LIEF: Library to Instrument Executable Formats Version 0.17.1
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | List of all members
LIEF::PE::x509 Class Reference

Interface over a x509 certificate. More...

#include <x509.hpp>

Inheritance diagram for LIEF::PE::x509:
Inheritance graph
[legend]
Collaboration diagram for LIEF::PE::x509:
Collaboration graph
[legend]

Public Types

enum class  KEY_TYPES : uint32_t {
  NONE = 0 , RSA , ECKEY , ECKEY_DH ,
  ECDSA , RSA_ALT , RSASSA_PSS
}
 Public key scheme. More...
enum class  VERIFICATION_FLAGS : uint32_t {
  OK = 0 , BADCERT_EXPIRED = 1 << 0 , BADCERT_REVOKED = 1 << 1 , BADCERT_CN_MISMATCH = 1 << 2 ,
  BADCERT_NOT_TRUSTED = 1 << 3 , BADCRL_NOT_TRUSTED = 1 << 4 , BADCRL_EXPIRED = 1 << 5 , BADCERT_MISSING = 1 << 6 ,
  BADCERT_SKIP_VERIFY = 1 << 7 , BADCERT_OTHER = 1 << 8 , BADCERT_FUTURE = 1 << 9 , BADCRL_FUTURE = 1 << 10 ,
  BADCERT_KEY_USAGE = 1 << 11 , BADCERT_EXT_KEY_USAGE = 1 << 12 , BADCERT_NS_CERT_TYPE = 1 << 13 , BADCERT_BAD_MD = 1 << 14 ,
  BADCERT_BAD_PK = 1 << 15 , BADCERT_BAD_KEY = 1 << 16 , BADCRL_BAD_MD = 1 << 17 , BADCRL_BAD_PK = 1 << 18 ,
  BADCRL_BAD_KEY = 1 << 19
}
 Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX. More...
enum class  KEY_USAGE : uint32_t {
  DIGITAL_SIGNATURE = 0 , NON_REPUDIATION , KEY_ENCIPHERMENT , DATA_ENCIPHERMENT ,
  KEY_AGREEMENT , KEY_CERT_SIGN , CRL_SIGN , ENCIPHER_ONLY ,
  DECIPHER_ONLY
}
 Key usage as defined in RFC #5280 - section-4.2.1.3. More...
using date_t = std::array<int32_t, 6>
 Tuple (Year, Month, Day, Hour, Minute, Second).
using certificates_t = std::vector<x509>
Public Types inherited from LIEF::Object
template<class T>
using output_t = add_pointer_t<decay_t<T>>
template<class T>
using output_const_t = add_pointer_t<add_const_t<decay_t<T>>>

Public Member Functions

 x509 (mbedtls_x509_crt *ca)
 x509 (const x509 &other)
x509operator= (x509 other)
void swap (x509 &other)
uint32_t version () const
 X.509 version. (1=v1, 2=v2, 3=v3).
std::vector< uint8_t > serial_number () const
 Unique id for certificate issued by a specific CA.
oid_t signature_algorithm () const
 Signature algorithm (OID).
date_t valid_from () const
 Start time of certificate validity.
date_t valid_to () const
 End time of certificate validity.
std::string issuer () const
 Issuer informations.
std::string subject () const
 Subject informations.
bool check_signature (const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const
 Try to decrypt the given signature and check if it matches the given hash according to the hash algorithm provided.
std::vector< uint8_t > raw () const
 The raw x509 bytes (DER encoded).
KEY_TYPES key_type () const
 Return the underlying public-key scheme.
std::unique_ptr< RsaInforsa_info () const
 If the underlying public-key scheme is RSA, return the RSA information. Otherwise, return a nullptr
VERIFICATION_FLAGS verify (const x509 &ca) const
 Verify that this certificate has been used to trust the given certificate.
VERIFICATION_FLAGS is_trusted_by (const std::vector< x509 > &ca) const
 Verify that this certificate is trusted by the given CA list.
std::vector< oid_tcertificate_policies () const
 Policy information terms as OID (see RFC #5280).
std::vector< KEY_USAGEkey_usage () const
 Purpose of the key contained in the certificate.
std::vector< oid_text_key_usage () const
 Indicates one or more purposes for which the certified public key may be used (OID types).
bool is_ca () const
std::vector< uint8_t > signature () const
 The signature of the certificate.
void accept (Visitor &visitor) const override
 ~x509 () override
Public Member Functions inherited from LIEF::Object
 Object ()
 Object (const Object &other)
Objectoperator= (const Object &other)
 Object (Object &&other) noexcept=default
Objectoperator= (Object &&other) noexcept=default
template<class T>
output_t< T > as ()
template<class T>
output_const_t< T > as () const
virtual bool operator== (const Object &other) const
virtual bool operator!= (const Object &other) const
virtual ~Object ()

Static Public Member Functions

static certificates_t parse (const std::string &path)
 Parse x509 certificate(s) from file path.
static certificates_t parse (const std::vector< uint8_t > &content)
 Parse x509 certificate(s) from raw blob.
static bool check_time (const date_t &before, const date_t &after)
 Return True if before is before than after. False otherwise.
static bool time_is_past (const date_t &to)
 True if the given time is in the past according to the clock's system.
static bool time_is_future (const date_t &from)
 True if the given time is in the future according to the clock's system.

Detailed Description

Interface over a x509 certificate.

Member Typedef Documentation

◆ certificates_t

using LIEF::PE::x509::certificates_t = std::vector<x509>

◆ date_t

using LIEF::PE::x509::date_t = std::array<int32_t, 6>

Tuple (Year, Month, Day, Hour, Minute, Second).

Member Enumeration Documentation

◆ KEY_TYPES

enum class LIEF::PE::x509::KEY_TYPES : uint32_t
strong

Public key scheme.

Enumerator
NONE 

Unknown scheme.

RSA 

RSA Scheme.

ECKEY 

Elliptic-curve scheme.

ECKEY_DH 

Elliptic-curve Diffie-Hellman.

ECDSA 

Elliptic-curve Digital Signature Algorithm.

RSA_ALT 

RSA scheme with an alternative implementation for signing and decrypting.

RSASSA_PSS 

RSA Probabilistic signature scheme.

◆ KEY_USAGE

enum class LIEF::PE::x509::KEY_USAGE : uint32_t
strong

Key usage as defined in RFC #5280 - section-4.2.1.3.

Enumerator
DIGITAL_SIGNATURE 

The key is used for digital signature

NON_REPUDIATION 

The key is used for digital signature AND to protects against falsely denying some action

KEY_ENCIPHERMENT 

The key is used for enciphering private or secret keys

DATA_ENCIPHERMENT 

The key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher

KEY_AGREEMENT 

The Key is used for key agreement. (e.g. with Diffie-Hellman)

KEY_CERT_SIGN 

The key is used for verifying signatures on public key certificates

CRL_SIGN 

The key is used for verifying signatures on certificate revocation lists

ENCIPHER_ONLY 

In association with KEY_AGREEMENT (otherwise the meaning is undefined), the key is only used for enciphering data while performing key agreement

DECIPHER_ONLY 

In association with KEY_AGREEMENT (otherwise the meaning is undefined), the key is only used for deciphering data while performing key agreement

◆ VERIFICATION_FLAGS

enum class LIEF::PE::x509::VERIFICATION_FLAGS : uint32_t
strong

Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.

It must be sync with include/mbedtls/x509.h

Enumerator
OK 

The verification succeed

BADCERT_EXPIRED 

The certificate validity has expired.

BADCERT_REVOKED 

The certificate has been revoked (is on a CRL).

BADCERT_CN_MISMATCH 

The certificate Common Name (CN) does not match with the expected CN.

BADCERT_NOT_TRUSTED 

The certificate is not correctly signed by the trusted CA.

BADCRL_NOT_TRUSTED 

The CRL is not correctly signed by the trusted CA.

BADCRL_EXPIRED 

The CRL is expired.

BADCERT_MISSING 

Certificate was missing.

BADCERT_SKIP_VERIFY 

Certificate verification was skipped.

BADCERT_OTHER 

Other reason (can be used by verify callback)

BADCERT_FUTURE 

The certificate validity starts in the future.

BADCRL_FUTURE 

The CRL is from the future

BADCERT_KEY_USAGE 

Usage does not match the keyUsage extension.

BADCERT_EXT_KEY_USAGE 

Usage does not match the extendedKeyUsage extension.

BADCERT_NS_CERT_TYPE 

Usage does not match the nsCertType extension.

BADCERT_BAD_MD 

The certificate is signed with an unacceptable hash.

BADCERT_BAD_PK 

The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).

BADCERT_BAD_KEY 

The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

BADCRL_BAD_MD 

The CRL is signed with an unacceptable hash.

BADCRL_BAD_PK 

The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).

BADCRL_BAD_KEY 

The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

Constructor & Destructor Documentation

◆ x509() [1/2]

LIEF::PE::x509::x509 ( mbedtls_x509_crt * ca)

Referenced by operator<<, operator=(), swap(), verify(), and x509().

◆ x509() [2/2]

LIEF::PE::x509::x509 ( const x509 & other)

References x509().

◆ ~x509()

LIEF::PE::x509::~x509 ( )
override

Member Function Documentation

◆ accept()

void LIEF::PE::x509::accept ( Visitor & visitor) const
overridevirtual

Implements LIEF::Object.

◆ certificate_policies()

std::vector< oid_t > LIEF::PE::x509::certificate_policies ( ) const

Policy information terms as OID (see RFC #5280).

◆ check_signature()

bool LIEF::PE::x509::check_signature ( const std::vector< uint8_t > & hash,
const std::vector< uint8_t > & signature,
ALGORITHMS digest ) const

Try to decrypt the given signature and check if it matches the given hash according to the hash algorithm provided.

References LIEF::hash(), and signature().

◆ check_time()

bool LIEF::PE::x509::check_time ( const date_t & before,
const date_t & after )
static

Return True if before is before than after. False otherwise.

◆ ext_key_usage()

std::vector< oid_t > LIEF::PE::x509::ext_key_usage ( ) const

Indicates one or more purposes for which the certified public key may be used (OID types).

◆ is_ca()

bool LIEF::PE::x509::is_ca ( ) const

◆ is_trusted_by()

VERIFICATION_FLAGS LIEF::PE::x509::is_trusted_by ( const std::vector< x509 > & ca) const

Verify that this certificate is trusted by the given CA list.

◆ issuer()

std::string LIEF::PE::x509::issuer ( ) const

Issuer informations.

◆ key_type()

KEY_TYPES LIEF::PE::x509::key_type ( ) const

Return the underlying public-key scheme.

◆ key_usage()

std::vector< KEY_USAGE > LIEF::PE::x509::key_usage ( ) const

Purpose of the key contained in the certificate.

◆ operator=()

x509 & LIEF::PE::x509::operator= ( x509 other)

References x509().

◆ parse() [1/2]

certificates_t LIEF::PE::x509::parse ( const std::string & path)
static

Parse x509 certificate(s) from file path.

◆ parse() [2/2]

certificates_t LIEF::PE::x509::parse ( const std::vector< uint8_t > & content)
static

Parse x509 certificate(s) from raw blob.

◆ raw()

std::vector< uint8_t > LIEF::PE::x509::raw ( ) const

The raw x509 bytes (DER encoded).

◆ rsa_info()

std::unique_ptr< RsaInfo > LIEF::PE::x509::rsa_info ( ) const

If the underlying public-key scheme is RSA, return the RSA information. Otherwise, return a nullptr

◆ serial_number()

std::vector< uint8_t > LIEF::PE::x509::serial_number ( ) const

Unique id for certificate issued by a specific CA.

◆ signature()

std::vector< uint8_t > LIEF::PE::x509::signature ( ) const

The signature of the certificate.

Referenced by check_signature().

◆ signature_algorithm()

oid_t LIEF::PE::x509::signature_algorithm ( ) const

Signature algorithm (OID).

◆ subject()

std::string LIEF::PE::x509::subject ( ) const

Subject informations.

◆ swap()

void LIEF::PE::x509::swap ( x509 & other)

References x509().

◆ time_is_future()

bool LIEF::PE::x509::time_is_future ( const date_t & from)
static

True if the given time is in the future according to the clock's system.

◆ time_is_past()

bool LIEF::PE::x509::time_is_past ( const date_t & to)
static

True if the given time is in the past according to the clock's system.

◆ valid_from()

date_t LIEF::PE::x509::valid_from ( ) const

Start time of certificate validity.

◆ valid_to()

date_t LIEF::PE::x509::valid_to ( ) const

End time of certificate validity.

◆ verify()

VERIFICATION_FLAGS LIEF::PE::x509::verify ( const x509 & ca) const

Verify that this certificate has been used to trust the given certificate.

References x509().

◆ version()

uint32_t LIEF::PE::x509::version ( ) const

X.509 version. (1=v1, 2=v2, 3=v3).

The documentation for this class was generated from the following file:
Generated by doxygen 1.15.0