doxygen/msg__cert__req_8cpp_source.html

/*

* Certificate Request Message

* (C) 2004-2006,2012 Jack Lloyd

*     2021 Elektrobit Automotive GmbH

*     2022 René Meusel, Hannes Rantzsch - neXenio GmbH

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/tls_messages.h>

#include <botan/tls_extensions.h>

#include <botan/internal/tls_reader.h>

#include <botan/internal/tls_handshake_io.h>

#include <botan/internal/tls_handshake_hash.h>

#include <botan/der_enc.h>

#include <botan/ber_dec.h>


namespace Botan::TLS {


Handshake_Type Certificate_Request_12::type() const

   {

   return Handshake_Type::CertificateRequest;

   }


namespace {


std::string cert_type_code_to_name(uint8_t code)

   {

   switch(code)

      {

      case 1:

         return "RSA";

      case 64:

         return "ECDSA";

      default:

         return ""; // DH or something else

      }

   }


uint8_t cert_type_name_to_code(std::string_view name)

   {

   if(name == "RSA")

      return 1;

   if(name == "ECDSA")

      return 64;


   throw Invalid_Argument(fmt("Unknown/unhandled TLS cert type {}", name));

   }


}


/**

* Create a new Certificate Request message

*/

Certificate_Request_12::Certificate_Request_12(Handshake_IO& io,

                                 Handshake_Hash& hash,

                                 const Policy& policy,

                                 const std::vector<X509_DN>& ca_certs) :

   m_names(ca_certs),

   m_cert_key_types({ "RSA", "ECDSA" })

   {

   m_schemes = policy.acceptable_signature_schemes();

   hash.update(io.send(*this));

   }


/**

* Deserialize a Certificate Request message

*/

Certificate_Request_12::Certificate_Request_12(const std::vector<uint8_t>& buf)

   {

   if(buf.size() < 4)

      throw Decoding_Error("Certificate_Req: Bad certificate request");


   TLS_Data_Reader reader("CertificateRequest", buf);


   const auto cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);


   for(const auto cert_type_code : cert_type_codes)

      {

      const std::string cert_type_name = cert_type_code_to_name(cert_type_code);


      if(cert_type_name.empty()) // something we don't know

         continue;


      m_cert_key_types.emplace_back(cert_type_name);

      }


   const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);


   if(algs.size() % 2 != 0)

      throw Decoding_Error("Bad length for signature IDs in certificate request");


   for(size_t i = 0; i != algs.size(); i += 2)

      {

      m_schemes.emplace_back(make_uint16(algs[i], algs[i+1]));

      }


   const uint16_t purported_size = reader.get_uint16_t();


   if(reader.remaining_bytes() != purported_size)

      throw Decoding_Error("Inconsistent length in certificate request");


   while(reader.has_remaining())

      {

      std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535);


      BER_Decoder decoder(name_bits.data(), name_bits.size());

      X509_DN name;

      decoder.decode(name);

      m_names.emplace_back(name);

      }

   }


const std::vector<std::string>& Certificate_Request_12::acceptable_cert_types() const

   {

   return m_cert_key_types;

   }


const std::vector<X509_DN>& Certificate_Request_12::acceptable_CAs() const

   {

   return m_names;

   }


const std::vector<Signature_Scheme>& Certificate_Request_12::signature_schemes() const

   {

   return m_schemes;

   }


/**

* Serialize a Certificate Request message

*/

std::vector<uint8_t> Certificate_Request_12::serialize() const

   {

   std::vector<uint8_t> buf;


   std::vector<uint8_t> cert_types;


   cert_types.reserve(m_cert_key_types.size());

   for(const auto& cert_key_type : m_cert_key_types)

      cert_types.push_back(cert_type_name_to_code(cert_key_type));


   append_tls_length_value(buf, cert_types, 1);


   if(!m_schemes.empty())

      buf += Signature_Algorithms(m_schemes).serialize(Connection_Side::Server);


   std::vector<uint8_t> encoded_names;


   for(const auto& name : m_names)

      {

      DER_Encoder encoder;

      encoder.encode(name);


      append_tls_length_value(encoded_names, encoder.get_contents(), 2);

      }


   append_tls_length_value(buf, encoded_names, 2);


   return buf;

   }

}

Botan::BER_Decoder
Definition: ber_dec.h:22

Botan::DER_Encoder
Definition: der_enc.h:23

Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:157

Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:290

Botan::Decoding_Error
Definition: exceptn.h:197

Botan::TLS::Certificate_Request_12::acceptable_cert_types
const std::vector< std::string > & acceptable_cert_types() const
Definition: msg_cert_req.cpp:114

Botan::TLS::Certificate_Request_12::signature_schemes
const std::vector< Signature_Scheme > & signature_schemes() const
Definition: msg_cert_req.cpp:124

Botan::TLS::Certificate_Request_12::serialize
std::vector< uint8_t > serialize() const override
Definition: msg_cert_req.cpp:132

Botan::TLS::Certificate_Request_12::acceptable_CAs
const std::vector< X509_DN > & acceptable_CAs() const
Definition: msg_cert_req.cpp:119

Botan::TLS::Certificate_Request_12::Certificate_Request_12
Certificate_Request_12(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, const std::vector< X509_DN > &allowed_cas)
Definition: msg_cert_req.cpp:55

Botan::TLS::Certificate_Request_12::type
Handshake_Type type() const override
Definition: msg_cert_req.cpp:20

Botan::TLS::Handshake_Hash
Definition: tls_handshake_hash.h:22

Botan::TLS::Handshake_IO
Definition: tls_handshake_io.h:47

Botan::TLS::Policy
Definition: tls_policy.h:32

Botan::TLS::Signature_Algorithms
Definition: tls_extensions.h:319

Botan::TLS::Signature_Algorithms::serialize
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Definition: tls_extensions.cpp:554

Botan::TLS::TLS_Data_Reader
Definition: tls_reader.h:27

Botan::TLS::TLS_Data_Reader::has_remaining
bool has_remaining() const
Definition: tls_reader.h:42

Botan::TLS::TLS_Data_Reader::remaining_bytes
size_t remaining_bytes() const
Definition: tls_reader.h:40

Botan::TLS::TLS_Data_Reader::get_uint16_t
uint16_t get_uint16_t()
Definition: tls_reader.h:78

Botan::TLS::TLS_Data_Reader::get_range_vector
std::vector< T > get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:132

Botan::X509_DN
Definition: pkix_types.h:38

name
std::string name
Definition: commoncrypto_hash.cpp:24

Botan::TLS
Definition: asio_async_ops.h:26

Botan::TLS::Handshake_Type
Handshake_Type
Definition: tls_magic.h:53

Botan::TLS::Handshake_Type::CertificateRequest
@ CertificateRequest

Botan::TLS::append_tls_length_value
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:214

Botan::TLS::Connection_Side::Server
@ Server

Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:60

Botan::make_uint16
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition: loadstor.h:65