Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::TLS::Certificate_Status_Request Class Referencefinal

#include <tls_extensions.h>

Inheritance diagram for Botan::TLS::Certificate_Status_Request:
Botan::TLS::Extension

Public Member Functions

 Certificate_Status_Request ()
 
 Certificate_Status_Request (std::vector< uint8_t > ocsp_responder_ids, std::vector< std::vector< uint8_t > > ocsp_key_ids)
 
 Certificate_Status_Request (std::vector< uint8_t > response)
 
 Certificate_Status_Request (TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type, Connection_Side from)
 
bool empty () const override
 
const std::vector< uint8_t > & get_ocsp_response () const
 
const std::vector< uint8_t > & get_request_extensions () const
 
const std::vector< uint8_t > & get_responder_id_list () const
 
virtual bool is_implemented () const
 
std::vector< uint8_t > serialize (Connection_Side whoami) const override
 
Extension_Code type () const override
 
 ~Certificate_Status_Request () override
 

Static Public Member Functions

static Extension_Code static_type ()
 

Detailed Description

Certificate Status Request (RFC 6066)

Definition at line 448 of file tls_extensions.h.

Constructor & Destructor Documentation

◆ Certificate_Status_Request() [1/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request ( )

Definition at line 168 of file tls_extensions_cert_status_req.cpp.

169 : m_impl(std::make_unique<Certificate_Status_Request_Internal>(
170 RFC6066_Empty_Certificate_Status_Request()))
171 {}

◆ Certificate_Status_Request() [2/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request ( std::vector< uint8_t >  ocsp_responder_ids,
std::vector< std::vector< uint8_t > >  ocsp_key_ids 
)

Definition at line 173 of file tls_extensions_cert_status_req.cpp.

175 : m_impl(std::make_unique<Certificate_Status_Request_Internal>(
176 RFC6066_Certificate_Status_Request(std::move(ocsp_responder_ids), std::move(ocsp_key_ids))))
177 {}

◆ Certificate_Status_Request() [3/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request ( std::vector< uint8_t >  response)

Definition at line 179 of file tls_extensions_cert_status_req.cpp.

180 : m_impl(std::make_unique<Certificate_Status_Request_Internal>(
181 Certificate_Status(std::move(response))))
182 {}

◆ Certificate_Status_Request() [4/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request ( TLS_Data_Reader reader,
uint16_t  extension_size,
Handshake_Type  message_type,
Connection_Side  from 
)

Definition at line 99 of file tls_extensions_cert_status_req.cpp.

103 {
104 // This parser needs to take TLS 1.2 and TLS 1.3 into account. The
105 // extension's content and structure is dependent on the context it
106 // was sent in (i.e. the enclosing handshake message). Below is a list
107 // of handshake messages this can appear in.
108 //
109 // TLS 1.2
110 // * Client Hello
111 // * Server Hello
112 //
113 // TLS 1.3
114 // * Client Hello
115 // * Certificate Request
116 // * Certificate (Entry)
117
118 // RFC 6066 8.
119 // In order to indicate their desire to receive certificate status
120 // information, clients MAY include an extension of type "status_request"
121 // in the (extended) client hello.
122 if(message_type == Handshake_Type::ClientHello)
123 {
124 m_impl = std::make_unique<Certificate_Status_Request_Internal>(
125 RFC6066_Certificate_Status_Request(reader, extension_size));
126 }
127
128 // RFC 6066 8.
129 // If a server returns a "CertificateStatus" message, then the server MUST
130 // have included an extension of type "status_request" with empty
131 // "extension_data" in the extended server hello.
132 //
133 // RFC 8446 4.4.2.1
134 // A server MAY request that a client present an OCSP response with its
135 // certificate by sending an empty "status_request" extension in its
136 // CertificateRequest message.
137 else if(message_type == Handshake_Type::ServerHello ||
139 {
140 m_impl = std::make_unique<Certificate_Status_Request_Internal>(
141 RFC6066_Empty_Certificate_Status_Request(extension_size));
142 }
143
144 // RFC 8446 4.4.2.1
145 // In TLS 1.3, the server's OCSP information is carried in an extension
146 // in the CertificateEntry [in a Certificate handshake message] [...].
147 // Specifically, the body of the "status_request" extension from the
148 // server MUST be a CertificateStatus structure as defined in [RFC6066]
149 // [...].
150 //
151 // RFC 8446 4.4.2.1
152 // If the client opts to send an OCSP response, the body of its
153 // "status_request" extension MUST be a CertificateStatus structure as
154 // defined in [RFC6066].
155 else if(message_type == Handshake_Type::Certificate)
156 {
157 m_impl = std::make_unique<Certificate_Status_Request_Internal>(
158 Certificate_Status(reader.get_fixed<uint8_t>(extension_size), from));
159 }
160
161 // all other contexts are not allowed for this extension
162 else
163 {
164 throw TLS_Exception(Alert::UnsupportedExtension, "Server sent a Certificate_Status_Request extension in an unsupported context");
165 }
166 }

References Botan::TLS::Certificate, Botan::TLS::CertificateRequest, Botan::TLS::ClientHello, Botan::TLS::TLS_Data_Reader::get_fixed(), and Botan::TLS::ServerHello.

◆ ~Certificate_Status_Request()

Botan::TLS::Certificate_Status_Request::~Certificate_Status_Request ( )
overridedefault

Member Function Documentation

◆ empty()

bool Botan::TLS::Certificate_Status_Request::empty ( ) const
inlineoverridevirtual
Returns
if we should encode this extension or not

Implements Botan::TLS::Extension.

Definition at line 458 of file tls_extensions.h.

458{ return false; }

◆ get_ocsp_response()

const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_ocsp_response ( ) const

Definition at line 186 of file tls_extensions_cert_status_req.cpp.

187 {
188 BOTAN_ASSERT_NONNULL(m_impl);
189 BOTAN_STATE_CHECK(std::holds_alternative<Certificate_Status>(m_impl->content));
190 return std::get<Certificate_Status>(m_impl->content).response();
191 }
#define BOTAN_STATE_CHECK(expr)
Definition: assert.h:48
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:106

References BOTAN_ASSERT_NONNULL, and BOTAN_STATE_CHECK.

◆ get_request_extensions()

const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_request_extensions ( ) const

◆ get_responder_id_list()

const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_responder_id_list ( ) const

◆ is_implemented()

virtual bool Botan::TLS::Extension::is_implemented ( ) const
inlinevirtualinherited
Returns
true if this extension is known and implemented by Botan

Reimplemented in Botan::TLS::Unknown_Extension.

Definition at line 113 of file tls_extensions.h.

113{ return true; }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Status_Request::serialize ( Connection_Side  whoami) const
overridevirtual
Returns
serialized binary for the extension

Implements Botan::TLS::Extension.

Definition at line 193 of file tls_extensions_cert_status_req.cpp.

194 {
195 BOTAN_ASSERT_NONNULL(m_impl);
196 return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content);
197 }

References BOTAN_ASSERT_NONNULL.

◆ static_type()

static Extension_Code Botan::TLS::Certificate_Status_Request::static_type ( )
inlinestatic

Definition at line 451 of file tls_extensions.h.

◆ type()

Extension_Code Botan::TLS::Certificate_Status_Request::type ( ) const
inlineoverridevirtual
Returns
code number of the extension

Implements Botan::TLS::Extension.

Definition at line 454 of file tls_extensions.h.

454{ return static_type(); }

The documentation for this class was generated from the following files: