Botan::TLS::Certificate_13::Certificate_Entry Class Reference
#include <tls_messages_13.h>
Public Member Functions | |
| const X509_Certificate & | certificate () const |
| Certificate_Entry (Certificate_Entry &&other) noexcept | |
| Certificate_Entry (const Certificate_Entry &other)=delete | |
| Certificate_Entry (const X509_Certificate &cert) | |
| Certificate_Entry (std::shared_ptr< Public_Key > raw_public_key) | |
| Certificate_Entry (TLS_Data_Reader &reader, Connection_Side side, Certificate_Type cert_type) | |
| Extensions & | extensions () |
| const Extensions & | extensions () const |
| bool | has_certificate () const |
| Certificate_Entry & | operator= (Certificate_Entry &&other) noexcept |
| Certificate_Entry & | operator= (const Certificate_Entry &other)=delete |
| std::shared_ptr< const Public_Key > | public_key () const |
| std::vector< uint8_t > | serialize () const |
| ~Certificate_Entry () | |
Detailed Description
Definition at line 168 of file tls_messages_13.h.
Constructor & Destructor Documentation
◆ Certificate_Entry() [1/5]
| Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry | ( | TLS_Data_Reader & | reader, |
| Connection_Side | side, | ||
| Certificate_Type | cert_type ) |
Definition at line 262 of file msg_certificate_13.cpp.
264 {
265 switch(cert_type) {
267 // RFC 8446 4.2.2
268 // [...] each CertificateEntry contains a DER-encoded X.509
269 // certificate.
270 m_certificate = std::make_unique<X509_Certificate>(reader.get_tls_length_value(3));
271 m_raw_public_key = m_certificate->subject_public_key();
272 break;
274 // RFC 7250 3.
275 // This specification uses raw public keys whereby the already
276 // available encoding used in a PKIX certificate in the form of a
277 // SubjectPublicKeyInfo structure is reused.
278 m_raw_public_key = X509::load_key(reader.get_tls_length_value(3));
279 break;
280 default:
281 throw TLS_Exception(Alert::InternalError, "Unknown certificate type");
282 }
283
284 // Extensions are simply tacked at the end of the certificate entry. This
285 // is a departure from the typical "tag-length-value" in a sense that the
286 // Extensions deserializer needs the length value of the extensions.
287 const auto extensions_length = reader.peek_uint16_t();
288 const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
289 TLS_Data_Reader exts_reader("extensions reader", exts_buf);
290 m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate);
291
293 // RFC 8446 4.4.2
294 // Valid extensions for server certificates at present include the
295 // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
296 // extension [RFC6962]; future extensions may be defined for this
297 // message as well.
298 //
299 // RFC 8446 4.4.2.1
300 // A server MAY request that a client present an OCSP response with its
301 // certificate by sending an empty "status_request" extension in its
302 // CertificateRequest message.
303 if(m_extensions.contains_implemented_extensions_other_than({
304 Extension_Code::CertificateStatusRequest,
305 // Extension_Code::SignedCertificateTimestamp
306 })) {
307 throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
308 }
309 } else if(m_extensions.contains_implemented_extensions_other_than({})) {
310 throw TLS_Exception(
311 Alert::IllegalParameter,
312 "Certificate Entry holding something else than a certificate contained unexpected extensions");
313 }
314}
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
References Botan::TLS::Certificate, Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::X509::load_key(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), Botan::TLS::RawPublicKey, and Botan::TLS::X509.
Referenced by Certificate_Entry(), Certificate_Entry(), operator=(), and operator=().
◆ Certificate_Entry() [2/5]
|
explicit |
Definition at line 322 of file msg_certificate_13.cpp.
322 :
323 m_certificate(std::make_unique<X509_Certificate>(cert)), m_raw_public_key(m_certificate->subject_public_key()) {}
◆ Certificate_Entry() [3/5]
|
explicit |
Definition at line 325 of file msg_certificate_13.cpp.
325 :
326 m_raw_public_key(std::move(raw_public_key)) {
327 BOTAN_ASSERT_NONNULL(m_raw_public_key);
328}
References BOTAN_ASSERT_NONNULL.
◆ Certificate_Entry() [4/5]
|
delete |
References Certificate_Entry().
◆ Certificate_Entry() [5/5]
|
defaultnoexcept |
References Certificate_Entry().
◆ ~Certificate_Entry()
|
default |
Member Function Documentation
◆ certificate()
| const X509_Certificate & Botan::TLS::Certificate_13::Certificate_Entry::certificate | ( | ) | const |
Definition at line 330 of file msg_certificate_13.cpp.
References BOTAN_STATE_CHECK, and has_certificate().
◆ extensions() [1/2]
|
inline |
Definition at line 181 of file tls_messages_13.h.
181{ return m_extensions; }
◆ extensions() [2/2]
|
inline |
Definition at line 183 of file tls_messages_13.h.
183{ return m_extensions; }
◆ has_certificate()
|
inline |
Definition at line 174 of file tls_messages_13.h.
174{ return m_certificate != nullptr; }
Referenced by certificate(), and serialize().
◆ operator=() [1/2]
|
defaultnoexcept |
References Certificate_Entry().
◆ operator=() [2/2]
|
delete |
References Certificate_Entry().
◆ public_key()
| std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::Certificate_Entry::public_key | ( | ) | const |
Definition at line 335 of file msg_certificate_13.cpp.
References BOTAN_ASSERT_NONNULL.
◆ serialize()
| std::vector< uint8_t > Botan::TLS::Certificate_13::Certificate_Entry::serialize | ( | ) | const |
Definition at line 340 of file msg_certificate_13.cpp.
References Botan::X509::BER_encode(), and has_certificate().
The documentation for this class was generated from the following files:
- src/lib/tls/tls13/tls_messages_13.h
- src/lib/tls/tls13/msg_certificate_13.cpp
Generated by
1.15.0