messages.h.

474{ return m_certs.empty(); }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_12::serialize ( ) const
overridevirtual

Serialize a Certificate message

Implements Botan::TLS::Handshake_Message.

Definition at line 83 of file msg_certificate_12.cpp.

84 {
85 std::vector<uint8_t> buf(3);
86
87 for(const auto& cert : m_certs)
88 {
89 const auto raw_cert = cert.BER_encode();
90 const size_t cert_size = raw_cert.size();
91 for(size_t j = 0; j != 3; ++j)
92 {
93 buf.push_back(get_byte_var(j+1, static_cast<uint32_t>(cert_size)));
94 }
95 buf += raw_cert;
96 }
97
98 const size_t buf_size = buf.size() - 3;
99 for(size_t i = 0; i != 3; ++i)
100 buf[i] = get_byte_var(i+1, static_cast<uint32_t>(buf_size));
101
102 return buf;
103 }
Botan::get_byte_var
constexpr uint8_t get_byte_var(size_t byte_num, T input)
Definition: loadstor.h:39

References Botan::get_byte_var().

◆ type()

Handshake_Type Botan::TLS::Certificate_12::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 470 of file tls_messages.h.

470{ return CERTIFICATE; }
Botan::TLS::CERTIFICATE
@ CERTIFICATE
Definition: tls_magic.h:73

References Botan::TLS::CERTIFICATE.

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 18 of file tls_handshake_state.cpp.

19 {
20 return handshake_type_to_string(type());
21 }
Botan::TLS::Handshake_Message::type
virtual Handshake_Type type() const =0
Botan::TLS::handshake_type_to_string
const char * handshake_type_to_string(Handshake_Type type)
Definition: tls_handshake_state.cpp:23

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Definition at line 42 of file tls_handshake_msg.h.

43 {
44 // Usually equal to the Handshake_Type enum value,
45 // with the exception of TLS 1.3 Hello Retry Request.
46 return type();
47 }

References type.

Referenced by Botan::TLS::Stream_Handshake_IO::send().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.3