Botan 3.12.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Certificate_13::Certificate_Entry Class Reference

#include <tls_messages_13.h>

Public Member Functions

const X509_Certificatecertificate () const
 Certificate_Entry (Certificate_Entry &&other) noexcept
 Certificate_Entry (const Certificate_Entry &other)=delete
 Certificate_Entry (const X509_Certificate &cert)
 Certificate_Entry (std::shared_ptr< Public_Key > raw_public_key)
 Certificate_Entry (TLS_Data_Reader &reader, Connection_Side side, Certificate_Type cert_type)
Extensionsextensions ()
const Extensionsextensions () const
bool has_certificate () const
Certificate_Entryoperator= (Certificate_Entry &&other) noexcept
Certificate_Entryoperator= (const Certificate_Entry &other)=delete
std::shared_ptr< const Public_Keypublic_key () const
std::vector< uint8_t > serialize () const
 ~Certificate_Entry ()

Detailed Description

Definition at line 172 of file tls_messages_13.h.

Constructor & Destructor Documentation

◆ Certificate_Entry() [1/5]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( TLS_Data_Reader & reader,
Connection_Side side,
Certificate_Type cert_type )

Definition at line 272 of file msg_certificate_13.cpp.

274 {
275 if(cert_type == Certificate_Type::X509) {
276 // RFC 8446 4.2.2
277 // [...] each CertificateEntry contains a DER-encoded X.509
278 // certificate.
279 const auto cert_bytes = reader.get_tls_length_value(3);
280 try {
281 m_certificate = std::make_unique<X509_Certificate>(cert_bytes);
282 m_raw_public_key = m_certificate->subject_public_key();
283 } catch(Exception& e) {
284 // bad_certificate would make more sense but BoGo expects decoding_error
285 throw TLS_Exception(Alert::DecodeError, e.what());
286 }
287 } else if(cert_type == Certificate_Type::RawPublicKey) {
288 // RFC 7250 3.
289 // This specification uses raw public keys whereby the already
290 // available encoding used in a PKIX certificate in the form of a
291 // SubjectPublicKeyInfo structure is reused.
292 try {
293 m_raw_public_key = X509::load_key(reader.get_tls_length_value(3));
294 } catch(Exception& e) {
295 throw TLS_Exception(Alert::DecodeError, e.what());
296 }
297 } else {
298 throw TLS_Exception(Alert::InternalError, "Unknown certificate type");
299 }
300
301 // Extensions are simply tacked at the end of the certificate entry. This
302 // is a departure from the typical "tag-length-value" in a sense that the
303 // Extensions deserializer needs the length value of the extensions.
304 const size_t extensions_length = reader.peek_uint16_t();
305 const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
306 TLS_Data_Reader exts_reader("extensions reader", exts_buf);
307 m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate);
308
309 if(cert_type == Certificate_Type::X509) {
310 // RFC 8446 4.4.2
311 // Valid extensions for server certificates at present include the
312 // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
313 // extension [RFC6962]; future extensions may be defined for this
314 // message as well.
315 //
316 // RFC 8446 4.4.2.1
317 // A server MAY request that a client present an OCSP response with its
318 // certificate by sending an empty "status_request" extension in its
319 // CertificateRequest message.
320 if(m_extensions.contains_implemented_extensions_other_than({
321 Extension_Code::CertificateStatusRequest,
322 // Extension_Code::SignedCertificateTimestamp
323 })) {
324 throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
325 }
326 } else if(m_extensions.contains_implemented_extensions_other_than({})) {
327 throw TLS_Exception(
328 Alert::IllegalParameter,
329 "Certificate Entry holding something else than a certificate contained unexpected extensions");
330 }
331}
Botan::X509::load_key
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28

References Botan::TLS::Certificate, Certificate_Entry(), Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::X509::load_key(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), Botan::TLS::RawPublicKey, Botan::Exception::what(), and Botan::TLS::X509.

Referenced by Certificate_Entry(), Certificate_Entry(), Certificate_Entry(), Certificate_Entry(), operator=(), and operator=().

◆ Certificate_Entry() [2/5]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( const X509_Certificate & cert)
explicit

Definition at line 339 of file msg_certificate_13.cpp.

339 :
340 m_certificate(std::make_unique<X509_Certificate>(cert)), m_raw_public_key(m_certificate->subject_public_key()) {}

References Certificate_Entry().

◆ Certificate_Entry() [3/5]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( std::shared_ptr< Public_Key > raw_public_key)
explicit

Definition at line 342 of file msg_certificate_13.cpp.

342 :
343 m_raw_public_key(std::move(raw_public_key)) {
344 BOTAN_ASSERT_NONNULL(m_raw_public_key);
345}
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:114

References BOTAN_ASSERT_NONNULL.

◆ Certificate_Entry() [4/5]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( const Certificate_Entry & other)
delete

References Certificate_Entry().

◆ Certificate_Entry() [5/5]

Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry ( Certificate_Entry && other)
defaultnoexcept

References Certificate_Entry().

◆ ~Certificate_Entry()

Botan::TLS::Certificate_13::Certificate_Entry::~Certificate_Entry ( )
default

Member Function Documentation

◆ certificate()

const X509_Certificate & Botan::TLS::Certificate_13::Certificate_Entry::certificate ( ) const

Definition at line 347 of file msg_certificate_13.cpp.

347 {
348 BOTAN_STATE_CHECK(has_certificate());
349 return *m_certificate;
350}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
Botan::TLS::Certificate_13::Certificate_Entry::has_certificate
bool has_certificate() const
Definition tls_messages_13.h:178

References BOTAN_STATE_CHECK, and has_certificate().

◆ extensions() [1/2]

Extensions & Botan::TLS::Certificate_13::Certificate_Entry::extensions ( )
inline

Definition at line 185 of file tls_messages_13.h.

185{ return m_extensions; }

◆ extensions() [2/2]

const Extensions & Botan::TLS::Certificate_13::Certificate_Entry::extensions ( ) const
inline

Definition at line 187 of file tls_messages_13.h.

187{ return m_extensions; }

◆ has_certificate()

bool Botan::TLS::Certificate_13::Certificate_Entry::has_certificate ( ) const
inline

Definition at line 178 of file tls_messages_13.h.

178{ return m_certificate != nullptr; }

Referenced by certificate(), and serialize().

◆ operator=() [1/2]

Certificate_13::Certificate_Entry & Botan::TLS::Certificate_13::Certificate_Entry::operator= ( Certificate_Entry && other)
defaultnoexcept

References Certificate_Entry().

◆ operator=() [2/2]

Certificate_Entry & Botan::TLS::Certificate_13::Certificate_Entry::operator= ( const Certificate_Entry & other)
delete

References Certificate_Entry().

◆ public_key()

std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::Certificate_Entry::public_key ( ) const

Definition at line 352 of file msg_certificate_13.cpp.

352 {
353 BOTAN_ASSERT_NONNULL(m_raw_public_key);
354 return m_raw_public_key;
355}

References BOTAN_ASSERT_NONNULL.

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_13::Certificate_Entry::serialize ( ) const

Definition at line 357 of file msg_certificate_13.cpp.

357 {
358 return (has_certificate()) ? m_certificate->BER_encode() : X509::BER_encode(*m_raw_public_key);
359}
Botan::X509::BER_encode
std::vector< uint8_t > BER_encode(const Public_Key &key)
Definition x509_key.h:24

References Botan::X509::BER_encode(), and has_certificate().

The documentation for this class was generated from the following files:
Generated by doxygen 1.16.1