LIEF: Library to Instrument Executable Formats Version 0.17.0
Loading...
Searching...
No Matches
x509.hpp
Go to the documentation of this file.
1/* Copyright 2017 - 2024 R. Thomas
2 * Copyright 2017 - 2024 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_PE_X509_H
17#define LIEF_PE_X509_H
18#include <array>
19#include <memory>
20#include <vector>
21
22#include "LIEF/Object.hpp"
23#include "LIEF/visibility.h"
24
25#include "LIEF/PE/enums.hpp"
26
28
29#include "LIEF/enums.hpp"
30
31struct mbedtls_x509_crt;
32
33namespace LIEF {
34namespace PE {
35
36class Parser;
37class SignatureParser;
38class Signature;
39
40class RsaInfo;
41class LIEF_API x509 : public Object {
44
45 friend class Parser;
46 friend class SignatureParser;
47 friend class Signature;
48
49 public: using date_t = std::array<int32_t, 6>;
52
53 using certificates_t = std::vector<x509>;
54 static certificates_t parse(const std::string& path);
57 static certificates_t parse(const std::vector<uint8_t>& content);
60 static bool check_time(const date_t& before, const date_t& after);
63 static bool time_is_past(const date_t& to);
66 static bool time_is_future(const date_t& from);
69 enum class KEY_TYPES : uint32_t {
72 NONE = 0,
74 ECKEY,
75 ECKEY_DH,
76 ECDSA,
77 RSA_ALT,
78 RSASSA_PSS,
79 };
80 enum class VERIFICATION_FLAGS : uint32_t {
85 OK = 0,
86 BADCERT_EXPIRED = 1 << 0,
87 BADCERT_REVOKED = 1 << 1,
88 BADCERT_CN_MISMATCH = 1 << 2,
89 BADCERT_NOT_TRUSTED = 1 << 3,
90 BADCRL_NOT_TRUSTED = 1 << 4,
91 BADCRL_EXPIRED = 1 << 5,
92 BADCERT_MISSING = 1 << 6,
93 BADCERT_SKIP_VERIFY = 1 << 7,
94 BADCERT_OTHER = 1 << 8,
95 BADCERT_FUTURE = 1 << 9,
96 BADCRL_FUTURE = 1 << 10,
97 BADCERT_KEY_USAGE = 1 << 11,
98 BADCERT_EXT_KEY_USAGE = 1 << 12,
99 BADCERT_NS_CERT_TYPE = 1 << 13,
100 BADCERT_BAD_MD = 1 << 14,
101 BADCERT_BAD_PK = 1 << 15,
102 BADCERT_BAD_KEY = 1 << 16,
103 BADCRL_BAD_MD = 1 << 17,
104 BADCRL_BAD_PK = 1 << 18,
105 BADCRL_BAD_KEY = 1 << 19,
106 };
107 enum class KEY_USAGE : uint32_t {
110 DIGITAL_SIGNATURE = 0,
111 NON_REPUDIATION,
112 KEY_ENCIPHERMENT,
113 DATA_ENCIPHERMENT,
114 KEY_AGREEMENT,
115 KEY_CERT_SIGN,
116 CRL_SIGN,
117 ENCIPHER_ONLY,
118 DECIPHER_ONLY,
119 };
120
121 x509(mbedtls_x509_crt* ca);
122 x509(const x509& other);
123 x509& operator=(x509 other);
124 void swap(x509& other);
125 uint32_t version() const;
128 std::vector<uint8_t> serial_number() const;
131 oid_t signature_algorithm() const;
134 date_t valid_from() const;
137 date_t valid_to() const;
140 std::string issuer() const;
143 std::string subject() const;
146 bool check_signature(const std::vector<uint8_t>& hash,
150 const std::vector<uint8_t>& signature, ALGORITHMS digest) const;
151 std::vector<uint8_t> raw() const;
154 KEY_TYPES key_type() const;
157 std::unique_ptr<RsaInfo> rsa_info() const;
161 VERIFICATION_FLAGS verify(const x509& ca) const;
164 VERIFICATION_FLAGS is_trusted_by(const std::vector<x509>& ca) const;
167 std::vector<oid_t> certificate_policies() const;
170 std::vector<KEY_USAGE> key_usage() const;
173 std::vector<oid_t> ext_key_usage() const;
176
177 bool is_ca() const;
178 std::vector<uint8_t> signature() const;
181
182 void accept(Visitor& visitor) const override;
183
184 ~x509() override;
185
186 LIEF_API friend std::ostream& operator<<(std::ostream& os, const x509& x509_cert);
187
188 private:
189 x509();
190 mbedtls_x509_crt* x509_cert_ = nullptr;
191
192};
193
194}
195}
196
197ENABLE_BITMASK_OPERATORS(LIEF::PE::x509::VERIFICATION_FLAGS)
198
199#endif
Object.hpp
enums.hpp
types.hpp
LIEF::PE::Parser
Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used...
Definition PE/Parser.hpp:47
LIEF::PE::RsaInfo
Object that wraps a RSA key.
Definition RsaInfo.hpp:29
LIEF::PE::SignatureParser
Definition SignatureParser.hpp:37
LIEF::PE::Signature
Main interface for the PKCS #7 signature scheme.
Definition Signature.hpp:39
LIEF::PE::x509
Interface over a x509 certificate.
Definition x509.hpp:43
LIEF::PE::x509::issuer
std::string issuer() const
Issuer informations.
LIEF::PE::x509::swap
void swap(x509 &other)
LIEF::PE::x509::valid_from
date_t valid_from() const
Start time of certificate validity.
LIEF::PE::x509::serial_number
std::vector< uint8_t > serial_number() const
Unique id for certificate issued by a specific CA.
LIEF::PE::x509::raw
std::vector< uint8_t > raw() const
The raw x509 bytes (DER encoded)
LIEF::PE::x509::parse
static certificates_t parse(const std::string &path)
Parse x509 certificate(s) from file path.
LIEF::PE::x509::signature
std::vector< uint8_t > signature() const
The signature of the certificate.
LIEF::PE::x509::verify
VERIFICATION_FLAGS verify(const x509 &ca) const
Verify that this certificate has been used to trust the given certificate.
LIEF::PE::x509::rsa_info
std::unique_ptr< RsaInfo > rsa_info() const
If the underlying public-key scheme is RSA, return the RSA information. Otherwise,...
LIEF::PE::x509::accept
void accept(Visitor &visitor) const override
LIEF::PE::x509::operator=
x509 & operator=(x509 other)
LIEF::PE::x509::subject
std::string subject() const
Subject informations.
LIEF::PE::x509::key_usage
std::vector< KEY_USAGE > key_usage() const
Purpose of the key contained in the certificate.
LIEF::PE::x509::time_is_past
static bool time_is_past(const date_t &to)
True if the given time is in the past according to the clock's system.
LIEF::PE::x509::check_time
static bool check_time(const date_t &before, const date_t &after)
Return True if before is before than after. False otherwise.
LIEF::PE::x509::signature_algorithm
oid_t signature_algorithm() const
Signature algorithm (OID)
LIEF::PE::x509::is_ca
bool is_ca() const
LIEF::PE::x509::key_type
KEY_TYPES key_type() const
Return the underlying public-key scheme.
LIEF::PE::x509::~x509
~x509() override
LIEF::PE::x509::x509
x509(mbedtls_x509_crt *ca)
LIEF::PE::x509::version
uint32_t version() const
X.509 version. (1=v1, 2=v2, 3=v3)
LIEF::PE::x509::check_signature
bool check_signature(const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const
Try to decrypt the given signature and check if it matches the given hash according to the hash algor...
LIEF::PE::x509::is_trusted_by
VERIFICATION_FLAGS is_trusted_by(const std::vector< x509 > &ca) const
Verify that this certificate is trusted by the given CA list.
LIEF::PE::x509::VERIFICATION_FLAGS
VERIFICATION_FLAGS
Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.
Definition x509.hpp:84
LIEF::PE::x509::x509
x509(const x509 &other)
LIEF::PE::x509::time_is_future
static bool time_is_future(const date_t &from)
True if the given time is in the future according to the clock's system.
LIEF::PE::x509::ext_key_usage
std::vector< oid_t > ext_key_usage() const
Indicates one or more purposes for which the certified public key may be used (OID types)
LIEF::PE::x509::parse
static certificates_t parse(const std::vector< uint8_t > &content)
Parse x509 certificate(s) from raw blob.
LIEF::PE::x509::certificate_policies
std::vector< oid_t > certificate_policies() const
Policy information terms as OID (see RFC #5280)
LIEF::PE::x509::valid_to
date_t valid_to() const
End time of certificate validity.
LIEF::PE::x509::operator<<
friend std::ostream & operator<<(std::ostream &os, const x509 &x509_cert)
enums.hpp
ENABLE_BITMASK_OPERATORS
#define ENABLE_BITMASK_OPERATORS(X)
Definition enums.hpp:24
LIEF::PE
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32
LIEF::PE::ALGORITHMS::RSA
@ RSA
Definition PE/enums.hpp:697
LIEF::PE::oid_t
std::string oid_t
Definition PE/signature/types.hpp:23
LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:36
visibility.h
LIEF_API
#define LIEF_API
Definition visibility.h:41