Botan
2.1.0
Crypto and TLS for C++11
|
#include <ocsp.h>
Public Member Functions | |
Certificate_Status_Code | check_signature (const std::vector< Certificate_Store * > &trust_roots, const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path={}) const |
const X509_Time & | produced_at () const |
const std::vector< uint8_t > & | raw_bits () const |
Response ()=default | |
Response (const std::vector< uint8_t > &response_bits) | |
Response (const uint8_t response_bits[], size_t response_bits_len) | |
const std::vector< uint8_t > & | signer_key_hash () const |
const X509_DN & | signer_name () const |
Certificate_Status_Code | status_for (const X509_Certificate &issuer, const X509_Certificate &subject, std::chrono::system_clock::time_point ref_time=std::chrono::system_clock::now()) const |
Certificate_Status_Code | verify_signature (const X509_Certificate &issuer) const |
|
default |
Creates an empty OCSP response.
|
inline |
Botan::OCSP::Response::Response | ( | const uint8_t | response_bits[], |
size_t | response_bits_len | ||
) |
Parses an OCSP response.
response_bits | response bits received |
response_bits_len | length of response in bytes |
Definition at line 90 of file ocsp.cpp.
References Botan::BIT_STRING, Botan::CONSTRUCTED, Botan::CONTEXT_SPECIFIC, Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_and_check(), Botan::BER_Decoder::decode_list(), Botan::BER_Decoder::decode_optional(), Botan::BER_Decoder::decode_optional_string(), Botan::BER_Decoder::end_cons(), Botan::ENUMERATED, Botan::BER_Decoder::get_next_octet_string(), Botan::BER_Decoder::more_items(), Botan::OCTET_STRING, Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::BER_Decoder::start_cons(), Botan::ASN1::to_string(), and Botan::UNIVERSAL.
Certificate_Status_Code Botan::OCSP::Response::check_signature | ( | const std::vector< Certificate_Store * > & | trust_roots, |
const std::vector< std::shared_ptr< const X509_Certificate >> & | cert_path = {} |
||
) | const |
Check signature and return status The optional cert_path is the (already validated!) certificate path of the end entity which is being inquired about
trust_roots | list of certstores containing trusted roots |
cert_path | optionally, the (already verified!) certificate path for the certificate this is an OCSP response for. This is necessary to find the correct intermediate CA in some cases. |
Definition at line 172 of file ocsp.cpp.
References Botan::CRL_SIGN, Botan::X509_DN::empty(), Botan::OCSP_ISSUER_NOT_FOUND, Botan::OCSP_RESPONSE_INVALID, Botan::OCSP_RESPONSE_MISSING_KEYUSAGE, and verify_signature().
|
inline |
|
inline |
|
inline |
|
inline |
Certificate_Status_Code Botan::OCSP::Response::status_for | ( | const X509_Certificate & | issuer, |
const X509_Certificate & | subject, | ||
std::chrono::system_clock::time_point | ref_time = std::chrono::system_clock::now() |
||
) | const |
Searches the OCSP response for issuer and subject certificate.
issuer | issuer certificate |
subject | subject certificate |
ref_time | the reference time |
Definition at line 252 of file ocsp.cpp.
References Botan::CERT_IS_REVOKED, Botan::OCSP_BAD_STATUS, Botan::OCSP_CERT_NOT_LISTED, Botan::OCSP_HAS_EXPIRED, Botan::OCSP_NOT_YET_VALID, and Botan::OCSP_RESPONSE_GOOD.
Certificate_Status_Code Botan::OCSP::Response::verify_signature | ( | const X509_Certificate & | issuer | ) | const |
Verify that issuer's key signed this response
issuer | certificate of issuer |
Definition at line 144 of file ocsp.cpp.
References Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::OCSP_RESPONSE_INVALID, Botan::OCSP_SIGNATURE_ERROR, Botan::OCSP_SIGNATURE_OK, Botan::AlgorithmIdentifier::oid, Botan::ASN1::put_in_sequence(), Botan::split_on(), Botan::X509_Certificate::subject_public_key(), and Botan::PK_Verifier::verify_message().
Referenced by check_signature().