Botan  2.19.1
Crypto and TLS for C++11
x509_obj.h
Go to the documentation of this file.
1 /*
2 * X.509 SIGNED Object
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_OBJECT_H_
9 #define BOTAN_X509_OBJECT_H_
10 
11 #include <botan/asn1_obj.h>
12 #include <botan/pkix_enums.h>
13 #include <vector>
14 
15 namespace Botan {
16 
17 class Public_Key;
18 class Private_Key;
19 class RandomNumberGenerator;
20 
21 /**
22 * This class represents abstract X.509 signed objects as in the X.500
23 * SIGNED macro
24 */
26  {
27  public:
28  /**
29  * The underlying data that is to be or was signed
30  * @return data that is or was signed
31  */
32  std::vector<uint8_t> tbs_data() const;
33 
34  /**
35  * @return signature on tbs_data()
36  */
37  const std::vector<uint8_t>& signature() const { return m_sig; }
38 
39  /**
40  * @return signed body
41  */
42  const std::vector<uint8_t>& signed_body() const { return m_tbs_bits; }
43 
44  /**
45  * @return signature algorithm that was used to generate signature
46  */
47  const AlgorithmIdentifier& signature_algorithm() const { return m_sig_algo; }
48 
49  /**
50  * @return hash algorithm that was used to generate signature
51  */
52  std::string hash_used_for_signature() const;
53 
54  /**
55  * Create a signed X509 object.
56  * @param signer the signer used to sign the object
57  * @param rng the random number generator to use
58  * @param alg_id the algorithm identifier of the signature scheme
59  * @param tbs the tbs bits to be signed
60  * @return signed X509 object
61  */
62  static std::vector<uint8_t> make_signed(class PK_Signer* signer,
64  const AlgorithmIdentifier& alg_id,
65  const secure_vector<uint8_t>& tbs);
66 
67  /**
68  * Check the signature on this data
69  * @param key the public key purportedly used to sign this data
70  * @return status of the signature - OK if verified or otherwise an indicator of
71  * the problem preventing verification.
72  */
73  Certificate_Status_Code verify_signature(const Public_Key& key) const;
74 
75  /**
76  * Check the signature on this data
77  * @param key the public key purportedly used to sign this data
78  * @return true if the signature is valid, otherwise false
79  */
80  bool check_signature(const Public_Key& key) const;
81 
82  /**
83  * Check the signature on this data
84  * @param key the public key purportedly used to sign this data
85  * the object will be deleted after use (this should have
86  * been a std::unique_ptr<Public_Key>)
87  * @return true if the signature is valid, otherwise false
88  */
89  bool check_signature(const Public_Key* key) const;
90 
91  /**
92  * DER encode an X509_Object
93  * See @ref ASN1_Object::encode_into()
94  */
95  void encode_into(class DER_Encoder& to) const override;
96 
97  /**
98  * Decode a BER encoded X509_Object
99  * See @ref ASN1_Object::decode_from()
100  */
101  void decode_from(class BER_Decoder& from) override;
102 
103  /**
104  * @return PEM encoding of this
105  */
106  std::string PEM_encode() const;
107 
108  X509_Object(const X509_Object&) = default;
109  X509_Object& operator=(const X509_Object&) = default;
110 
111  virtual std::string PEM_label() const = 0;
112 
113  virtual std::vector<std::string> alternate_PEM_labels() const
114  { return std::vector<std::string>(); }
115 
116  virtual ~X509_Object() = default;
117 
118  static std::unique_ptr<PK_Signer>
120  const Private_Key& key,
122  const std::string& hash_fn,
123  const std::string& padding_algo);
124 
125  protected:
126 
127  X509_Object() = default;
128 
129  /**
130  * Decodes from src as either DER or PEM data, then calls force_decode()
131  */
132  void load_data(DataSource& src);
133 
134  private:
135  virtual void force_decode() = 0;
136 
137  AlgorithmIdentifier m_sig_algo;
138  std::vector<uint8_t> m_tbs_bits;
139  std::vector<uint8_t> m_sig;
140  };
141 
142 }
143 
144 #endif
const std::vector< uint8_t > & signed_body() const
Definition: x509_obj.h:42
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
const AlgorithmIdentifier & signature_algorithm() const
Definition: x509_obj.h:47
virtual std::vector< std::string > alternate_PEM_labels() const
Definition: x509_obj.h:113
const std::vector< uint8_t > & signature() const
Definition: x509_obj.h:37
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:65
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:148
Definition: alg_id.cpp:13
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:318
Certificate_Status_Code
Definition: pkix_enums.h:17