LIEF: Library to Instrument Executable Formats Version 0.17.0
|
Interface over a x509 certificate. More...
#include <x509.hpp>
Public Types | |
enum class | KEY_TYPES : uint32_t { NONE = 0 , RSA , ECKEY , ECKEY_DH , ECDSA , RSA_ALT , RSASSA_PSS } |
Public key scheme. More... | |
enum class | VERIFICATION_FLAGS : uint32_t { OK = 0 , BADCERT_EXPIRED = 1 << 0 , BADCERT_REVOKED = 1 << 1 , BADCERT_CN_MISMATCH = 1 << 2 , BADCERT_NOT_TRUSTED = 1 << 3 , BADCRL_NOT_TRUSTED = 1 << 4 , BADCRL_EXPIRED = 1 << 5 , BADCERT_MISSING = 1 << 6 , BADCERT_SKIP_VERIFY = 1 << 7 , BADCERT_OTHER = 1 << 8 , BADCERT_FUTURE = 1 << 9 , BADCRL_FUTURE = 1 << 10 , BADCERT_KEY_USAGE = 1 << 11 , BADCERT_EXT_KEY_USAGE = 1 << 12 , BADCERT_NS_CERT_TYPE = 1 << 13 , BADCERT_BAD_MD = 1 << 14 , BADCERT_BAD_PK = 1 << 15 , BADCERT_BAD_KEY = 1 << 16 , BADCRL_BAD_MD = 1 << 17 , BADCRL_BAD_PK = 1 << 18 , BADCRL_BAD_KEY = 1 << 19 } |
Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX. More... | |
enum class | KEY_USAGE : uint32_t { DIGITAL_SIGNATURE = 0 , NON_REPUDIATION , KEY_ENCIPHERMENT , DATA_ENCIPHERMENT , KEY_AGREEMENT , KEY_CERT_SIGN , CRL_SIGN , ENCIPHER_ONLY , DECIPHER_ONLY } |
Key usage as defined in RFC #5280 - section-4.2.1.3 More... | |
using | date_t = std::array<int32_t, 6> |
Tuple (Year, Month, Day, Hour, Minute, Second) | |
using | certificates_t = std::vector<x509> |
Public Types inherited from LIEF::Object | |
template<class T > | |
using | output_t = add_pointer_t<decay_t<T>> |
template<class T > | |
using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Public Member Functions | |
x509 (mbedtls_x509_crt *ca) | |
x509 (const x509 &other) | |
x509 & | operator= (x509 other) |
void | swap (x509 &other) |
uint32_t | version () const |
X.509 version. (1=v1, 2=v2, 3=v3) | |
std::vector< uint8_t > | serial_number () const |
Unique id for certificate issued by a specific CA. | |
oid_t | signature_algorithm () const |
Signature algorithm (OID) | |
date_t | valid_from () const |
Start time of certificate validity. | |
date_t | valid_to () const |
End time of certificate validity. | |
std::string | issuer () const |
Issuer informations. | |
std::string | subject () const |
Subject informations. | |
bool | check_signature (const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const |
Try to decrypt the given signature and check if it matches the given hash according to the hash algorithm provided. | |
std::vector< uint8_t > | raw () const |
The raw x509 bytes (DER encoded) | |
KEY_TYPES | key_type () const |
Return the underlying public-key scheme. | |
std::unique_ptr< RsaInfo > | rsa_info () const |
If the underlying public-key scheme is RSA, return the RSA information. Otherwise, return a nullptr | |
VERIFICATION_FLAGS | verify (const x509 &ca) const |
Verify that this certificate has been used to trust the given certificate. | |
VERIFICATION_FLAGS | is_trusted_by (const std::vector< x509 > &ca) const |
Verify that this certificate is trusted by the given CA list. | |
std::vector< oid_t > | certificate_policies () const |
Policy information terms as OID (see RFC #5280) | |
std::vector< KEY_USAGE > | key_usage () const |
Purpose of the key contained in the certificate. | |
std::vector< oid_t > | ext_key_usage () const |
Indicates one or more purposes for which the certified public key may be used (OID types) | |
bool | is_ca () const |
std::vector< uint8_t > | signature () const |
The signature of the certificate. | |
void | accept (Visitor &visitor) const override |
~x509 () override | |
Public Member Functions inherited from LIEF::Object | |
Object () | |
Object (const Object &other) | |
Object & | operator= (const Object &other) |
template<class T > | |
output_t< T > | as () |
template<class T > | |
output_const_t< T > | as () const |
virtual bool | operator== (const Object &other) const |
virtual bool | operator!= (const Object &other) const |
virtual | ~Object () |
Static Public Member Functions | |
static certificates_t | parse (const std::string &path) |
Parse x509 certificate(s) from file path. | |
static certificates_t | parse (const std::vector< uint8_t > &content) |
Parse x509 certificate(s) from raw blob. | |
static bool | check_time (const date_t &before, const date_t &after) |
Return True if before is before than after . False otherwise. | |
static bool | time_is_past (const date_t &to) |
True if the given time is in the past according to the clock's system. | |
static bool | time_is_future (const date_t &from) |
True if the given time is in the future according to the clock's system. | |
Interface over a x509 certificate.
