Botan 3.12.0
Crypto and TLS for C&
x509_obj.h
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_OBJECT_H_
9#define BOTAN_X509_OBJECT_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/pkix_enums.h>
13#include <memory>
14#include <span>
15#include <string>
16#include <string_view>
17#include <vector>
18
19namespace Botan {
20
21class Public_Key;
22class Private_Key;
23class RandomNumberGenerator;
24class PK_Signer;
25
26/**
27* This class represents abstract X.509 signed objects as in the X.500
28* SIGNED macro
29*/
30class BOTAN_PUBLIC_API(2, 0) X509_Object : public ASN1_Object {
31 public:
32 /**
33 * The underlying data that is to be or was signed
34 * @return data that is or was signed
35 */
36 std::vector<uint8_t> tbs_data() const;
37
38 /**
39 * @return signature on tbs_data()
40 */
41 const std::vector<uint8_t>& signature() const;
42
43 /**
44 * @return signed body
45 */
46 const std::vector<uint8_t>& signed_body() const;
47
48 /**
49 * @return signature algorithm that was used to generate signature
50 */
51 const AlgorithmIdentifier& signature_algorithm() const;
52
53 /**
54 * Create a signed X509 object.
55 * @param signer the signer used to sign the object
56 * @param rng the random number generator to use
57 * @param alg_id the algorithm identifier of the signature scheme
58 * @param tbs the tbs bits to be signed
59 * @return signed X509 object
60 */
61 static std::vector<uint8_t> make_signed(PK_Signer& signer,
62 RandomNumberGenerator& rng,
63 const AlgorithmIdentifier& alg_id,
64 std::span<const uint8_t> tbs);
65
66 /**
67 * Check the signature on this data
68 * @param key the public key purportedly used to sign this data
69 * @return status of the signature - OK if verified or otherwise an indicator of
70 * the problem preventing verification, along with the hash function that
71 * was used, for further policy checks. The second parameter is empty
72 * unless the validation was successful.
73 */
74 std::pair<Certificate_Status_Code, std::string> verify_signature(const Public_Key& key) const;
75
76 /**
77 * Check the signature on this data
78 * @param key the public key purportedly used to sign this data
79 * @return true if the signature is valid, otherwise false
80 */
81 bool check_signature(const Public_Key& key) const;
82
83 /**
84 * DER encode an X509_Object
85 * See @ref ASN1_Object::encode_into()
86 */
87 void encode_into(DER_Encoder& to) const override;
88
89 /**
90 * Decode a BER encoded X509_Object
91 * See @ref ASN1_Object::decode_from()
92 */
93 void decode_from(BER_Decoder& from) override;
94
95 /**
96 * @return PEM encoding of this
97 */
98 std::string PEM_encode() const;
99
100 virtual std::string PEM_label() const = 0;
101
102 virtual std::vector<std::string> alternate_PEM_labels() const { return std::vector<std::string>(); }
103
104 /**
105 * Choose and return a signature scheme appropriate for X.509 signing
106 * using the provided parameters.
107 *
108 * @param key will be the key to choose a padding scheme for
109 * @param rng the random generator to use
110 * @param hash_fn is the desired hash function
111 * @param padding_algo specifies the padding method
112 * @return a PK_Signer object for generating signatures
113 */
114 static std::unique_ptr<PK_Signer> choose_sig_format(const Private_Key& key,
115 RandomNumberGenerator& rng,
116 std::string_view hash_fn,
117 std::string_view padding_algo);
118
119 protected:
120 X509_Object() = default;
121
122 /**
123 * Decodes from src as either DER or PEM data, then calls force_decode()
124 */
125 void load_data(DataSource& src);
126
127 private:
128 virtual void force_decode() = 0;
129
130 class Signed_Data final {
131 public:
132 AlgorithmIdentifier m_sig_algo;
133 std::vector<uint8_t> m_tbs_bits;
134 std::vector<uint8_t> m_sig;
135 };
136
137 std::shared_ptr<const Signed_Data> m_signed_data;
138};
139
140} // namespace Botan
141
142#endif
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
Botan::ASN1_Object::ASN1_Object
ASN1_Object()=default
Botan::BER_Decoder
Definition ber_dec.h:25
Botan::DER_Encoder
Definition der_enc.h:25
Botan::PK_Signer
Definition pubkey.h:154
Botan::Private_Key
Definition pk_keys.h:301
Botan::Public_Key
Definition pk_keys.h:155
Botan::X509_Object::signed_body
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.cpp:66
Botan::X509_Object::decode_from
void decode_from(BER_Decoder &from) override
Definition x509_obj.cpp:93
Botan::X509_Object::PEM_encode
std::string PEM_encode() const
Definition x509_obj.cpp:111
Botan::X509_Object::X509_Object
X509_Object()=default
Botan::X509_Object::signature_algorithm
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.cpp:73
Botan::X509_Object::alternate_PEM_labels
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:102
Botan::X509_Object::tbs_data
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:118
Botan::X509_Object::signature
const std::vector< uint8_t > & signature() const
Definition x509_obj.cpp:59
Botan::X509_Object::make_signed
static std::vector< uint8_t > make_signed(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, std::span< const uint8_t > tbs)
Definition x509_obj.cpp:153
Botan::X509_Object::encode_into
void encode_into(DER_Encoder &to) const override
Definition x509_obj.cpp:80
Botan::X509_Object::verify_signature
std::pair< Certificate_Status_Code, std::string > verify_signature(const Public_Key &key) const
Definition x509_obj.cpp:130
Botan::X509_Object::load_data
void load_data(DataSource &src)
Definition x509_obj.cpp:24
Botan::X509_Object::PEM_label
virtual std::string PEM_label() const =0
Botan::X509_Object::check_signature
bool check_signature(const Public_Key &key) const
Definition x509_obj.cpp:125
Generated by doxygen 1.16.1