#include <x509cert.h>

Inheritance diagram for Botan::X509_Certificate:

Public Member Functions
bool	allowed_extended_usage (const std::string &usage) const

bool	allowed_extended_usage (const OID &usage) const

bool	allowed_usage (Key_Constraints usage) const

bool	allowed_usage (Usage_Type usage) const

const std::vector< uint8_t > &	authority_key_id () const

std::vector< uint8_t >	BER_encode () const

std::vector< std::string >	ca_issuers () const

const std::vector< OID > &	certificate_policy_oids () const

bool	check_signature (const Public_Key &key) const

bool	check_signature (const Public_Key *key) const

Key_Constraints	constraints () const

std::string	crl_distribution_point () const

void	decode_from (class BER_Decoder &from) override

void	encode_into (class DER_Encoder &to) const override

std::string	end_time () const

std::vector< std::string >	ex_constraints () const

const std::vector< OID > &	extended_key_usage () const

std::string	fingerprint (const std::string &hash_name="SHA-1") const

bool	has_constraints (Key_Constraints constraints) const

bool	has_ex_constraint (const std::string &ex_constraint) const

bool	has_ex_constraint (const OID &ex_constraint) const

std::string	hash_used_for_signature () const

bool	is_CA_cert () const

bool	is_critical (const std::string &ex_name) const

bool	is_self_signed () const

bool	is_serial_negative () const

const AlternativeName &	issuer_alt_name () const

const X509_DN &	issuer_dn () const

std::vector< std::string >	issuer_info (const std::string &name) const

std::unique_ptr< Public_Key >	load_subject_public_key () const

bool	matches_dns_name (const std::string &name) const

const NameConstraints &	name_constraints () const

const X509_Time &	not_after () const

const X509_Time &	not_before () const

std::string	ocsp_responder () const

bool	operator< (const X509_Certificate &other) const

X509_Certificate &	operator= (const X509_Certificate &other)=default

bool	operator== (const X509_Certificate &other) const

uint32_t	path_limit () const

std::string	PEM_encode () const

std::vector< std::string >	policies () const

const std::vector< uint8_t > &	raw_issuer_dn () const

std::vector< uint8_t >	raw_issuer_dn_sha256 () const

const std::vector< uint8_t > &	raw_subject_dn () const

std::vector< uint8_t >	raw_subject_dn_sha256 () const

const std::vector< uint8_t > &	serial_number () const

const std::vector< uint8_t > &	signature () const

const AlgorithmIdentifier &	signature_algorithm () const

const std::vector< uint8_t > &	signed_body () const

std::string	start_time () const

const AlternativeName &	subject_alt_name () const

const X509_DN &	subject_dn () const

std::vector< std::string >	subject_info (const std::string &name) const

const std::vector< uint8_t > &	subject_key_id () const

Public_Key *	subject_public_key () const

const AlgorithmIdentifier &	subject_public_key_algo () const

const std::vector< uint8_t > &	subject_public_key_bits () const

const std::vector< uint8_t > &	subject_public_key_bitstring () const

const std::vector< uint8_t > &	subject_public_key_bitstring_sha1 () const

const std::vector< uint8_t > &	subject_public_key_info () const

std::vector< uint8_t >	tbs_data () const

std::string	to_string () const

const std::vector< uint8_t > &	v2_issuer_key_id () const

const std::vector< uint8_t > &	v2_subject_key_id () const

const Extensions &	v3_extensions () const

Certificate_Status_Code	verify_signature (const Public_Key &key) const

	X509_Certificate (DataSource &source)

	X509_Certificate (const std::vector< uint8_t > &in)

	X509_Certificate (const uint8_t data[], size_t length)

	X509_Certificate ()=default

	X509_Certificate (const X509_Certificate &other)=default

uint32_t	x509_version () const

Static Public Member Functions
static std::unique_ptr< PK_Signer >	choose_sig_format (AlgorithmIdentifier &sig_algo, const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, const std::string &padding_algo)

static std::vector< uint8_t >	make_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)

Protected Member Functions
void	load_data (DataSource &src)

Detailed Description

This class represents an X.509 Certificate

Definition at line 40 of file x509cert.h.

Constructor & Destructor Documentation

Botan::X509_Certificate::X509_Certificate ( DataSource & source )

explicit

Create a certificate from a data source providing the DER or PEM encoded certificate.

Parameters

source the data source

Definition at line 78 of file x509cert.cpp.

References Botan::X509_Object::load_data().

    {
    load_data(src);
    }

Botan::X509_Certificate::X509_Certificate ( const std::vector< uint8_t > & in )

explicit

Create a certificate from a buffer

Parameters

in	the buffer containing the DER-encoded certificate

Definition at line 83 of file x509cert.cpp.

References Botan::X509_Object::load_data().

    {
    DataSource_Memory src(vec.data(), vec.size());
    load_data(src);
    }

Botan::X509_Certificate::X509_Certificate	(	const uint8_t	data[],
		size_t	length
	)

Create a certificate from a buffer

Parameters

data	the buffer containing the DER-encoded certificate
length	length of data in bytes

Definition at line 89 of file x509cert.cpp.

References Botan::X509_Object::load_data().

    {
    DataSource_Memory src(data, len);
    load_data(src);
    }

Botan::X509_Certificate::X509_Certificate ( )

default

Create an uninitialized certificate object. Any attempts to access this object will throw an exception.

Botan::X509_Certificate::X509_Certificate ( const X509_Certificate & other )

default

Member Function Documentation

bool Botan::X509_Certificate::allowed_extended_usage ( const std::string & usage ) const

Returns true if the specified

Parameters

usage is set in the extended key usage extension or if no extended key usage constraints are set at all. To check if a certain extended key constraint is set in the certificate use

See also: X509_Certificate::has_ex_constraint.

Definition at line 501 of file x509cert.cpp.

References Botan::OID::from_string().

Referenced by allowed_usage().

