Botan  1.11.15
Classes | Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes
Botan::X509_CRL Class Reference

#include <x509_crl.h>

Inheritance diagram for Botan::X509_CRL:
Botan::X509_Object Botan::ASN1_Object

List of all members.

Classes

struct  X509_CRL_Error

Public Member Functions

std::vector< byteauthority_key_id () const
std::vector< byteBER_encode () const
bool check_signature (const Public_Key &key) const
bool check_signature (const Public_Key *key) const
u32bit crl_number () const
void decode_from (class BER_Decoder &from) override
void encode_into (class DER_Encoder &to) const override
std::vector< CRL_Entryget_revoked () const
std::string hash_used_for_signature () const
bool is_revoked (const X509_Certificate &cert) const
X509_DN issuer_dn () const
X509_Time next_update () const
std::string PEM_encode () const
std::vector< bytesignature () const
AlgorithmIdentifier signature_algorithm () const
std::vector< bytetbs_data () const
X509_Time this_update () const
 X509_CRL (DataSource &source, bool throw_on_unknown_critical=false)
 X509_CRL (const std::string &filename, bool throw_on_unknown_critical=false)
 X509_CRL (const std::vector< byte > &vec, bool throw_on_unknown_critical=false)

Static Public Member Functions

static std::vector< bytemake_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< byte > &tbs)

Protected Member Functions

void do_decode ()

Protected Attributes

std::vector< bytesig
AlgorithmIdentifier sig_algo
std::vector< bytetbs_bits

Detailed Description

This class represents X.509 Certificate Revocation Lists (CRLs).

Definition at line 22 of file x509_crl.h.


Constructor & Destructor Documentation

Botan::X509_CRL::X509_CRL ( DataSource source,
bool  throw_on_unknown_critical = false 
)

Construct a CRL from a data source.

Parameters:
sourcethe data source providing the DER or PEM encoded CRL.
throw_on_unknown_criticalshould we throw an exception if an unknown CRL extension marked as critical is encountered.

Definition at line 21 of file x509_crl.cpp.

References Botan::X509_Object::do_decode().

                                            :
   X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc)
   {
   do_decode();
   }
Botan::X509_CRL::X509_CRL ( const std::string &  filename,
bool  throw_on_unknown_critical = false 
)

Construct a CRL from a file containing the DER or PEM encoded CRL.

Parameters:
filenamethe name of the CRL file
throw_on_unknown_criticalshould we throw an exception if an unknown CRL extension marked as critical is encountered.

Definition at line 30 of file x509_crl.cpp.

References Botan::X509_Object::do_decode().

                                                 :
   X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
   {
   do_decode();
   }
Botan::X509_CRL::X509_CRL ( const std::vector< byte > &  vec,
bool  throw_on_unknown_critical = false 
)

Construct a CRL from a binary vector

Parameters:
vecthe binary (DER) representation of the CRL
throw_on_unknown_criticalshould we throw an exception if an unknown CRL extension marked as critical is encountered.

Definition at line 36 of file x509_crl.cpp.

References Botan::X509_Object::do_decode().

                                                       :
   X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc)
   {
   do_decode();
   }

Member Function Documentation

std::vector< byte > Botan::X509_CRL::authority_key_id ( ) const

Get the AuthorityKeyIdentifier of this CRL.

Returns:
this CRLs AuthorityKeyIdentifier

Definition at line 162 of file x509_crl.cpp.

References Botan::Data_Store::get1_memvec().

Referenced by is_revoked().

   {
   return info.get1_memvec("X509v3.AuthorityKeyIdentifier");
   }
std::vector< byte > Botan::X509_Object::BER_encode ( ) const [inherited]
Returns:
BER encoding of this

Definition at line 113 of file x509_obj.cpp.

References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().

Referenced by Botan::X509_Certificate::fingerprint(), and Botan::X509_Object::PEM_encode().

   {
   DER_Encoder der;
   encode_into(der);
   return der.get_contents_unlocked();
   }
bool Botan::X509_Object::check_signature ( const Public_Key key) const [inherited]

Check the signature on this data

Parameters:
keythe public key purportedly used to sign this data
Returns:
true if the signature is valid, otherwise false

Definition at line 187 of file x509_obj.cpp.

