Botan::TLS::Certificate_13::Certificate_Entry Class Reference
#include <tls_messages.h>
Public Member Functions | |
| const X509_Certificate & | certificate () const |
| Certificate_Entry (std::shared_ptr< Public_Key > raw_public_key) | |
| Certificate_Entry (TLS_Data_Reader &reader, Connection_Side side, Certificate_Type cert_type) | |
| Certificate_Entry (X509_Certificate cert) | |
| Extensions & | extensions () |
| const Extensions & | extensions () const |
| bool | has_certificate () const |
| std::shared_ptr< const Public_Key > | public_key () const |
| std::vector< uint8_t > | serialize () const |
Detailed Description
Definition at line 551 of file tls_messages.h.
Constructor & Destructor Documentation
◆ Certificate_Entry() [1/3]
| Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry | ( | TLS_Data_Reader & | reader, |
| Connection_Side | side, | ||
| Certificate_Type | cert_type ) |
Definition at line 261 of file msg_certificate_13.cpp.
263 {
264 switch(cert_type) {
266 // RFC 8446 4.2.2
267 // [...] each CertificateEntry contains a DER-encoded X.509
268 // certificate.
269 m_certificate = X509_Certificate(reader.get_tls_length_value(3));
270 m_raw_public_key = m_certificate->subject_public_key();
271 break;
273 // RFC 7250 3.
274 // This specification uses raw public keys whereby the already
275 // available encoding used in a PKIX certificate in the form of a
276 // SubjectPublicKeyInfo structure is reused.
277 m_raw_public_key = X509::load_key(reader.get_tls_length_value(3));
278 break;
279 default:
280 throw TLS_Exception(Alert::InternalError, "Unknown certificate type");
281 }
282
283 // Extensions are simply tacked at the end of the certificate entry. This
284 // is a departure from the typical "tag-length-value" in a sense that the
285 // Extensions deserializer needs the length value of the extensions.
286 const auto extensions_length = reader.peek_uint16_t();
287 const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
288 TLS_Data_Reader exts_reader("extensions reader", exts_buf);
289 m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate);
290
292 // RFC 8446 4.4.2
293 // Valid extensions for server certificates at present include the
294 // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
295 // extension [RFC6962]; future extensions may be defined for this
296 // message as well.
297 //
298 // RFC 8446 4.4.2.1
299 // A server MAY request that a client present an OCSP response with its
300 // certificate by sending an empty "status_request" extension in its
301 // CertificateRequest message.
302 if(m_extensions.contains_implemented_extensions_other_than({
303 Extension_Code::CertificateStatusRequest,
304 // Extension_Code::SignedCertificateTimestamp
305 })) {
306 throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
307 }
308 } else if(m_extensions.contains_implemented_extensions_other_than({})) {
309 throw TLS_Exception(
310 Alert::IllegalParameter,
311 "Certificate Entry holding something else than a certificate contained unexpected extensions");
312 }
313}
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
References Botan::TLS::Certificate, Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::X509::load_key(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), Botan::TLS::RawPublicKey, and Botan::TLS::X509.
◆ Certificate_Entry() [2/3]
|
explicit |
Definition at line 315 of file msg_certificate_13.cpp.
315 :
316 m_certificate(std::move(cert)), m_raw_public_key(m_certificate->subject_public_key()) {}
◆ Certificate_Entry() [3/3]
|
explicit |
Definition at line 318 of file msg_certificate_13.cpp.
318 :
319 m_certificate(std::nullopt), m_raw_public_key(std::move(raw_public_key)) {
320 BOTAN_ASSERT_NONNULL(m_raw_public_key);
321}
References BOTAN_ASSERT_NONNULL.
Member Function Documentation
◆ certificate()
| const X509_Certificate & Botan::TLS::Certificate_13::Certificate_Entry::certificate | ( | ) | const |
Definition at line 323 of file msg_certificate_13.cpp.
323 {
325 return m_certificate.value();
326}
bool has_certificate() const
Definition tls_messages.h:557
References BOTAN_STATE_CHECK, and has_certificate().
◆ extensions() [1/2]
|
inline |
Definition at line 564 of file tls_messages.h.
564{ return m_extensions; }
◆ extensions() [2/2]
|
inline |
Definition at line 566 of file tls_messages.h.
566{ return m_extensions; }
◆ has_certificate()
|
inline |
Definition at line 557 of file tls_messages.h.
557{ return m_certificate.has_value(); }
Referenced by certificate(), and serialize().
◆ public_key()
| std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::Certificate_Entry::public_key | ( | ) | const |
Definition at line 328 of file msg_certificate_13.cpp.
References BOTAN_ASSERT_NONNULL.
◆ serialize()
| std::vector< uint8_t > Botan::TLS::Certificate_13::Certificate_Entry::serialize | ( | ) | const |
Definition at line 333 of file msg_certificate_13.cpp.
References Botan::X509::BER_encode(), and has_certificate().
The documentation for this class was generated from the following files:
- src/lib/tls/tls_messages.h
- src/lib/tls/tls13/msg_certificate_13.cpp
Generated by
1.15.0