    {
    return allowed_extended_usage(OID::from_string(usage));
    }

bool Botan::X509_Certificate::allowed_extended_usage ( const OID & usage ) const

Returns true if the specified usage is set in the extended key usage extension, or if no extended key usage constraints are set at all. To check if a certain extended key constraint is set in the certificate use

See also: X509_Certificate::has_ex_constraint.

Definition at line 506 of file x509cert.cpp.

References extended_key_usage().

    {
    const std::vector<OID>& ex = extended_key_usage();
    if(ex.empty())
       return true;
 
    if(std::find(ex.begin(), ex.end(), usage) != ex.end())
       return true;
 
    return false;
    }

bool Botan::X509_Certificate::allowed_usage ( Key_Constraints usage ) const

Returns true if the specified

Parameters

usage is set in the key usage extension or if no key usage constraints are set at all. To check if a certain key constraint is set in the certificate use

See also: X509_Certificate::has_constraints.

Definition at line 494 of file x509cert.cpp.

References constraints(), and Botan::NO_CONSTRAINTS.

Referenced by allowed_usage().

    {
    if(constraints() == NO_CONSTRAINTS)
       return true;
    return ((constraints() & usage) == usage);
    }

bool Botan::X509_Certificate::allowed_usage ( Usage_Type usage ) const

Returns true if the required key and extended key constraints are set in the certificate for the specified

Parameters

usage or if no key constraints are set in both the key usage and extended key usage extension.

Definition at line 518 of file x509cert.cpp.

References allowed_extended_usage(), allowed_usage(), Botan::CERTIFICATE_AUTHORITY, Botan::DATA_ENCIPHERMENT, Botan::DIGITAL_SIGNATURE, Botan::ENCRYPTION, is_CA_cert(), Botan::KEY_AGREEMENT, Botan::KEY_ENCIPHERMENT, Botan::NON_REPUDIATION, Botan::OCSP_RESPONDER, Botan::TLS_CLIENT_AUTH, Botan::TLS_SERVER_AUTH, and Botan::UNSPECIFIED.

    {
    // These follow suggestions in RFC 5280 4.2.1.12
 
    switch(usage)
       {
       case Usage_Type::UNSPECIFIED:
          return true;
 
       case Usage_Type::TLS_SERVER_AUTH:
          return (allowed_usage(KEY_AGREEMENT) || allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth");
 
       case Usage_Type::TLS_CLIENT_AUTH:
          return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(KEY_AGREEMENT)) && allowed_extended_usage("PKIX.ClientAuth");
 
       case Usage_Type::OCSP_RESPONDER:
          return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && allowed_extended_usage("PKIX.OCSPSigning");
 
       case Usage_Type::CERTIFICATE_AUTHORITY:
          return is_CA_cert();
 
       case Usage_Type::ENCRYPTION:
          return (allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DATA_ENCIPHERMENT));
       }
 
    return false;
    }

const std::vector< uint8_t > & Botan::X509_Certificate::authority_key_id ( ) const

Get the DER encoded AuthorityKeyIdentifier of this certificate.

Returns: DER encoded AuthorityKeyIdentifier

Definition at line 412 of file x509cert.cpp.

Referenced by Botan::PKIX::build_certificate_path(), Botan::Certificate_Store_In_Memory::find_crl_for(), Botan::X509_CRL::is_revoked(), issuer_info(), and to_string().

    {
    return data().m_authority_key_id;
    }

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const

inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 16 of file asn1_obj.cpp.

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSSR::config_for_x509(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

    {
    std::vector<uint8_t> output;
    DER_Encoder der(output);
    this->encode_into(der);
    return output;
    }

std::vector< std::string > Botan::X509_Certificate::ca_issuers ( ) const

Return the listed addresses of ca issuers, or empty if not set

Definition at line 580 of file x509cert.cpp.

Referenced by to_string().

    {
    return data().m_ca_issuers;
    }

const std::vector< OID > & Botan::X509_Certificate::certificate_policy_oids ( ) const

Definition at line 479 of file x509cert.cpp.

Referenced by policies(), and to_string().

    {
    return data().m_cert_policies;
    }

bool Botan::X509_Object::check_signature ( const Public_Key & key ) const

inherited

Check the signature on this data

Parameters

key	the public key purportedly used to sign this data

Returns: true if the signature is valid, otherwise false

Definition at line 178 of file x509_obj.cpp.

References Botan::VERIFIED, and Botan::X509_Object::verify_signature().

Referenced by Botan::X509_Object::check_signature().

    {
    const Certificate_Status_Code code = verify_signature(pub_key);
    return (code == Certificate_Status_Code::VERIFIED);
    }

bool Botan::X509_Object::check_signature ( const Public_Key * key ) const

inherited

Check the signature on this data

Parameters

key	the public key purportedly used to sign this data the object will be deleted after use (this should have been a std::unique_ptr<Public_Key>)

Returns: true if the signature is valid, otherwise false

Definition at line 170 of file x509_obj.cpp.

References Botan::X509_Object::check_signature(), and Botan::X509_Object::PEM_label().

    {
    if(!pub_key)
       throw Invalid_Argument("No key provided for " + PEM_label() + " signature check");
    std::unique_ptr<const Public_Key> key(pub_key);
    return check_signature(*key);
    }

std::unique_ptr< PK_Signer > Botan::X509_Object::choose_sig_format	(	AlgorithmIdentifier &	sig_algo,
		const Private_Key &	key,
		RandomNumberGenerator &	rng,
		const std::string &	hash_fn,
		const std::string &	padding_algo
	)

staticinherited

Definition at line 376 of file x509_obj.cpp.

References Botan::Public_Key::default_x509_signature_format().

Referenced by Botan::choose_sig_format(), and Botan::PKCS10_Request::create().

    {
    const Signature_Format format = key.default_x509_signature_format();
 
    const std::string emsa = choose_sig_algo(sig_algo, key, hash_fn, padding_algo);
 
    return std::unique_ptr<PK_Signer>(new PK_Signer(key, rng, emsa, format));
    }

Key_Constraints Botan::X509_Certificate::constraints ( ) const

Get the key constraints as defined in the KeyUsage extension of this certificate.

