Botan 3.9.0
Crypto and TLS for C&
x509_obj.h
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_OBJECT_H_
9#define BOTAN_X509_OBJECT_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/pkix_enums.h>
13#include <memory>
14#include <string>
15#include <string_view>
16#include <vector>
17
18namespace Botan {
19
20class Public_Key;
21class Private_Key;
23class PK_Signer;
24
25/**
26* This class represents abstract X.509 signed objects as in the X.500
27* SIGNED macro
28*/
30 public:
31 /**
32 * The underlying data that is to be or was signed
33 * @return data that is or was signed
34 */
35 std::vector<uint8_t> tbs_data() const;
36
37 /**
38 * @return signature on tbs_data()
39 */
40 const std::vector<uint8_t>& signature() const { return m_sig; }
41
42 /**
43 * @return signed body
44 */
45 const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
46
47 /**
48 * @return signature algorithm that was used to generate signature
49 */
50 const AlgorithmIdentifier& signature_algorithm() const { return m_sig_algo; }
51
52 /**
53 * Create a signed X509 object.
54 * @param signer the signer used to sign the object
55 * @param rng the random number generator to use
56 * @param alg_id the algorithm identifier of the signature scheme
57 * @param tbs the tbs bits to be signed
58 * @return signed X509 object
59 */
60 static std::vector<uint8_t> make_signed(PK_Signer& signer,
62 const AlgorithmIdentifier& alg_id,
63 const secure_vector<uint8_t>& tbs);
64
65 /**
66 * Check the signature on this data
67 * @param key the public key purportedly used to sign this data
68 * @return status of the signature - OK if verified or otherwise an indicator of
69 * the problem preventing verification, along with the hash function that
70 * was used, for further policy checks. The second parameter is empty
71 * unless the validation was sucessful.
72 */
73 std::pair<Certificate_Status_Code, std::string> verify_signature(const Public_Key& key) const;
74
75 /**
76 * Check the signature on this data
77 * @param key the public key purportedly used to sign this data
78 * @return true if the signature is valid, otherwise false
79 */
80 bool check_signature(const Public_Key& key) const;
81
82 /**
83 * DER encode an X509_Object
84 * See @ref ASN1_Object::encode_into()
85 */
86 void encode_into(DER_Encoder& to) const override;
87
88 /**
89 * Decode a BER encoded X509_Object
90 * See @ref ASN1_Object::decode_from()
91 */
92 void decode_from(BER_Decoder& from) override;
93
94 /**
95 * @return PEM encoding of this
96 */
97 std::string PEM_encode() const;
98
99 virtual std::string PEM_label() const = 0;
100
101 virtual std::vector<std::string> alternate_PEM_labels() const { return std::vector<std::string>(); }
102
103 /**
104 * Choose and return a signature scheme appropriate for X.509 signing
105 * using the provided parameters.
106 *
107 * @param key will be the key to choose a padding scheme for
108 * @param rng the random generator to use
109 * @param hash_fn is the desired hash function
110 * @param padding_algo specifies the padding method
111 * @return a PK_Signer object for generating signatures
112 */
113 static std::unique_ptr<PK_Signer> choose_sig_format(const Private_Key& key,
115 std::string_view hash_fn,
116 std::string_view padding_algo);
117
118 protected:
119 X509_Object() = default;
120
121 /**
122 * Decodes from src as either DER or PEM data, then calls force_decode()
123 */
124 void load_data(DataSource& src);
125
126 private:
127 virtual void force_decode() = 0;
128
129 AlgorithmIdentifier m_sig_algo;
130 std::vector<uint8_t> m_tbs_bits;
131 std::vector<uint8_t> m_sig;
132};
133
134} // namespace Botan
135
136#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
ASN1_Object()=default
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:45
X509_Object()=default
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:50
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:101
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:90
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:40
void load_data(DataSource &src)
Definition x509_obj.cpp:24
virtual std::string PEM_label() const =0
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69