Botan::TLS::Client_Certificate_Type Class Reference

#include <tls_extensions.h>

Inheritance diagram for Botan::TLS::Client_Certificate_Type:

Public Member Functions
	Certificate_Type_Base (const Certificate_Type_Base &certificate_type_from_client, const std::vector< Certificate_Type > &server_preference)
	Certificate_Type_Base (std::vector< Certificate_Type > supported_cert_types)
	Certificate_Type_Base (TLS_Data_Reader &reader, uint16_t extension_size, Connection_Side from)
	Client_Certificate_Type (const Client_Certificate_Type &cct, const Policy &policy)
bool	empty () const override
virtual bool	is_implemented () const
Certificate_Type	selected_certificate_type () const
std::vector< uint8_t >	serialize (Connection_Side whoami) const override
Extension_Code	type () const override
void	validate_selection (const Certificate_Type_Base &from_server) const

Static Public Member Functions
static Extension_Code	static_type ()

Detailed Description

Definition at line 200 of file tls_extensions.h.

Constructor & Destructor Documentation

Client_Certificate_Type()

Botan::TLS::Client_Certificate_Type::Client_Certificate_Type	(	const Client_Certificate_Type &	cct,
		const Policy &	policy )

Creates the Server Hello extension from the received client preferences.

Definition at line 410 of file tls_extensions.cpp.

                                                                                                         :
      Certificate_Type_Base(cct, policy.accepted_client_certificate_types()) {}

References Certificate_Type_Base(), and Client_Certificate_Type().

Referenced by Client_Certificate_Type().

Member Function Documentation

Certificate_Type_Base() [1/3]

Botan::TLS::Certificate_Type_Base::Certificate_Type_Base	(	const Certificate_Type_Base &	certificate_type_from_client,
		const std::vector< Certificate_Type > &	server_preference )

Called by the server to select a cert type to be used in the handshake.

Definition at line 175 of file tls_extensions.cpp.

                                                                                                   :
      m_from(Connection_Side::Server) {
   // RFC 7250 4.2
   //    The server_certificate_type extension in the client hello indicates the
   //    types of certificates the client is able to process when provided by
   //    the server in a subsequent certificate payload. [...] With the
   //    server_certificate_type extension in the server hello, the TLS server
   //    indicates the certificate type carried in the Certificate payload.
   for(const auto server_supported_cert_type : server_preference) {
      if(value_exists(certificate_type_from_client.m_certificate_types, server_supported_cert_type)) {
         m_certificate_types.push_back(server_supported_cert_type);
         return;
      }
   }
 
   // RFC 7250 4.2 (2.)
   //    The server supports the extension defined in this document, but
   //    it does not have any certificate type in common with the client.
   //    Then, the server terminates the session with a fatal alert of
   //    type "unsupported_certificate".
   throw TLS_Exception(Alert::UnsupportedCertificate, "Failed to agree on certificate_type");
}

Certificate_Type_Base() [2/3]

Botan::TLS::Certificate_Type_Base::Certificate_Type_Base ( std::vector< Certificate_Type > supported_cert_types )

explicit

Called by the client to advertise support for a number of cert types.

Definition at line 169 of file tls_extensions.cpp.

                                                                                             :
      m_certificate_types(std::move(supported_cert_types)), m_from(Connection_Side::Client) {
   BOTAN_ARG_CHECK(!m_certificate_types.empty(), "at least one certificate type must be supported");
}

References type().

Referenced by Client_Certificate_Type().

Certificate_Type_Base() [3/3]

Botan::TLS::Certificate_Type_Base::Certificate_Type_Base	(	TLS_Data_Reader &	reader,
		uint16_t	extension_size,
		Connection_Side	from )

Definition at line 179 of file tls_extensions.cpp.

                                                                                                                   :
      m_from(from) {
   if(extension_size == 0) {
      throw Decoding_Error("Certificate type extension cannot be empty");
   }
 
   if(from == Connection_Side::Client) {
      const auto type_bytes = reader.get_tls_length_value(1);
      if(static_cast<size_t>(extension_size) != type_bytes.size() + 1) {
         throw Decoding_Error("certificate type extension had inconsistent length");
      }
      std::transform(
         type_bytes.begin(), type_bytes.end(), std::back_inserter(m_certificate_types), [](const auto type_byte) {
            return static_cast<Certificate_Type>(type_byte);
         });
   } else {
      // RFC 7250 4.2
      //    Note that only a single value is permitted in the
      //    server_certificate_type extension when carried in the server hello.
      if(extension_size != 1) {
         throw Decoding_Error("Server's certificate type extension must be of length 1");
      }
      const auto type_byte = reader.get_byte();
      m_certificate_types.push_back(static_cast<Certificate_Type>(type_byte));
   }
}

empty()

bool Botan::TLS::Certificate_Type_Base::empty ( ) const

inlineoverridevirtualinherited

Returns

if we should encode this extension or not

Implements Botan::TLS::Extension.

