Botan 3.5.0
Crypto and TLS for C&
Botan::TLS::Certificate_Request_13 Class Referencefinal

#include <tls_messages.h>

Inheritance diagram for Botan::TLS::Certificate_Request_13:
Botan::TLS::Handshake_Message

Public Member Functions

std::vector< X509_DNacceptable_CAs () const
 
 Certificate_Request_13 (const std::vector< uint8_t > &buf, Connection_Side side)
 
const std::vector< Signature_Scheme > & certificate_signature_schemes () const
 
const std::vector< uint8_t > & context () const
 
const Extensionsextensions () const
 
std::vector< uint8_t > serialize () const override
 
const std::vector< Signature_Scheme > & signature_schemes () const
 
Handshake_Type type () const override
 
std::string type_string () const
 
virtual Handshake_Type wire_type () const
 

Static Public Member Functions

static std::optional< Certificate_Request_13maybe_create (const Client_Hello_13 &sni_hostname, Credentials_Manager &cred_mgr, Callbacks &callbacks, const Policy &policy)
 

Detailed Description

Definition at line 725 of file tls_messages.h.

Constructor & Destructor Documentation

◆ Certificate_Request_13()

Botan::TLS::Certificate_Request_13::Certificate_Request_13 ( const std::vector< uint8_t > & buf,
Connection_Side side )

Definition at line 21 of file msg_certificate_req_13.cpp.

21 {
22 TLS_Data_Reader reader("Certificate_Request_13", buf);
23
24 // RFC 8446 4.3.2
25 // A server which is authenticating with a certificate MAY optionally
26 // request a certificate from the client.
27 if(side != Connection_Side::Server) {
28 throw TLS_Exception(Alert::UnexpectedMessage, "Received a Certificate_Request message from a client");
29 }
30
31 m_context = reader.get_tls_length_value(1);
32 m_extensions.deserialize(reader, side, type());
33
34 // RFC 8446 4.3.2
35 // The "signature_algorithms" extension MUST be specified, and other
36 // extensions may optionally be included if defined for this message.
37 // Clients MUST ignore unrecognized extensions.
38
39 if(!m_extensions.has<Signature_Algorithms>()) {
40 throw TLS_Exception(Alert::MissingExtension,
41 "Certificate_Request message did not provide a signature_algorithms extension");
42 }
43
44 // RFC 8446 4.2.
45 // The table below indicates the messages where a given extension may
46 // appear [...]. If an implementation receives an extension which it
47 // recognizes and which is not specified for the message in which it
48 // appears, it MUST abort the handshake with an "illegal_parameter" alert.
49 //
50 // For Certificate Request said table states:
51 // "status_request", "signature_algorithms", "signed_certificate_timestamp",
52 // "certificate_authorities", "oid_filters", "signature_algorithms_cert",
53 std::set<Extension_Code> allowed_extensions = {
56 // Extension_Code::SignedCertificateTimestamp, // NYI
58 // Extension_Code::OidFilters, // NYI
60 };
61
62 if(m_extensions.contains_implemented_extensions_other_than(allowed_extensions)) {
63 throw TLS_Exception(Alert::IllegalParameter, "Certificate Request contained an extension that is not allowed");
64 }
65}
Handshake_Type type() const override
bool contains_implemented_extensions_other_than(const std::set< Extension_Code > &allowed_extensions) const
void deserialize(TLS_Data_Reader &reader, Connection_Side from, Handshake_Type message_type)

References Botan::TLS::CertificateAuthorities, Botan::TLS::CertificateStatusRequest, Botan::TLS::CertSignatureAlgorithms, Botan::TLS::Extensions::contains_implemented_extensions_other_than(), Botan::TLS::Extensions::deserialize(), Botan::TLS::TLS_Data_Reader::get_tls_length_value(), Botan::TLS::Extensions::has(), Botan::TLS::Server, Botan::TLS::SignatureAlgorithms, and type().

Referenced by maybe_create().

Member Function Documentation

◆ acceptable_CAs()

std::vector< X509_DN > Botan::TLS::Certificate_Request_13::acceptable_CAs ( ) const

Definition at line 123 of file msg_certificate_req_13.cpp.

123 {
124 if(m_extensions.has<Certificate_Authorities>()) {
125 return m_extensions.get<Certificate_Authorities>()->distinguished_names();
126 }
127 return {};
128}

References Botan::TLS::Extensions::get(), and Botan::TLS::Extensions::has().

Referenced by Botan::TLS::Certificate_13::Certificate_13().

◆ certificate_signature_schemes()

const std::vector< Signature_Scheme > & Botan::TLS::Certificate_Request_13::certificate_signature_schemes ( ) const

Definition at line 138 of file msg_certificate_req_13.cpp.

