latest/doxygen/x509_8hpp_source.html

/* Copyright 2017 - 2024 R. Thomas

 * Copyright 2017 - 2024 Quarkslab

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef LIEF_PE_X509_H

#define LIEF_PE_X509_H

#include <array>

#include <memory>

#include <vector>


#include "LIEF/Object.hpp"

#include "LIEF/visibility.h"


#include "LIEF/PE/enums.hpp"


#include "LIEF/PE/signature/types.hpp"


#include "LIEF/enums.hpp"


struct mbedtls_x509_crt;


namespace LIEF {

namespace PE {


class Parser;

class SignatureParser;

class Signature;


class RsaInfo;


class LIEF_API x509 : public Object {


  friend class Parser;

  friend class SignatureParser;

  friend class Signature;


  public:

  using date_t = std::array<int32_t, 6>;


  using certificates_t = std::vector<x509>;


  static certificates_t parse(const std::string& path);


  static certificates_t parse(const std::vector<uint8_t>& content);


  static bool check_time(const date_t& before, const date_t& after);


  static bool time_is_past(const date_t& to);


  static bool time_is_future(const date_t& from);


  enum class KEY_TYPES : uint32_t {

    NONE = 0,

    RSA,

    ECKEY,

    ECKEY_DH,

    ECDSA,

    RSA_ALT,

    RSASSA_PSS,

  };


  enum class VERIFICATION_FLAGS : uint32_t {

    OK                     = 0,

    BADCERT_EXPIRED        = 1 << 0,

    BADCERT_REVOKED        = 1 << 1,

    BADCERT_CN_MISMATCH    = 1 << 2,

    BADCERT_NOT_TRUSTED    = 1 << 3,

    BADCRL_NOT_TRUSTED     = 1 << 4,

    BADCRL_EXPIRED         = 1 << 5,

    BADCERT_MISSING        = 1 << 6,

    BADCERT_SKIP_VERIFY    = 1 << 7,

    BADCERT_OTHER          = 1 << 8,

    BADCERT_FUTURE         = 1 << 9,

    BADCRL_FUTURE          = 1 << 10,

    BADCERT_KEY_USAGE      = 1 << 11,

    BADCERT_EXT_KEY_USAGE  = 1 << 12,

    BADCERT_NS_CERT_TYPE   = 1 << 13,

    BADCERT_BAD_MD         = 1 << 14,

    BADCERT_BAD_PK         = 1 << 15,

    BADCERT_BAD_KEY        = 1 << 16,

    BADCRL_BAD_MD          = 1 << 17,

    BADCRL_BAD_PK          = 1 << 18,

    BADCRL_BAD_KEY         = 1 << 19,

  };


  enum class KEY_USAGE : uint32_t {

    DIGITAL_SIGNATURE = 0,

    NON_REPUDIATION,

    KEY_ENCIPHERMENT,

    DATA_ENCIPHERMENT,

    KEY_AGREEMENT,

    KEY_CERT_SIGN,

    CRL_SIGN,

    ENCIPHER_ONLY,

    DECIPHER_ONLY,

  };


  x509(mbedtls_x509_crt* ca);

  x509(const x509& other);

  x509& operator=(x509 other);

  void swap(x509& other);


  uint32_t version() const;


  std::vector<uint8_t> serial_number() const;


  oid_t signature_algorithm() const;


  date_t valid_from() const;


  date_t valid_to() const;


  std::string issuer() const;


  std::string subject() const;


  bool check_signature(const std::vector<uint8_t>& hash,

                       const std::vector<uint8_t>& signature, ALGORITHMS digest) const;


  std::vector<uint8_t> raw() const;


  KEY_TYPES key_type() const;


  std::unique_ptr<RsaInfo> rsa_info() const;


  VERIFICATION_FLAGS verify(const x509& ca) const;


  VERIFICATION_FLAGS is_trusted_by(const std::vector<x509>& ca) const;


  std::vector<oid_t> certificate_policies() const;


  std::vector<KEY_USAGE> key_usage() const;


  std::vector<oid_t> ext_key_usage() const;


  bool is_ca() const;


  std::vector<uint8_t> signature() const;


  void accept(Visitor& visitor) const override;


  ~x509() override;


  LIEF_API friend std::ostream& operator<<(std::ostream& os, const x509& x509_cert);


  private:

  x509();

  mbedtls_x509_crt* x509_cert_ = nullptr;


