Botan 3.7.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Certificate_12 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_12:
Botan::TLS::Handshake_Message

Public Member Functions

const std::vector< X509_Certificate > & cert_chain () const
 
 Certificate_12 (const std::vector< uint8_t > &buf, const Policy &policy)
 
 Certificate_12 (Handshake_IO &io, Handshake_Hash &hash, const std::vector< X509_Certificate > &certs)
 
size_t count () const
 
bool empty () const
 
std::vector< uint8_t > serialize () const override
 
Handshake_Type type () const override
 
std::string type_string () const
 
virtual Handshake_Type wire_type () const
 

Detailed Description

Certificate Message of TLS 1.2

Definition at line 522 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_12() [1/2]

Botan::TLS::Certificate_12::Certificate_12 ( Handshake_IO & io,
Handshake_Hash & hash,
const std::vector< X509_Certificate > & cert_list )

Create a new Certificate message

Definition at line 24 of file msg_certificate_12.cpp.

24 :
25 m_certs(cert_list) {
26 hash.update(io.send(*this));
27}

References Botan::TLS::Handshake_IO::send(), and Botan::TLS::Handshake_Hash::update().

◆ Certificate_12() [2/2]

Botan::TLS::Certificate_12::Certificate_12 ( const std::vector< uint8_t > & buf,
const Policy & policy )

Deserialize a Certificate message

Definition at line 32 of file msg_certificate_12.cpp.

32 {
33 if(buf.size() < 3) {
34 throw Decoding_Error("Certificate: Message malformed");
35 }
36
37 const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]);
38
39 if(total_size != buf.size() - 3) {
40 throw Decoding_Error("Certificate: Message malformed");
41 }
42
43 const size_t max_size = policy.maximum_certificate_chain_size();
44 if(max_size > 0 && total_size > max_size) {
45 throw Decoding_Error("Certificate chain exceeds policy specified maximum size");
46 }
47
48 const uint8_t* certs = buf.data() + 3;
49
50 while(size_t remaining_bytes = buf.data() + buf.size() - certs) {
51 if(remaining_bytes < 3) {
52 throw Decoding_Error("Certificate: Message malformed");
53 }
54
55 const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]);
56
57 if(remaining_bytes < (3 + cert_size)) {
58 throw Decoding_Error("Certificate: Message malformed");
59 }
60
61 DataSource_Memory cert_buf(&certs[3], cert_size);
62 m_certs.push_back(X509_Certificate(cert_buf));
63
64 certs += cert_size + 3;
65 }
66
67 /*
68 * TLS 1.0 through 1.2 all seem to require that the certificate be
69 * precisely a v3 certificate. In fact the strict wording would seem
70 * to require that every certificate in the chain be v3. But often
71 * the intermediates are outside of the control of the server.
72 * But, require that the leaf certificate be v3
73 */
74 if(!m_certs.empty() && m_certs[0].x509_version() != 3) {
75 throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3");
76 }
77}
Botan::make_uint32
constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3)
Definition loadstor.h:100

References Botan::make_uint32(), and Botan::TLS::Policy::maximum_certificate_chain_size().

Member Function Documentation

◆ cert_chain()

const std::vector< X509_Certificate > & Botan::TLS::Certificate_12::cert_chain ( ) const
inline

Definition at line 526 of file tls_messages.h.

526{ return m_certs; }

◆ count()

size_t Botan::TLS::Certificate_12::count ( ) const
inline

Definition at line 528 of file tls_messages.h.

528{ return m_certs.size(); }

◆ empty()

bool Botan::TLS::Certificate_12::empty ( ) const
inline

Definition at line 530 of file tls_messages.h.

530{ return m_certs.empty(); }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_12::serialize ( ) const
overridevirtual

Serialize a Certificate message

Implements Botan::TLS::Handshake_Message.

Definition at line 82 of file msg_certificate_12.cpp.

82 {
83 std::vector<uint8_t> buf(3);
84
85 for(const auto& cert : m_certs) {
86 const auto raw_cert = cert.BER_encode();
87 const size_t cert_size = raw_cert.size();
88 for(size_t j = 0; j != 3; ++j) {
89 buf.push_back(get_byte_var(j + 1, static_cast<uint32_t>(cert_size)));
90 }
91 buf += raw_cert;
92 }
93
94 const size_t buf_size = buf.size() - 3;
95 for(size_t i = 0; i != 3; ++i) {
96 buf[i] = get_byte_var(i + 1, static_cast<uint32_t>(buf_size));
97 }
98
99 return buf;
100}
Botan::get_byte_var
constexpr uint8_t get_byte_var(size_t byte_num, T input)
Definition loadstor.h:65

References Botan::get_byte_var().

◆ type()

Handshake_Type Botan::TLS::Certificate_12::type ( ) const
inlineoverridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 524 of file tls_messages.h.

524{ return Handshake_Type::Certificate; }

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
20 return handshake_type_to_string(type());
21}
Botan::TLS::Handshake_Message::type
virtual Handshake_Type type() const =0
Botan::TLS::handshake_type_to_string
const char * handshake_type_to_string(Handshake_Type type)
Definition tls_handshake_state.cpp:23

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0