Botan::TLS::Certificate_13::Certificate_Entry Class Reference
#include <tls_messages.h>
Public Member Functions | |
| const X509_Certificate & | certificate () const |
| Certificate_Entry (std::shared_ptr< Public_Key > raw_public_key) | |
| Certificate_Entry (TLS_Data_Reader &reader, const Connection_Side side, const Certificate_Type cert_type) | |
| Certificate_Entry (X509_Certificate cert) | |
| Extensions & | extensions () |
| const Extensions & | extensions () const |
| bool | has_certificate () const |
| std::shared_ptr< const Public_Key > | public_key () const |
| std::vector< uint8_t > | serialize () const |
Detailed Description
Definition at line 551 of file tls_messages.h.
Constructor & Destructor Documentation
◆ Certificate_Entry() [1/3]
| Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry | ( | TLS_Data_Reader & | reader, |
| const Connection_Side | side, | ||
| const Certificate_Type | cert_type ) |
Definition at line 266 of file msg_certificate_13.cpp.
268 {
269 switch(cert_type) {
271 // RFC 8446 4.2.2
272 // [...] each CertificateEntry contains a DER-encoded X.509
273 // certificate.
274 m_certificate = X509_Certificate(reader.get_tls_length_value(3));
275 m_raw_public_key = m_certificate->subject_public_key();
276 break;
278 // RFC 7250 3.
279 // This specification uses raw public keys whereby the already
280 // available encoding used in a PKIX certificate in the form of a
281 // SubjectPublicKeyInfo structure is reused.
282 m_raw_public_key = X509::load_key(reader.get_tls_length_value(3));
283 break;
284 default:
285 throw TLS_Exception(Alert::InternalError, "Unknown certificate type");
286 }
287
288 // Extensions are simply tacked at the end of the certificate entry. This
289 // is a departure from the typical "tag-length-value" in a sense that the
290 // Extensions deserializer needs the length value of the extensions.
291 const auto extensions_length = reader.peek_uint16_t();
292 const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
293 TLS_Data_Reader exts_reader("extensions reader", exts_buf);
295
297 // RFC 8446 4.4.2
298 // Valid extensions for server certificates at present include the
299 // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
300 // extension [RFC6962]; future extensions may be defined for this
301 // message as well.
302 //
303 // RFC 8446 4.4.2.1
304 // A server MAY request that a client present an OCSP response with its
305 // certificate by sending an empty "status_request" extension in its
306 // CertificateRequest message.
308 Extension_Code::CertificateStatusRequest,
309 // Extension_Code::SignedCertificateTimestamp
310 })) {
311 throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
312 }
314 throw TLS_Exception(
315 Alert::IllegalParameter,
316 "Certificate Entry holding something else than a certificate contained unexpected extensions");
317 }
318}
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
Definition tls_extensions.h:958
void deserialize(TLS_Data_Reader &reader, Connection_Side from, Handshake_Type message_type)
Definition tls_extensions.cpp:119
@ Certificate
@ RawPublicKey
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
References Botan::TLS::Certificate, Botan::TLS::Extensions::contains_implemented_extensions_other_than(), Botan::TLS::Extensions::deserialize(), Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::X509::load_key(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), Botan::TLS::RawPublicKey, and Botan::TLS::X509.
◆ Certificate_Entry() [2/3]
| Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry | ( | X509_Certificate | cert | ) |
Definition at line 320 of file msg_certificate_13.cpp.
320 :
321 m_certificate(std::move(cert)), m_raw_public_key(m_certificate->subject_public_key()) {}
◆ Certificate_Entry() [3/3]
| Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry | ( | std::shared_ptr< Public_Key > | raw_public_key | ) |
Definition at line 323 of file msg_certificate_13.cpp.
323 :
324 m_certificate(std::nullopt), m_raw_public_key(std::move(raw_public_key)) {
325 BOTAN_ASSERT_NONNULL(m_raw_public_key);
326}
References BOTAN_ASSERT_NONNULL.
Member Function Documentation
◆ certificate()
| const X509_Certificate & Botan::TLS::Certificate_13::Certificate_Entry::certificate | ( | ) | const |
Definition at line 328 of file msg_certificate_13.cpp.
328 {
330 return m_certificate.value();
331}
bool has_certificate() const
Definition tls_messages.h:557
References BOTAN_STATE_CHECK.
◆ extensions() [1/2]
|
inline |
Definition at line 564 of file tls_messages.h.
564{ return m_extensions; }
◆ extensions() [2/2]
|
inline |
Definition at line 566 of file tls_messages.h.
566{ return m_extensions; }
◆ has_certificate()
|
inline |
Definition at line 557 of file tls_messages.h.
557{ return m_certificate.has_value(); }
◆ public_key()
| std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::Certificate_Entry::public_key | ( | ) | const |
Definition at line 333 of file msg_certificate_13.cpp.
References BOTAN_ASSERT_NONNULL.
◆ serialize()
| std::vector< uint8_t > Botan::TLS::Certificate_13::Certificate_Entry::serialize | ( | ) | const |
Definition at line 338 of file msg_certificate_13.cpp.
References Botan::X509::BER_encode().
The documentation for this class was generated from the following files:
- src/lib/tls/tls_messages.h
- src/lib/tls/tls13/msg_certificate_13.cpp
Generated by
1.12.0