#include <x509_obj.h>

Inheritance diagram for Botan::X509_Object:

Public Member Functions
virtual std::vector< std::string >	alternate_PEM_labels () const

std::vector< uint8_t >	BER_encode () const

bool	check_signature (const Public_Key &key) const

void	decode_from (BER_Decoder &from) override

void	encode_into (DER_Encoder &to) const override

X509_Object &	operator= (const X509_Object &)=default

std::string	PEM_encode () const

virtual std::string	PEM_label () const =0

const std::vector< uint8_t > &	signature () const

const AlgorithmIdentifier &	signature_algorithm () const

const std::vector< uint8_t > &	signed_body () const

std::vector< uint8_t >	tbs_data () const

std::pair< Certificate_Status_Code, std::string >	verify_signature (const Public_Key &key) const

	X509_Object (const X509_Object &)=default

	~X509_Object () override=default

Static Public Member Functions
static std::unique_ptr< PK_Signer >	choose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)

static std::vector< uint8_t >	make_signed (PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)

Protected Member Functions
void	load_data (DataSource &src)

	X509_Object ()=default

Detailed Description

This class represents abstract X.509 signed objects as in the X.500 SIGNED macro

Definition at line 26 of file x509_obj.h.

Constructor & Destructor Documentation

◆ X509_Object() [1/2]

Botan::X509_Object::X509_Object ( const X509_Object & )

default

◆ ~X509_Object()

Botan::X509_Object::~X509_Object ( )

overridedefault

◆ X509_Object() [2/2]

Botan::X509_Object::X509_Object ( )

protecteddefault

Member Function Documentation

◆ alternate_PEM_labels()

virtual std::vector< std::string > Botan::X509_Object::alternate_PEM_labels ( ) const

inlinevirtual

Definition at line 101 of file x509_obj.h.

101{ return std::vector<std::string>(); }

Referenced by load_data().

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const

inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 19 of file asn1_obj.cpp.

                                                 {
   std::vector<uint8_t> output;
   DER_Encoder der(output);
   this->encode_into(der);
   return output;
}

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSS_Params::decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ check_signature()

bool Botan::X509_Object::check_signature ( const Public_Key & key ) const

Check the signature on this data

Parameters

key	the public key purportedly used to sign this data

Returns: true if the signature is valid, otherwise false

Definition at line 97 of file x509_obj.cpp.

                                                                 {
   const auto result = this->verify_signature(pub_key);
   return (result.first == Certificate_Status_Code::VERIFIED);
}

References Botan::VERIFIED, and verify_signature().

◆ choose_sig_format()

std::unique_ptr< PK_Signer > Botan::X509_Object::choose_sig_format	(	const Private_Key &	key,
		RandomNumberGenerator &	rng,
		std::string_view	hash_fn,
		std::string_view	padding_algo )

static

Choose and return a signature scheme appropriate for X.509 signing using the provided parameters.

Parameters

key	will be the key to choose a padding scheme for
rng	the random generator to use
hash_fn	is the desired hash function
padding_algo	specifies the padding method

Returns: a PK_Signer object for generating signatures

Definition at line 209 of file x509_obj.cpp.

                                                                                                 {
   const Signature_Format format = key.default_x509_signature_format();
 
   if(!user_specified_padding.empty()) {
      try {
         auto pk_signer = std::make_unique<PK_Signer>(key, rng, user_specified_padding, format);
         if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
            throw Invalid_Argument(format_padding_error_message(
               key.algo_name(), pk_signer->hash_function(), hash_fn, "", user_specified_padding));
         }
         return pk_signer;
      } catch(Lookup_Error&) {}
   }
 
   const std::string padding = x509_signature_padding_for(key.algo_name(), hash_fn, user_specified_padding);
 
   try {
      auto pk_signer = std::make_unique<PK_Signer>(key, rng, padding, format);
      if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
         throw Invalid_Argument(format_padding_error_message(
            key.algo_name(), pk_signer->hash_function(), hash_fn, padding, user_specified_padding));
      }
      return pk_signer;
   } catch(Not_Implemented&) {
      throw Invalid_Argument("Signatures using " + key.algo_name() + "/" + padding + " are not supported");
   }
}

References Botan::Asymmetric_Key::algo_name(), and Botan::Public_Key::default_x509_signature_format().

Referenced by Botan::PKCS10_Request::create(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::X509_CA().

◆ decode_from()

void Botan::X509_Object::decode_from ( BER_Decoder & from )

overridevirtual

Decode a BER encoded X509_Object See ASN1_Object::decode_from()

Implements Botan::ASN1_Object.

Definition at line 68 of file x509_obj.cpp.

                                               {
   from.start_sequence()
      .start_sequence()
      .raw_bytes(m_tbs_bits)
      .end_cons()
      .decode(m_sig_algo)
      .decode(m_sig, ASN1_Type::BitString)
      .end_cons();
 
   force_decode();
}

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), and Botan::BER_Decoder::start_sequence().

Referenced by load_data().

◆ encode_into()

void Botan::X509_Object::encode_into ( DER_Encoder & to ) const

overridevirtual

DER encode an X509_Object See ASN1_Object::encode_into()

Implements Botan::ASN1_Object.

Definition at line 55 of file x509_obj.cpp.

                                                   {
   to.start_sequence()
      .start_sequence()
      .raw_bytes(signed_body())
      .end_cons()
      .encode(signature_algorithm())
      .encode(signature(), ASN1_Type::BitString)
      .end_cons();
}

References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), signature(), signature_algorithm(), signed_body(), and Botan::DER_Encoder::start_sequence().

◆ load_data()

void Botan::X509_Object::load_data ( DataSource & src )

protected

Decodes from src as either DER or PEM data, then calls force_decode()

Definition at line 24 of file x509_obj.cpp.

                                          {
   try {
      if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) {
         BER_Decoder dec(in);
         decode_from(dec);
      } else {
         std::string got_label;
         DataSource_Memory ber(PEM_Code::decode(in, got_label));
 
         if(got_label != PEM_label()) {
            bool is_alternate = false;
            for(std::string_view alt_label : alternate_PEM_labels()) {
               if(got_label == alt_label) {
                  is_alternate = true;
                  break;
               }
            }
 
            if(!is_alternate) {
               throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
            }
         }
 
         BER_Decoder dec(ber);
         decode_from(dec);
      }
   } catch(Decoding_Error& e) {
      throw Decoding_Error(PEM_label() + " decoding", e);
   }
}

References alternate_PEM_labels(), Botan::PEM_Code::decode(), decode_from(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and PEM_label().

Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_CRL::X509_CRL(), and Botan::X509_CRL::X509_CRL().

◆ make_signed()

std::vector< uint8_t > Botan::X509_Object::make_signed	(	PK_Signer &	signer,
		RandomNumberGenerator &	rng,
		const AlgorithmIdentifier &	alg_id,
		const secure_vector< uint8_t > &	tbs )

static

Create a signed X509 object.

Parameters

signer	the signer used to sign the object
rng	the random number generator to use
alg_id	the algorithm identifier of the signature scheme
tbs	the tbs bits to be signed

Returns: signed X509 object

Definition at line 125 of file x509_obj.cpp.

                                                                                      {
   const std::vector<uint8_t> signature = signer.sign_message(tbs_bits, rng);
 
   std::vector<uint8_t> output;
   DER_Encoder(output)
      .start_sequence()
      .raw_bytes(tbs_bits)
      .encode(algo)
      .encode(signature, ASN1_Type::BitString)
      .end_cons();
 
   return output;
}

References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::PK_Signer::sign_message(), signature(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::PKCS10_Request::create(), and Botan::X509_CA::make_cert().

◆ operator=()

X509_Object & Botan::X509_Object::operator= ( const X509_Object & )

default

◆ PEM_encode()

std::string Botan::X509_Object::PEM_encode ( ) const

Returns: PEM encoding of this

Definition at line 83 of file x509_obj.cpp.

                                        {
   return PEM_Code::encode(BER_encode(), PEM_label());
}

References Botan::ASN1_Object::BER_encode(), Botan::PEM_Code::encode(), and PEM_label().

◆ PEM_label()

virtual std::string Botan::X509_Object::PEM_label ( ) const

pure virtual

Referenced by load_data(), and PEM_encode().

◆ signature()

const std::vector< uint8_t > & Botan::X509_Object::signature ( ) const

inline

Returns: signature on tbs_data()

Definition at line 37 of file x509_obj.h.

37{ return m_sig; }

Referenced by encode_into(), make_signed(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and verify_signature().

◆ signature_algorithm()

const AlgorithmIdentifier & Botan::X509_Object::signature_algorithm ( ) const

inline

Returns: signature algorithm that was used to generate signature

Definition at line 47 of file x509_obj.h.

47{ return m_sig_algo; }

Referenced by Botan::PKIX::check_chain(), encode_into(), Botan::X509_Certificate::operator==(), Botan::X509_Certificate::to_string(), and verify_signature().

◆ signed_body()

const std::vector< uint8_t > & Botan::X509_Object::signed_body ( ) const

inline

Returns: signed body

Definition at line 42 of file x509_obj.h.

42{ return m_tbs_bits; }

Referenced by encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Certificate::operator==().

◆ tbs_data()

std::vector< uint8_t > Botan::X509_Object::tbs_data ( ) const

The underlying data that is to be or was signed

Returns: data that is or was signed

Definition at line 90 of file x509_obj.cpp.

                                               {
   return ASN1::put_in_sequence(m_tbs_bits);
}

References Botan::ASN1::put_in_sequence().

Referenced by verify_signature().

◆ verify_signature()

std::pair< Certificate_Status_Code, std::string > Botan::X509_Object::verify_signature ( const Public_Key & key ) const

Check the signature on this data

Parameters

key	the public key purportedly used to sign this data

Returns: status of the signature - OK if verified or otherwise an indicator of the problem preventing verification, along with the hash function that was used, for further policy checks. The second parameter is empty unless the validation was sucessful.

Definition at line 102 of file x509_obj.cpp.

                                                                                                         {
   try {
      PK_Verifier verifier(pub_key, signature_algorithm());
      const bool valid = verifier.verify_message(tbs_data(), signature());
 
      if(valid) {
         return std::make_pair(Certificate_Status_Code::VERIFIED, verifier.hash_function());
      } else {
         return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
      }
   } catch(Decoding_Error&) {
      return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS, "");
   } catch(Algorithm_Not_Found&) {
      return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN, "");
   } catch(...) {
      // This shouldn't happen, fallback to generic signature error
      return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
   }
}

References Botan::PK_Verifier::hash_function(), signature(), Botan::SIGNATURE_ALGO_BAD_PARAMS, Botan::SIGNATURE_ALGO_UNKNOWN, signature_algorithm(), Botan::SIGNATURE_ERROR, tbs_data(), Botan::VERIFIED, and Botan::PK_Verifier::verify_message().

Referenced by Botan::PKIX::check_chain(), and check_signature().

The documentation for this class was generated from the following files:

src/lib/x509/x509_obj.h
src/lib/x509/x509_obj.cpp

Public Member Functions

Static Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ X509_Object() [1/2]

◆ ~X509_Object()

◆ X509_Object() [2/2]

Member Function Documentation

◆ alternate_PEM_labels()

◆ BER_encode()

◆ check_signature()

◆ choose_sig_format()

◆ decode_from()

◆ encode_into()

◆ load_data()

◆ make_signed()

◆ operator=()

◆ PEM_encode()

◆ PEM_label()

◆ signature()

◆ signature_algorithm()

◆ signed_body()

◆ tbs_data()

◆ verify_signature()