base/bif/plugins/Bro_X509.functions.bif.bro¶
-
GLOBAL¶
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_X509.functions.bif.bro |
Summary¶
Functions¶
sct_verify: function |
Verifies a Signed Certificate Timestamp as used for Certificate Transparency. |
x509_get_certificate_string: function |
Returns the string form of a certificate. |
x509_issuer_name_hash: function |
Get the hash of the issuer’s distinguished name. |
x509_ocsp_verify: function |
Verifies an OCSP reply. |
x509_parse: function |
Parses a certificate into an X509::Certificate structure. |
x509_spki_hash: function |
Get the hash of the Subject Public Key Information of the certificate. |
x509_subject_name_hash: function |
Get the hash of the subject’s distinguished name. |
x509_verify: function |
Verifies a certificate. |
Detailed Interface¶
Functions¶
-
sct_verify¶ Type: function(cert:opaqueof x509, logid:string, log_key:string, signature:string, timestamp:count, hash_algorithm:count, issuer_key_hash:string&default=""&optional) :boolVerifies a Signed Certificate Timestamp as used for Certificate Transparency. See RFC6962 for more details.
Cert: Certificate against which the SCT should be validated. Logid: Log id of the SCT. Log_key: Public key of the Log that issued the SCT proof. Timestamp: Timestamp at which the proof was generated. Hash_algorithm: Hash algorithm that was used for the SCT proof. Issuer_key_hash: The SHA-256 hash of the certificate issuer’s public key. This only has to be provided if the SCT was encountered in an X.509 certificate extension; in that case, it is necessary for validation. Returns: T if the validation could be performed succesfully, F otherwhise. See also:
ssl_extension_signed_certificate_timestamp,x509_ocsp_ext_signed_certificate_timestamp,x509_verify
-
x509_get_certificate_string¶ Type: function(cert:opaqueof x509, pem:bool&default=F&optional) :stringReturns the string form of a certificate.
Cert: The X509 certificate opaque handle. Pem: A boolean that specifies if the certificate is returned in pem-form (true), or as the raw ASN1 encoded binary (false). Returns: X509 certificate as a string. See also:
x509_certificate,x509_extension,x509_ext_basic_constraints,x509_ext_subject_alternative_name,x509_parse,x509_verify
-
x509_issuer_name_hash¶ Type: function(cert:opaqueof x509, hash_alg:count) :stringGet the hash of the issuer’s distinguished name.
Cert: The X509 certificate opaque handle.
Hash_alg: the hash algorithm to use, according to the IANA mapping at
:https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18
Returns: The hash as a string.
See also:
x509_subject_name_hash,x509_spki_hash,x509_verify,sct_verify
-
x509_ocsp_verify¶ Type: function(certs:x509_opaque_vector, ocsp_reply:string, root_certs:table_string_of_string, verify_time:time&default=0.0&optional) :X509::ResultVerifies an OCSP reply.
Certs: Specifies the certificate chain to use. Server certificate first. Ocsp_reply: the ocsp reply to validate. Root_certs: A list of root certificates to validate the certificate chain. Verify_time: Time for the validity check of the certificates. Returns: A record of type X509::Result containing the result code of the verify operation. See also:
x509_certificate,x509_extension,x509_ext_basic_constraints,x509_ext_subject_alternative_name,x509_parse,x509_get_certificate_string,x509_verify
-
x509_parse¶ Type: function(cert:opaqueof x509) :X509::CertificateParses a certificate into an X509::Certificate structure.
Cert: The X509 certificate opaque handle. Returns: A X509::Certificate structure. See also:
x509_certificate,x509_extension,x509_ext_basic_constraints,x509_ext_subject_alternative_name,x509_verify,x509_get_certificate_string
-
x509_spki_hash¶ Type: function(cert:opaqueof x509, hash_alg:count) :stringGet the hash of the Subject Public Key Information of the certificate.
Cert: The X509 certificate opaque handle.
Hash_alg: the hash algorithm to use, according to the IANA mapping at
:https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18
Returns: The hash as a string.
See also:
x509_subject_name_hash,x509_issuer_name_hash,x509_verify,sct_verify
-
x509_subject_name_hash¶ Type: function(cert:opaqueof x509, hash_alg:count) :stringGet the hash of the subject’s distinguished name.
Cert: The X509 certificate opaque handle.
Hash_alg: the hash algorithm to use, according to the IANA mapping at
:https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18
Returns: The hash as a string.
See also:
x509_issuer_name_hash,x509_spki_hash,x509_verify,sct_verify
-
x509_verify¶ Type: function(certs:x509_opaque_vector, root_certs:table_string_of_string, verify_time:time&default=0.0&optional) :X509::ResultVerifies a certificate.
Certs: Specifies a certificate chain that is being used to validate the given certificate against the root store given in root_certs. The host certificate has to be at index 0. Root_certs: A list of root certificates to validate the certificate chain. Verify_time: Time for the validity check of the certificates. Returns: A record of type X509::Result containing the result code of the verify operation. In case of success also returns the full certificate chain. See also:
x509_certificate,x509_extension,x509_ext_basic_constraints,x509_ext_subject_alternative_name,x509_parse,x509_get_certificate_string,x509_ocsp_verify,sct_verify