References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::sig_algo, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().

Referenced by Botan::X509_Object::check_signature().

   {
   try {
      std::vector<std::string> sig_info =
         split_on(OIDS::lookup(sig_algo.oid), '/');

      if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
         return false;

      std::string padding = sig_info[1];
      Signature_Format format =
         (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;

      PK_Verifier verifier(pub_key, padding, format);

      return verifier.verify_message(tbs_data(), signature());
      }
   catch(std::exception& e)
      {
      return false;
      }
   }
bool Botan::X509_Object::check_signature ( const Public_Key key) const [inherited]

Check the signature on this data

Parameters:
keythe public key purportedly used to sign this data the pointer will be deleted after use
Returns:
true if the signature is valid, otherwise false

Definition at line 176 of file x509_obj.cpp.

References Botan::X509_Object::check_signature().

   {
   if(!pub_key)
      throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
   std::unique_ptr<const Public_Key> key(pub_key);
   return check_signature(*key);
   }

Get the serial number of this CRL.

Returns:
CRLs serial number

Definition at line 170 of file x509_crl.cpp.

References Botan::Data_Store::get1_u32bit().

Referenced by Botan::X509_CA::update_crl().

   {
   return info.get1_u32bit("X509v3.CRLNumber");
   }
void Botan::X509_Object::decode_from ( class BER_Decoder from) [override, virtual, inherited]

Decode whatever this object is from from

Parameters:
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 98 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::BER_Decoder::start_cons(), Botan::X509_Object::tbs_bits, and Botan::BER_Decoder::verify_end().

   {
   from.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(tbs_bits)
         .end_cons()
         .decode(sig_algo)
         .decode(sig, BIT_STRING)
         .verify_end()
      .end_cons();
   }
void Botan::X509_Object::do_decode ( ) [protected, inherited]

Definition at line 230 of file x509_obj.cpp.

Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), and X509_CRL().

   {
   try {
      force_decode();
      }
   catch(Decoding_Error& e)
      {
      throw Decoding_Error(PEM_label_pref + " decoding failed (" +
                           e.what() + ")");
      }
   catch(Invalid_Argument& e)
      {
      throw Decoding_Error(PEM_label_pref + " decoding failed (" +
                           e.what() + ")");
      }
   }
void Botan::X509_Object::encode_into ( class DER_Encoder to) const [override, virtual, inherited]

Encode whatever this object is into to

Parameters:
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 84 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::DER_Encoder::start_cons(), and Botan::X509_Object::tbs_bits.

Referenced by Botan::X509_Object::BER_encode().

   {
   to.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(tbs_bits)
         .end_cons()
         .encode(sig_algo)
         .encode(sig, BIT_STRING)
      .end_cons();
   }
std::vector< CRL_Entry > Botan::X509_CRL::get_revoked ( ) const

Get the entries of this CRL in the form of a vector.

Returns:
vector containing the entries of this CRL.

Definition at line 146 of file x509_crl.cpp.

Referenced by Botan::X509_CA::update_crl().

   {
   return revoked;
   }
std::string Botan::X509_Object::hash_used_for_signature ( ) const [inherited]
Returns:
hash algorithm that was used to generate signature

Definition at line 155 of file x509_obj.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), Botan::X509_Object::sig_algo, and Botan::split_on().

   {
   std::vector<std::string> sig_info =
      split_on(OIDS::lookup(sig_algo.oid), '/');

   if(sig_info.size() != 2)
      throw Internal_Error("Invalid name format found for " +
                           sig_algo.oid.as_string());

   std::vector<std::string> pad_and_hash =
      parse_algorithm_name(sig_info[1]);

   if(pad_and_hash.size() != 2)
      throw Internal_Error("Invalid name format " + sig_info[1]);

   return pad_and_hash[1];
   }
bool Botan::X509_CRL::is_revoked ( const X509_Certificate cert) const

Check if this particular certificate is listed in the CRL

Definition at line 45 of file x509_crl.cpp.

References authority_key_id(), Botan::X509_Certificate::authority_key_id(), Botan::X509_Certificate::issuer_dn(), issuer_dn(), Botan::REMOVE_FROM_CRL, and Botan::X509_Certificate::serial_number().

   {
   /*
   If the cert wasn't issued by the CRL issuer, it's possible the cert
   is revoked, but not by this CRL. Maybe throw an exception instead?
   */
   if(cert.issuer_dn() != issuer_dn())
      return false;

   std::vector<byte> crl_akid = authority_key_id();
   std::vector<byte> cert_akid = cert.authority_key_id();

   if(!crl_akid.empty() && !cert_akid.empty())
      if(crl_akid != cert_akid)
         return false;

   std::vector<byte> cert_serial = cert.serial_number();

   bool is_revoked = false;

   for(size_t i = 0; i != revoked.size(); ++i)
      {
      if(cert_serial == revoked[i].serial_number())
         {
         if(revoked[i].reason_code() == REMOVE_FROM_CRL)
            is_revoked = false;
         else
            is_revoked = true;
         }
      }

   return is_revoked;
   }

Get the issuer DN of this CRL.

Returns:
CRLs issuer DN

Definition at line 154 of file x509_crl.cpp.

References Botan::create_dn().

Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and is_revoked().

   {
   return create_dn(info);
   }
std::vector< byte > Botan::X509_Object::make_signed ( class PK_Signer signer,
RandomNumberGenerator rng,
const AlgorithmIdentifier alg_id,
const secure_vector< byte > &  tbs 
) [static, inherited]

Create a signed X509 object.

Parameters:
signerthe signer used to sign the object
rngthe random number generator to use
alg_idthe algorithm identifier of the signature scheme
tbsthe tbs bits to be signed
Returns:
signed X509 object

Definition at line 213 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().

   {
   return DER_Encoder()
      .start_cons(SEQUENCE)
         .raw_bytes(tbs_bits)
         .encode(algo)
         .encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
      .end_cons()
   .get_contents_unlocked();
   }

Get the CRL's nextUpdate value.

Returns:
CRLs nextdUpdate

Definition at line 186 of file x509_crl.cpp.

References Botan::Data_Store::get1().

   {
   return info.get1("X509.CRL.end");
   }
std::string Botan::X509_Object::PEM_encode ( ) const [inherited]
Returns:
PEM encoding of this

Definition at line 123 of file x509_obj.cpp.

References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().

Referenced by Botan::X509_Certificate::to_string().

   {
   return PEM_Code::encode(BER_encode(), PEM_label_pref);
   }
std::vector< byte > Botan::X509_Object::signature ( ) const [inherited]
Returns:
signature on tbs_data()

Definition at line 139 of file x509_obj.cpp.

References Botan::X509_Object::sig.

Referenced by Botan::X509_Object::check_signature().

   {
   return sig;
   }
Returns:
signature algorithm that was used to generate signature

Definition at line 147 of file x509_obj.cpp.

References Botan::X509_Object::sig_algo.

Referenced by Botan::X509_Certificate::to_string().

   {
   return sig_algo;
   }
std::vector< byte > Botan::X509_Object::tbs_data ( ) const [inherited]

The underlying data that is to be or was signed

Returns:
data that is or was signed

Definition at line 131 of file x509_obj.cpp.

References Botan::ASN1::put_in_sequence(), and Botan::X509_Object::tbs_bits.

Referenced by Botan::X509_Object::check_signature().

Get the CRL's thisUpdate value.

Returns:
CRLs thisUpdate

Definition at line 178 of file x509_crl.cpp.

References Botan::Data_Store::get1().

Referenced by Botan::Certificate_Store_In_Memory::add_crl().

   {
   return info.get1("X509.CRL.start");
   }

Member Data Documentation

std::vector<byte> Botan::X509_Object::sig [protected, inherited]
std::vector<byte> Botan::X509_Object::tbs_bits [protected, inherited]

The documentation for this class was generated from the following files: