latest/doxygen/x509_8hpp_source.html

/* Copyright 2017 - 2025 R. Thomas

 * Copyright 2017 - 2025 Quarkslab

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef LIEF_PE_X509_H

#define LIEF_PE_X509_H

#include <array>

#include <memory>

#include <vector>


#include "LIEF/Object.hpp"

#include "LIEF/visibility.h"


#include "LIEF/PE/enums.hpp"


#include "LIEF/PE/signature/types.hpp"


#include "LIEF/enums.hpp"


struct mbedtls_x509_crt;


namespace LIEF {

namespace PE {


class Parser;

class SignatureParser;

class Signature;


class RsaInfo;


class LIEF_API x509 : public Object {


  friend class Parser;

  friend class SignatureParser;

  friend class Signature;


  public:

  using date_t = std::array<int32_t, 6>;


  using certificates_t = std::vector<x509>;


  static certificates_t parse(const std::string& path);


  static certificates_t parse(const std::vector<uint8_t>& content);


  static bool check_time(const date_t& before, const date_t& after);


  static bool time_is_past(const date_t& to);


  static bool time_is_future(const date_t& from);


  enum class KEY_TYPES : uint32_t {

    NONE = 0,

    RSA,

    ECKEY,

    ECKEY_DH,

    ECDSA,

    RSA_ALT,

    RSASSA_PSS,

  };


  enum class VERIFICATION_FLAGS : uint32_t {

    OK                     = 0,

    BADCERT_EXPIRED        = 1 << 0,

    BADCERT_REVOKED        = 1 << 1,

    BADCERT_CN_MISMATCH    = 1 << 2,

    BADCERT_NOT_TRUSTED    = 1 << 3,

    BADCRL_NOT_TRUSTED     = 1 << 4,

    BADCRL_EXPIRED         = 1 << 5,

    BADCERT_MISSING        = 1 << 6,

    BADCERT_SKIP_VERIFY    = 1 << 7,

    BADCERT_OTHER          = 1 << 8,

    BADCERT_FUTURE         = 1 << 9,

    BADCRL_FUTURE          = 1 << 10,

    BADCERT_KEY_USAGE      = 1 << 11,

    BADCERT_EXT_KEY_USAGE  = 1 << 12,

    BADCERT_NS_CERT_TYPE   = 1 << 13,

    BADCERT_BAD_MD         = 1 << 14,

    BADCERT_BAD_PK         = 1 << 15,

    BADCERT_BAD_KEY        = 1 << 16,

    BADCRL_BAD_MD          = 1 << 17,

    BADCRL_BAD_PK          = 1 << 18,

    BADCRL_BAD_KEY         = 1 << 19,

  };


  enum class KEY_USAGE : uint32_t {

    DIGITAL_SIGNATURE = 0,

    NON_REPUDIATION,

    KEY_ENCIPHERMENT,

    DATA_ENCIPHERMENT,

    KEY_AGREEMENT,

    KEY_CERT_SIGN,

    CRL_SIGN,

    ENCIPHER_ONLY,

    DECIPHER_ONLY,

  };


  x509(mbedtls_x509_crt* ca);

  x509(const x509& other);

  x509& operator=(x509 other);

  void swap(x509& other);


  uint32_t version() const;


  std::vector<uint8_t> serial_number() const;


  oid_t signature_algorithm() const;


  date_t valid_from() const;


  date_t valid_to() const;


  std::string issuer() const;


  std::string subject() const;


  bool check_signature(const std::vector<uint8_t>& hash,

                       const std::vector<uint8_t>& signature, ALGORITHMS digest) const;


  std::vector<uint8_t> raw() const;


  KEY_TYPES key_type() const;


  std::unique_ptr<RsaInfo> rsa_info() const;


  VERIFICATION_FLAGS verify(const x509& ca) const;


  VERIFICATION_FLAGS is_trusted_by(const std::vector<x509>& ca) const;


  std::vector<oid_t> certificate_policies() const;


  std::vector<KEY_USAGE> key_usage() const;


  std::vector<oid_t> ext_key_usage() const;


  bool is_ca() const;


  std::vector<uint8_t> signature() const;


  void accept(Visitor& visitor) const override;


  ~x509() override;


  LIEF_API friend std::ostream& operator<<(std::ostream& os, const x509& x509_cert);


  private:

  x509();

  mbedtls_x509_crt* x509_cert_ = nullptr;


};


}

}


ENABLE_BITMASK_OPERATORS(LIEF::PE::x509::VERIFICATION_FLAGS);


#endif

Object.hpp

enums.hpp

types.hpp

LIEF::Object::Object
Object()

LIEF::PE::Parser
Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used...
Definition PE/Parser.hpp:52

LIEF::PE::RsaInfo
Object that wraps a RSA key.
Definition RsaInfo.hpp:29

LIEF::PE::SignatureParser
Definition SignatureParser.hpp:37

LIEF::PE::Signature
Main interface for the PKCS #7 signature scheme.
Definition Signature.hpp:39

LIEF::PE::x509::issuer
std::string issuer() const
Issuer informations.