Definition at line 186 of file tls_extensions.h.

                                  {
         // RFC 7250 4.1
         //    If the client has no remaining certificate types to send in the
         //    client hello, other than the default X.509 type, it MUST omit the
         //    entire client[/server]_certificate_type extension [...].
         return m_from == Connection_Side::Client && m_certificate_types.size() == 1 &&
                m_certificate_types.front() == Certificate_Type::X509;
      }

References Botan::TLS::Client, and Botan::TLS::X509.

is_implemented()

virtual bool Botan::TLS::Extension::is_implemented ( ) const

inlinevirtualinherited

Returns

true if this extension is known and implemented by Botan

Reimplemented in Botan::TLS::Unknown_Extension.

Definition at line 95 of file tls_extensions.h.

{ return true; }

selected_certificate_type()

Certificate_Type Botan::TLS::Certificate_Type_Base::selected_certificate_type ( ) const

inherited

Definition at line 498 of file tls_extensions.cpp.

                                                                        {
   BOTAN_ASSERT_NOMSG(m_from == Connection_Side::Server);
   BOTAN_ASSERT_NOMSG(m_certificate_types.size() == 1);
   return m_certificate_types.front();
}

References BOTAN_ASSERT_NOMSG, and Botan::TLS::Server.

Referenced by validate_selection().

serialize()

std::vector< uint8_t > Botan::TLS::Certificate_Type_Base::serialize ( Connection_Side whoami ) const

overridevirtualinherited

Returns

serialized binary for the extension

Implements Botan::TLS::Extension.

Definition at line 467 of file tls_extensions.cpp.

                                                                                {
   std::vector<uint8_t> result;
   if(whoami == Connection_Side::Client) {
      std::vector<uint8_t> type_bytes;
      std::transform(
         m_certificate_types.begin(), m_certificate_types.end(), std::back_inserter(type_bytes), [](const auto type) {
            return static_cast<uint8_t>(type);
         });
      append_tls_length_value(result, type_bytes, 1);
   } else {
      BOTAN_ASSERT_NOMSG(m_certificate_types.size() == 1);
      result.push_back(static_cast<uint8_t>(m_certificate_types.front()));
   }
   return result;
}

References Botan::TLS::append_tls_length_value(), BOTAN_ASSERT_NOMSG, Botan::TLS::Client, and Botan::TLS::Extension::type().

static_type()

Extension_Code Botan::TLS::Client_Certificate_Type::static_type ( )

inlinestatic

Definition at line 209 of file tls_extensions.h.

{ return Extension_Code::ClientCertificateType; }

References Botan::TLS::ClientCertificateType.

Referenced by type().

type()

Extension_Code Botan::TLS::Client_Certificate_Type::type ( ) const

inlineoverridevirtual

Returns

code number of the extension

Implements Botan::TLS::Extension.

Definition at line 211 of file tls_extensions.h.

{ return static_type(); }

References static_type().

Referenced by Certificate_Type_Base().

validate_selection()

void Botan::TLS::Certificate_Type_Base::validate_selection ( const Certificate_Type_Base & from_server ) const

inherited

Definition at line 483 of file tls_extensions.cpp.

                                                                                             {
   BOTAN_ASSERT_NOMSG(m_from == Connection_Side::Client);
   BOTAN_ASSERT_NOMSG(from_server.m_from == Connection_Side::Server);
 
   // RFC 7250 4.2
   //    The value conveyed in the [client_]certificate_type extension MUST be
   //    selected from one of the values provided in the [client_]certificate_type
   //    extension sent in the client hello.
   if(!value_exists(m_certificate_types, from_server.selected_certificate_type())) {
      throw TLS_Exception(Alert::IllegalParameter,
                          Botan::fmt("Selected certificate type was not offered: {}",
                                     certificate_type_to_string(from_server.selected_certificate_type())));
   }
}

References BOTAN_ASSERT_NOMSG, Certificate_Type_Base(), Botan::TLS::certificate_type_to_string(), Botan::TLS::Client, Botan::fmt(), selected_certificate_type(), Botan::TLS::Server, and Botan::value_exists().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls_extensions.h
• src/lib/tls/tls_extensions.cpp