138 {
139 // RFC 8446 4.2.3
140 // If no "signature_algorithms_cert" extension is present, then the
141 // "signature_algorithms" extension also applies to signatures appearing
142 // in certificates.
143 if(auto sig_schemes_cert = m_extensions.get<Signature_Algorithms_Cert>()) {
144 return sig_schemes_cert->supported_schemes();
145 } else {
146 return signature_schemes();
147 }
148}
const std::vector< Signature_Scheme > & signature_schemes() const

References Botan::TLS::Extensions::get(), and signature_schemes().

Referenced by Botan::TLS::Certificate_13::Certificate_13().

◆ context()

const std::vector< uint8_t > & Botan::TLS::Certificate_Request_13::context ( ) const
inline

Definition at line 746 of file tls_messages.h.

746{ return m_context; }

◆ extensions()

const Extensions & Botan::TLS::Certificate_Request_13::extensions ( ) const
inline

Definition at line 742 of file tls_messages.h.

742{ return m_extensions; }

Referenced by Botan::TLS::Certificate_13::Certificate_13().

◆ maybe_create()

std::optional< Certificate_Request_13 > Botan::TLS::Certificate_Request_13::maybe_create ( const Client_Hello_13 & sni_hostname,
Credentials_Manager & cred_mgr,
Callbacks & callbacks,
const Policy & policy )
static

Creates a Certificate_Request message if it is required by the configuration

Returns
std::nullopt if configuration does not require client authentication

Definition at line 104 of file msg_certificate_req_13.cpp.

107 {
108 const auto trusted_CAs = cred_mgr.trusted_certificate_authorities("tls-server", client_hello.sni_hostname());
109
110 std::vector<X509_DN> client_auth_CAs;
111 for(const auto store : trusted_CAs) {
112 const auto subjects = store->all_subjects();
113 client_auth_CAs.insert(client_auth_CAs.end(), subjects.begin(), subjects.end());
114 }
115
116 if(client_auth_CAs.empty() && !policy.request_client_certificate_authentication()) {
117 return std::nullopt;
118 }
119
120 return Certificate_Request_13(std::move(client_auth_CAs), policy, callbacks);
121}
Certificate_Request_13(const std::vector< uint8_t > &buf, Connection_Side side)

References Certificate_Request_13(), Botan::TLS::Policy::request_client_certificate_authentication(), Botan::TLS::Client_Hello::sni_hostname(), and Botan::Credentials_Manager::trusted_certificate_authorities().

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Request_13::serialize ( ) const
overridevirtual
Returns
DER representation of this message

Implements Botan::TLS::Handshake_Message.

Definition at line 150 of file msg_certificate_req_13.cpp.

150 {
151 std::vector<uint8_t> buf;
152 append_tls_length_value(buf, m_context, 1);
153 buf += m_extensions.serialize(Connection_Side::Server);
154 return buf;
155}
std::vector< uint8_t > serialize(Connection_Side whoami) const
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition tls_reader.h:180

References Botan::TLS::append_tls_length_value(), Botan::TLS::Extensions::serialize(), and Botan::TLS::Server.

◆ signature_schemes()

const std::vector< Signature_Scheme > & Botan::TLS::Certificate_Request_13::signature_schemes ( ) const

Definition at line 130 of file msg_certificate_req_13.cpp.

130 {
131 // RFC 8446 4.3.2
132 // The "signature_algorithms" extension MUST be specified
133 BOTAN_ASSERT_NOMSG(m_extensions.has<Signature_Algorithms>());
134
135 return m_extensions.get<Signature_Algorithms>()->supported_schemes();
136}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

References BOTAN_ASSERT_NOMSG, Botan::TLS::Extensions::get(), and Botan::TLS::Extensions::has().

Referenced by Botan::TLS::Certificate_13::Certificate_13(), and certificate_signature_schemes().

◆ type()

Handshake_Type Botan::TLS::Certificate_Request_13::type ( ) const
overridevirtual
Returns
the message type

Implements Botan::TLS::Handshake_Message.

Definition at line 17 of file msg_certificate_req_13.cpp.

References Botan::TLS::CertificateRequest.

Referenced by Certificate_Request_13().

◆ type_string()

std::string Botan::TLS::Handshake_Message::type_string ( ) const
inherited
Returns
string representation of this message type

Definition at line 19 of file tls_handshake_state.cpp.

19 {
21}
virtual Handshake_Type type() const =0
const char * handshake_type_to_string(Handshake_Type type)

References Botan::TLS::handshake_type_to_string(), and Botan::TLS::Handshake_Message::type().

◆ wire_type()

virtual Handshake_Type Botan::TLS::Handshake_Message::wire_type ( ) const
inlinevirtualinherited
Returns
the wire representation of the message's type

Reimplemented in Botan::TLS::Hello_Retry_Request.

Definition at line 39 of file tls_handshake_msg.h.

39 {
40 // Usually equal to the Handshake_Type enum value,
41 // with the exception of TLS 1.3 Hello Retry Request.
42 return type();
43 }

Referenced by Botan::TLS::Stream_Handshake_IO::send().


The documentation for this class was generated from the following files: