Botan 3.5.0
Crypto and TLS for C&
Botan::X509_Object Class Referenceabstract

#include <x509_obj.h>

Inheritance diagram for Botan::X509_Object:
Botan::ASN1_Object Botan::PKCS10_Request Botan::X509_CRL Botan::X509_Certificate

Public Member Functions

virtual std::vector< std::string > alternate_PEM_labels () const
 
std::vector< uint8_t > BER_encode () const
 
bool check_signature (const Public_Key &key) const
 
void decode_from (BER_Decoder &from) override
 
void encode_into (DER_Encoder &to) const override
 
X509_Objectoperator= (const X509_Object &)=default
 
std::string PEM_encode () const
 
virtual std::string PEM_label () const =0
 
const std::vector< uint8_t > & signature () const
 
const AlgorithmIdentifiersignature_algorithm () const
 
const std::vector< uint8_t > & signed_body () const
 
std::vector< uint8_t > tbs_data () const
 
std::pair< Certificate_Status_Code, std::string > verify_signature (const Public_Key &key) const
 
 X509_Object (const X509_Object &)=default
 
 ~X509_Object () override=default
 

Static Public Member Functions

static std::unique_ptr< PK_Signerchoose_sig_format (const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
 
static std::vector< uint8_t > make_signed (PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
 

Protected Member Functions

void load_data (DataSource &src)
 
 X509_Object ()=default
 

Detailed Description

This class represents abstract X.509 signed objects as in the X.500 SIGNED macro

Definition at line 26 of file x509_obj.h.

Constructor & Destructor Documentation

◆ X509_Object() [1/2]

Botan::X509_Object::X509_Object ( const X509_Object & )
default

◆ ~X509_Object()

Botan::X509_Object::~X509_Object ( )
overridedefault

◆ X509_Object() [2/2]

Botan::X509_Object::X509_Object ( )
protecteddefault

Member Function Documentation

◆ alternate_PEM_labels()

virtual std::vector< std::string > Botan::X509_Object::alternate_PEM_labels ( ) const
inlinevirtual

Definition at line 101 of file x509_obj.h.

101{ return std::vector<std::string>(); }

Referenced by load_data().

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 19 of file asn1_obj.cpp.

19 {
20 std::vector<uint8_t> output;
21 DER_Encoder der(output);
22 this->encode_into(der);
23 return output;
24}
virtual void encode_into(DER_Encoder &to) const =0

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSS_Params::decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ check_signature()

bool Botan::X509_Object::check_signature ( const Public_Key & key) const

Check the signature on this data

Parameters
keythe public key purportedly used to sign this data
Returns
true if the signature is valid, otherwise false

Definition at line 97 of file x509_obj.cpp.

97 {
98 const auto result = this->verify_signature(pub_key);
99 return (result.first == Certificate_Status_Code::VERIFIED);
100}
std::pair< Certificate_Status_Code, std::string > verify_signature(const Public_Key &key) const
Definition x509_obj.cpp:102

References Botan::VERIFIED, and verify_signature().

◆ choose_sig_format()

std::unique_ptr< PK_Signer > Botan::X509_Object::choose_sig_format ( const Private_Key & key,
RandomNumberGenerator & rng,
std::string_view hash_fn,
std::string_view padding_algo )
static

Choose and return a signature scheme appropriate for X.509 signing using the provided parameters.

Parameters
keywill be the key to choose a padding scheme for
rngthe random generator to use
hash_fnis the desired hash function
padding_algospecifies the padding method
Returns
a PK_Signer object for generating signatures

Definition at line 212 of file x509_obj.cpp.

215 {
216 const Signature_Format format = key.default_x509_signature_format();
217
218 if(!user_specified_padding.empty()) {
219 try {
220 auto pk_signer = std::make_unique<PK_Signer>(key, rng, user_specified_padding, format);
221 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
222 throw Invalid_Argument(format_padding_error_message(
223 key.algo_name(), pk_signer->hash_function(), hash_fn, "", user_specified_padding));
224 }
225 return pk_signer;
226 } catch(Lookup_Error&) {}
227 }
228
229 const std::string padding = x509_signature_padding_for(key.algo_name(), hash_fn, user_specified_padding);
230
231 try {
232 auto pk_signer = std::make_unique<PK_Signer>(key, rng, padding, format);
233 if(!hash_fn.empty() && pk_signer->hash_function() != hash_fn) {
234 throw Invalid_Argument(format_padding_error_message(
235 key.algo_name(), pk_signer->hash_function(), hash_fn, padding, user_specified_padding));
236 }
237 return pk_signer;
238 } catch(Not_Implemented&) {
239 throw Invalid_Argument("Signatures using " + key.algo_name() + "/" + padding + " are not supported");
240 }
241}
Signature_Format
Definition pk_keys.h:31

References Botan::Asymmetric_Key::algo_name(), and Botan::Public_Key::default_x509_signature_format().

Referenced by Botan::PKCS10_Request::create(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::X509_CA().

◆ decode_from()

void Botan::X509_Object::decode_from ( BER_Decoder & from)
overridevirtual

Decode a BER encoded X509_Object See ASN1_Object::decode_from()

Implements Botan::ASN1_Object.

Definition at line 68 of file x509_obj.cpp.

68 {
69 from.start_sequence()
70 .start_sequence()
71 .raw_bytes(m_tbs_bits)
72 .end_cons()
73 .decode(m_sig_algo)
74 .decode(m_sig, ASN1_Type::BitString)
75 .end_cons();
76
77 force_decode();
78}

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), and Botan::BER_Decoder::start_sequence().

Referenced by load_data().

◆ encode_into()

void Botan::X509_Object::encode_into ( DER_Encoder & to) const
overridevirtual

DER encode an X509_Object See ASN1_Object::encode_into()

Implements Botan::ASN1_Object.

Definition at line 55 of file x509_obj.cpp.

55 {
56 to.start_sequence()
57 .start_sequence()
58 .raw_bytes(signed_body())
59 .end_cons()
60 .encode(signature_algorithm())
62 .end_cons();
63}
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:42
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:47
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:37

References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), signature(), signature_algorithm(), signed_body(), and Botan::DER_Encoder::start_sequence().

◆ load_data()

void Botan::X509_Object::load_data ( DataSource & src)
protected

Decodes from src as either DER or PEM data, then calls force_decode()

Definition at line 24 of file x509_obj.cpp.

24 {
25 try {
26 if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) {
27 BER_Decoder dec(in);
28 decode_from(dec);
29 } else {
30 std::string got_label;
31 DataSource_Memory ber(PEM_Code::decode(in, got_label));
32
33 if(got_label != PEM_label()) {
34 bool is_alternate = false;
35 for(std::string_view alt_label : alternate_PEM_labels()) {
36 if(got_label == alt_label) {
37 is_alternate = true;
38 break;
39 }
40 }
41
42 if(!is_alternate) {
43 throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
44 }
45 }
46
47 BER_Decoder dec(ber);
48 decode_from(dec);
49 }
50 } catch(Decoding_Error& e) {
51 throw Decoding_Error(PEM_label() + " decoding", e);
52 }
53}
void decode_from(BER_Decoder &from) override
Definition x509_obj.cpp:68
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:101
virtual std::string PEM_label() const =0
bool maybe_BER(DataSource &source)
Definition asn1_obj.cpp:192
bool matches(DataSource &source, std::string_view extra, size_t search_range)
Definition pem.cpp:137
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition pem.cpp:62

References alternate_PEM_labels(), Botan::PEM_Code::decode(), decode_from(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and PEM_label().

Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_Certificate::X509_Certificate(), Botan::X509_CRL::X509_CRL(), and Botan::X509_CRL::X509_CRL().

◆ make_signed()

std::vector< uint8_t > Botan::X509_Object::make_signed ( PK_Signer & signer,
RandomNumberGenerator & rng,
const AlgorithmIdentifier & alg_id,
const secure_vector< uint8_t > & tbs )
static

Create a signed X509 object.

Parameters
signerthe signer used to sign the object
rngthe random number generator to use
alg_idthe algorithm identifier of the signature scheme
tbsthe tbs bits to be signed
Returns
signed X509 object

Definition at line 125 of file x509_obj.cpp.

128 {
129 const std::vector<uint8_t> signature = signer.sign_message(tbs_bits, rng);
130
131 std::vector<uint8_t> output;
132 DER_Encoder(output)
133 .start_sequence()
134 .raw_bytes(tbs_bits)
135 .encode(algo)
137 .end_cons();
138
139 return output;
140}

References Botan::BitString, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::PK_Signer::sign_message(), signature(), and Botan::DER_Encoder::start_sequence().

Referenced by Botan::PKCS10_Request::create(), and Botan::X509_CA::make_cert().

◆ operator=()

X509_Object & Botan::X509_Object::operator= ( const X509_Object & )
default

◆ PEM_encode()

std::string Botan::X509_Object::PEM_encode ( ) const
Returns
PEM encoding of this

Definition at line 83 of file x509_obj.cpp.

83 {
85}
std::vector< uint8_t > BER_encode() const
Definition asn1_obj.cpp:19
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References Botan::ASN1_Object::BER_encode(), Botan::PEM_Code::encode(), and PEM_label().

◆ PEM_label()

virtual std::string Botan::X509_Object::PEM_label ( ) const
pure virtual

Referenced by load_data(), and PEM_encode().

◆ signature()

const std::vector< uint8_t > & Botan::X509_Object::signature ( ) const
inline
Returns
signature on tbs_data()

Definition at line 37 of file x509_obj.h.

37{ return m_sig; }

Referenced by encode_into(), make_signed(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and verify_signature().

◆ signature_algorithm()

const AlgorithmIdentifier & Botan::X509_Object::signature_algorithm ( ) const
inline
Returns
signature algorithm that was used to generate signature

Definition at line 47 of file x509_obj.h.

47{ return m_sig_algo; }

Referenced by Botan::PKIX::check_chain(), encode_into(), Botan::X509_Certificate::operator==(), Botan::X509_Certificate::to_string(), and verify_signature().

◆ signed_body()

const std::vector< uint8_t > & Botan::X509_Object::signed_body ( ) const
inline
Returns
signed body

Definition at line 42 of file x509_obj.h.

42{ return m_tbs_bits; }

Referenced by encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Certificate::operator==().

◆ tbs_data()

std::vector< uint8_t > Botan::X509_Object::tbs_data ( ) const

The underlying data that is to be or was signed

Returns
data that is or was signed

Definition at line 90 of file x509_obj.cpp.

90 {
91 return ASN1::put_in_sequence(m_tbs_bits);
92}
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition asn1_obj.cpp:172

References Botan::ASN1::put_in_sequence().

Referenced by verify_signature().

◆ verify_signature()

std::pair< Certificate_Status_Code, std::string > Botan::X509_Object::verify_signature ( const Public_Key & key) const

Check the signature on this data

Parameters
keythe public key purportedly used to sign this data
Returns
status of the signature - OK if verified or otherwise an indicator of the problem preventing verification, along with the hash function that was used, for further policy checks. The second parameter is empty unless the validation was sucessful.

Definition at line 102 of file x509_obj.cpp.

102 {
103 try {
104 PK_Verifier verifier(pub_key, signature_algorithm());
105 const bool valid = verifier.verify_message(tbs_data(), signature());
106
107 if(valid) {
108 return std::make_pair(Certificate_Status_Code::VERIFIED, verifier.hash_function());
109 } else {
110 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
111 }
112 } catch(Decoding_Error&) {
114 } catch(Algorithm_Not_Found&) {
115 return std::make_pair(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN, "");
116 } catch(...) {
117 // This shouldn't happen, fallback to generic signature error
118 return std::make_pair(Certificate_Status_Code::SIGNATURE_ERROR, "");
119 }
120}
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:90

References Botan::PK_Verifier::hash_function(), signature(), Botan::SIGNATURE_ALGO_BAD_PARAMS, Botan::SIGNATURE_ALGO_UNKNOWN, signature_algorithm(), Botan::SIGNATURE_ERROR, tbs_data(), Botan::VERIFIED, and Botan::PK_Verifier::verify_message().

Referenced by Botan::PKIX::check_chain(), and check_signature().


The documentation for this class was generated from the following files: