Botan::TLS::Certificate_13::Certificate_Entry Class Reference
#include <tls_messages_13.h>
Public Member Functions | |
| const X509_Certificate & | certificate () const |
| Certificate_Entry (Certificate_Entry &&other) noexcept | |
| Certificate_Entry (const Certificate_Entry &other)=delete | |
| Certificate_Entry (const X509_Certificate &cert) | |
| Certificate_Entry (std::shared_ptr< Public_Key > raw_public_key) | |
| Certificate_Entry (TLS_Data_Reader &reader, Connection_Side side, Certificate_Type cert_type) | |
| Extensions & | extensions () |
| const Extensions & | extensions () const |
| bool | has_certificate () const |
| Certificate_Entry & | operator= (Certificate_Entry &&other) noexcept |
| Certificate_Entry & | operator= (const Certificate_Entry &other)=delete |
| std::shared_ptr< const Public_Key > | public_key () const |
| std::vector< uint8_t > | serialize () const |
| ~Certificate_Entry () | |
Detailed Description
Definition at line 168 of file tls_messages_13.h.
Constructor & Destructor Documentation
◆ Certificate_Entry() [1/5]
| Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry | ( | TLS_Data_Reader & | reader, |
| Connection_Side | side, | ||
| Certificate_Type | cert_type ) |
Definition at line 272 of file msg_certificate_13.cpp.
274 {
275 switch(cert_type) {
277 // RFC 8446 4.2.2
278 // [...] each CertificateEntry contains a DER-encoded X.509
279 // certificate.
280 m_certificate = std::make_unique<X509_Certificate>(reader.get_tls_length_value(3));
281 m_raw_public_key = m_certificate->subject_public_key();
282 break;
284 // RFC 7250 3.
285 // This specification uses raw public keys whereby the already
286 // available encoding used in a PKIX certificate in the form of a
287 // SubjectPublicKeyInfo structure is reused.
288 m_raw_public_key = X509::load_key(reader.get_tls_length_value(3));
289 break;
290 default:
291 throw TLS_Exception(Alert::InternalError, "Unknown certificate type");
292 }
293
294 // Extensions are simply tacked at the end of the certificate entry. This
295 // is a departure from the typical "tag-length-value" in a sense that the
296 // Extensions deserializer needs the length value of the extensions.
297 const auto extensions_length = reader.peek_uint16_t();
298 const auto exts_buf = reader.get_fixed<uint8_t>(extensions_length + 2);
299 TLS_Data_Reader exts_reader("extensions reader", exts_buf);
300 m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate);
301
303 // RFC 8446 4.4.2
304 // Valid extensions for server certificates at present include the
305 // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp
306 // extension [RFC6962]; future extensions may be defined for this
307 // message as well.
308 //
309 // RFC 8446 4.4.2.1
310 // A server MAY request that a client present an OCSP response with its
311 // certificate by sending an empty "status_request" extension in its
312 // CertificateRequest message.
313 if(m_extensions.contains_implemented_extensions_other_than({
314 Extension_Code::CertificateStatusRequest,
315 // Extension_Code::SignedCertificateTimestamp
316 })) {
317 throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed");
318 }
319 } else if(m_extensions.contains_implemented_extensions_other_than({})) {
320 throw TLS_Exception(
321 Alert::IllegalParameter,
322 "Certificate Entry holding something else than a certificate contained unexpected extensions");
323 }
324}
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
References Botan::TLS::Certificate, Certificate_Entry(), Botan::TLS::TLS_Data_Reader::get_fixed(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::X509::load_key(), Botan::TLS::TLS_Data_Reader::peek_uint16_t(), Botan::TLS::RawPublicKey, and Botan::TLS::X509.
Referenced by Certificate_Entry(), Certificate_Entry(), Certificate_Entry(), Certificate_Entry(), operator=(), and operator=().
◆ Certificate_Entry() [2/5]
|
explicit |
Definition at line 332 of file msg_certificate_13.cpp.
332 :
333 m_certificate(std::make_unique<X509_Certificate>(cert)), m_raw_public_key(m_certificate->subject_public_key()) {}
References Certificate_Entry().
◆ Certificate_Entry() [3/5]
|
explicit |
Definition at line 335 of file msg_certificate_13.cpp.
335 :
336 m_raw_public_key(std::move(raw_public_key)) {
337 BOTAN_ASSERT_NONNULL(m_raw_public_key);
338}
References BOTAN_ASSERT_NONNULL.
◆ Certificate_Entry() [4/5]
|
delete |
References Certificate_Entry().
◆ Certificate_Entry() [5/5]
|
defaultnoexcept |
References Certificate_Entry().
◆ ~Certificate_Entry()
|
default |
Member Function Documentation
◆ certificate()
| const X509_Certificate & Botan::TLS::Certificate_13::Certificate_Entry::certificate | ( | ) | const |
Definition at line 340 of file msg_certificate_13.cpp.
References BOTAN_STATE_CHECK, and has_certificate().
◆ extensions() [1/2]
|
inline |
Definition at line 181 of file tls_messages_13.h.
181{ return m_extensions; }
◆ extensions() [2/2]
|
inline |
Definition at line 183 of file tls_messages_13.h.
183{ return m_extensions; }
◆ has_certificate()
|
inline |
Definition at line 174 of file tls_messages_13.h.
174{ return m_certificate != nullptr; }
Referenced by certificate(), and serialize().
◆ operator=() [1/2]
|
defaultnoexcept |
References Certificate_Entry().
◆ operator=() [2/2]
|
delete |
References Certificate_Entry().
◆ public_key()
| std::shared_ptr< const Public_Key > Botan::TLS::Certificate_13::Certificate_Entry::public_key | ( | ) | const |
Definition at line 345 of file msg_certificate_13.cpp.
References BOTAN_ASSERT_NONNULL.
◆ serialize()
| std::vector< uint8_t > Botan::TLS::Certificate_13::Certificate_Entry::serialize | ( | ) | const |
Definition at line 350 of file msg_certificate_13.cpp.
References Botan::X509::BER_encode(), and has_certificate().
The documentation for this class was generated from the following files:
- src/lib/tls/tls13/tls_messages_13.h
- src/lib/tls/tls13/msg_certificate_13.cpp
Generated by
1.15.0