Botan 3.0.0
Crypto and TLS for C&
x509_obj.h
Go to the documentation of this file.
1/*
2* X.509 SIGNED Object
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_OBJECT_H_
9#define BOTAN_X509_OBJECT_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/pkix_enums.h>
13#include <vector>
14
15namespace Botan {
16
17class Public_Key;
18class Private_Key;
19class RandomNumberGenerator;
20class PK_Signer;
21
22/**
23* This class represents abstract X.509 signed objects as in the X.500
24* SIGNED macro
25*/
27 {
28 public:
29 /**
30 * The underlying data that is to be or was signed
31 * @return data that is or was signed
32 */
33 std::vector<uint8_t> tbs_data() const;
34
35 /**
36 * @return signature on tbs_data()
37 */
38 const std::vector<uint8_t>& signature() const { return m_sig; }
39
40 /**
41 * @return signed body
42 */
43 const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
44
45 /**
46 * @return signature algorithm that was used to generate signature
47 */
48 const AlgorithmIdentifier& signature_algorithm() const { return m_sig_algo; }
49
50 /**
51 * Create a signed X509 object.
52 * @param signer the signer used to sign the object
53 * @param rng the random number generator to use
54 * @param alg_id the algorithm identifier of the signature scheme
55 * @param tbs the tbs bits to be signed
56 * @return signed X509 object
57 */
58 static std::vector<uint8_t> make_signed(PK_Signer& signer,
60 const AlgorithmIdentifier& alg_id,
61 const secure_vector<uint8_t>& tbs);
62
63 /**
64 * Check the signature on this data
65 * @param key the public key purportedly used to sign this data
66 * @return status of the signature - OK if verified or otherwise an indicator of
67 * the problem preventing verification, along with the hash function that
68 * was used, for further policy checks. The second parameter is empty
69 * unless the validation was sucessful.
70 */
71 std::pair<Certificate_Status_Code, std::string> verify_signature(const Public_Key& key) const;
72
73 /**
74 * Check the signature on this data
75 * @param key the public key purportedly used to sign this data
76 * @return true if the signature is valid, otherwise false
77 */
78 bool check_signature(const Public_Key& key) const;
79
80 /**
81 * DER encode an X509_Object
82 * See @ref ASN1_Object::encode_into()
83 */
84 void encode_into(DER_Encoder& to) const override;
85
86 /**
87 * Decode a BER encoded X509_Object
88 * See @ref ASN1_Object::decode_from()
89 */
90 void decode_from(BER_Decoder& from) override;
91
92 /**
93 * @return PEM encoding of this
94 */
95 std::string PEM_encode() const;
96
97 X509_Object(const X509_Object&) = default;
98 X509_Object& operator=(const X509_Object&) = default;
99
100 virtual std::string PEM_label() const = 0;
101
102 virtual std::vector<std::string> alternate_PEM_labels() const
103 { return std::vector<std::string>(); }
104
105 virtual ~X509_Object() = default;
106
107 /**
108 * Choose and return a signature scheme appropriate for X.509 signing
109 * using the provided parameters.
110 *
111 * @param key will be the key to choose a padding scheme for
112 * @param rng the random generator to use
113 * @param hash_fn is the desired hash function
114 * @param padding_algo specifies the padding method
115 * @return a PK_Signer object for generating signatures
116 */
117 static std::unique_ptr<PK_Signer>
118 choose_sig_format(const Private_Key& key,
120 std::string_view hash_fn,
121 std::string_view padding_algo);
122
123 protected:
124
125 X509_Object() = default;
126
127 /**
128 * Decodes from src as either DER or PEM data, then calls force_decode()
129 */
130 void load_data(DataSource& src);
131
132 private:
133 virtual void force_decode() = 0;
134
135 AlgorithmIdentifier m_sig_algo;
136 std::vector<uint8_t> m_tbs_bits;
137 std::vector<uint8_t> m_sig;
138 };
139
140}
141
142#endif
const std::vector< uint8_t > & signed_body() const
Definition: x509_obj.h:43
X509_Object()=default
const AlgorithmIdentifier & signature_algorithm() const
Definition: x509_obj.h:48
virtual ~X509_Object()=default
virtual std::vector< std::string > alternate_PEM_labels() const
Definition: x509_obj.h:102
const std::vector< uint8_t > & signature() const
Definition: x509_obj.h:38
virtual std::string PEM_label() const =0
X509_Object & operator=(const X509_Object &)=default
X509_Object(const X509_Object &)=default
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:12
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64