};


}

}


ENABLE_BITMASK_OPERATORS(LIEF::PE::x509::VERIFICATION_FLAGS)


#endif

LIEF::Object
Definition Object.hpp:25

LIEF::PE::Parser
Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used...
Definition PE/Parser.hpp:47

LIEF::PE::SignatureParser
Definition SignatureParser.hpp:37

LIEF::PE::Signature
Main interface for the PKCS #7 signature scheme.
Definition Signature.hpp:40

LIEF::PE::x509
Interface over a x509 certificate.
Definition x509.hpp:43

LIEF::PE::x509::issuer
std::string issuer() const
Issuer informations.

LIEF::PE::x509::valid_from
date_t valid_from() const
Start time of certificate validity.

LIEF::PE::x509::KEY_USAGE
KEY_USAGE
Key usage as defined in RFC #5280 - section-4.2.1.3
Definition x509.hpp:109

LIEF::PE::x509::serial_number
std::vector< uint8_t > serial_number() const
Unique id for certificate issued by a specific CA.

LIEF::PE::x509::raw
std::vector< uint8_t > raw() const
The raw x509 bytes (DER encoded)

LIEF::PE::x509::parse
static certificates_t parse(const std::string &path)
Parse x509 certificate(s) from file path.

LIEF::PE::x509::signature
std::vector< uint8_t > signature() const
The signature of the certificate.

LIEF::PE::x509::verify
VERIFICATION_FLAGS verify(const x509 &ca) const
Verify that this certificate has been used to trust the given certificate.

LIEF::PE::x509::rsa_info
std::unique_ptr< RsaInfo > rsa_info() const
If the underlying public-key scheme is RSA, return the RSA information. Otherwise,...

LIEF::PE::x509::subject
std::string subject() const
Subject informations.

LIEF::PE::x509::key_usage
std::vector< KEY_USAGE > key_usage() const
Purpose of the key contained in the certificate.

LIEF::PE::x509::time_is_past
static bool time_is_past(const date_t &to)
True if the given time is in the past according to the clock's system.

LIEF::PE::x509::check_time
static bool check_time(const date_t &before, const date_t &after)
Return True if before is before than after. False otherwise.

LIEF::PE::x509::signature_algorithm
oid_t signature_algorithm() const
Signature algorithm (OID)

LIEF::PE::x509::key_type
KEY_TYPES key_type() const
Return the underlying public-key scheme.

LIEF::PE::x509::date_t
std::array< int32_t, 6 > date_t
Tuple (Year, Month, Day, Hour, Minute, Second)
Definition x509.hpp:51

LIEF::PE::x509::version
uint32_t version() const
X.509 version. (1=v1, 2=v2, 3=v3)

LIEF::PE::x509::check_signature
bool check_signature(const std::vector< uint8_t > &hash, const std::vector< uint8_t > &signature, ALGORITHMS digest) const
Try to decrypt the given signature and check if it matches the given hash according to the hash algor...

LIEF::PE::x509::is_trusted_by
VERIFICATION_FLAGS is_trusted_by(const std::vector< x509 > &ca) const
Verify that this certificate is trusted by the given CA list.

LIEF::PE::x509::VERIFICATION_FLAGS
VERIFICATION_FLAGS
Mirror of mbedtls's X509 Verify codes: MBEDTLS_X509_XX.
Definition x509.hpp:84

LIEF::PE::x509::KEY_TYPES
KEY_TYPES
Public key scheme.
Definition x509.hpp:71

LIEF::PE::x509::time_is_future
static bool time_is_future(const date_t &from)
True if the given time is in the future according to the clock's system.

LIEF::PE::x509::ext_key_usage
std::vector< oid_t > ext_key_usage() const
Indicates one or more purposes for which the certified public key may be used (OID types)

LIEF::PE::x509::parse
static certificates_t parse(const std::vector< uint8_t > &content)
Parse x509 certificate(s) from raw blob.

LIEF::PE::x509::certificate_policies
std::vector< oid_t > certificate_policies() const
Policy information terms as OID (see RFC #5280)

LIEF::PE::x509::valid_to
date_t valid_to() const
End time of certificate validity.

LIEF::Visitor
Definition Visitor.hpp:219

LIEF::PE::ALGORITHMS
ALGORITHMS
Cryptography algorithms.
Definition PE/enums.hpp:686

LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:32