Botan  1.11.15
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | Friends
Botan::X509_Certificate Class Reference

#include <x509cert.h>

Inheritance diagram for Botan::X509_Certificate:
Botan::X509_Object Botan::ASN1_Object

List of all members.

Public Member Functions

bool allowed_usage (Key_Constraints usage) const
bool allowed_usage (const std::string &usage) const
std::vector< byteauthority_key_id () const
std::vector< byteBER_encode () const
bool check_signature (const Public_Key &key) const
bool check_signature (const Public_Key *key) const
Key_Constraints constraints () const
std::string crl_distribution_point () const
void decode_from (class BER_Decoder &from) override
void encode_into (class DER_Encoder &to) const override
std::string end_time () const
std::vector< std::string > ex_constraints () const
std::string fingerprint (const std::string &="SHA-1") const
std::string hash_used_for_signature () const
bool is_CA_cert () const
bool is_self_signed () const
X509_DN issuer_dn () const
std::vector< std::string > issuer_info (const std::string &name) const
bool matches_dns_name (const std::string &name) const
std::string ocsp_responder () const
bool operator< (const X509_Certificate &other) const
bool operator== (const X509_Certificate &other) const
u32bit path_limit () const
std::string PEM_encode () const
std::vector< std::string > policies () const
std::vector< byteraw_issuer_dn () const
std::vector< byteraw_subject_dn () const
std::vector< byteserial_number () const
std::vector< bytesignature () const
AlgorithmIdentifier signature_algorithm () const
std::string start_time () const
X509_DN subject_dn () const
std::vector< std::string > subject_info (const std::string &name) const
std::vector< bytesubject_key_id () const
Public_Keysubject_public_key () const
std::vector< bytesubject_public_key_bits () const
std::vector< bytetbs_data () const
std::string to_string () const
 X509_Certificate (DataSource &source)
 X509_Certificate (const std::string &filename)
 X509_Certificate (const std::vector< byte > &in)
u32bit x509_version () const

Static Public Member Functions

static std::vector< bytemake_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< byte > &tbs)

Protected Member Functions

void do_decode ()

Protected Attributes

std::vector< bytesig
AlgorithmIdentifier sig_algo
std::vector< bytetbs_bits

Friends

class BER_Decoder
class X509_CA

Detailed Description

This class represents X.509 Certificate

Definition at line 24 of file x509cert.h.


Constructor & Destructor Documentation

Create a certificate from a data source providing the DER or PEM encoded certificate.

Parameters:
sourcethe data source

Definition at line 45 of file x509cert.cpp.

References Botan::X509_Object::do_decode().

                                                 :
   X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
   {
   self_signed = false;
   do_decode();
   }
Botan::X509_Certificate::X509_Certificate ( const std::string &  filename)

Create a certificate from a file containing the DER or PEM encoded certificate.

Parameters:
filenamethe name of the certificate file

Definition at line 55 of file x509cert.cpp.

References Botan::X509_Object::do_decode().

                                                      :
   X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
   {
   self_signed = false;
   do_decode();
   }
Botan::X509_Certificate::X509_Certificate ( const std::vector< byte > &  in)

Definition at line 65 of file x509cert.cpp.

References Botan::X509_Object::do_decode().

                                                            :
   X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
   {
   self_signed = false;
   do_decode();
   }

Member Function Documentation

Definition at line 231 of file x509cert.cpp.

References constraints(), and Botan::NO_CONSTRAINTS.

Referenced by is_CA_cert().

   {
   if(constraints() == NO_CONSTRAINTS)
      return true;
   return (constraints() & usage);
   }
bool Botan::X509_Certificate::allowed_usage ( const std::string &  usage) const

Returns true if and only if name (referring to an extended key constraint, eg "PKIX.ServerAuth") is included in the extended key extension.

Definition at line 238 of file x509cert.cpp.

References ex_constraints().

   {
   for(auto constraint : ex_constraints())
      if(constraint == usage)
         return true;

   return false;
   }

Get the DER encoded AuthorityKeyIdentifier of this certificate.