using LIEF::PE::x509::certificates_t = std::vector<x509> |
using LIEF::PE::x509::date_t = std::array<int32_t, 6> |
Tuple (Year, Month, Day, Hour, Minute, Second)
|
strong |
Public key scheme.
Enumerator | |
---|---|
NONE | Unknown scheme. |
RSA | RSA Scheme. |
ECKEY | Elliptic-curve scheme. |
ECKEY_DH | Elliptic-curve Diffie-Hellman. |
ECDSA | Elliptic-curve Digital Signature Algorithm. |
RSA_ALT | RSA scheme with an alternative implementation for signing and decrypting. |
RSASSA_PSS | RSA Probabilistic signature scheme. |
|
strong |
Key usage as defined in RFC #5280 - section-4.2.1.3
|
strong |
Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.
It must be sync with include/mbedtls/x509.h
LIEF::PE::x509::x509 | ( | mbedtls_x509_crt * | ca | ) |
LIEF::PE::x509::x509 | ( | const x509 & | other | ) |
|
override |
|
overridevirtual |
Implements LIEF::Object.
std::vector< oid_t > LIEF::PE::x509::certificate_policies | ( | ) | const |
Policy information terms as OID (see RFC #5280)
bool LIEF::PE::x509::check_signature | ( | const std::vector< uint8_t > & | hash, |
const std::vector< uint8_t > & | signature, | ||
ALGORITHMS | digest ) const |
Try to decrypt the given signature and check if it matches the given hash according to the hash algorithm provided.
Return True if before
is before than after
. False otherwise.
std::vector< oid_t > LIEF::PE::x509::ext_key_usage | ( | ) | const |
Indicates one or more purposes for which the certified public key may be used (OID types)
bool LIEF::PE::x509::is_ca | ( | ) | const |
VERIFICATION_FLAGS LIEF::PE::x509::is_trusted_by | ( | const std::vector< x509 > & | ca | ) | const |
Verify that this certificate is trusted by the given CA list.
std::string LIEF::PE::x509::issuer | ( | ) | const |
Issuer informations.
KEY_TYPES LIEF::PE::x509::key_type | ( | ) | const |
Return the underlying public-key scheme.
std::vector< KEY_USAGE > LIEF::PE::x509::key_usage | ( | ) | const |
Purpose of the key contained in the certificate.
|
static |
Parse x509 certificate(s) from file path.
|
static |
Parse x509 certificate(s) from raw blob.
std::vector< uint8_t > LIEF::PE::x509::raw | ( | ) | const |
The raw x509 bytes (DER encoded)
std::unique_ptr< RsaInfo > LIEF::PE::x509::rsa_info | ( | ) | const |
If the underlying public-key scheme is RSA, return the RSA information. Otherwise, return a nullptr
std::vector< uint8_t > LIEF::PE::x509::serial_number | ( | ) | const |
Unique id for certificate issued by a specific CA.
std::vector< uint8_t > LIEF::PE::x509::signature | ( | ) | const |
The signature of the certificate.
std::string LIEF::PE::x509::subject | ( | ) | const |
Subject informations.
void LIEF::PE::x509::swap | ( | x509 & | other | ) |
|
static |
True if the given time is in the future according to the clock's system.
|
static |
True if the given time is in the past according to the clock's system.
date_t LIEF::PE::x509::valid_from | ( | ) | const |
Start time of certificate validity.
date_t LIEF::PE::x509::valid_to | ( | ) | const |
End time of certificate validity.
VERIFICATION_FLAGS LIEF::PE::x509::verify | ( | const x509 & | ca | ) | const |
Verify that this certificate has been used to trust the given certificate.
uint32_t LIEF::PE::x509::version | ( | ) | const |
X.509 version. (1=v1, 2=v2, 3=v3)