Returns: key constraints

Definition at line 469 of file x509cert.cpp.

Referenced by allowed_usage(), has_constraints(), and to_string().

    {
    return data().m_key_constraints;
    }

std::string Botan::X509_Certificate::crl_distribution_point ( ) const

Return the CRL distribution point, or empty if not set

Definition at line 585 of file x509cert.cpp.

Referenced by to_string().

    {
    // just returns the first (arbitrarily)
    if(data().m_crl_distribution_points.size() > 0)
       return data().m_crl_distribution_points[0];
    return "";
    }

void Botan::X509_Object::decode_from ( class BER_Decoder & from )

overridevirtualinherited

Decode a BER encoded X509_Object See ASN1_Object::decode_from()

Implements Botan::ASN1_Object.

Definition at line 106 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().

Referenced by Botan::X509_Object::load_data().

    {
    from.start_cons(SEQUENCE)
          .start_cons(SEQUENCE)
             .raw_bytes(m_tbs_bits)
          .end_cons()
          .decode(m_sig_algo)
          .decode(m_sig, BIT_STRING)
       .end_cons();
 
    force_decode();
    }

void Botan::X509_Object::encode_into ( class DER_Encoder & to ) const

overridevirtualinherited

DER encode an X509_Object See ASN1_Object::encode_into()

Implements Botan::ASN1_Object.

Definition at line 92 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::signature(), Botan::X509_Object::signature_algorithm(), Botan::X509_Object::signed_body(), and Botan::DER_Encoder::start_cons().

    {
    to.start_cons(SEQUENCE)
          .start_cons(SEQUENCE)
             .raw_bytes(signed_body())
          .end_cons()
          .encode(signature_algorithm())
          .encode(signature(), BIT_STRING)
       .end_cons();
    }

std::string Botan::X509_Certificate::end_time ( ) const

inline

Get the notAfter of the certificate as a string

Returns: notAfter of the certificate

Definition at line 167 of file x509cert.h.

          {
          return not_after().to_string();
          }

std::vector< std::string > Botan::X509_Certificate::ex_constraints ( ) const

Get the key constraints as defined in the ExtendedKeyUsage extension of this certificate.

Returns: key constraints

Definition at line 711 of file x509cert.cpp.

References extended_key_usage().

Referenced by to_string().

    {
    return lookup_oids(extended_key_usage());
    }

const std::vector< OID > & Botan::X509_Certificate::extended_key_usage ( ) const

Get the key usage as defined in the ExtendedKeyUsage extension of this certificate, or else an empty vector.

Returns: key usage

Definition at line 474 of file x509cert.cpp.

Referenced by allowed_extended_usage(), ex_constraints(), has_ex_constraint(), and to_string().

    {
    return data().m_extended_key_usage;
    }

std::string Botan::X509_Certificate::fingerprint ( const std::string & hash_name = "SHA-1" ) const

Returns: a fingerprint of the certificate

Parameters

hash_name hash function used to calculate the fingerprint

Definition at line 724 of file x509cert.cpp.

References Botan::ASN1_Object::BER_encode(), and Botan::create_hex_fingerprint().

Referenced by Botan::Certificate_Store_In_SQL::affirm_cert(), Botan::Certificate_Store_In_SQL::find_key(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::Certificate_Store_In_SQL::insert_key(), Botan::Certificate_Store_In_SQL::remove_cert(), and Botan::Certificate_Store_In_SQL::revoke_cert().

    {
    return create_hex_fingerprint(this->BER_encode(), hash_name);
    }

bool Botan::X509_Certificate::has_constraints ( Key_Constraints constraints ) const

Returns true if the specified

Parameters

constraints are included in the key usage extension.

Definition at line 546 of file x509cert.cpp.

References constraints(), and Botan::NO_CONSTRAINTS.

    {
    if(this->constraints() == NO_CONSTRAINTS)
       {
       return false;
       }
 
    return ((this->constraints() & constraints) != 0);
    }

bool Botan::X509_Certificate::has_ex_constraint ( const std::string & ex_constraint ) const

Returns true if and only if

Parameters

ex_constraint (referring to an extended key constraint, eg "PKIX.ServerAuth") is included in the extended key extension.

Definition at line 556 of file x509cert.cpp.

References Botan::OID::from_string().

    {
    return has_ex_constraint(OID::from_string(ex_constraint));
    }

bool Botan::X509_Certificate::has_ex_constraint ( const OID & ex_constraint ) const

Returns true if and only if OID

Parameters

ex_constraint is included in the extended key extension.

Definition at line 561 of file x509cert.cpp.

References extended_key_usage().

    {
    const std::vector<OID>& ex = extended_key_usage();
    return (std::find(ex.begin(), ex.end(), usage) != ex.end());
    }

std::string Botan::X509_Object::hash_used_for_signature ( ) const

inherited

Returns: hash algorithm that was used to generate signature

Definition at line 138 of file x509_obj.cpp.

References Botan::AlgorithmIdentifier::get_oid(), Botan::parse_algorithm_name(), Botan::X509_Object::signature_algorithm(), Botan::split_on(), Botan::OID::to_formatted_string(), and Botan::OID::to_string().

    {
    const OID& oid = m_sig_algo.get_oid();
    const std::vector<std::string> sig_info = split_on(oid.to_formatted_string(), '/');
 
    if(sig_info.size() == 1 && sig_info[0] == "Ed25519")
       return "SHA-512";
    else if(sig_info.size() != 2)
       throw Internal_Error("Invalid name format found for " + oid.to_string());
 
    if(sig_info[1] == "EMSA4")
       {
       const OID hash_oid = decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid();
       return hash_oid.to_formatted_string();
       }
    else
       {
       const std::vector<std::string> pad_and_hash =
          parse_algorithm_name(sig_info[1]);
 
       if(pad_and_hash.size() != 2)
          {
          throw Internal_Error("Invalid name format " + sig_info[1]);
          }
 
       return pad_and_hash[1];
       }
    }

bool Botan::X509_Certificate::is_CA_cert ( ) const

Check whether this certificate is a CA certificate.

Returns: true if this certificate is a CA certificate

Definition at line 453 of file x509cert.cpp.

Referenced by allowed_usage(), Botan::Cert_Extension::Name_Constraints::validate(), and Botan::X509_CA::X509_CA().

    {
    if(data().m_version < 3 && data().m_self_signed)
       return true;
 
    return data().m_is_ca_certificate;
    }

bool Botan::X509_Certificate::is_critical ( const std::string & ex_name ) const

Check whenever a given X509 Extension is marked critical in this certificate.

Definition at line 570 of file x509cert.cpp.

References Botan::Extensions::critical_extension_set(), Botan::OID::from_string(), and v3_extensions().

Referenced by Botan::Cert_Extension::Name_Constraints::validate().

    {
    return v3_extensions().critical_extension_set(OID::from_string(ex_name));
    }

bool Botan::X509_Certificate::is_self_signed ( ) const

Check whether this certificate is self signed. If the DN issuer and subject agree,

Returns: true if this certificate is self signed

Definition at line 359 of file x509cert.cpp.

    {
    return data().m_self_signed;
    }

bool Botan::X509_Certificate::is_serial_negative ( ) const

Get the serial number's sign

Returns: 1 iff the serial is negative.

Definition at line 427 of file x509cert.cpp.

    {
    return data().m_serial_negative;
    }

const AlternativeName & Botan::X509_Certificate::issuer_alt_name ( ) const

Return the issuer alternative names (DNS, IP, ...)

Definition at line 598 of file x509cert.cpp.

Referenced by issuer_info().

    {
    return data().m_issuer_alt_name;
    }

const X509_DN & Botan::X509_Certificate::issuer_dn ( ) const

Get the certificate's issuer distinguished name (DN).

Returns: issuer DN of this certificate

Definition at line 433 of file x509cert.cpp.

Referenced by Botan::PKIX::build_certificate_path(), Botan::Certificate_Store_In_SQL::find_crl_for(), Botan::Certificate_Store_In_Memory::find_crl_for(), Botan::X509_CRL::is_revoked(), issuer_info(), Botan::OCSP::Request::Request(), and to_string().

    {
    return data().m_issuer_dn;
    }

std::vector< std::string > Botan::X509_Certificate::issuer_info ( const std::string & name ) const

Get a value for a specific subject_info parameter name.

Parameters

name	the name of the parameter to look up. Possible names are "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier".

Returns: value(s) of the specified parameter

Definition at line 642 of file x509cert.cpp.

References authority_key_id(), Botan::AlternativeName::get_attribute(), Botan::X509_DN::get_attribute(), Botan::hex_encode(), issuer_alt_name(), issuer_dn(), raw_issuer_dn(), and v2_issuer_key_id().

    {
    if(issuer_dn().has_field(req))
       return issuer_dn().get_attribute(req);
 
    if(issuer_alt_name().has_field(req))
       return issuer_alt_name().get_attribute(req);
 
    // These will be removed later:
    if(req == "X509.Certificate.v2.key_id")
       return {hex_encode(this->v2_issuer_key_id())};
    if(req == "X509v3.AuthorityKeyIdentifier")
       return {hex_encode(this->authority_key_id())};
    if(req == "X509.Certificate.dn_bits")
       return {hex_encode(this->raw_issuer_dn())};
 
    return data().m_issuer_ds.get(req);
    }

void Botan::X509_Object::load_data ( DataSource & src )

protectedinherited

Decodes from src as either DER or PEM data, then calls force_decode()

Definition at line 52 of file x509_obj.cpp.

References Botan::X509_Object::alternate_PEM_labels(), Botan::PEM_Code::decode(), Botan::X509_Object::decode_from(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::X509_Object::PEM_label().

Referenced by Botan::PKCS10_Request::PKCS10_Request(), X509_Certificate(), and Botan::X509_CRL::X509_CRL().

    {
    try {
       if(ASN1::maybe_BER(in) && !PEM_Code::matches(in))
          {
          BER_Decoder dec(in);
          decode_from(dec);
          }
       else
          {
          std::string got_label;
          DataSource_Memory ber(PEM_Code::decode(in, got_label));
 
          if(got_label != PEM_label())
             {
             bool is_alternate = false;
             for(std::string alt_label : alternate_PEM_labels())
                {
                if(got_label == alt_label)
                   {
                   is_alternate = true;
                   break;
                   }
                }
 
             if(!is_alternate)
                throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label);
             }
 
          BER_Decoder dec(ber);
          decode_from(dec);
          }
       }
    catch(Decoding_Error& e)
       {
       throw Decoding_Error(PEM_label() + " decoding", e);
       }
    }

std::unique_ptr< Public_Key > Botan::X509_Certificate::load_subject_public_key ( ) const

Create a public key object associated with the public key bits in this certificate. If the public key bits was valid for X.509 encoding purposes but invalid algorithmically (for example, RSA with an even modulus) that will be detected at this point, and an exception will be thrown.

Returns: subject public key of this certificate

Definition at line 664 of file x509cert.cpp.

References Botan::X509::load_key(), and subject_public_key_info().

    {
    try
       {
       return std::unique_ptr<Public_Key>(X509::load_key(subject_public_key_info()));
       }
    catch(std::exception& e)
       {
       throw Decoding_Error("X509_Certificate::load_subject_public_key", e);
       }
    }

std::vector< uint8_t > Botan::X509_Object::make_signed	(	class PK_Signer *	signer,
		RandomNumberGenerator &	rng,
		const AlgorithmIdentifier &	alg_id,
		const secure_vector< uint8_t > &	tbs
	)

staticinherited

Create a signed X509 object.

Parameters

signer	the signer used to sign the object
rng	the random number generator to use
alg_id	the algorithm identifier of the signature scheme
tbs	the tbs bits to be signed

Returns: signed X509 object

Definition at line 268 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), Botan::X509_Object::signature(), and Botan::DER_Encoder::start_cons().

Referenced by Botan::PKCS10_Request::create(), and Botan::X509_CA::make_cert().

    {
    const std::vector<uint8_t> signature = signer->sign_message(tbs_bits, rng);
 
    std::vector<uint8_t> output;
    DER_Encoder(output)
       .start_cons(SEQUENCE)
          .raw_bytes(tbs_bits)
          .encode(algo)
          .encode(signature, BIT_STRING)
       .end_cons();
 
    return output;
    }

bool Botan::X509_Certificate::matches_dns_name ( const std::string & name ) const

Check if a certain DNS name matches up with the information in the cert

Parameters

name	DNS name to match

Definition at line 729 of file x509cert.cpp.

References Botan::host_wildcard_match(), and subject_info().

Referenced by botan_x509_cert_hostname_match().

    {
    if(name.empty())
       return false;
 
    std::vector<std::string> issued_names = subject_info("DNS");
 
    // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4)
    if(issued_names.empty())
       issued_names = subject_info("Name");
 
    for(size_t i = 0; i != issued_names.size(); ++i)
       {
       if(host_wildcard_match(issued_names[i], name))
          return true;
       }
 
    return false;
    }

const NameConstraints & Botan::X509_Certificate::name_constraints ( ) const

Get the name constraints as defined in the NameConstraints extension of this certificate.

Returns: name constraints

Definition at line 484 of file x509cert.cpp.

Referenced by to_string().

    {
    return data().m_name_constraints;
    }

const X509_Time & Botan::X509_Certificate::not_after ( ) const

Get the notAfter of the certificate as X509_Time

Returns: notAfter of the certificate

Definition at line 369 of file x509cert.cpp.

Referenced by botan_x509_cert_not_after(), subject_info(), and to_string().

    {
    return data().m_not_after;
    }

const X509_Time & Botan::X509_Certificate::not_before ( ) const

Get the notBefore of the certificate as X509_Time

Returns: notBefore of the certificate

Definition at line 364 of file x509cert.cpp.

Referenced by botan_x509_cert_not_before(), subject_info(), and to_string().

    {
    return data().m_not_before;
    }

std::string Botan::X509_Certificate::ocsp_responder ( ) const

Return the listed address of an OCSP responder, or empty if not set

Definition at line 575 of file x509cert.cpp.

Referenced by to_string().

    {
    return data().m_ocsp_responder;
    }

bool Botan::X509_Certificate::operator< ( const X509_Certificate & other ) const

Impose an arbitrary (but consistent) ordering, eg to allow sorting a container of certificate objects.

Returns: true if this is less than other by some unspecified criteria

Definition at line 759 of file x509cert.cpp.

References Botan::X509_Object::signature(), and Botan::X509_Object::signed_body().

    {
    /* If signature values are not equal, sort by lexicographic ordering of that */
    if(this->signature() != other.signature())
       {
       return (this->signature() < other.signature());
       }
 
    // Then compare the signed contents
    return this->signed_body() < other.signed_body();
    }

X509_Certificate& Botan::X509_Certificate::operator= ( const X509_Certificate & other )

default

bool Botan::X509_Certificate::operator== ( const X509_Certificate & other ) const

Check to certificates for equality.

Returns: true both certificates are (binary) equal

Definition at line 752 of file x509cert.cpp.

References Botan::X509_Object::signature(), Botan::X509_Object::signature_algorithm(), and Botan::X509_Object::signed_body().

    {
    return (this->signature() == other.signature() &&
            this->signature_algorithm() == other.signature_algorithm() &&
            this->signed_body() == other.signed_body());
    }

uint32_t Botan::X509_Certificate::path_limit ( ) const

Get the path limit as defined in the BasicConstraints extension of this certificate.

Returns: path limit

Definition at line 461 of file x509cert.cpp.

    {
    if(data().m_version < 3 && data().m_self_signed)
       return 32; // in theory infinite, but this is more than enough
 
    return static_cast<uint32_t>(data().m_path_len_constraint);
    }

std::string Botan::X509_Object::PEM_encode ( ) const

inherited

Returns: PEM encoding of this

Definition at line 122 of file x509_obj.cpp.

References Botan::ASN1_Object::BER_encode(), Botan::PEM_Code::encode(), and Botan::X509_Object::PEM_label().

    {
    return PEM_Code::encode(BER_encode(), PEM_label());
    }

std::vector< std::string > Botan::X509_Certificate::policies ( ) const

Get the policies as defined in the CertificatePolicies extension of this certificate.

Returns: certificate policies

Definition at line 719 of file x509cert.cpp.

References certificate_policy_oids().

Referenced by to_string().

    {
    return lookup_oids(certificate_policy_oids());
    }

const std::vector< uint8_t > & Botan::X509_Certificate::raw_issuer_dn ( ) const

Raw issuer DN bits

Definition at line 443 of file x509cert.cpp.

Referenced by Botan::OCSP::CertID::is_id_for(), issuer_info(), and raw_issuer_dn_sha256().

    {
    return data().m_issuer_dn_bits;
    }

std::vector< uint8_t > Botan::X509_Certificate::raw_issuer_dn_sha256 ( ) const

SHA-256 of Raw issuer DN

Definition at line 676 of file x509cert.cpp.

References Botan::HashFunction::create_or_throw(), hash, and raw_issuer_dn().

    {
    std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-256"));
    hash->update(raw_issuer_dn());
    return hash->final_stdvec();
    }

const std::vector< uint8_t > & Botan::X509_Certificate::raw_subject_dn ( ) const

Raw subject DN

Definition at line 448 of file x509cert.cpp.

Referenced by Botan::OCSP::CertID::CertID(), raw_subject_dn_sha256(), and subject_info().

    {
    return data().m_subject_dn_bits;
    }

std::vector< uint8_t > Botan::X509_Certificate::raw_subject_dn_sha256 ( ) const

SHA-256 of Raw subject DN

Definition at line 683 of file x509cert.cpp.

References Botan::HashFunction::create(), hash, and raw_subject_dn().

    {
    std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
    hash->update(raw_subject_dn());
    return hash->final_stdvec();
    }

const std::vector< uint8_t > & Botan::X509_Certificate::serial_number ( ) const

Get the serial number of this certificate.

Returns: certificates serial number

Definition at line 422 of file x509cert.cpp.

Referenced by Botan::CRL_Entry::CRL_Entry(), Botan::OCSP::CertID::is_id_for(), Botan::X509_CRL::is_revoked(), subject_info(), and to_string().

    {
    return data().m_serial;
    }

const std::vector<uint8_t>& Botan::X509_Object::signature ( ) const

inlineinherited

Returns: signature on tbs_data()

Definition at line 38 of file x509_obj.h.

Referenced by Botan::X509_Object::encode_into(), Botan::X509_Object::make_signed(), operator<(), operator==(), and Botan::X509_Object::verify_signature().

38 { return m_sig; }

const AlgorithmIdentifier& Botan::X509_Object::signature_algorithm ( ) const

inlineinherited

Returns: signature algorithm that was used to generate signature

Definition at line 48 of file x509_obj.h.

Referenced by Botan::X509_Object::encode_into(), Botan::X509_Object::hash_used_for_signature(), operator==(), to_string(), Botan::X509_Object::verify_signature(), and Botan::X509_CA::X509_CA().

48 { return m_sig_algo; }

const std::vector<uint8_t>& Botan::X509_Object::signed_body ( ) const

inlineinherited

Returns: signed body

Definition at line 43 of file x509_obj.h.

Referenced by Botan::X509_Object::encode_into(), operator<(), and operator==().

43 { return m_tbs_bits; }

std::string Botan::X509_Certificate::start_time ( ) const

inline

Get the notBefore of the certificate as a string

Returns: notBefore of the certificate

Definition at line 158 of file x509cert.h.

          {
          return not_before().to_string();
          }

const AlternativeName & Botan::X509_Certificate::subject_alt_name ( ) const

Return the subject alternative names (DNS, IP, ...)

Definition at line 593 of file x509cert.cpp.

Referenced by Botan::GeneralName::matches(), and subject_info().

    {
    return data().m_subject_alt_name;
    }

const X509_DN & Botan::X509_Certificate::subject_dn ( ) const

Get the certificate's subject distinguished name (DN).

Returns: subject DN of this certificate

Definition at line 438 of file x509cert.cpp.

Referenced by Botan::Certificate_Store_Windows::all_subjects(), Botan::Certificate_Store::certificate_known(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::GeneralName::matches(), Botan::Certificate_Store_In_SQL::remove_cert(), Botan::OCSP::Request::Request(), Botan::X509_CA::sign_request(), subject_info(), and to_string().

    {
    return data().m_subject_dn;
    }

std::vector< std::string > Botan::X509_Certificate::subject_info ( const std::string & name ) const

Get a value for a specific subject_info parameter name.

Parameters

name the name of the parameter to look up. Possible names include "X509.Certificate.version", "X509.Certificate.serial", "X509.Certificate.start", "X509.Certificate.end", "X509.Certificate.v2.key_id", "X509.Certificate.public_key", "X509v3.BasicConstraints.path_constraint", "X509v3.BasicConstraints.is_ca", "X509v3.NameConstraints", "X509v3.ExtendedKeyUsage", "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier", "X509.Certificate.serial", "X520.CommonName", "X520.Organization", "X520.Country", "RFC822" (Email in SAN) or "PKCS9.EmailAddress" (Email in DN).

Returns: value(s) of the specified parameter

Definition at line 607 of file x509cert.cpp.

References Botan::AlternativeName::get_attribute(), Botan::X509_DN::get_attribute(), Botan::hex_encode(), not_after(), not_before(), raw_subject_dn(), serial_number(), subject_alt_name(), subject_dn(), subject_key_id(), Botan::X509_Time::to_string(), Botan::ASN1::to_string(), v2_subject_key_id(), and x509_version().

Referenced by matches_dns_name().

    {
    if(req == "Email")
       return this->subject_info("RFC822");
 
    if(subject_dn().has_field(req))
       return subject_dn().get_attribute(req);
 
    if(subject_alt_name().has_field(req))
       return subject_alt_name().get_attribute(req);
 
    // These will be removed later:
    if(req == "X509.Certificate.v2.key_id")
       return {hex_encode(this->v2_subject_key_id())};
    if(req == "X509v3.SubjectKeyIdentifier")
       return {hex_encode(this->subject_key_id())};
    if(req == "X509.Certificate.dn_bits")
       return {hex_encode(this->raw_subject_dn())};
    if(req == "X509.Certificate.start")
       return {not_before().to_string()};
    if(req == "X509.Certificate.end")
       return {not_after().to_string()};
 
    if(req == "X509.Certificate.version")
       return {std::to_string(x509_version())};
    if(req == "X509.Certificate.serial")
       return {hex_encode(serial_number())};
 
    return data().m_subject_ds.get(req);
    }

const std::vector< uint8_t > & Botan::X509_Certificate::subject_key_id ( ) const

Get the DER encoded SubjectKeyIdentifier of this certificate.

Returns: DER encoded SubjectKeyIdentifier

Definition at line 417 of file x509cert.cpp.

Referenced by Botan::Certificate_Store::certificate_known(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::Certificate_Store_In_SQL::remove_cert(), subject_info(), and to_string().

    {
    return data().m_subject_key_id;
    }

Public_Key* Botan::X509_Certificate::subject_public_key ( ) const

inline

Return a newly allocated copy of the public key associated with the subject of this certificate. This object is owned by the caller.

Returns: public key

Definition at line 50 of file x509cert.h.

Referenced by to_string(), Botan::TLS::Certificate_Verify::verify(), and Botan::OCSP::Response::verify_signature().

          {
          return load_subject_public_key().release();
          }

const AlgorithmIdentifier & Botan::X509_Certificate::subject_public_key_algo ( ) const

Return the algorithm identifier of the public key

Definition at line 374 of file x509cert.cpp.

Referenced by to_string().

    {
    return data().m_subject_public_key_algid;
    }

const std::vector< uint8_t > & Botan::X509_Certificate::subject_public_key_bits ( ) const

Get the public key associated with this certificate. This includes the outer AlgorithmIdentifier

Returns: subject public key of this certificate

Definition at line 389 of file x509cert.cpp.

    {
    return data().m_subject_public_key_bits;
    }

const std::vector< uint8_t > & Botan::X509_Certificate::subject_public_key_bitstring ( ) const

Get the bit string of the public key associated with this certificate

Returns: public key bits

Definition at line 399 of file x509cert.cpp.

Referenced by Botan::OCSP::CertID::CertID(), and Botan::OCSP::CertID::is_id_for().

    {
    return data().m_subject_public_key_bitstring;
    }

const std::vector< uint8_t > & Botan::X509_Certificate::subject_public_key_bitstring_sha1 ( ) const

Get the SHA-1 bit string of the public key associated with this certificate. This is used for OCSP among other protocols. This function will throw if SHA-1 is not available.

Returns: hash of subject public key of this certificate

Definition at line 404 of file x509cert.cpp.

    {
    if(data().m_subject_public_key_bitstring_sha1.empty())
       throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build");
 
    return data().m_subject_public_key_bitstring_sha1;
    }

const std::vector< uint8_t > & Botan::X509_Certificate::subject_public_key_info ( ) const

Get the SubjectPublicKeyInfo associated with this certificate.

Returns: subject public key info of this certificate

Definition at line 394 of file x509cert.cpp.

Referenced by load_subject_public_key().

    {
    return data().m_subject_public_key_bits_seq;
    }

std::vector< uint8_t > Botan::X509_Object::tbs_data ( ) const

inherited

The underlying data that is to be or was signed

Returns: data that is or was signed

Definition at line 130 of file x509_obj.cpp.

References Botan::ASN1::put_in_sequence().

Referenced by Botan::X509_Object::verify_signature().

    {
    return ASN1::put_in_sequence(m_tbs_bits);
    }

std::string Botan::X509_Certificate::to_string ( ) const

Returns: a free-form string describing the certificate

Definition at line 779 of file x509cert.cpp.

References authority_key_id(), ca_issuers(), certificate_policy_oids(), constraints(), crl_distribution_point(), Botan::CRL_SIGN, Botan::DATA_ENCIPHERMENT, Botan::DECIPHER_ONLY, Botan::DIGITAL_SIGNATURE, Botan::ENCIPHER_ONLY, ex_constraints(), Botan::NameConstraints::excluded(), extended_key_usage(), Botan::AlgorithmIdentifier::get_oid(), Botan::hex_encode(), issuer_dn(), Botan::KEY_AGREEMENT, Botan::KEY_CERT_SIGN, Botan::KEY_ENCIPHERMENT, name_constraints(), Botan::NO_CONSTRAINTS, Botan::NON_REPUDIATION, not_after(), not_before(), ocsp_responder(), Botan::X509::PEM_encode(), Botan::NameConstraints::permitted(), policies(), Botan::X509_Time::readable_string(), serial_number(), Botan::X509_Object::signature_algorithm(), subject_dn(), subject_key_id(), subject_public_key(), subject_public_key_algo(), Botan::OID::to_formatted_string(), Botan::OID::to_string(), and x509_version().

    {
    std::ostringstream out;
 
    out << "Version: " << this->x509_version() << "\n";
    out << "Subject: " << subject_dn() << "\n";
    out << "Issuer: " << issuer_dn() << "\n";
    out << "Issued: " << this->not_before().readable_string() << "\n";
    out << "Expires: " << this->not_after().readable_string() << "\n";
 
    out << "Constraints:\n";
    Key_Constraints constraints = this->constraints();
    if(constraints == NO_CONSTRAINTS)
       out << " None\n";
    else
       {
       if(constraints & DIGITAL_SIGNATURE)
          out << "   Digital Signature\n";
       if(constraints & NON_REPUDIATION)
          out << "   Non-Repudiation\n";
       if(constraints & KEY_ENCIPHERMENT)
          out << "   Key Encipherment\n";
       if(constraints & DATA_ENCIPHERMENT)
          out << "   Data Encipherment\n";
       if(constraints & KEY_AGREEMENT)
          out << "   Key Agreement\n";
       if(constraints & KEY_CERT_SIGN)
          out << "   Cert Sign\n";
       if(constraints & CRL_SIGN)
          out << "   CRL Sign\n";
       if(constraints & ENCIPHER_ONLY)
          out << "   Encipher Only\n";
       if(constraints & DECIPHER_ONLY)
          out << "   Decipher Only\n";
       }
 
    const std::vector<OID>& policies = this->certificate_policy_oids();
    if(!policies.empty())
       {
       out << "Policies: " << "\n";
       for(auto oid : policies)
          out << "   " << oid.to_string() << "\n";
       }
 
    const std::vector<OID>& ex_constraints = this->extended_key_usage();
    if(!ex_constraints.empty())
       {
       out << "Extended Constraints:\n";
       for(auto&& oid : ex_constraints)
          {
          out << "   " << oid.to_formatted_string() << "\n";
          }
       }
 
    const NameConstraints& name_constraints = this->name_constraints();
 
    if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty())
       {
       out << "Name Constraints:\n";
 
       if(!name_constraints.permitted().empty())
          {
          out << "   Permit";
          for(auto st: name_constraints.permitted())
             {
             out << " " << st.base();
             }
          out << "\n";
          }
 
       if(!name_constraints.excluded().empty())
          {
          out << "   Exclude";
          for(auto st: name_constraints.excluded())
             {
             out << " " << st.base();
             }
          out << "\n";
          }
       }
 