Returns:
DER encoded AuthorityKeyIdentifier

Definition at line 293 of file x509cert.cpp.

References Botan::Data_Store::get1_memvec().

Referenced by Botan::Certificate_Store_In_Memory::find_crl_for(), Botan::X509_CRL::is_revoked(), and to_string().

   {
   return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier");
   }
std::vector< byte > Botan::X509_Object::BER_encode ( ) const [inherited]
Returns:
BER encoding of this

Definition at line 113 of file x509_obj.cpp.

References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().

Referenced by fingerprint(), and Botan::X509_Object::PEM_encode().

   {
   DER_Encoder der;
   encode_into(der);
   return der.get_contents_unlocked();
   }
bool Botan::X509_Object::check_signature ( const Public_Key key) const [inherited]

Check the signature on this data

Parameters:
keythe public key purportedly used to sign this data
Returns:
true if the signature is valid, otherwise false

Definition at line 187 of file x509_obj.cpp.

References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::sig_algo, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().

Referenced by Botan::X509_Object::check_signature().

   {
   try {
      std::vector<std::string> sig_info =
         split_on(OIDS::lookup(sig_algo.oid), '/');

      if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
         return false;

      std::string padding = sig_info[1];
      Signature_Format format =
         (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;

      PK_Verifier verifier(pub_key, padding, format);

      return verifier.verify_message(tbs_data(), signature());
      }
   catch(std::exception& e)
      {
      return false;
      }
   }
bool Botan::X509_Object::check_signature ( const Public_Key key) const [inherited]

Check the signature on this data

Parameters:
keythe public key purportedly used to sign this data the pointer will be deleted after use
Returns:
true if the signature is valid, otherwise false

Definition at line 176 of file x509_obj.cpp.

References Botan::X509_Object::check_signature().

   {
   if(!pub_key)
      throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
   std::unique_ptr<const Public_Key> key(pub_key);
   return check_signature(*key);
   }

Get the key constraints as defined in the KeyUsage extension of this certificate.

Returns:
key constraints

Definition at line 258 of file x509cert.cpp.

References Botan::Data_Store::get1_u32bit(), and Botan::NO_CONSTRAINTS.

Referenced by allowed_usage(), and to_string().

   {
   return Key_Constraints(subject.get1_u32bit("X509v3.KeyUsage",
                                              NO_CONSTRAINTS));
   }

Return the CRL distribution point, or empty if not set

Definition at line 285 of file x509cert.cpp.

References Botan::Data_Store::get1().

Referenced by to_string().

   {
   return subject.get1("CRL.DistributionPoint", "");
   }
void Botan::X509_Object::decode_from ( class BER_Decoder from) [override, virtual, inherited]

Decode whatever this object is from from

Parameters:
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 98 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::BER_Decoder::start_cons(), Botan::X509_Object::tbs_bits, and Botan::BER_Decoder::verify_end().

   {
   from.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(tbs_bits)
         .end_cons()
         .decode(sig_algo)
         .decode(sig, BIT_STRING)
         .verify_end()
      .end_cons();
   }
void Botan::X509_Object::do_decode ( ) [protected, inherited]

Definition at line 230 of file x509_obj.cpp.

Referenced by Botan::PKCS10_Request::PKCS10_Request(), X509_Certificate(), and Botan::X509_CRL::X509_CRL().

   {
   try {
      force_decode();
      }
   catch(Decoding_Error& e)
      {
      throw Decoding_Error(PEM_label_pref + " decoding failed (" +
                           e.what() + ")");
      }
   catch(Invalid_Argument& e)
      {
      throw Decoding_Error(PEM_label_pref + " decoding failed (" +
                           e.what() + ")");
      }
   }
void Botan::X509_Object::encode_into ( class DER_Encoder to) const [override, virtual, inherited]

Encode whatever this object is into to

Parameters:
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 84 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::DER_Encoder::start_cons(), and Botan::X509_Object::tbs_bits.

Referenced by Botan::X509_Object::BER_encode().

   {
   to.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(tbs_bits)
         .end_cons()
         .encode(sig_algo)
         .encode(sig, BIT_STRING)
      .end_cons();
   }
std::string Botan::X509_Certificate::end_time ( ) const

Get the notAfter of the certificate.

Returns:
notAfter of the certificate

Definition at line 183 of file x509cert.cpp.

References Botan::Data_Store::get1().

Referenced by to_string().

   {
   return subject.get1("X509.Certificate.end");
   }
std::vector< std::string > Botan::X509_Certificate::ex_constraints ( ) const

Get the key constraints as defined in the ExtendedKeyUsage extension of this certificate.

Returns:
key constraints

Definition at line 267 of file x509cert.cpp.

References Botan::Data_Store::get().

Referenced by allowed_usage(), and to_string().

   {
   return lookup_oids(subject.get("X509v3.ExtendedKeyUsage"));
   }
std::string Botan::X509_Certificate::fingerprint ( const std::string &  hash_name = "SHA-1") const

Return a fingerprint of the certificate

Definition at line 370 of file x509cert.cpp.

References Botan::X509_Object::BER_encode(), Botan::get_hash(), and Botan::hex_encode().

   {
   std::unique_ptr<HashFunction> hash(get_hash(hash_name));
   hash->update(this->BER_encode());
   const auto hex_print = hex_encode(hash->final());

   std::string formatted_print;

   for(size_t i = 0; i != hex_print.size(); i += 2)
      {
      formatted_print.push_back(hex_print[i]);
      formatted_print.push_back(hex_print[i+1]);

      if(i != hex_print.size() - 2)
         formatted_print.push_back(':');
      }

   return formatted_print;
   }
std::string Botan::X509_Object::hash_used_for_signature ( ) const [inherited]
Returns:
hash algorithm that was used to generate signature

Definition at line 155 of file x509_obj.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), Botan::X509_Object::sig_algo, and Botan::split_on().

   {
   std::vector<std::string> sig_info =
      split_on(OIDS::lookup(sig_algo.oid), '/');

   if(sig_info.size() != 2)
      throw Internal_Error("Invalid name format found for " +
                           sig_algo.oid.as_string());

   std::vector<std::string> pad_and_hash =
      parse_algorithm_name(sig_info[1]);

   if(pad_and_hash.size() != 2)
      throw Internal_Error("Invalid name format " + sig_info[1]);

   return pad_and_hash[1];
   }

Check whether this certificate is a CA certificate.

Returns:
true if this certificate is a CA certificate

Definition at line 223 of file x509cert.cpp.

References allowed_usage(), Botan::Data_Store::get1_u32bit(), and Botan::KEY_CERT_SIGN.

Referenced by Botan::X509_CA::X509_CA().

   {
   if(!subject.get1_u32bit("X509v3.BasicConstraints.is_ca"))
      return false;

   return allowed_usage(KEY_CERT_SIGN);
   }
bool Botan::X509_Certificate::is_self_signed ( ) const [inline]

Check whether this certificate is self signed.

Returns:
true if this certificate is self signed

Definition at line 123 of file x509cert.h.

{ return self_signed; }

Get the issuer certificate DN.

Returns:
issuer DN of this certificate

Definition at line 317 of file x509cert.cpp.

References Botan::create_dn().

Referenced by Botan::Certificate_Store_In_Memory::find_crl_for(), and Botan::X509_CRL::is_revoked().

   {
   return create_dn(issuer);
   }
std::vector< std::string > Botan::X509_Certificate::issuer_info ( const std::string &  name) const

Get a value for a specific subject_info parameter name.

Parameters:
namethe name of the paramter to look up. Possible names are "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier".
Returns:
value(s) of the specified parameter

Definition at line 201 of file x509cert.cpp.

References Botan::X509_DN::deref_info_field(), and Botan::Data_Store::get().

Referenced by to_string().

   {
   return issuer.get(X509_DN::deref_info_field(what));
   }
std::vector< byte > Botan::X509_Object::make_signed ( class PK_Signer signer,
RandomNumberGenerator rng,
const AlgorithmIdentifier alg_id,
const secure_vector< byte > &  tbs 
) [static, inherited]

Create a signed X509 object.

Parameters:
signerthe signer used to sign the object
rngthe random number generator to use
alg_idthe algorithm identifier of the signature scheme
tbsthe tbs bits to be signed
Returns:
signed X509 object

Definition at line 213 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().

   {
   return DER_Encoder()
      .start_cons(SEQUENCE)
         .raw_bytes(tbs_bits)
         .encode(algo)
         .encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
      .end_cons()
   .get_contents_unlocked();
   }
bool Botan::X509_Certificate::matches_dns_name ( const std::string &  name) const

Check if a certain DNS name matches up with the information in the cert

Definition at line 390 of file x509cert.cpp.

References subject_info().

   {
   if(name == "")
      return false;

   if(cert_subject_dns_match(name, subject_info("DNS")))
      return true;

   if(cert_subject_dns_match(name, subject_info("Name")))
      return true;

   return false;
   }

Return the listed address of an OCSP responder, or empty if not set

Definition at line 280 of file x509cert.cpp.

References Botan::Data_Store::get1().

Referenced by Botan::OCSP::online_check(), and to_string().

   {
   return subject.get1("OCSP.responder", "");
   }
bool Botan::X509_Certificate::operator< ( const X509_Certificate other) const

Impose an arbitrary (but consistent) ordering

Returns:
true if this is less than other by some unspecified criteria

Definition at line 416 of file x509cert.cpp.

References Botan::X509_Object::sig, and Botan::X509_Object::tbs_bits.

   {
   /* If signature values are not equal, sort by lexicographic ordering of that */
   if(sig != other.sig)
      {
      if(sig < other.sig)
         return true;
      return false;
      }

   // Then compare the signed contents
   return tbs_bits < other.tbs_bits;
   }
bool Botan::X509_Certificate::operator== ( const X509_Certificate other) const

Check to certificates for equality.

Returns:
true both certificates are (binary) equal

Definition at line 407 of file x509cert.cpp.

References Botan::X509_Object::sig, and Botan::X509_Object::sig_algo.

   {
   return (sig == other.sig &&
           sig_algo == other.sig_algo &&
           self_signed == other.self_signed &&
           issuer == other.issuer &&
           subject == other.subject);
   }

Get the path limit as defined in the BasicConstraints extension of this certificate.

Returns:
path limit

Definition at line 250 of file x509cert.cpp.

References Botan::Data_Store::get1_u32bit().

   {
   return subject.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
   }
std::string Botan::X509_Object::PEM_encode ( ) const [inherited]
Returns:
PEM encoding of this

Definition at line 123 of file x509_obj.cpp.

References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().

Referenced by to_string().

   {
   return PEM_Code::encode(BER_encode(), PEM_label_pref);
   }
std::vector< std::string > Botan::X509_Certificate::policies ( ) const

Get the policies as defined in the CertificatePolicies extension of this certificate.

Returns:
certificate policies

Definition at line 275 of file x509cert.cpp.

References Botan::Data_Store::get().

Referenced by to_string().

   {
   return lookup_oids(subject.get("X509v3.CertificatePolicies"));
   }
std::vector< byte > Botan::X509_Certificate::raw_issuer_dn ( ) const

Raw subject DN

Definition at line 322 of file x509cert.cpp.

References Botan::Data_Store::get1_memvec().

Referenced by Botan::OCSP::CertID::CertID(), and Botan::OCSP::CertID::is_id_for().

   {
   return issuer.get1_memvec("X509.Certificate.dn_bits");
   }

Raw issuer DN

Definition at line 335 of file x509cert.cpp.

References Botan::Data_Store::get1_memvec().

   {
   return subject.get1_memvec("X509.Certificate.dn_bits");
   }
std::vector< byte > Botan::X509_Certificate::serial_number ( ) const

Get the serial number of this certificate.

Returns:
certificates serial number

Definition at line 309 of file x509cert.cpp.

References Botan::Data_Store::get1_memvec().

Referenced by Botan::OCSP::CertID::CertID(), Botan::CRL_Entry::CRL_Entry(), Botan::OCSP::CertID::is_id_for(), Botan::X509_CRL::is_revoked(), and to_string().

   {
   return subject.get1_memvec("X509.Certificate.serial");
   }
std::vector< byte > Botan::X509_Object::signature ( ) const [inherited]
Returns:
signature on tbs_data()

Definition at line 139 of file x509_obj.cpp.

References Botan::X509_Object::sig.

Referenced by Botan::X509_Object::check_signature().

   {
   return sig;
   }
Returns:
signature algorithm that was used to generate signature

Definition at line 147 of file x509_obj.cpp.

References Botan::X509_Object::sig_algo.

Referenced by to_string().

   {
   return sig_algo;
   }
std::string Botan::X509_Certificate::start_time ( ) const

Get the notBefore of the certificate.

Returns:
notBefore of the certificate

Definition at line 175 of file x509cert.cpp.

References Botan::Data_Store::get1().

Referenced by to_string().

   {
   return subject.get1("X509.Certificate.start");
   }

Get the subject certificate DN.

Returns:
subject DN of this certificate

Definition at line 330 of file x509cert.cpp.

References Botan::create_dn().

Referenced by Botan::Certificate_Store::certificate_known(), and Botan::X509_CA::sign_request().

   {
   return create_dn(subject);
   }
std::vector< std::string > Botan::X509_Certificate::subject_info ( const std::string &  name) const

Get a value for a specific subject_info parameter name.

Parameters:
namethe name of the paramter to look up. Possible names are "X509.Certificate.version", "X509.Certificate.serial", "X509.Certificate.start", "X509.Certificate.end", "X509.Certificate.v2.key_id", "X509.Certificate.public_key", "X509v3.BasicConstraints.path_constraint", "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage", "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or "X509.Certificate.serial".
Returns:
value(s) of the specified parameter

Definition at line 192 of file x509cert.cpp.

References Botan::X509_DN::deref_info_field(), and Botan::Data_Store::get().

Referenced by matches_dns_name(), and to_string().

   {
   return subject.get(X509_DN::deref_info_field(what));
   }

Get the DER encoded SubjectKeyIdentifier of this certificate.

Returns:
DER encoded SubjectKeyIdentifier

Definition at line 301 of file x509cert.cpp.

References Botan::Data_Store::get1_memvec().

Referenced by Botan::Certificate_Store::certificate_known(), Botan::X509_CA::sign_request(), and to_string().

   {
   return subject.get1_memvec("X509v3.SubjectKeyIdentifier");
   }

Get the public key associated with this certificate.

Returns:
subject public key of this certificate

Definition at line 209 of file x509cert.cpp.

References Botan::PKCS8::load_key(), Botan::ASN1::put_in_sequence(), and subject_public_key_bits().

Referenced by to_string(), and Botan::TLS::Certificate_Verify::verify().

Get the public key associated with this certificate.

Returns:
subject public key of this certificate

Definition at line 215 of file x509cert.cpp.

References Botan::Data_Store::get1(), and Botan::hex_decode().

Referenced by subject_public_key().

   {
   return hex_decode(subject.get1("X509.Certificate.public_key"));
   }
std::vector< byte > Botan::X509_Object::tbs_data ( ) const [inherited]

The underlying data that is to be or was signed

Returns:
data that is or was signed

Definition at line 131 of file x509_obj.cpp.

References Botan::ASN1::put_in_sequence(), and Botan::X509_Object::tbs_bits.

Referenced by Botan::X509_Object::check_signature().

std::string Botan::X509_Certificate::to_string ( ) const
Returns:
a string describing the certificate

Definition at line 438 of file x509cert.cpp.

References authority_key_id(), constraints(), crl_distribution_point(), Botan::CRL_SIGN, Botan::DATA_ENCIPHERMENT, Botan::DIGITAL_SIGNATURE, end_time(), ex_constraints(), Botan::hex_encode(), issuer_info(), Botan::KEY_AGREEMENT, Botan::KEY_CERT_SIGN, Botan::KEY_ENCIPHERMENT, Botan::OIDS::lookup(), Botan::NO_CONSTRAINTS, Botan::NON_REPUDIATION, ocsp_responder(), Botan::X509_Object::PEM_encode(), policies(), serial_number(), Botan::X509_Object::signature_algorithm(), start_time(), subject_info(), subject_key_id(), subject_public_key(), and x509_version().

   {
   const char* dn_fields[] = { "Name",
                               "Email",
                               "Organization",
                               "Organizational Unit",
                               "Locality",
                               "State",
                               "Country",
                               "IP",
                               "DNS",
                               "URI",
                               "PKIX.XMPPAddr",
                               nullptr };

   std::ostringstream out;

   for(size_t i = 0; dn_fields[i]; ++i)
      {
      const std::vector<std::string> vals = this->subject_info(dn_fields[i]);

      if(vals.empty())
         continue;

      out << "Subject " << dn_fields[i] << ":";
      for(size_t j = 0; j != vals.size(); ++j)
         out << " " << vals[j];
      out << "\n";
      }

   for(size_t i = 0; dn_fields[i]; ++i)
      {
      const std::vector<std::string> vals = this->issuer_info(dn_fields[i]);

      if(vals.empty())
         continue;

      out << "Issuer " << dn_fields[i] << ":";
      for(size_t j = 0; j != vals.size(); ++j)
         out << " " << vals[j];
      out << "\n";
      }

   out << "Version: " << this->x509_version() << "\n";

   out << "Not valid before: " << this->start_time() << "\n";
   out << "Not valid after: " << this->end_time() << "\n";

   out << "Constraints:\n";
   Key_Constraints constraints = this->constraints();
   if(constraints == NO_CONSTRAINTS)
      out << " None\n";
   else
      {
      if(constraints & DIGITAL_SIGNATURE)
         out << "   Digital Signature\n";
      if(constraints & NON_REPUDIATION)
         out << "   Non-Repuidation\n";
      if(constraints & KEY_ENCIPHERMENT)
         out << "   Key Encipherment\n";
      if(constraints & DATA_ENCIPHERMENT)
         out << "   Data Encipherment\n";
      if(constraints & KEY_AGREEMENT)
         out << "   Key Agreement\n";
      if(constraints & KEY_CERT_SIGN)
         out << "   Cert Sign\n";
      if(constraints & CRL_SIGN)
         out << "   CRL Sign\n";
      }

   std::vector<std::string> policies = this->policies();
   if(!policies.empty())
      {
      out << "Policies: " << "\n";
      for(size_t i = 0; i != policies.size(); i++)
         out << "   " << policies[i] << "\n";
      }

   std::vector<std::string> ex_constraints = this->ex_constraints();
   if(!ex_constraints.empty())
      {
      out << "Extended Constraints:\n";
      for(size_t i = 0; i != ex_constraints.size(); i++)
         out << "   " << ex_constraints[i] << "\n";
      }

   if(ocsp_responder() != "")
      out << "OCSP responder " << ocsp_responder() << "\n";
   if(crl_distribution_point() != "")
      out << "CRL " << crl_distribution_point() << "\n";

   out << "Signature algorithm: " <<
      OIDS::lookup(this->signature_algorithm().oid) << "\n";

   out << "Serial number: " << hex_encode(this->serial_number()) << "\n";

   if(this->authority_key_id().size())
     out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";

   if(this->subject_key_id().size())
     out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";

   std::unique_ptr<X509_PublicKey> pubkey(this->subject_public_key());
   out << "Public Key:\n" << X509::PEM_encode(*pubkey);

   return out.str();
   }

Get the X509 version of this certificate object.

Returns:
X509 version

Definition at line 167 of file x509cert.cpp.

References Botan::Data_Store::get1_u32bit().

Referenced by to_string().

   {
   return (subject.get1_u32bit("X509.Certificate.version") + 1);
   }

Friends And Related Function Documentation

friend class BER_Decoder [friend]

Definition at line 226 of file x509cert.h.

friend class X509_CA [friend]

Definition at line 225 of file x509cert.h.


Member Data Documentation

std::vector<byte> Botan::X509_Object::sig [protected, inherited]
std::vector<byte> Botan::X509_Object::tbs_bits [protected, inherited]

The documentation for this class was generated from the following files: