Botan
1.11.15
|
#include <x509_crl.h>
Classes | |
struct | X509_CRL_Error |
Public Member Functions | |
std::vector< byte > | authority_key_id () const |
std::vector< byte > | BER_encode () const |
bool | check_signature (const Public_Key &key) const |
bool | check_signature (const Public_Key *key) const |
u32bit | crl_number () const |
void | decode_from (class BER_Decoder &from) override |
void | encode_into (class DER_Encoder &to) const override |
std::vector< CRL_Entry > | get_revoked () const |
std::string | hash_used_for_signature () const |
bool | is_revoked (const X509_Certificate &cert) const |
X509_DN | issuer_dn () const |
X509_Time | next_update () const |
std::string | PEM_encode () const |
std::vector< byte > | signature () const |
AlgorithmIdentifier | signature_algorithm () const |
std::vector< byte > | tbs_data () const |
X509_Time | this_update () const |
X509_CRL (DataSource &source, bool throw_on_unknown_critical=false) | |
X509_CRL (const std::string &filename, bool throw_on_unknown_critical=false) | |
X509_CRL (const std::vector< byte > &vec, bool throw_on_unknown_critical=false) | |
Static Public Member Functions | |
static std::vector< byte > | make_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< byte > &tbs) |
Protected Member Functions | |
void | do_decode () |
Protected Attributes | |
std::vector< byte > | sig |
AlgorithmIdentifier | sig_algo |
std::vector< byte > | tbs_bits |
This class represents X.509 Certificate Revocation Lists (CRLs).
Definition at line 22 of file x509_crl.h.
Botan::X509_CRL::X509_CRL | ( | DataSource & | source, |
bool | throw_on_unknown_critical = false |
||
) |
Construct a CRL from a data source.
source | the data source providing the DER or PEM encoded CRL. |
throw_on_unknown_critical | should we throw an exception if an unknown CRL extension marked as critical is encountered. |
Definition at line 21 of file x509_crl.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "X509 CRL/CRL"), throw_on_unknown_critical(touc) { do_decode(); }
Botan::X509_CRL::X509_CRL | ( | const std::string & | filename, |
bool | throw_on_unknown_critical = false |
||
) |
Construct a CRL from a file containing the DER or PEM encoded CRL.
filename | the name of the CRL file |
throw_on_unknown_critical | should we throw an exception if an unknown CRL extension marked as critical is encountered. |
Definition at line 30 of file x509_crl.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) { do_decode(); }
Botan::X509_CRL::X509_CRL | ( | const std::vector< byte > & | vec, |
bool | throw_on_unknown_critical = false |
||
) |
Construct a CRL from a binary vector
vec | the binary (DER) representation of the CRL |
throw_on_unknown_critical | should we throw an exception if an unknown CRL extension marked as critical is encountered. |
Definition at line 36 of file x509_crl.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) { do_decode(); }
std::vector< byte > Botan::X509_CRL::authority_key_id | ( | ) | const |
Get the AuthorityKeyIdentifier of this CRL.
Definition at line 162 of file x509_crl.cpp.
References Botan::Data_Store::get1_memvec().
Referenced by is_revoked().
{ return info.get1_memvec("X509v3.AuthorityKeyIdentifier"); }
std::vector< byte > Botan::X509_Object::BER_encode | ( | ) | const [inherited] |
Definition at line 113 of file x509_obj.cpp.
References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().
Referenced by Botan::X509_Certificate::fingerprint(), and Botan::X509_Object::PEM_encode().
{ DER_Encoder der; encode_into(der); return der.get_contents_unlocked(); }
bool Botan::X509_Object::check_signature | ( | const Public_Key & | key | ) | const [inherited] |
Check the signature on this data
key | the public key purportedly used to sign this data |
Definition at line 187 of file x509_obj.cpp.
References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::sig_algo, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().
Referenced by Botan::X509_Object::check_signature().
{ try { std::vector<std::string> sig_info = split_on(OIDS::lookup(sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) return false; std::string padding = sig_info[1]; Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(tbs_data(), signature()); } catch(std::exception& e) { return false; } }
bool Botan::X509_Object::check_signature | ( | const Public_Key * | key | ) | const [inherited] |
Check the signature on this data
key | the public key purportedly used to sign this data the pointer will be deleted after use |
Definition at line 176 of file x509_obj.cpp.
References Botan::X509_Object::check_signature().
{ if(!pub_key) throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); }
u32bit Botan::X509_CRL::crl_number | ( | ) | const |
Get the serial number of this CRL.
Definition at line 170 of file x509_crl.cpp.
References Botan::Data_Store::get1_u32bit().
Referenced by Botan::X509_CA::update_crl().
{ return info.get1_u32bit("X509v3.CRLNumber"); }
void Botan::X509_Object::decode_from | ( | class BER_Decoder & | from | ) | [override, virtual, inherited] |
Decode whatever this object is from from
from | the BER_Decoder that will be read from |
Implements Botan::ASN1_Object.
Definition at line 98 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::BER_Decoder::start_cons(), Botan::X509_Object::tbs_bits, and Botan::BER_Decoder::verify_end().
void Botan::X509_Object::do_decode | ( | ) | [protected, inherited] |
Definition at line 230 of file x509_obj.cpp.
Referenced by Botan::PKCS10_Request::PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), and X509_CRL().
{ try { force_decode(); } catch(Decoding_Error& e) { throw Decoding_Error(PEM_label_pref + " decoding failed (" + e.what() + ")"); } catch(Invalid_Argument& e) { throw Decoding_Error(PEM_label_pref + " decoding failed (" + e.what() + ")"); } }
void Botan::X509_Object::encode_into | ( | class DER_Encoder & | to | ) | const [override, virtual, inherited] |
Encode whatever this object is into to
to | the DER_Encoder that will be written to |
Implements Botan::ASN1_Object.
Definition at line 84 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::DER_Encoder::start_cons(), and Botan::X509_Object::tbs_bits.
Referenced by Botan::X509_Object::BER_encode().
std::vector< CRL_Entry > Botan::X509_CRL::get_revoked | ( | ) | const |
Get the entries of this CRL in the form of a vector.
Definition at line 146 of file x509_crl.cpp.
Referenced by Botan::X509_CA::update_crl().
{
return revoked;
}
std::string Botan::X509_Object::hash_used_for_signature | ( | ) | const [inherited] |
Definition at line 155 of file x509_obj.cpp.
References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), Botan::X509_Object::sig_algo, and Botan::split_on().
{ std::vector<std::string> sig_info = split_on(OIDS::lookup(sig_algo.oid), '/'); if(sig_info.size() != 2) throw Internal_Error("Invalid name format found for " + sig_algo.oid.as_string()); std::vector<std::string> pad_and_hash = parse_algorithm_name(sig_info[1]); if(pad_and_hash.size() != 2) throw Internal_Error("Invalid name format " + sig_info[1]); return pad_and_hash[1]; }
bool Botan::X509_CRL::is_revoked | ( | const X509_Certificate & | cert | ) | const |
Check if this particular certificate is listed in the CRL
Definition at line 45 of file x509_crl.cpp.
References authority_key_id(), Botan::X509_Certificate::authority_key_id(), Botan::X509_Certificate::issuer_dn(), issuer_dn(), Botan::REMOVE_FROM_CRL, and Botan::X509_Certificate::serial_number().
{ /* If the cert wasn't issued by the CRL issuer, it's possible the cert is revoked, but not by this CRL. Maybe throw an exception instead? */ if(cert.issuer_dn() != issuer_dn()) return false; std::vector<byte> crl_akid = authority_key_id(); std::vector<byte> cert_akid = cert.authority_key_id(); if(!crl_akid.empty() && !cert_akid.empty()) if(crl_akid != cert_akid) return false; std::vector<byte> cert_serial = cert.serial_number(); bool is_revoked = false; for(size_t i = 0; i != revoked.size(); ++i) { if(cert_serial == revoked[i].serial_number()) { if(revoked[i].reason_code() == REMOVE_FROM_CRL) is_revoked = false; else is_revoked = true; } } return is_revoked; }
X509_DN Botan::X509_CRL::issuer_dn | ( | ) | const |
Get the issuer DN of this CRL.
Definition at line 154 of file x509_crl.cpp.
References Botan::create_dn().
Referenced by Botan::Certificate_Store_In_Memory::add_crl(), and is_revoked().
{ return create_dn(info); }
std::vector< byte > Botan::X509_Object::make_signed | ( | class PK_Signer * | signer, |
RandomNumberGenerator & | rng, | ||
const AlgorithmIdentifier & | alg_id, | ||
const secure_vector< byte > & | tbs | ||
) | [static, inherited] |
Create a signed X509 object.
signer | the signer used to sign the object |
rng | the random number generator to use |
alg_id | the algorithm identifier of the signature scheme |
tbs | the tbs bits to be signed |
Definition at line 213 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().
Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().
{ return DER_Encoder() .start_cons(SEQUENCE) .raw_bytes(tbs_bits) .encode(algo) .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() .get_contents_unlocked(); }
X509_Time Botan::X509_CRL::next_update | ( | ) | const |
Get the CRL's nextUpdate value.
Definition at line 186 of file x509_crl.cpp.
References Botan::Data_Store::get1().
{ return info.get1("X509.CRL.end"); }
std::string Botan::X509_Object::PEM_encode | ( | ) | const [inherited] |
Definition at line 123 of file x509_obj.cpp.
References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().
Referenced by Botan::X509_Certificate::to_string().
{ return PEM_Code::encode(BER_encode(), PEM_label_pref); }
std::vector< byte > Botan::X509_Object::signature | ( | ) | const [inherited] |
Definition at line 139 of file x509_obj.cpp.
References Botan::X509_Object::sig.
Referenced by Botan::X509_Object::check_signature().
{ return sig; }
AlgorithmIdentifier Botan::X509_Object::signature_algorithm | ( | ) | const [inherited] |
Definition at line 147 of file x509_obj.cpp.
References Botan::X509_Object::sig_algo.
Referenced by Botan::X509_Certificate::to_string().
{ return sig_algo; }
std::vector< byte > Botan::X509_Object::tbs_data | ( | ) | const [inherited] |
The underlying data that is to be or was signed
Definition at line 131 of file x509_obj.cpp.
References Botan::ASN1::put_in_sequence(), and Botan::X509_Object::tbs_bits.
Referenced by Botan::X509_Object::check_signature().
{ return ASN1::put_in_sequence(tbs_bits); }
X509_Time Botan::X509_CRL::this_update | ( | ) | const |
Get the CRL's thisUpdate value.
Definition at line 178 of file x509_crl.cpp.
References Botan::Data_Store::get1().
Referenced by Botan::Certificate_Store_In_Memory::add_crl().
{ return info.get1("X509.CRL.start"); }
std::vector<byte> Botan::X509_Object::sig [protected, inherited] |
Definition at line 97 of file x509_obj.h.
Referenced by Botan::X509_Object::decode_from(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and Botan::X509_Object::signature().
AlgorithmIdentifier Botan::X509_Object::sig_algo [protected, inherited] |
std::vector<byte> Botan::X509_Object::tbs_bits [protected, inherited] |
Definition at line 97 of file x509_obj.h.
Referenced by Botan::X509_Object::decode_from(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Object::tbs_data().