#include <tls_extensions.h>
Inheritance diagram for Botan::TLS::Certificate_Status_Request:
Public Member Functions | |
| Certificate_Status_Request () | |
| Certificate_Status_Request (std::vector< uint8_t > ocsp_responder_ids, std::vector< std::vector< uint8_t > > ocsp_key_ids) | |
| Certificate_Status_Request (std::vector< uint8_t > response) | |
| Certificate_Status_Request (TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type, Connection_Side from) | |
| bool | empty () const override |
| const std::vector< uint8_t > & | get_ocsp_response () const |
| const std::vector< uint8_t > & | get_request_extensions () const |
| const std::vector< uint8_t > & | get_responder_id_list () const |
| virtual bool | is_implemented () const |
| std::vector< uint8_t > | serialize (Connection_Side whoami) const override |
| Extension_Code | type () const override |
| ~Certificate_Status_Request () override | |
Static Public Member Functions | |
| static Extension_Code | static_type () |
Detailed Description
Certificate Status Request (RFC 6066)
Definition at line 498 of file tls_extensions.h.
Constructor & Destructor Documentation
◆ Certificate_Status_Request() [1/4]
| Botan::TLS::Certificate_Status_Request::Certificate_Status_Request | ( | ) |
Definition at line 150 of file tls_extensions_cert_status_req.cpp.
150 :
151 m_impl(std::make_unique<Certificate_Status_Request_Internal>(RFC6066_Empty_Certificate_Status_Request())) {}
◆ Certificate_Status_Request() [2/4]
| Botan::TLS::Certificate_Status_Request::Certificate_Status_Request | ( | std::vector< uint8_t > | ocsp_responder_ids, |
| std::vector< std::vector< uint8_t > > | ocsp_key_ids ) |
Definition at line 153 of file tls_extensions_cert_status_req.cpp.
154 :
155 m_impl(std::make_unique<Certificate_Status_Request_Internal>(
156 RFC6066_Certificate_Status_Request(std::move(ocsp_responder_ids), std::move(ocsp_key_ids)))) {}
◆ Certificate_Status_Request() [3/4]
| Botan::TLS::Certificate_Status_Request::Certificate_Status_Request | ( | std::vector< uint8_t > | response | ) |
Definition at line 158 of file tls_extensions_cert_status_req.cpp.
158 :
159 m_impl(std::make_unique<Certificate_Status_Request_Internal>(Certificate_Status(std::move(response)))) {}
◆ Certificate_Status_Request() [4/4]
| Botan::TLS::Certificate_Status_Request::Certificate_Status_Request | ( | TLS_Data_Reader & | reader, |
| uint16_t | extension_size, | ||
| Handshake_Type | message_type, | ||
| Connection_Side | from ) |
Definition at line 86 of file tls_extensions_cert_status_req.cpp.
89 {
90 // This parser needs to take TLS 1.2 and TLS 1.3 into account. The
91 // extension's content and structure is dependent on the context it
92 // was sent in (i.e. the enclosing handshake message). Below is a list
93 // of handshake messages this can appear in.
94 //
95 // TLS 1.2
96 // * Client Hello
97 // * Server Hello
98 //
99 // TLS 1.3
100 // * Client Hello
101 // * Certificate Request
102 // * Certificate (Entry)
103
104 // RFC 6066 8.
105 // In order to indicate their desire to receive certificate status
106 // information, clients MAY include an extension of type "status_request"
107 // in the (extended) client hello.
109 m_impl = std::make_unique<Certificate_Status_Request_Internal>(
110 RFC6066_Certificate_Status_Request(reader, extension_size));
111 }
112
113 // RFC 6066 8.
114 // If a server returns a "CertificateStatus" message, then the server MUST
115 // have included an extension of type "status_request" with empty
116 // "extension_data" in the extended server hello.
117 //
118 // RFC 8446 4.4.2.1
119 // A server MAY request that a client present an OCSP response with its
120 // certificate by sending an empty "status_request" extension in its
121 // CertificateRequest message.
122 else if(message_type == Handshake_Type::ServerHello || message_type == Handshake_Type::CertificateRequest) {
123 m_impl = std::make_unique<Certificate_Status_Request_Internal>(
124 RFC6066_Empty_Certificate_Status_Request(extension_size));
125 }
126
127 // RFC 8446 4.4.2.1
128 // In TLS 1.3, the server's OCSP information is carried in an extension
129 // in the CertificateEntry [in a Certificate handshake message] [...].
130 // Specifically, the body of the "status_request" extension from the
131 // server MUST be a CertificateStatus structure as defined in [RFC6066]
132 // [...].
133 //
134 // RFC 8446 4.4.2.1
135 // If the client opts to send an OCSP response, the body of its
136 // "status_request" extension MUST be a CertificateStatus structure as
137 // defined in [RFC6066].
139 m_impl = std::make_unique<Certificate_Status_Request_Internal>(
140 Certificate_Status(reader.get_fixed<uint8_t>(extension_size), from));
141 }
142
143 // all other contexts are not allowed for this extension
144 else {
145 throw TLS_Exception(Alert::UnsupportedExtension,
146 "Server sent a Certificate_Status_Request extension in an unsupported context");
147 }
148}
@ ClientHello
@ CertificateRequest
@ ServerHello
@ Certificate
References Botan::TLS::Certificate, Botan::TLS::CertificateRequest, Botan::TLS::ClientHello, Botan::TLS::TLS_Data_Reader::get_fixed(), and Botan::TLS::ServerHello.
◆ ~Certificate_Status_Request()
|
overridedefault |
Member Function Documentation
◆ empty()
|
inlineoverridevirtual |
- Returns
- if we should encode this extension or not
Implements Botan::TLS::Extension.
Definition at line 506 of file tls_extensions.h.
506{ return false; }
◆ get_ocsp_response()
| const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_ocsp_response | ( | ) | const |
Definition at line 163 of file tls_extensions_cert_status_req.cpp.
163 {
164 BOTAN_ASSERT_NONNULL(m_impl);
165 BOTAN_STATE_CHECK(std::holds_alternative<Certificate_Status>(m_impl->content));
166 return std::get<Certificate_Status>(m_impl->content).response();
167}
References BOTAN_ASSERT_NONNULL, and BOTAN_STATE_CHECK.
◆ get_request_extensions()
| const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_request_extensions | ( | ) | const |
◆ get_responder_id_list()
| const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_responder_id_list | ( | ) | const |
◆ is_implemented()
|
inlinevirtualinherited |
- Returns
- true if this extension is known and implemented by Botan
Reimplemented in Botan::TLS::Unknown_Extension.
Definition at line 116 of file tls_extensions.h.
116{ return true; }
◆ serialize()
|
overridevirtual |
- Returns
- serialized binary for the extension
Implements Botan::TLS::Extension.
Definition at line 169 of file tls_extensions_cert_status_req.cpp.
169 {
170 BOTAN_ASSERT_NONNULL(m_impl);
171 return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content);
172}
References BOTAN_ASSERT_NONNULL.
◆ static_type()
|
inlinestatic |
Definition at line 500 of file tls_extensions.h.
@ CertificateStatusRequest
◆ type()
|
inlineoverridevirtual |
- Returns
- code number of the extension
Implements Botan::TLS::Extension.
Definition at line 502 of file tls_extensions.h.
static Extension_Code static_type()
Definition tls_extensions.h:500
The documentation for this class was generated from the following files:
- src/lib/tls/tls_extensions.h
- src/lib/tls/tls_extensions_cert_status_req.cpp
