Interface over a x509 certificate. More...

#include <x509.hpp>

Inheritance diagram for LIEF::PE::x509:

Collaboration diagram for LIEF::PE::x509:

Public Types
enum class	KEY_TYPES : uint32_t { NONE = 0 , RSA , ECKEY , ECKEY_DH , ECDSA , RSA_ALT , RSASSA_PSS }
	Public key scheme. More...

enum class	VERIFICATION_FLAGS : uint32_t { OK = 0 , BADCERT_EXPIRED = 1 << 0 , BADCERT_REVOKED = 1 << 1 , BADCERT_CN_MISMATCH = 1 << 2 , BADCERT_NOT_TRUSTED = 1 << 3 , BADCRL_NOT_TRUSTED = 1 << 4 , BADCRL_EXPIRED = 1 << 5 , BADCERT_MISSING = 1 << 6 , BADCERT_SKIP_VERIFY = 1 << 7 , BADCERT_OTHER = 1 << 8 , BADCERT_FUTURE = 1 << 9 , BADCRL_FUTURE = 1 << 10 , BADCERT_KEY_USAGE = 1 << 11 , BADCERT_EXT_KEY_USAGE = 1 << 12 , BADCERT_NS_CERT_TYPE = 1 << 13 , BADCERT_BAD_MD = 1 << 14 , BADCERT_BAD_PK = 1 << 15 , BADCERT_BAD_KEY = 1 << 16 , BADCRL_BAD_MD = 1 << 17 , BADCRL_BAD_PK = 1 << 18 , BADCRL_BAD_KEY = 1 << 19 }
	Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX. More...

enum class	KEY_USAGE : uint32_t { DIGITAL_SIGNATURE = 0 , NON_REPUDIATION , KEY_ENCIPHERMENT , DATA_ENCIPHERMENT , KEY_AGREEMENT , KEY_CERT_SIGN , CRL_SIGN , ENCIPHER_ONLY , DECIPHER_ONLY }
	Key usage as defined in RFC #5280 - section-4.2.1.3 More...

using	date_t = std::array<int32_t, 6>
	Tuple (Year, Month, Day, Hour, Minute, Second)

using	certificates_t = std::vector<x509>

Public Types inherited from LIEF::Object
template<class T >
using	output_t = add_pointer_t<decay_t<T>>

template<class T >
using	output_const_t = add_pointer_t<add_const_t<decay_t<T>>>

Public Member Functions
	x509 (mbedtls_x509_crt *ca)

	x509 (const x509 &other)

x509 &	operator= (x509 other)

void	swap (x509 &other)

uint32_t	version () const
	X.509 version. (1=v1, 2=v2, 3=v3)

std::vector< uint8_t >	serial_number () const
	Unique id for certificate issued by a specific CA.

oid_t	signature_algorithm () const
	Signature algorithm (OID)

date_t	valid_from () const
	Start time of certificate validity.

date_t	valid_to () const
	End time of certificate validity.

std::string	issuer () const
	Issuer informations.

std::string	subject () const
	Subject informations.

bool	check_signature (const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const
	Try to decrypt the given signature and check if it matches the given hash according to the hash algorithm provided.

std::vector< uint8_t >	raw () const
	The raw x509 bytes (DER encoded)

KEY_TYPES	key_type () const
	Return the underlying public-key scheme.

std::unique_ptr< RsaInfo >	rsa_info () const
	If the underlying public-key scheme is RSA, return the RSA information. Otherwise, return a nullptr

VERIFICATION_FLAGS	verify (const x509 &ca) const
	Verify that this certificate has been used to trust the given certificate.

VERIFICATION_FLAGS	is_trusted_by (const std::vector< x509 > &ca) const
	Verify that this certificate is trusted by the given CA list.

std::vector< oid_t >	certificate_policies () const
	Policy information terms as OID (see RFC #5280)

std::vector< KEY_USAGE >	key_usage () const
	Purpose of the key contained in the certificate.

std::vector< oid_t >	ext_key_usage () const
	Indicates one or more purposes for which the certified public key may be used (OID types)

bool	is_ca () const

std::vector< uint8_t >	signature () const
	The signature of the certificate.

void	accept (Visitor &visitor) const override

Public Member Functions inherited from LIEF::Object
	Object (const Object &other)

Object &	operator= (const Object &other)

template<class T >
output_t< T >	as ()

template<class T >
output_const_t< T >	as () const

virtual bool	operator== (const Object &other) const

virtual bool	operator!= (const Object &other) const

Static Public Member Functions
static certificates_t	parse (const std::string &path)
	Parse x509 certificate(s) from file path.

static certificates_t	parse (const std::vector< uint8_t > &content)
	Parse x509 certificate(s) from raw blob.

static bool	check_time (const date_t &before, const date_t &after)
	Return True if `before` is before than `after`. False otherwise.

static bool	time_is_past (const date_t &to)
	True if the given time is in the past according to the clock's system.

static bool	time_is_future (const date_t &from)
	True if the given time is in the future according to the clock's system.

Detailed Description

Interface over a x509 certificate.

Member Enumeration Documentation

◆ KEY_TYPES

enum class LIEF::PE::x509::KEY_TYPES : uint32_t

strong

Public key scheme.

Enumerator
NONE	Unknown scheme.
RSA	RSA Scheme.
ECKEY	Elliptic-curve scheme.
ECKEY_DH	Elliptic-curve Diffie-Hellman.
ECDSA	Elliptic-curve Digital Signature Algorithm.
RSA_ALT	RSA scheme with an alternative implementation for signing and decrypting.
RSASSA_PSS	RSA Probabilistic signature scheme.

◆ KEY_USAGE

enum class LIEF::PE::x509::KEY_USAGE : uint32_t

strong

Key usage as defined in RFC #5280 - section-4.2.1.3

Enumerator
DIGITAL_SIGNATURE	The key is used for digital signature
NON_REPUDIATION	The key is used for digital signature AND to protects against falsely denying some action
KEY_ENCIPHERMENT	The key is used for enciphering private or secret keys
DATA_ENCIPHERMENT	The key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher
KEY_AGREEMENT	The Key is used for key agreement. (e.g. with Diffie-Hellman)
KEY_CERT_SIGN	The key is used for verifying signatures on public key certificates
CRL_SIGN	The key is used for verifying signatures on certificate revocation lists
ENCIPHER_ONLY	In association with KEY_AGREEMENT (otherwise the meaning is undefined), the key is only used for enciphering data while performing key agreement
DECIPHER_ONLY	In association with KEY_AGREEMENT (otherwise the meaning is undefined), the key is only used for deciphering data while performing key agreement

◆ VERIFICATION_FLAGS

enum class LIEF::PE::x509::VERIFICATION_FLAGS : uint32_t

strong

Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.

It must be sync with include/mbedtls/x509.h

Enumerator
OK	The verification succeed
BADCERT_EXPIRED	The certificate validity has expired.
BADCERT_REVOKED	The certificate has been revoked (is on a CRL).
BADCERT_CN_MISMATCH	The certificate Common Name (CN) does not match with the expected CN.
BADCERT_NOT_TRUSTED	The certificate is not correctly signed by the trusted CA.
BADCRL_NOT_TRUSTED	The CRL is not correctly signed by the trusted CA.
BADCRL_EXPIRED	The CRL is expired.
BADCERT_MISSING	Certificate was missing.
BADCERT_SKIP_VERIFY	Certificate verification was skipped.
BADCERT_OTHER	Other reason (can be used by verify callback)
BADCERT_FUTURE	The certificate validity starts in the future.
BADCRL_FUTURE	The CRL is from the future
BADCERT_KEY_USAGE	Usage does not match the keyUsage extension.
BADCERT_EXT_KEY_USAGE	Usage does not match the extendedKeyUsage extension.
BADCERT_NS_CERT_TYPE	Usage does not match the nsCertType extension.
BADCERT_BAD_MD	The certificate is signed with an unacceptable hash.
BADCERT_BAD_PK	The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).
BADCERT_BAD_KEY	The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
BADCRL_BAD_MD	The CRL is signed with an unacceptable hash.
BADCRL_BAD_PK	The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).
BADCRL_BAD_KEY	The CRL is signed with an unacceptable key (eg bad curve, RSA too short).

Member Function Documentation

◆ accept()

void LIEF::PE::x509::accept ( Visitor & visitor ) const

overridevirtual

Implements LIEF::Object.

The documentation for this class was generated from the following file:

x509.hpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

◆ KEY_TYPES

◆ KEY_USAGE

◆ VERIFICATION_FLAGS

Member Function Documentation

◆ accept()