Botan 3.8.1
Crypto and TLS for C&
x509_obj.h
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_OBJECT_H_
9#define BOTAN_X509_OBJECT_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/pkix_enums.h>
13#include <memory>
14#include <string>
15#include <string_view>
16#include <vector>
17
18namespace Botan {
19
20class Public_Key;
21class Private_Key;
23class PK_Signer;
24
25/**
26* This class represents abstract X.509 signed objects as in the X.500
27* SIGNED macro
28*/
30 public:
31 /**
32 * The underlying data that is to be or was signed
33 * @return data that is or was signed
34 */
35 std::vector<uint8_t> tbs_data() const;
36
37 /**
38 * @return signature on tbs_data()
39 */
40 const std::vector<uint8_t>& signature() const { return m_sig; }
41
42 /**
43 * @return signed body
44 */
45 const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
46
47 /**
48 * @return signature algorithm that was used to generate signature
49 */
50 const AlgorithmIdentifier& signature_algorithm() const { return m_sig_algo; }
51
52 /**
53 * Create a signed X509 object.
54 * @param signer the signer used to sign the object
55 * @param rng the random number generator to use
56 * @param alg_id the algorithm identifier of the signature scheme
57 * @param tbs the tbs bits to be signed
58 * @return signed X509 object
59 */
60 static std::vector<uint8_t> make_signed(PK_Signer& signer,
62 const AlgorithmIdentifier& alg_id,
63 const secure_vector<uint8_t>& tbs);
64
65 /**
66 * Check the signature on this data
67 * @param key the public key purportedly used to sign this data
68 * @return status of the signature - OK if verified or otherwise an indicator of
69 * the problem preventing verification, along with the hash function that
70 * was used, for further policy checks. The second parameter is empty
71 * unless the validation was sucessful.
72 */
73 std::pair<Certificate_Status_Code, std::string> verify_signature(const Public_Key& key) const;
74
75 /**
76 * Check the signature on this data
77 * @param key the public key purportedly used to sign this data
78 * @return true if the signature is valid, otherwise false
79 */
80 bool check_signature(const Public_Key& key) const;
81
82 /**
83 * DER encode an X509_Object
84 * See @ref ASN1_Object::encode_into()
85 */
86 void encode_into(DER_Encoder& to) const override;
87
88 /**
89 * Decode a BER encoded X509_Object
90 * See @ref ASN1_Object::decode_from()
91 */
92 void decode_from(BER_Decoder& from) override;
93
94 /**
95 * @return PEM encoding of this
96 */
97 std::string PEM_encode() const;
98
99 X509_Object(const X509_Object&) = default;
101
102 virtual std::string PEM_label() const = 0;
103
104 virtual std::vector<std::string> alternate_PEM_labels() const { return std::vector<std::string>(); }
105
106 ~X509_Object() override = default;
107
108 /**
109 * Choose and return a signature scheme appropriate for X.509 signing
110 * using the provided parameters.
111 *
112 * @param key will be the key to choose a padding scheme for
113 * @param rng the random generator to use
114 * @param hash_fn is the desired hash function
115 * @param padding_algo specifies the padding method
116 * @return a PK_Signer object for generating signatures
117 */
118 static std::unique_ptr<PK_Signer> choose_sig_format(const Private_Key& key,
120 std::string_view hash_fn,
121 std::string_view padding_algo);
122
123 protected:
124 X509_Object() = default;
125
126 /**
127 * Decodes from src as either DER or PEM data, then calls force_decode()
128 */
129 void load_data(DataSource& src);
130
131 private:
132 virtual void force_decode() = 0;
133
134 AlgorithmIdentifier m_sig_algo;
135 std::vector<uint8_t> m_tbs_bits;
136 std::vector<uint8_t> m_sig;
137};
138
139} // namespace Botan
140
141#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:19
ASN1_Object()=default
const std::vector< uint8_t > & signed_body() const
Definition x509_obj.h:45
X509_Object()=default
const AlgorithmIdentifier & signature_algorithm() const
Definition x509_obj.h:50
virtual std::vector< std::string > alternate_PEM_labels() const
Definition x509_obj.h:104
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
Definition x509_obj.cpp:209
std::vector< uint8_t > tbs_data() const
Definition x509_obj.cpp:90
const std::vector< uint8_t > & signature() const
Definition x509_obj.h:40
~X509_Object() override=default
void load_data(DataSource &src)
Definition x509_obj.cpp:24
virtual std::string PEM_label() const =0
X509_Object & operator=(const X509_Object &)=default
X509_Object(const X509_Object &)=default
bool verify_signature(std::span< const uint8_t, ED448_LEN > pk, bool phflag, std::span< const uint8_t > context, std::span< const uint8_t > sig, std::span< const uint8_t > msg)
Verify a signature(RFC 8032 5.2.7)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65