    if(!ocsp_responder().empty())
       out << "OCSP responder " << ocsp_responder() << "\n";
 
    const std::vector<std::string> ca_issuers = this->ca_issuers();
    if(!ca_issuers.empty())
       {
       out << "CA Issuers:\n";
       for(size_t i = 0; i != ca_issuers.size(); i++)
          out << "   URI: " << ca_issuers[i] << "\n";
       }
 
    if(!crl_distribution_point().empty())
       out << "CRL " << crl_distribution_point() << "\n";
 
    out << "Signature algorithm: " << this->signature_algorithm().get_oid().to_formatted_string() << "\n";
 
    out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
 
    if(this->authority_key_id().size())
      out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
 
    if(this->subject_key_id().size())
      out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
 
    try
       {
       std::unique_ptr<Public_Key> pubkey(this->subject_public_key());
       out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n";
       out << X509::PEM_encode(*pubkey);
       }
    catch(Decoding_Error&)
       {
       const AlgorithmIdentifier& alg_id = this->subject_public_key_algo();
       out << "Failed to decode key with oid " << alg_id.get_oid().to_string() << "\n";
       }
 
    return out.str();
    }

const std::vector< uint8_t > & Botan::X509_Certificate::v2_issuer_key_id ( ) const

Return the v2 issuer key ID. v2 key IDs are almost never used, instead see v3_subject_key_id.

Definition at line 379 of file x509cert.cpp.

Referenced by issuer_info().

    {
    return data().m_v2_issuer_key_id;
    }

const std::vector< uint8_t > & Botan::X509_Certificate::v2_subject_key_id ( ) const

Return the v2 subject key ID. v2 key IDs are almost never used, instead see v3_subject_key_id.

Definition at line 384 of file x509cert.cpp.

Referenced by subject_info().

    {
    return data().m_v2_subject_key_id;
    }

const Extensions & Botan::X509_Certificate::v3_extensions ( ) const

Get all extensions of this certificate.

Returns: certificate extensions

Definition at line 489 of file x509cert.cpp.

Referenced by is_critical().

    {
    return data().m_v3_extensions;
    }

Certificate_Status_Code Botan::X509_Object::verify_signature ( const Public_Key & key ) const

inherited

Check the signature on this data

Parameters

key	the public key purportedly used to sign this data

Returns: status of the signature - OK if verified or otherwise an indicator of the problem preventing verification.

Definition at line 184 of file x509_obj.cpp.

References Botan::Public_Key::algo_name(), Botan::Public_Key::default_x509_signature_format(), Botan::AlgorithmIdentifier::get_oid(), hash_algo, Botan::X509_Object::signature(), Botan::SIGNATURE_ALGO_BAD_PARAMS, Botan::SIGNATURE_ALGO_UNKNOWN, Botan::X509_Object::signature_algorithm(), Botan::SIGNATURE_ERROR, Botan::split_on(), Botan::X509_Object::tbs_data(), Botan::OID::to_formatted_string(), Botan::ASN1::to_string(), Botan::UNTRUSTED_HASH, Botan::VERIFIED, and Botan::PK_Verifier::verify_message().

Referenced by Botan::X509_Object::check_signature().

    {
    const std::vector<std::string> sig_info =
       split_on(m_sig_algo.get_oid().to_formatted_string(), '/');
 
    if(sig_info.size() < 1 || sig_info.size() > 2 || sig_info[0] != pub_key.algo_name())
       return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
 
    std::string padding;
    if(sig_info.size() == 2)
       padding = sig_info[1];
    else if(sig_info[0] == "Ed25519" || sig_info[0] == "XMSS")
       padding = "Pure";
    else
       return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
 
    const Signature_Format format = pub_key.default_x509_signature_format();
 
    if(padding == "EMSA4")
       {
       // "MUST contain RSASSA-PSS-params"
       if(signature_algorithm().get_parameters().empty())
          {
          return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
          }
 
       Pss_params pss_parameter = decode_pss_params(signature_algorithm().get_parameters());
 
       // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512
       const std::string hash_algo = pss_parameter.hash_algo.get_oid().to_formatted_string();
       if(hash_algo != "SHA-160" &&
          hash_algo != "SHA-224" &&
          hash_algo != "SHA-256" &&
          hash_algo != "SHA-384" &&
          hash_algo != "SHA-512")
          {
          return Certificate_Status_Code::UNTRUSTED_HASH;
          }
 
       const std::string mgf_algo = pss_parameter.mask_gen_algo.get_oid().to_formatted_string();
       if(mgf_algo != "MGF1")
          {
          return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
          }
 
       // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm
       // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512
       if(pss_parameter.mask_gen_hash.get_oid() != pss_parameter.hash_algo.get_oid())
          {
          return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
          }
 
       if(pss_parameter.trailer_field != 1)
          {
          return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
          }
 
       padding += "(" + hash_algo + "," + mgf_algo + "," + std::to_string(pss_parameter.salt_len) + ")";
       }
 
    try
       {
       PK_Verifier verifier(pub_key, padding, format);
       const bool valid = verifier.verify_message(tbs_data(), signature());
 
       if(valid)
          return Certificate_Status_Code::VERIFIED;
       else
          return Certificate_Status_Code::SIGNATURE_ERROR;
       }
    catch(Algorithm_Not_Found&)
       {
       return Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN;
       }
    catch(...)
       {
       // This shouldn't happen, fallback to generic signature error
       return Certificate_Status_Code::SIGNATURE_ERROR;
       }
    }

uint32_t Botan::X509_Certificate::x509_version ( ) const

Get the X509 version of this certificate object.

Returns: X509 version

Definition at line 354 of file x509cert.cpp.

Referenced by subject_info(), and to_string().

    {
    return static_cast<uint32_t>(data().m_version);
    }

The documentation for this class was generated from the following files:

src/lib/x509/x509cert.h
src/lib/x509/x509cert.cpp

Public Member Functions

Static Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation