doxygen/msg__cert__req_8cpp_source.html

 /*
 * Certificate Request Message
 * (C) 2004-2006,2012 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #include <botan/tls_messages.h>
 #include <botan/tls_extensions.h>
 #include <botan/internal/tls_reader.h>
 #include <botan/internal/tls_handshake_io.h>
 #include <botan/internal/tls_handshake_hash.h>
 #include <botan/der_enc.h>
 #include <botan/ber_dec.h>

 namespace Botan {

 namespace TLS {

 namespace {

 std::string cert_type_code_to_name(uint8_t code)
    {
    switch(code)
       {
       case 1:
          return "RSA";
       case 2:
          return "DSA";
       case 64:
          return "ECDSA";
       default:
          return ""; // DH or something else
       }
    }

 uint8_t cert_type_name_to_code(const std::string& name)
    {
    if(name == "RSA")
       return 1;
    if(name == "DSA")
       return 2;
    if(name == "ECDSA")
       return 64;

    throw Invalid_Argument("Unknown cert type " + name);
    }

 }

 /**
 * Create a new Certificate Request message
 */
 Certificate_Req::Certificate_Req(Handshake_IO& io,
                                  Handshake_Hash& hash,
                                  const Policy& policy,
                                  const std::vector<X509_DN>& ca_certs,
                                  Protocol_Version version) :
    m_names(ca_certs),
    m_cert_key_types({ "RSA", "ECDSA", "DSA" })
    {
    if(version.supports_negotiable_signature_algorithms())
       {
       m_schemes = policy.allowed_signature_schemes();
       }

    hash.update(io.send(*this));
    }

 /**
 * Deserialize a Certificate Request message
 */
 Certificate_Req::Certificate_Req(const std::vector<uint8_t>& buf,
                                  Protocol_Version version)
    {
    if(buf.size() < 4)
       throw Decoding_Error("Certificate_Req: Bad certificate request");

    TLS_Data_Reader reader("CertificateRequest", buf);

    std::vector<uint8_t> cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255);

    for(size_t i = 0; i != cert_type_codes.size(); ++i)
       {
       const std::string cert_type_name = cert_type_code_to_name(cert_type_codes[i]);

       if(cert_type_name.empty()) // something we don't know
          continue;

       m_cert_key_types.emplace_back(cert_type_name);
       }

    if(version.supports_negotiable_signature_algorithms())
       {
       const std::vector<uint8_t> algs = reader.get_range_vector<uint8_t>(2, 2, 65534);

       if(algs.size() % 2 != 0)
          throw Decoding_Error("Bad length for signature IDs in certificate request");

       for(size_t i = 0; i != algs.size(); i += 2)
          {
          m_schemes.push_back(static_cast<Signature_Scheme>(make_uint16(algs[i], algs[i+1])));
          }
       }

    const uint16_t purported_size = reader.get_uint16_t();

    if(reader.remaining_bytes() != purported_size)
       throw Decoding_Error("Inconsistent length in certificate request");

    while(reader.has_remaining())
       {
       std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535);

       BER_Decoder decoder(name_bits.data(), name_bits.size());
       X509_DN name;
       decoder.decode(name);
       m_names.emplace_back(name);
       }
    }

 /**
 * Serialize a Certificate Request message
 */
 std::vector<uint8_t> Certificate_Req::serialize() const
    {
    std::vector<uint8_t> buf;

    std::vector<uint8_t> cert_types;

    for(size_t i = 0; i != m_cert_key_types.size(); ++i)
       cert_types.push_back(cert_type_name_to_code(m_cert_key_types[i]));

    append_tls_length_value(buf, cert_types, 1);

    if(m_schemes.size() > 0)
       buf += Signature_Algorithms(m_schemes).serialize(Connection_Side::SERVER);

    std::vector<uint8_t> encoded_names;

    for(size_t i = 0; i != m_names.size(); ++i)
       {
       DER_Encoder encoder;
       encoder.encode(m_names[i]);

       append_tls_length_value(encoded_names, encoder.get_contents(), 2);
       }

    append_tls_length_value(buf, encoded_names, 2);

    return buf;
    }

 }

 }
Botan::TLS::Certificate_Req::Certificate_Req
Certificate_Req(Handshake_IO &io, Handshake_Hash &hash, const Policy &policy, const std::vector< X509_DN > &allowed_cas, Protocol_Version version)
Definition: msg_cert_req.cpp:54

buf
const uint8_t * buf
Definition: ffi.h:371

Botan::TLS::Handshake_Hash
Definition: tls_handshake_hash.h:21

name
char * name
Definition: ffi.h:330

Botan::TLS::TLS_Data_Reader::get_uint16_t
uint16_t get_uint16_t()
Definition: tls_reader.h:62

Botan::TLS::TLS_Data_Reader::get_range_vector
std::vector< T > get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems)
Definition: tls_reader.h:105

Botan::TLS::SERVER
Definition: tls_magic.h:28

Botan::TLS::Handshake_IO
Definition: tls_handshake_io.h:29

Botan
Definition: alg_id.cpp:13

Botan::TLS::TLS_Data_Reader
Definition: tls_reader.h:24

Botan::TLS::Signature_Algorithms::serialize
std::vector< uint8_t > serialize(Connection_Side whoami) const override
Definition: tls_extensions.cpp:417

Botan::TLS::Signature_Algorithms
Definition: tls_extensions.h:302

Botan::make_uint16
constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1)
Definition: loadstor.h:52

Botan::TLS::TLS_Data_Reader::remaining_bytes
size_t remaining_bytes() const
Definition: tls_reader.h:38

Botan::hash
bool size_t const std::string & hash
Definition: argon2.h:105

Botan::TLS::TLS_Data_Reader::has_remaining
bool has_remaining() const
Definition: tls_reader.h:40

Botan::TLS::append_tls_length_value
void append_tls_length_value(std::vector< uint8_t, Alloc > &buf, const T *vals, size_t vals_size, size_t tag_size)
Definition: tls_reader.h:185