Botan::TLS::Certificate_Status_Request Class Reference

#include <tls_extensions.h>

Inheritance diagram for Botan::TLS::Certificate_Status_Request:

Public Member Functions
	Certificate_Status_Request ()
	Certificate_Status_Request (std::vector< uint8_t > ocsp_responder_ids, std::vector< std::vector< uint8_t > > ocsp_key_ids)
	Certificate_Status_Request (std::vector< uint8_t > response)
	Certificate_Status_Request (TLS_Data_Reader &reader, uint16_t extension_size, Handshake_Type message_type, Connection_Side from)
bool	empty () const override
const std::vector< uint8_t > &	get_ocsp_response () const
const std::vector< uint8_t > &	get_request_extensions () const
const std::vector< uint8_t > &	get_responder_id_list () const
virtual bool	is_implemented () const
std::vector< uint8_t >	serialize (Connection_Side whoami) const override
Extension_Code	type () const override
	~Certificate_Status_Request () override

Static Public Member Functions
static Extension_Code	static_type ()

Detailed Description

Certificate Status Request (RFC 6066)

Definition at line 448 of file tls_extensions.h.

Constructor & Destructor Documentation

Certificate_Status_Request() [1/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request

(

)

Definition at line 168 of file tls_extensions_cert_status_req.cpp.

   : m_impl(std::make_unique<Certificate_Status_Request_Internal>(
               RFC6066_Empty_Certificate_Status_Request()))
   {}

Certificate_Status_Request() [2/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request	(	std::vector< uint8_t >	ocsp_responder_ids,
		std::vector< std::vector< uint8_t > >	ocsp_key_ids
	)

Definition at line 173 of file tls_extensions_cert_status_req.cpp.

   : m_impl(std::make_unique<Certificate_Status_Request_Internal>(
               RFC6066_Certificate_Status_Request(std::move(ocsp_responder_ids), std::move(ocsp_key_ids))))
   {}

Certificate_Status_Request() [3/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request

(

std::vector< uint8_t >

response

)

Definition at line 179 of file tls_extensions_cert_status_req.cpp.

   : m_impl(std::make_unique<Certificate_Status_Request_Internal>(
               Certificate_Status(std::move(response))))
   {}

Certificate_Status_Request() [4/4]

Botan::TLS::Certificate_Status_Request::Certificate_Status_Request	(	TLS_Data_Reader &	reader,
		uint16_t	extension_size,
		Handshake_Type	message_type,
		Connection_Side	from
	)

Definition at line 99 of file tls_extensions_cert_status_req.cpp.

   {
   // This parser needs to take TLS 1.2 and TLS 1.3 into account. The
   // extension's content and structure is dependent on the context it
   // was sent in (i.e. the enclosing handshake message). Below is a list
   // of handshake messages this can appear in.
   //
   // TLS 1.2
   //  * Client Hello
   //  * Server Hello
   //
   // TLS 1.3
   //  * Client Hello
   //  * Certificate Request
   //  * Certificate (Entry)
 
   // RFC 6066 8.
   //    In order to indicate their desire to receive certificate status
   //    information, clients MAY include an extension of type "status_request"
   //    in the (extended) client hello.
   if(message_type == Handshake_Type::ClientHello)
      {
      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
                  RFC6066_Certificate_Status_Request(reader, extension_size));
      }
 
   // RFC 6066 8.
   //    If a server returns a "CertificateStatus" message, then the server MUST
   //    have included an extension of type "status_request" with empty
   //    "extension_data" in the extended server hello.
   //
   // RFC 8446 4.4.2.1
   //    A server MAY request that a client present an OCSP response with its
   //    certificate by sending an empty "status_request" extension in its
   //    CertificateRequest message.
   else if(message_type == Handshake_Type::ServerHello ||
           message_type == Handshake_Type::CertificateRequest)
      {
      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
                  RFC6066_Empty_Certificate_Status_Request(extension_size));
      }
 
   // RFC 8446 4.4.2.1
   //    In TLS 1.3, the server's OCSP information is carried in an extension
   //    in the CertificateEntry [in a Certificate handshake message] [...].
   //    Specifically, the body of the "status_request" extension from the
   //    server MUST be a CertificateStatus structure as defined in [RFC6066]
   //    [...].
   //
   // RFC 8446 4.4.2.1
   //    If the client opts to send an OCSP response, the body of its
   //    "status_request" extension MUST be a CertificateStatus structure as
   //    defined in [RFC6066].
   else if(message_type == Handshake_Type::Certificate)
      {
      m_impl = std::make_unique<Certificate_Status_Request_Internal>(
                  Certificate_Status(reader.get_fixed<uint8_t>(extension_size), from));
      }
 
   // all other contexts are not allowed for this extension
   else
      {
      throw TLS_Exception(Alert::UnsupportedExtension, "Server sent a Certificate_Status_Request extension in an unsupported context");
      }
   }

References Botan::TLS::Certificate, Botan::TLS::CertificateRequest, Botan::TLS::ClientHello, Botan::TLS::TLS_Data_Reader::get_fixed(), and Botan::TLS::ServerHello.

~Certificate_Status_Request()

Botan::TLS::Certificate_Status_Request::~Certificate_Status_Request ( )

overridedefault

Member Function Documentation

empty()

bool Botan::TLS::Certificate_Status_Request::empty ( ) const

inlineoverridevirtual

Returns

if we should encode this extension or not

Implements Botan::TLS::Extension.

Definition at line 458 of file tls_extensions.h.

{ return false; }

get_ocsp_response()

const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_ocsp_response

(

)

const

Definition at line 186 of file tls_extensions_cert_status_req.cpp.

   {
   BOTAN_ASSERT_NONNULL(m_impl);
   BOTAN_STATE_CHECK(std::holds_alternative<Certificate_Status>(m_impl->content));
   return std::get<Certificate_Status>(m_impl->content).response();
   }

References BOTAN_ASSERT_NONNULL, and BOTAN_STATE_CHECK.

get_request_extensions()

const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_request_extensions

(

)

const

get_responder_id_list()

const std::vector< uint8_t > & Botan::TLS::Certificate_Status_Request::get_responder_id_list

(

)

const

is_implemented()

virtual bool Botan::TLS::Extension::is_implemented ( ) const

inlinevirtualinherited

Returns

true if this extension is known and implemented by Botan

Reimplemented in Botan::TLS::Unknown_Extension.

Definition at line 113 of file tls_extensions.h.

{ return true; }

serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Status_Request::serialize ( Connection_Side  whoami ) const

overridevirtual

Returns

serialized binary for the extension

Implements Botan::TLS::Extension.

Definition at line 193 of file tls_extensions_cert_status_req.cpp.

   {
   BOTAN_ASSERT_NONNULL(m_impl);
   return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content);
   }

References BOTAN_ASSERT_NONNULL.

static_type()

static Extension_Code Botan::TLS::Certificate_Status_Request::static_type ( )

inlinestatic

Definition at line 451 of file tls_extensions.h.

         { return Extension_Code::CertificateStatusRequest; }

type()

Extension_Code Botan::TLS::Certificate_Status_Request::type ( ) const

inlineoverridevirtual

Returns

code number of the extension

Implements Botan::TLS::Extension.

Definition at line 454 of file tls_extensions.h.

{ return static_type(); }

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls_extensions.h
• src/lib/tls/tls_extensions_cert_status_req.cpp