#include <x509_crl.h>
Public Member Functions | |
| const std::vector< uint8_t > & | authority_key_id () const |
| std::vector< uint8_t > | BER_encode () const |
| bool | check_signature (const Public_Key &key) const |
| std::string | crl_issuing_distribution_point () const |
| uint32_t | crl_number () const |
| void | decode_from (BER_Decoder &from) override |
| void | encode_into (DER_Encoder &to) const override |
| const Extensions & | extensions () const |
| const std::vector< CRL_Entry > & | get_revoked () const |
| bool | is_revoked (const X509_Certificate &cert) const |
| const X509_DN & | issuer_dn () const |
| std::vector< std::string > | issuing_distribution_points () const |
| const X509_Time & | next_update () const |
| std::string | PEM_encode () const |
| const std::vector< uint8_t > & | signature () const |
| const AlgorithmIdentifier & | signature_algorithm () const |
| const std::vector< uint8_t > & | signed_body () const |
| std::vector< uint8_t > | tbs_data () const |
| const X509_Time & | this_update () const |
| std::pair< Certificate_Status_Code, std::string > | verify_signature (const Public_Key &key) const |
| X509_CRL ()=default | |
| X509_CRL (const std::vector< uint8_t > &vec) | |
| X509_CRL (const X509_DN &issuer, const X509_Time &thisUpdate, const X509_Time &nextUpdate, const std::vector< CRL_Entry > &revoked) | |
| X509_CRL (DataSource &source) | |
| uint32_t | x509_version () const |
Static Public Member Functions | |
| static std::unique_ptr< PK_Signer > | choose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo) |
| static std::vector< uint8_t > | make_signed (PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs) |
Protected Member Functions | |
| void | load_data (DataSource &src) |
Detailed Description
This class represents X.509 Certificate Revocation Lists (CRLs).
Definition at line 89 of file x509_crl.h.
Constructor & Destructor Documentation
◆ X509_CRL() [1/4]
|
default |
Create an uninitialized CRL object. Any attempts to access this object will throw an exception.
◆ X509_CRL() [2/4]
| Botan::X509_CRL::X509_CRL | ( | DataSource & | source | ) |
Construct a CRL from a data source.
- Parameters
-
source the data source providing the DER or PEM encoded CRL.
Definition at line 40 of file x509_crl.cpp.
References Botan::X509_Object::load_data().
◆ X509_CRL() [3/4]
| Botan::X509_CRL::X509_CRL | ( | const std::vector< uint8_t > & | vec | ) |
Construct a CRL from a binary vector
- Parameters
-
vec the binary (DER) representation of the CRL
Definition at line 44 of file x509_crl.cpp.
References Botan::X509_Object::load_data().
◆ X509_CRL() [4/4]
| Botan::X509_CRL::X509_CRL | ( | const X509_DN & | issuer, |
| const X509_Time & | thisUpdate, | ||
| const X509_Time & | nextUpdate, | ||
| const std::vector< CRL_Entry > & | revoked ) |
Construct a CRL
- Parameters
-
issuer issuer of this CRL thisUpdate valid from nextUpdate valid until revoked entries to be included in the CRL
Definition at line 56 of file x509_crl.cpp.
References next_update(), and this_update().
Member Function Documentation
◆ authority_key_id()
| const std::vector< uint8_t > & Botan::X509_CRL::authority_key_id | ( | ) | const |
Get the AuthorityKeyIdentifier of this CRL.
- Returns
- this CRLs AuthorityKeyIdentifier
Definition at line 210 of file x509_crl.cpp.
Referenced by is_revoked().
◆ BER_encode()
|
inherited |
Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.
Definition at line 19 of file asn1_obj.cpp.
References Botan::ASN1_Object::encode_into().
Referenced by Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().
◆ check_signature()
|
inherited |
Check the signature on this data
- Parameters
-
key the public key purportedly used to sign this data
- Returns
- true if the signature is valid, otherwise false
Definition at line 96 of file x509_obj.cpp.
References Botan::VERIFIED, and Botan::X509_Object::verify_signature().
◆ choose_sig_format()
|
staticinherited |
Choose and return a signature scheme appropriate for X.509 signing using the provided parameters.
- Parameters
-
key will be the key to choose a padding scheme for rng the random generator to use hash_fn is the desired hash function padding_algo specifies the padding method
- Returns
- a PK_Signer object for generating signatures
Definition at line 208 of file x509_obj.cpp.
References Botan::Asymmetric_Key::_default_x509_signature_format(), and Botan::Asymmetric_Key::algo_name().
Referenced by Botan::PKCS10_Request::create(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::X509_CA().
◆ crl_issuing_distribution_point()
| std::string Botan::X509_CRL::crl_issuing_distribution_point | ( | ) | const |
Get the CRL's issuing distribution point
Definition at line 238 of file x509_crl.cpp.
◆ crl_number()
| uint32_t Botan::X509_CRL::crl_number | ( | ) | const |
Get the serial number of this CRL.
- Returns
- CRLs serial number
Definition at line 217 of file x509_crl.cpp.
Referenced by Botan::X509_CA::update_crl().
◆ decode_from()
|
overridevirtualinherited |
Decode a BER encoded X509_Object See ASN1_Object::decode_from()
Implements Botan::ASN1_Object.
Definition at line 67 of file x509_obj.cpp.
References Botan::BitString, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), and Botan::BER_Decoder::start_sequence().
Referenced by Botan::X509_Object::load_data().
◆ encode_into()
|
overridevirtualinherited |
DER encode an X509_Object See ASN1_Object::encode_into()
Implements Botan::ASN1_Object.
Definition at line 54 of file x509_obj.cpp.
References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::X509_Object::signature(), Botan::X509_Object::signature_algorithm(), Botan::X509_Object::signed_body(), and Botan::DER_Encoder::start_sequence().
◆ extensions()
| const Extensions & Botan::X509_CRL::extensions | ( | ) | const |
- Returns
- extension data for this CRL
Definition at line 185 of file x509_crl.cpp.
◆ get_revoked()
| const std::vector< CRL_Entry > & Botan::X509_CRL::get_revoked | ( | ) | const |
Get the entries of this CRL in the form of a vector.
- Returns
- vector containing the entries of this CRL.
Definition at line 192 of file x509_crl.cpp.
Referenced by is_revoked(), and Botan::X509_CA::update_crl().
◆ is_revoked()
| bool Botan::X509_CRL::is_revoked | ( | const X509_Certificate & | cert | ) | const |
Check if this particular certificate is listed in the CRL
Definition at line 71 of file x509_crl.cpp.
References Botan::X509_Certificate::authority_key_id(), authority_key_id(), get_revoked(), is_revoked(), Botan::X509_Certificate::issuer_dn(), issuer_dn(), Botan::RemoveFromCrl, and Botan::X509_Certificate::serial_number().
Referenced by is_revoked().
◆ issuer_dn()
| const X509_DN & Botan::X509_CRL::issuer_dn | ( | ) | const |
Get the issuer DN of this CRL.
- Returns
- CRLs issuer DN
Definition at line 203 of file x509_crl.cpp.
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and is_revoked().
◆ issuing_distribution_points()
| std::vector< std::string > Botan::X509_CRL::issuing_distribution_points | ( | ) | const |
Get the CRL's issuing distribution points
See https://www.rfc-editor.org/rfc/rfc5280#section-5.2.5
Definition at line 248 of file x509_crl.cpp.
◆ load_data()
|
protectedinherited |
Decodes from src as either DER or PEM data, then calls force_decode()
Definition at line 23 of file x509_obj.cpp.
References Botan::X509_Object::alternate_PEM_labels(), Botan::PEM_Code::decode(), Botan::X509_Object::decode_from(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::X509_Object::PEM_label().
Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), X509_CRL(), and X509_CRL().
◆ make_signed()
|
staticinherited |
Create a signed X509 object.
- Parameters
-
signer the signer used to sign the object rng the random number generator to use alg_id the algorithm identifier of the signature scheme tbs the tbs bits to be signed
- Returns
- signed X509 object
Definition at line 124 of file x509_obj.cpp.
References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::PK_Signer::sign_message(), Botan::X509_Object::signature(), and Botan::DER_Encoder::start_sequence().
Referenced by Botan::PKCS10_Request::create(), and Botan::X509_CA::make_cert().
◆ next_update()
| const X509_Time & Botan::X509_CRL::next_update | ( | ) | const |
Get the CRL's nextUpdate value.
- Returns
- CRLs nextdUpdate
Definition at line 231 of file x509_crl.cpp.
Referenced by X509_CRL().
◆ PEM_encode()
|
inherited |
- Returns
- PEM encoding of this
Definition at line 82 of file x509_obj.cpp.
References Botan::ASN1_Object::BER_encode(), Botan::PEM_Code::encode(), and Botan::X509_Object::PEM_label().
◆ signature()
|
inlineinherited |
- Returns
- signature on tbs_data()
Definition at line 37 of file x509_obj.h.
Referenced by Botan::X509_Object::encode_into(), Botan::X509_Object::make_signed(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and Botan::X509_Object::verify_signature().
◆ signature_algorithm()
|
inlineinherited |
- Returns
- signature algorithm that was used to generate signature
Definition at line 47 of file x509_obj.h.
Referenced by Botan::PKIX::check_chain(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator==(), Botan::X509_Certificate::to_string(), and Botan::X509_Object::verify_signature().
◆ signed_body()
|
inlineinherited |
- Returns
- signed body
Definition at line 42 of file x509_obj.h.
Referenced by Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Certificate::operator==().
◆ tbs_data()
|
inherited |
The underlying data that is to be or was signed
- Returns
- data that is or was signed
Definition at line 89 of file x509_obj.cpp.
References Botan::ASN1::put_in_sequence().
Referenced by Botan::X509_Object::verify_signature().
◆ this_update()
| const X509_Time & Botan::X509_CRL::this_update | ( | ) | const |
Get the CRL's thisUpdate value.
- Returns
- CRLs thisUpdate
Definition at line 224 of file x509_crl.cpp.
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and X509_CRL().
◆ verify_signature()
|
inherited |
Check the signature on this data
- Parameters
-
key the public key purportedly used to sign this data
- Returns
- status of the signature - OK if verified or otherwise an indicator of the problem preventing verification, along with the hash function that was used, for further policy checks. The second parameter is empty unless the validation was sucessful.
Definition at line 101 of file x509_obj.cpp.
References Botan::PK_Verifier::hash_function(), Botan::X509_Object::signature(), Botan::SIGNATURE_ALGO_BAD_PARAMS, Botan::SIGNATURE_ALGO_UNKNOWN, Botan::X509_Object::signature_algorithm(), Botan::SIGNATURE_ERROR, Botan::X509_Object::tbs_data(), Botan::VERIFIED, and Botan::PK_Verifier::verify_message().
Referenced by Botan::PKIX::check_chain(), and Botan::X509_Object::check_signature().
◆ x509_version()
| uint32_t Botan::X509_CRL::x509_version | ( | ) | const |
Get the X509 version of this CRL object
- Returns
- X509 version
Definition at line 196 of file x509_crl.cpp.
The documentation for this class was generated from the following files:
- src/lib/x509/x509_crl.h
- src/lib/x509/x509_crl.cpp
Generated by
1.12.0