#include <x509_crl.h>
Public Member Functions | |
| const std::vector< uint8_t > & | authority_key_id () const |
| std::vector< uint8_t > | BER_encode () const |
| bool | check_signature (const Public_Key &key) const |
| std::string | crl_issuing_distribution_point () const |
| uint32_t | crl_number () const |
| void | decode_from (BER_Decoder &from) override |
| void | encode_into (DER_Encoder &to) const override |
| const Extensions & | extensions () const |
| const std::vector< CRL_Entry > & | get_revoked () const |
| bool | is_revoked (const X509_Certificate &cert) const |
| const X509_DN & | issuer_dn () const |
| std::vector< std::string > | issuing_distribution_points () const |
| const X509_Time & | next_update () const |
| std::string | PEM_encode () const |
| const std::vector< uint8_t > & | signature () const |
| const AlgorithmIdentifier & | signature_algorithm () const |
| const std::vector< uint8_t > & | signed_body () const |
| std::vector< uint8_t > | tbs_data () const |
| const X509_Time & | this_update () const |
| std::pair< Certificate_Status_Code, std::string > | verify_signature (const Public_Key &key) const |
| X509_CRL ()=default | |
| X509_CRL (const std::vector< uint8_t > &vec) | |
| X509_CRL (const X509_DN &issuer, const X509_Time &thisUpdate, const X509_Time &nextUpdate, const std::vector< CRL_Entry > &revoked) | |
| X509_CRL (DataSource &source) | |
| uint32_t | x509_version () const |
Static Public Member Functions | |
| static std::unique_ptr< PK_Signer > | choose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo) |
| static std::vector< uint8_t > | make_signed (PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs) |
Protected Member Functions | |
| void | load_data (DataSource &src) |
Detailed Description
This class represents X.509 Certificate Revocation Lists (CRLs).
Definition at line 90 of file x509_crl.h.
Constructor & Destructor Documentation
◆ X509_CRL() [1/4]
|
default |
Create an uninitialized CRL object. Any attempts to access this object will throw an exception.
References X509_CRL().
Referenced by X509_CRL().
◆ X509_CRL() [2/4]
| Botan::X509_CRL::X509_CRL | ( | DataSource & | source | ) |
Construct a CRL from a data source.
- Parameters
-
source the data source providing the DER or PEM encoded CRL.
Definition at line 40 of file x509_crl.cpp.
References Botan::X509_Object::load_data().
◆ X509_CRL() [3/4]
| Botan::X509_CRL::X509_CRL | ( | const std::vector< uint8_t > & | vec | ) |
Construct a CRL from a binary vector
- Parameters
-
vec the binary (DER) representation of the CRL
Definition at line 44 of file x509_crl.cpp.
References Botan::X509_Object::load_data().
◆ X509_CRL() [4/4]
| Botan::X509_CRL::X509_CRL | ( | const X509_DN & | issuer, |
| const X509_Time & | thisUpdate, | ||
| const X509_Time & | nextUpdate, | ||
| const std::vector< CRL_Entry > & | revoked ) |
Construct a CRL
- Parameters
-
issuer issuer of this CRL thisUpdate valid from nextUpdate valid until revoked entries to be included in the CRL
Definition at line 56 of file x509_crl.cpp.
References next_update(), this_update(), and Botan::X509_Object::X509_Object().
Member Function Documentation
◆ authority_key_id()
| const std::vector< uint8_t > & Botan::X509_CRL::authority_key_id | ( | ) | const |
Get the AuthorityKeyIdentifier of this CRL.
- Returns
- this CRLs AuthorityKeyIdentifier
Definition at line 221 of file x509_crl.cpp.
Referenced by is_revoked().
◆ BER_encode()
|
inherited |
Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.
Definition at line 19 of file asn1_obj.cpp.
References encode_into().
Referenced by decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), Botan::PSS_Params::PSS_Params(), and Botan::Certificate_Store_In_SQL::revoke_cert().
◆ check_signature()
|
inherited |
Check the signature on this data
- Parameters
-
key the public key purportedly used to sign this data
- Returns
- true if the signature is valid, otherwise false
Definition at line 97 of file x509_obj.cpp.
References Botan::VERIFIED, and verify_signature().
◆ choose_sig_format()
|
staticinherited |
Choose and return a signature scheme appropriate for X.509 signing using the provided parameters.
- Parameters
-
key will be the key to choose a padding scheme for rng the random generator to use hash_fn is the desired hash function padding_algo specifies the padding method
- Returns
- a PK_Signer object for generating signatures
Definition at line 209 of file x509_obj.cpp.
References Botan::Asymmetric_Key::_default_x509_signature_format(), and Botan::Asymmetric_Key::algo_name().
Referenced by Botan::PKCS10_Request::create(), Botan::X509::create_self_signed_cert(), Botan::X509_CA::X509_CA(), and ~X509_Object().
◆ crl_issuing_distribution_point()
| std::string Botan::X509_CRL::crl_issuing_distribution_point | ( | ) | const |
Get the CRL's issuing distribution point
Definition at line 249 of file x509_crl.cpp.
◆ crl_number()
| uint32_t Botan::X509_CRL::crl_number | ( | ) | const |
Get the serial number of this CRL.
- Returns
- CRLs serial number
Definition at line 228 of file x509_crl.cpp.
Referenced by Botan::X509_CA::update_crl().
◆ decode_from()
|
overridevirtualinherited |
Decode a BER encoded X509_Object See ASN1_Object::decode_from()
Implements Botan::ASN1_Object.
Definition at line 68 of file x509_obj.cpp.
References Botan::BitString, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), and Botan::BER_Decoder::start_sequence().
Referenced by load_data().
◆ encode_into()
|
overridevirtualinherited |
DER encode an X509_Object See ASN1_Object::encode_into()
Implements Botan::ASN1_Object.
Definition at line 55 of file x509_obj.cpp.
References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), signature(), signature_algorithm(), signed_body(), and Botan::DER_Encoder::start_sequence().
◆ extensions()
| const Extensions & Botan::X509_CRL::extensions | ( | ) | const |
- Returns
- extension data for this CRL
Definition at line 196 of file x509_crl.cpp.
◆ get_revoked()
| const std::vector< CRL_Entry > & Botan::X509_CRL::get_revoked | ( | ) | const |
Get the entries of this CRL in the form of a vector.
- Returns
- vector containing the entries of this CRL.
Definition at line 203 of file x509_crl.cpp.
Referenced by is_revoked(), and Botan::X509_CA::update_crl().
◆ is_revoked()
| bool Botan::X509_CRL::is_revoked | ( | const X509_Certificate & | cert | ) | const |
Check if this particular certificate is listed in the CRL
Definition at line 71 of file x509_crl.cpp.
References Botan::X509_Certificate::authority_key_id(), authority_key_id(), get_revoked(), is_revoked(), Botan::X509_Certificate::issuer_dn(), issuer_dn(), Botan::RemoveFromCrl, and Botan::X509_Certificate::serial_number().
Referenced by is_revoked().
◆ issuer_dn()
| const X509_DN & Botan::X509_CRL::issuer_dn | ( | ) | const |
Get the issuer DN of this CRL.
- Returns
- CRLs issuer DN
Definition at line 214 of file x509_crl.cpp.
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and is_revoked().
◆ issuing_distribution_points()
| std::vector< std::string > Botan::X509_CRL::issuing_distribution_points | ( | ) | const |
Get the CRL's issuing distribution points
See https://www.rfc-editor.org/rfc/rfc5280#section-5.2.5
Definition at line 259 of file x509_crl.cpp.
◆ load_data()
|
protectedinherited |
Decodes from src as either DER or PEM data, then calls force_decode()
Definition at line 24 of file x509_obj.cpp.
