Botan 3.8.1
Crypto and TLS for C&
|
#include <x509_crl.h>
Public Member Functions | |
const std::vector< uint8_t > & | authority_key_id () const |
std::vector< uint8_t > | BER_encode () const |
bool | check_signature (const Public_Key &key) const |
std::string | crl_issuing_distribution_point () const |
uint32_t | crl_number () const |
void | decode_from (BER_Decoder &from) override |
void | encode_into (DER_Encoder &to) const override |
const Extensions & | extensions () const |
const std::vector< CRL_Entry > & | get_revoked () const |
bool | is_revoked (const X509_Certificate &cert) const |
const X509_DN & | issuer_dn () const |
std::vector< std::string > | issuing_distribution_points () const |
const X509_Time & | next_update () const |
std::string | PEM_encode () const |
const std::vector< uint8_t > & | signature () const |
const AlgorithmIdentifier & | signature_algorithm () const |
const std::vector< uint8_t > & | signed_body () const |
std::vector< uint8_t > | tbs_data () const |
const X509_Time & | this_update () const |
std::pair< Certificate_Status_Code, std::string > | verify_signature (const Public_Key &key) const |
X509_CRL ()=default | |
X509_CRL (const std::vector< uint8_t > &vec) | |
X509_CRL (const X509_DN &issuer, const X509_Time &thisUpdate, const X509_Time &nextUpdate, const std::vector< CRL_Entry > &revoked) | |
X509_CRL (DataSource &source) | |
uint32_t | x509_version () const |
Static Public Member Functions | |
static std::unique_ptr< PK_Signer > | choose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo) |
static std::vector< uint8_t > | make_signed (PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs) |
Protected Member Functions | |
void | load_data (DataSource &src) |
This class represents X.509 Certificate Revocation Lists (CRLs).
Definition at line 90 of file x509_crl.h.
|
default |
Create an uninitialized CRL object. Any attempts to access this object will throw an exception.
References X509_CRL().
Referenced by X509_CRL().
Botan::X509_CRL::X509_CRL | ( | DataSource & | source | ) |
Construct a CRL from a data source.
source | the data source providing the DER or PEM encoded CRL. |
Definition at line 40 of file x509_crl.cpp.
References Botan::X509_Object::load_data().
Botan::X509_CRL::X509_CRL | ( | const std::vector< uint8_t > & | vec | ) |
Construct a CRL from a binary vector
vec | the binary (DER) representation of the CRL |
Definition at line 44 of file x509_crl.cpp.
References Botan::X509_Object::load_data().
Botan::X509_CRL::X509_CRL | ( | const X509_DN & | issuer, |
const X509_Time & | thisUpdate, | ||
const X509_Time & | nextUpdate, | ||
const std::vector< CRL_Entry > & | revoked ) |
Construct a CRL
issuer | issuer of this CRL |
thisUpdate | valid from |
nextUpdate | valid until |
revoked | entries to be included in the CRL |
Definition at line 56 of file x509_crl.cpp.
References next_update(), this_update(), and Botan::X509_Object::X509_Object().
const std::vector< uint8_t > & Botan::X509_CRL::authority_key_id | ( | ) | const |
Get the AuthorityKeyIdentifier of this CRL.
Definition at line 221 of file x509_crl.cpp.
Referenced by is_revoked().
|
inherited |
Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.
Definition at line 19 of file asn1_obj.cpp.
References encode_into().
Referenced by decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), Botan::PSS_Params::PSS_Params(), and Botan::Certificate_Store_In_SQL::revoke_cert().
|
inherited |
Check the signature on this data
key | the public key purportedly used to sign this data |
Definition at line 97 of file x509_obj.cpp.
References Botan::VERIFIED, and verify_signature().
|
staticinherited |
Choose and return a signature scheme appropriate for X.509 signing using the provided parameters.
key | will be the key to choose a padding scheme for |
rng | the random generator to use |
hash_fn | is the desired hash function |
padding_algo | specifies the padding method |
Definition at line 209 of file x509_obj.cpp.
References Botan::Asymmetric_Key::_default_x509_signature_format(), and Botan::Asymmetric_Key::algo_name().
Referenced by Botan::PKCS10_Request::create(), Botan::X509::create_self_signed_cert(), Botan::X509_CA::X509_CA(), and ~X509_Object().
std::string Botan::X509_CRL::crl_issuing_distribution_point | ( | ) | const |
Get the CRL's issuing distribution point
Definition at line 249 of file x509_crl.cpp.
uint32_t Botan::X509_CRL::crl_number | ( | ) | const |
Get the serial number of this CRL.
Definition at line 228 of file x509_crl.cpp.
Referenced by Botan::X509_CA::update_crl().
|
overridevirtualinherited |
Decode a BER encoded X509_Object See ASN1_Object::decode_from()
Implements Botan::ASN1_Object.
Definition at line 68 of file x509_obj.cpp.
References Botan::BitString, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), and Botan::BER_Decoder::start_sequence().
Referenced by load_data().
|
overridevirtualinherited |
DER encode an X509_Object See ASN1_Object::encode_into()
Implements Botan::ASN1_Object.
Definition at line 55 of file x509_obj.cpp.
References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), signature(), signature_algorithm(), signed_body(), and Botan::DER_Encoder::start_sequence().
const Extensions & Botan::X509_CRL::extensions | ( | ) | const |
Definition at line 196 of file x509_crl.cpp.
const std::vector< CRL_Entry > & Botan::X509_CRL::get_revoked | ( | ) | const |
Get the entries of this CRL in the form of a vector.
Definition at line 203 of file x509_crl.cpp.
Referenced by is_revoked(), and Botan::X509_CA::update_crl().
bool Botan::X509_CRL::is_revoked | ( | const X509_Certificate & | cert | ) | const |
Check if this particular certificate is listed in the CRL
Definition at line 71 of file x509_crl.cpp.
References Botan::X509_Certificate::authority_key_id(), authority_key_id(), get_revoked(), is_revoked(), Botan::X509_Certificate::issuer_dn(), issuer_dn(), Botan::RemoveFromCrl, and Botan::X509_Certificate::serial_number().
Referenced by is_revoked().
const X509_DN & Botan::X509_CRL::issuer_dn | ( | ) | const |
Get the issuer DN of this CRL.
Definition at line 214 of file x509_crl.cpp.
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and is_revoked().
std::vector< std::string > Botan::X509_CRL::issuing_distribution_points | ( | ) | const |
Get the CRL's issuing distribution points
See https://www.rfc-editor.org/rfc/rfc5280#section-5.2.5
Definition at line 259 of file x509_crl.cpp.
|
protectedinherited |
Decodes from src as either DER or PEM data, then calls force_decode()
Definition at line 24 of file x509_obj.cpp.
References alternate_PEM_labels(), Botan::PEM_Code::decode(), decode_from(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and PEM_label().
Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_CRL::X509_CRL(), Botan::X509_CRL::X509_CRL(), and X509_Object().
|
staticinherited |
Create a signed X509 object.
signer | the signer used to sign the object |
rng | the random number generator to use |
alg_id | the algorithm identifier of the signature scheme |
tbs | the tbs bits to be signed |
Definition at line 125 of file x509_obj.cpp.
References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::PK_Signer::sign_message(), signature(), and Botan::DER_Encoder::start_sequence().
Referenced by Botan::PKCS10_Request::create(), and Botan::X509_CA::make_cert().
const X509_Time & Botan::X509_CRL::next_update | ( | ) | const |
Get the CRL's nextUpdate value.
Technically nextUpdate is optional in the X.509 spec and may be omitted, despite RFC 5280 requiring it. If the nextUpdate field is not set, this will return a time object with time_is_set() returning false.
TODO(Botan4) return a const std::optional<X509_Time>&
instead
Definition at line 242 of file x509_crl.cpp.
Referenced by X509_CRL().
|
inherited |
Definition at line 83 of file x509_obj.cpp.
References Botan::ASN1_Object::BER_encode(), Botan::PEM_Code::encode(), and PEM_label().
|
inlineinherited |
Definition at line 40 of file x509_obj.h.
Referenced by encode_into(), make_signed(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and verify_signature().
|
inlineinherited |
Definition at line 50 of file x509_obj.h.
Referenced by Botan::PKIX::check_chain(), encode_into(), Botan::X509_Certificate::operator==(), Botan::X509_Certificate::to_string(), and verify_signature().
|
inlineinherited |
Definition at line 45 of file x509_obj.h.
Referenced by encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Certificate::operator==().
|
inherited |
The underlying data that is to be or was signed
Definition at line 90 of file x509_obj.cpp.
References Botan::ASN1::put_in_sequence().
Referenced by verify_signature().
const X509_Time & Botan::X509_CRL::this_update | ( | ) | const |
Get the CRL's thisUpdate value.
Definition at line 235 of file x509_crl.cpp.
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and X509_CRL().
|
inherited |
Check the signature on this data
key | the public key purportedly used to sign this data |
Definition at line 102 of file x509_obj.cpp.
References Botan::PK_Verifier::hash_function(), signature(), Botan::SIGNATURE_ALGO_BAD_PARAMS, Botan::SIGNATURE_ALGO_UNKNOWN, signature_algorithm(), Botan::SIGNATURE_ERROR, tbs_data(), Botan::VERIFIED, and Botan::PK_Verifier::verify_message().
Referenced by Botan::PKIX::check_chain(), and check_signature().
uint32_t Botan::X509_CRL::x509_version | ( | ) | const |
Get the X509 version of this CRL object
Definition at line 207 of file x509_crl.cpp.