LIEF: Library to Instrument Executable Formats Version 0.17.0
|
Loading...
Searching...
No Matches
Go to the documentation of this file.
31struct mbedtls_x509_crt;
46 friend class SignatureParser;
47 friend class Signature;
49 public:
using date_t = std::array<int32_t, 6>;
53 using certificates_t = std::vector<x509>;
54 static certificates_t
parse(
const std::string& path);
57 static certificates_t
parse(
const std::vector<uint8_t>& content);
60 static bool check_time(
const date_t& before,
const date_t& after);
69 enum class KEY_TYPES : uint32_t {
80 enum class VERIFICATION_FLAGS : uint32_t {
86 BADCERT_EXPIRED = 1 << 0,
87 BADCERT_REVOKED = 1 << 1,
88 BADCERT_CN_MISMATCH = 1 << 2,
89 BADCERT_NOT_TRUSTED = 1 << 3,
90 BADCRL_NOT_TRUSTED = 1 << 4,
91 BADCRL_EXPIRED = 1 << 5,
92 BADCERT_MISSING = 1 << 6,
93 BADCERT_SKIP_VERIFY = 1 << 7,
94 BADCERT_OTHER = 1 << 8,
95 BADCERT_FUTURE = 1 << 9,
96 BADCRL_FUTURE = 1 << 10,
97 BADCERT_KEY_USAGE = 1 << 11,
98 BADCERT_EXT_KEY_USAGE = 1 << 12,
99 BADCERT_NS_CERT_TYPE = 1 << 13,
100 BADCERT_BAD_MD = 1 << 14,
101 BADCERT_BAD_PK = 1 << 15,
102 BADCERT_BAD_KEY = 1 << 16,
103 BADCRL_BAD_MD = 1 << 17,
104 BADCRL_BAD_PK = 1 << 18,
105 BADCRL_BAD_KEY = 1 << 19,
107 enum class KEY_USAGE : uint32_t {
110 DIGITAL_SIGNATURE = 0,
140 std::string
issuer()
const;
150 const std::vector<uint8_t>& signature, ALGORITHMS digest)
const;
151 std::vector<uint8_t>
raw()
const;
157 std::unique_ptr<RsaInfo>
rsa_info()
const;
161 VERIFICATION_FLAGS
verify(
const x509& ca)
const;
164 VERIFICATION_FLAGS
is_trusted_by(
const std::vector<x509>& ca)
const;
170 std::vector<KEY_USAGE>
key_usage()
const;
182 void accept(Visitor& visitor)
const override;
190 mbedtls_x509_crt* x509_cert_ =
nullptr;
Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used...
Definition PE/Parser.hpp:47
Object that wraps a RSA key.
Definition RsaInfo.hpp:29
Definition SignatureParser.hpp:37
Main interface for the PKCS #7 signature scheme.
Definition Signature.hpp:39
Interface over a x509 certificate.
Definition x509.hpp:43
std::string issuer() const
Issuer informations.
date_t valid_from() const
Start time of certificate validity.
std::vector< uint8_t > serial_number() const
Unique id for certificate issued by a specific CA.
std::vector< uint8_t > raw() const
The raw x509 bytes (DER encoded)
static certificates_t parse(const std::string &path)
Parse x509 certificate(s) from file path.
std::vector< uint8_t > signature() const
The signature of the certificate.
VERIFICATION_FLAGS verify(const x509 &ca) const
Verify that this certificate has been used to trust the given certificate.
std::unique_ptr< RsaInfo > rsa_info() const
If the underlying public-key scheme is RSA, return the RSA information. Otherwise,...
void accept(Visitor &visitor) const override
x509 & operator=(x509 other)
std::string subject() const
Subject informations.
std::vector< KEY_USAGE > key_usage() const
Purpose of the key contained in the certificate.
static bool time_is_past(const date_t &to)
True if the given time is in the past according to the clock's system.
static bool check_time(const date_t &before, const date_t &after)
Return True if before is before than after. False otherwise.
oid_t signature_algorithm() const
Signature algorithm (OID)
KEY_TYPES key_type() const
Return the underlying public-key scheme.
x509(mbedtls_x509_crt *ca)
uint32_t version() const
X.509 version. (1=v1, 2=v2, 3=v3)
bool check_signature(const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const
Try to decrypt the given signature and check if it matches the given hash according to the hash algor...
VERIFICATION_FLAGS is_trusted_by(const std::vector< x509 > &ca) const
Verify that this certificate is trusted by the given CA list.
VERIFICATION_FLAGS
Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.
Definition x509.hpp:84
static bool time_is_future(const date_t &from)
True if the given time is in the future according to the clock's system.
std::vector< oid_t > ext_key_usage() const
Indicates one or more purposes for which the certified public key may be used (OID types)
static certificates_t parse(const std::vector< uint8_t > &content)
Parse x509 certificate(s) from raw blob.
std::vector< oid_t > certificate_policies() const
Policy information terms as OID (see RFC #5280)
date_t valid_to() const
End time of certificate validity.
friend std::ostream & operator<<(std::ostream &os, const x509 &x509_cert)
#define ENABLE_BITMASK_OPERATORS(X)
Definition enums.hpp:24
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32
@ RSA
Definition PE/enums.hpp:697
std::string oid_t
Definition PE/signature/types.hpp:23
LIEF namespace.
Definition Abstract/Binary.hpp:36
#define LIEF_API
Definition visibility.h:41