References alternate_PEM_labels(), Botan::PEM_Code::decode(), decode_from(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and PEM_label().
Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_CRL::X509_CRL(), Botan::X509_CRL::X509_CRL(), and X509_Object().
◆ make_signed()
|
staticinherited |
Create a signed X509 object.
- Parameters
-
signer the signer used to sign the object rng the random number generator to use alg_id the algorithm identifier of the signature scheme tbs the tbs bits to be signed
- Returns
- signed X509 object
Definition at line 125 of file x509_obj.cpp.
References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::PK_Signer::sign_message(), signature(), and Botan::DER_Encoder::start_sequence().
Referenced by Botan::PKCS10_Request::create(), and Botan::X509_CA::make_cert().
◆ next_update()
| const X509_Time & Botan::X509_CRL::next_update | ( | ) | const |
Get the CRL's nextUpdate value.
Technically nextUpdate is optional in the X.509 spec and may be omitted, despite RFC 5280 requiring it. If the nextUpdate field is not set, this will return a time object with time_is_set() returning false.
TODO(Botan4) return a const std::optional<X509_Time>& instead
- Returns
- CRLs nextUpdate
Definition at line 242 of file x509_crl.cpp.
Referenced by X509_CRL().
◆ PEM_encode()
|
inherited |
- Returns
- PEM encoding of this
Definition at line 83 of file x509_obj.cpp.
References Botan::ASN1_Object::BER_encode(), Botan::PEM_Code::encode(), and PEM_label().
◆ signature()
|
inlineinherited |
- Returns
- signature on tbs_data()
Definition at line 40 of file x509_obj.h.
Referenced by encode_into(), make_signed(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and verify_signature().
◆ signature_algorithm()
|
inlineinherited |
- Returns
- signature algorithm that was used to generate signature
Definition at line 50 of file x509_obj.h.
Referenced by Botan::PKIX::check_chain(), encode_into(), Botan::X509_Certificate::operator==(), Botan::X509_Certificate::to_string(), and verify_signature().
◆ signed_body()
|
inlineinherited |
- Returns
- signed body
Definition at line 45 of file x509_obj.h.
Referenced by encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Certificate::operator==().
◆ tbs_data()
|
inherited |
The underlying data that is to be or was signed
- Returns
- data that is or was signed
Definition at line 90 of file x509_obj.cpp.
References Botan::ASN1::put_in_sequence().
Referenced by verify_signature().
◆ this_update()
| const X509_Time & Botan::X509_CRL::this_update | ( | ) | const |
Get the CRL's thisUpdate value.
- Returns
- CRLs thisUpdate
Definition at line 235 of file x509_crl.cpp.
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and X509_CRL().
◆ verify_signature()
|
inherited |
Check the signature on this data
- Parameters
-
key the public key purportedly used to sign this data
- Returns
- status of the signature - OK if verified or otherwise an indicator of the problem preventing verification, along with the hash function that was used, for further policy checks. The second parameter is empty unless the validation was sucessful.
Definition at line 102 of file x509_obj.cpp.
References Botan::PK_Verifier::hash_function(), signature(), Botan::SIGNATURE_ALGO_BAD_PARAMS, Botan::SIGNATURE_ALGO_UNKNOWN, signature_algorithm(), Botan::SIGNATURE_ERROR, tbs_data(), Botan::VERIFIED, and Botan::PK_Verifier::verify_message().
Referenced by Botan::PKIX::check_chain(), and check_signature().
◆ x509_version()
| uint32_t Botan::X509_CRL::x509_version | ( | ) | const |
Get the X509 version of this CRL object
- Returns
- X509 version
Definition at line 207 of file x509_crl.cpp.
The documentation for this class was generated from the following files:
- src/lib/x509/x509_crl.h
- src/lib/x509/x509_crl.cpp
Generated by
1.13.2