Botan  2.6.0
Crypto and TLS for C++11
x509_obj.h
Go to the documentation of this file.
1 /*
2 * X.509 SIGNED Object
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_OBJECT_H_
9 #define BOTAN_X509_OBJECT_H_
10 
11 #include <botan/asn1_obj.h>
12 #include <botan/alg_id.h>
13 #include <botan/cert_status.h>
14 #include <vector>
15 
16 namespace Botan {
17 
18 class Public_Key;
19 class Private_Key;
20 class RandomNumberGenerator;
21 
22 /**
23 * This class represents abstract X.509 signed objects as in the X.500
24 * SIGNED macro
25 */
27  {
28  public:
29  /**
30  * The underlying data that is to be or was signed
31  * @return data that is or was signed
32  */
33  std::vector<uint8_t> tbs_data() const;
34 
35  /**
36  * @return signature on tbs_data()
37  */
38  const std::vector<uint8_t>& signature() const { return m_sig; }
39 
40  /**
41  * @return signed body
42  */
43  const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
44 
45  /**
46  * @return signature algorithm that was used to generate signature
47  */
48  const AlgorithmIdentifier& signature_algorithm() const { return m_sig_algo; }
49 
50  /**
51  * @return hash algorithm that was used to generate signature
52  */
53  std::string hash_used_for_signature() const;
54 
55  /**
56  * Create a signed X509 object.
57  * @param signer the signer used to sign the object
58  * @param rng the random number generator to use
59  * @param alg_id the algorithm identifier of the signature scheme
60  * @param tbs the tbs bits to be signed
61  * @return signed X509 object
62  */
63  static std::vector<uint8_t> make_signed(class PK_Signer* signer,
65  const AlgorithmIdentifier& alg_id,
66  const secure_vector<uint8_t>& tbs);
67 
68  /**
69  * Check the signature on this data
70  * @param key the public key purportedly used to sign this data
71  * @return status of the signature - OK if verified or otherwise an indicator of
72  * the problem preventing verification.
73  */
74  Certificate_Status_Code verify_signature(const Public_Key& key) const;
75 
76  /**
77  * Check the signature on this data
78  * @param key the public key purportedly used to sign this data
79  * @return true if the signature is valid, otherwise false
80  */
81  bool check_signature(const Public_Key& key) const;
82 
83  /**
84  * Check the signature on this data
85  * @param key the public key purportedly used to sign this data
86  * the object will be deleted after use (this should have
87  * been a std::unique_ptr<Public_Key>)
88  * @return true if the signature is valid, otherwise false
89  */
90  bool check_signature(const Public_Key* key) const;
91 
92  /**
93  * DER encode an X509_Object
94  * See @ref ASN1_Object::encode_into()
95  */
96  void encode_into(class DER_Encoder& to) const override;
97 
98  /**
99  * Decode a BER encoded X509_Object
100  * See @ref ASN1_Object::decode_from()
101  */
102  void decode_from(class BER_Decoder& from) override;
103 
104  /**
105  * @return BER encoding of this
106  */
107  std::vector<uint8_t> BER_encode() const;
108 
109  /**
110  * @return PEM encoding of this
111  */
112  std::string PEM_encode() const;
113 
114  X509_Object(const X509_Object&) = default;
115  X509_Object& operator=(const X509_Object&) = default;
116 
117  virtual std::string PEM_label() const = 0;
118 
119  virtual std::vector<std::string> alternate_PEM_labels() const
120  { return std::vector<std::string>(); }
121 
122  virtual ~X509_Object() = default;
123 
124  static std::unique_ptr<PK_Signer>
126  const Private_Key& key,
128  const std::string& hash_fn,
129  const std::string& padding_algo);
130 
131  protected:
132 
133  X509_Object() = default;
134 
135  /**
136  * Decodes from src as either DER or PEM data, then calls force_decode()
137  */
138  void load_data(DataSource& src);
139 
140  private:
141  virtual void force_decode() = 0;
142 
143  AlgorithmIdentifier m_sig_algo;
144  std::vector<uint8_t> m_tbs_bits;
145  std::vector<uint8_t> m_sig;
146  };
147 
148 }
149 
150 #endif
const AlgorithmIdentifier & signature_algorithm() const
Definition: x509_obj.h:48
virtual std::vector< std::string > alternate_PEM_labels() const
Definition: x509_obj.h:119
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
const std::vector< uint8_t > & signature() const
Definition: x509_obj.h:38
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:148
const std::vector< uint8_t > & signed_body() const
Definition: x509_obj.h:43
Definition: alg_id.cpp:13
secure_vector< uint8_t > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:139
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:318
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
Certificate_Status_Code
Definition: cert_status.h:18