Botan 3.5.0
Crypto and TLS for C&
x509_obj.h
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_OBJECT_H_
9#define BOTAN_X509_OBJECT_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/pkix_enums.h>
13#include <vector>
14
15namespace Botan {
16
17class Public_Key;
18class Private_Key;
19class RandomNumberGenerator;
20class PK_Signer;
21
22/**
23* This class represents abstract X.509 signed objects as in the X.500
24* SIGNED macro
25*/
27 public:
28 /**
29 * The underlying data that is to be or was signed
30 * @return data that is or was signed
31 */
32 std::vector<uint8_t> tbs_data() const;
33
34 /**
35 * @return signature on tbs_data()
36 */
37 const std::vector<uint8_t>& signature() const { return m_sig; }
38
39 /**
40 * @return signed body
41 */
42 const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
43
44 /**
45 * @return signature algorithm that was used to generate signature
46 */
47 const AlgorithmIdentifier& signature_algorithm() const { return m_sig_algo; }
48
49 /**
50 * Create a signed X509 object.
51 * @param signer the signer used to sign the object
52 * @param rng the random number generator to use
53 * @param alg_id the algorithm identifier of the signature scheme
54 * @param tbs the tbs bits to be signed
55 * @return signed X509 object
56 */
57 static std::vector<uint8_t> make_signed(PK_Signer& signer,
59 const AlgorithmIdentifier& alg_id,
60 const secure_vector<uint8_t>& tbs);
61
62 /**
63 * Check the signature on this data
64 * @param key the public key purportedly used to sign this data
65 * @return status of the signature - OK if verified or otherwise an indicator of
66 * the problem preventing verification, along with the hash function that
67 * was used, for further policy checks. The second parameter is empty
68 * unless the validation was sucessful.
69 */
70 std::pair<Certificate_Status_Code, std::string> verify_signature(const Public_Key& key) const;
71
72 /**
73 * Check the signature on this data
74 * @param key the public key purportedly used to sign this data
75 * @return true if the signature is valid, otherwise false
76 */
77 bool check_signature(const Public_Key& key) const;
78
79 /**
80 * DER encode an X509_Object
81 * See @ref ASN1_Object::encode_into()
82 */
83 void encode_into(DER_Encoder& to) const override;
84
85 /**
86 * Decode a BER encoded X509_Object
87 * See @ref ASN1_Object::decode_from()
88 */
89 void decode_from(BER_Decoder& from) override;
90
91 /**
92 * @return PEM encoding of this
93 */
94 std::string PEM_encode() const;
95
96 X509_Object(const X509_Object&) = default;
97 X509_Object& operator=(const X509_Object&) = default;
98
99 virtual std::string PEM_label() const = 0;
100
101 virtual std::vector<std::string> alternate_PEM_labels() const { return std::vector<std::string>(); }
102
103 ~X509_Object() override = default;
104
105 /**
106 * Choose and return a signature scheme appropriate for X.509 signing
107 * using the provided parameters.
108 *
109 * @param key will be the key to choose a padding scheme for
110 * @param rng the random generator to use
111 * @param hash_fn is the desired hash function
112 * @param padding_algo specifies the padding method
113 * @return a PK_Signer object for generating signatures
114 */
115 static std::unique_ptr<PK_Signer> choose_sig_format(const Private_Key& key,
117 std::string_view hash_fn,
118 std::string_view padding_algo);
119
120 protected:
121 X509_Object() = default;
122
123 /**
124 * Decodes from src as either DER or PEM data, then calls force_decode()
125 */
126 void load_data(DataSource& src);
127
128 private:
129 virtual void force_decode() = 0;
130
131 AlgorithmIdentifier m_sig_algo;
132 std::vector<uint8_t> m_tbs_bits;
133 std::vector<uint8_t> m_sig;
134};
135
136} // namespace Botan
137
138#endif
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:42
X509_Object()=default
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:47
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:101
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:37
~X509_Object() override=default
virtual std::string PEM_label() const =0
X509_Object & operator=(const X509_Object &)=default
X509_Object(const X509_Object &)=default
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61