LIEF::PE::x509::swap
void swap(x509 &other)

LIEF::PE::x509::valid_from
date_t valid_from() const
Start time of certificate validity.

LIEF::PE::x509::KEY_USAGE
KEY_USAGE
Key usage as defined in RFC #5280 - section-4.2.1.3.
Definition x509.hpp:109

LIEF::PE::x509::KEY_USAGE::DECIPHER_ONLY
@ DECIPHER_ONLY
Definition x509.hpp:118

LIEF::PE::x509::KEY_USAGE::KEY_ENCIPHERMENT
@ KEY_ENCIPHERMENT
Definition x509.hpp:112

LIEF::PE::x509::KEY_USAGE::CRL_SIGN
@ CRL_SIGN
Definition x509.hpp:116

LIEF::PE::x509::KEY_USAGE::DIGITAL_SIGNATURE
@ DIGITAL_SIGNATURE
Definition x509.hpp:110

LIEF::PE::x509::KEY_USAGE::ENCIPHER_ONLY
@ ENCIPHER_ONLY
Definition x509.hpp:117

LIEF::PE::x509::KEY_USAGE::NON_REPUDIATION
@ NON_REPUDIATION
Definition x509.hpp:111

LIEF::PE::x509::KEY_USAGE::KEY_AGREEMENT
@ KEY_AGREEMENT
Definition x509.hpp:114

LIEF::PE::x509::KEY_USAGE::KEY_CERT_SIGN
@ KEY_CERT_SIGN
Definition x509.hpp:115

LIEF::PE::x509::KEY_USAGE::DATA_ENCIPHERMENT
@ DATA_ENCIPHERMENT
Definition x509.hpp:113

LIEF::PE::x509::serial_number
std::vector< uint8_t > serial_number() const
Unique id for certificate issued by a specific CA.

LIEF::PE::x509::raw
std::vector< uint8_t > raw() const
The raw x509 bytes (DER encoded).

LIEF::PE::x509::parse
static certificates_t parse(const std::string &path)
Parse x509 certificate(s) from file path.

LIEF::PE::x509::signature
std::vector< uint8_t > signature() const
The signature of the certificate.

LIEF::PE::x509::verify
VERIFICATION_FLAGS verify(const x509 &ca) const
Verify that this certificate has been used to trust the given certificate.

LIEF::PE::x509::Signature
friend class Signature
Definition x509.hpp:47

LIEF::PE::x509::rsa_info
std::unique_ptr< RsaInfo > rsa_info() const
If the underlying public-key scheme is RSA, return the RSA information. Otherwise,...

LIEF::PE::x509::accept
void accept(Visitor &visitor) const override

LIEF::PE::x509::operator=
x509 & operator=(x509 other)

LIEF::PE::x509::subject
std::string subject() const
Subject informations.

LIEF::PE::x509::key_usage
std::vector< KEY_USAGE > key_usage() const
Purpose of the key contained in the certificate.

LIEF::PE::x509::time_is_past
static bool time_is_past(const date_t &to)
True if the given time is in the past according to the clock's system.

LIEF::PE::x509::check_time
static bool check_time(const date_t &before, const date_t &after)
Return True if before is before than after. False otherwise.

LIEF::PE::x509::certificates_t
std::vector< x509 > certificates_t
Definition x509.hpp:53

LIEF::PE::x509::signature_algorithm
oid_t signature_algorithm() const
Signature algorithm (OID).

LIEF::PE::x509::is_ca
bool is_ca() const

LIEF::PE::x509::key_type
KEY_TYPES key_type() const
Return the underlying public-key scheme.

LIEF::PE::x509::date_t
std::array< int32_t, 6 > date_t
Tuple (Year, Month, Day, Hour, Minute, Second).
Definition x509.hpp:51

LIEF::PE::x509::~x509
~x509() override

LIEF::PE::x509::SignatureParser
friend class SignatureParser
Definition x509.hpp:46

LIEF::PE::x509::x509
x509(mbedtls_x509_crt *ca)

LIEF::PE::x509::version
uint32_t version() const
X.509 version. (1=v1, 2=v2, 3=v3).

LIEF::PE::x509::Parser
friend class Parser
Definition x509.hpp:45

LIEF::PE::x509::check_signature
bool check_signature(const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const
Try to decrypt the given signature and check if it matches the given hash according to the hash algor...

LIEF::PE::x509::is_trusted_by
VERIFICATION_FLAGS is_trusted_by(const std::vector< x509 > &ca) const
Verify that this certificate is trusted by the given CA list.

LIEF::PE::x509::VERIFICATION_FLAGS
VERIFICATION_FLAGS
Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.
Definition x509.hpp:84

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_FUTURE
@ BADCERT_FUTURE
Definition x509.hpp:95

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_BAD_KEY
@ BADCERT_BAD_KEY
Definition x509.hpp:102

LIEF::PE::x509::VERIFICATION_FLAGS::BADCRL_BAD_KEY
@ BADCRL_BAD_KEY
Definition x509.hpp:105

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_NS_CERT_TYPE
@ BADCERT_NS_CERT_TYPE
Definition x509.hpp:99

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_BAD_MD
@ BADCERT_BAD_MD
Definition x509.hpp:100

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_OTHER
@ BADCERT_OTHER
Definition x509.hpp:94

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_BAD_PK
@ BADCERT_BAD_PK
Definition x509.hpp:101

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_EXT_KEY_USAGE
@ BADCERT_EXT_KEY_USAGE
Definition x509.hpp:98

LIEF::PE::x509::VERIFICATION_FLAGS::BADCRL_BAD_PK
@ BADCRL_BAD_PK
Definition x509.hpp:104

LIEF::PE::x509::VERIFICATION_FLAGS::BADCRL_NOT_TRUSTED
@ BADCRL_NOT_TRUSTED
Definition x509.hpp:90

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_SKIP_VERIFY
@ BADCERT_SKIP_VERIFY
Definition x509.hpp:93

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_MISSING
@ BADCERT_MISSING
Definition x509.hpp:92

LIEF::PE::x509::VERIFICATION_FLAGS::BADCRL_BAD_MD
@ BADCRL_BAD_MD
Definition x509.hpp:103

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_CN_MISMATCH
@ BADCERT_CN_MISMATCH
Definition x509.hpp:88

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_KEY_USAGE
@ BADCERT_KEY_USAGE
Definition x509.hpp:97

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_NOT_TRUSTED
@ BADCERT_NOT_TRUSTED
Definition x509.hpp:89

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_EXPIRED
@ BADCERT_EXPIRED
Definition x509.hpp:86

LIEF::PE::x509::VERIFICATION_FLAGS::BADCERT_REVOKED
@ BADCERT_REVOKED
Definition x509.hpp:87

LIEF::PE::x509::VERIFICATION_FLAGS::OK
@ OK
Definition x509.hpp:85

LIEF::PE::x509::VERIFICATION_FLAGS::BADCRL_EXPIRED
@ BADCRL_EXPIRED
Definition x509.hpp:91

LIEF::PE::x509::VERIFICATION_FLAGS::BADCRL_FUTURE
@ BADCRL_FUTURE
Definition x509.hpp:96

LIEF::PE::x509::x509
x509(const x509 &other)

LIEF::PE::x509::KEY_TYPES
KEY_TYPES
Public key scheme.
Definition x509.hpp:71

LIEF::PE::x509::KEY_TYPES::ECKEY_DH
@ ECKEY_DH
Elliptic-curve Diffie-Hellman.
Definition x509.hpp:75

LIEF::PE::x509::KEY_TYPES::ECKEY
@ ECKEY
Elliptic-curve scheme.
Definition x509.hpp:74

LIEF::PE::x509::KEY_TYPES::RSA
@ RSA
RSA Scheme.
Definition x509.hpp:73

LIEF::PE::x509::KEY_TYPES::RSA_ALT
@ RSA_ALT
RSA scheme with an alternative implementation for signing and decrypting.
Definition x509.hpp:77

LIEF::PE::x509::KEY_TYPES::RSASSA_PSS
@ RSASSA_PSS
RSA Probabilistic signature scheme.
Definition x509.hpp:78

LIEF::PE::x509::KEY_TYPES::ECDSA
@ ECDSA
Elliptic-curve Digital Signature Algorithm.
Definition x509.hpp:76

LIEF::PE::x509::KEY_TYPES::NONE
@ NONE
Unknown scheme.
Definition x509.hpp:72

LIEF::PE::x509::time_is_future
static bool time_is_future(const date_t &from)
True if the given time is in the future according to the clock's system.

LIEF::PE::x509::ext_key_usage
std::vector< oid_t > ext_key_usage() const
Indicates one or more purposes for which the certified public key may be used (OID types).

LIEF::PE::x509::parse
static certificates_t parse(const std::vector< uint8_t > &content)
Parse x509 certificate(s) from raw blob.

LIEF::PE::x509::certificate_policies
std::vector< oid_t > certificate_policies() const
Policy information terms as OID (see RFC #5280).

LIEF::PE::x509::valid_to
date_t valid_to() const
End time of certificate validity.

LIEF::PE::x509::operator<<
friend std::ostream & operator<<(std::ostream &os, const x509 &x509_cert)

LIEF::Visitor
Definition Visitor.hpp:210

enums.hpp

ENABLE_BITMASK_OPERATORS
#define ENABLE_BITMASK_OPERATORS(X)
Definition enums.hpp:24

LIEF::PE
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32

LIEF::PE::ALGORITHMS
ALGORITHMS
Cryptography algorithms.
Definition PE/enums.hpp:28

LIEF::PE::oid_t
std::string oid_t
Definition PE/signature/types.hpp:23

LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:40

LIEF::hash
Hash::value_type hash(const Object &v)

visibility.h

LIEF_API
#define LIEF_API
Definition visibility.h:41