Botan 3.3.0
Crypto and TLS for C&
Public Types | Public Member Functions | List of all members
Botan::GeneralName Class Referencefinal

X.509 GeneralName Type. More...

#include <pkix_types.h>

Inheritance diagram for Botan::GeneralName:
Botan::ASN1_Object

Public Types

enum  MatchResult : int {
  All , Some , None , NotFound ,
  UnknownType
}
 

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
void decode_from (BER_Decoder &) override
 
void encode_into (DER_Encoder &) const override
 
 GeneralName ()=default
 
 GeneralName (const std::string &str)
 
MatchResult matches (const X509_Certificate &cert) const
 
const std::string & name () const
 
const std::string & type () const
 

Detailed Description

X.509 GeneralName Type.

Handles parsing GeneralName types in their BER and canonical string encoding. Allows matching GeneralNames against each other using the rules laid out in the RFC 5280, sec. 4.2.1.10 (Name Contraints).

Definition at line 181 of file pkix_types.h.

Member Enumeration Documentation

◆ MatchResult

Enumerator
All 
Some 
None 
NotFound 
UnknownType 

Definition at line 183 of file pkix_types.h.

Constructor & Destructor Documentation

◆ GeneralName() [1/2]

Botan::GeneralName::GeneralName ( )
default

Creates an empty GeneralName.

◆ GeneralName() [2/2]

Botan::GeneralName::GeneralName ( const std::string & str)

Creates a new GeneralName for its string format.

Parameters
strtype and name, colon-separated, e.g., "DNS:google.com"

Definition at line 21 of file name_constraint.cpp.

21 : GeneralName() {
22 size_t p = str.find(':');
23
24 if(p != std::string::npos) {
25 m_type = str.substr(0, p);
26 m_name = str.substr(p + 1, std::string::npos);
27 } else {
28 throw Invalid_Argument("Failed to decode Name Constraint");
29 }
30}
GeneralName()=default

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 19 of file asn1_obj.cpp.

19 {
20 std::vector<uint8_t> output;
21 DER_Encoder der(output);
22 this->encode_into(der);
23 return output;
24}
virtual void encode_into(DER_Encoder &to) const =0

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSS_Params::decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ decode_from()

void Botan::GeneralName::decode_from ( BER_Decoder & from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 36 of file name_constraint.cpp.

36 {
37 BER_Object obj = ber.get_next_object();
38
39 if(obj.is_a(1, ASN1_Class::ContextSpecific)) {
40 m_type = "RFC822";
41 m_name = ASN1::to_string(obj);
42 } else if(obj.is_a(2, ASN1_Class::ContextSpecific)) {
43 m_type = "DNS";
44 m_name = ASN1::to_string(obj);
45 } else if(obj.is_a(6, ASN1_Class::ContextSpecific)) {
46 m_type = "URI";
47 m_name = ASN1::to_string(obj);
49 m_type = "DN";
50 X509_DN dn;
51 BER_Decoder dec(obj);
52 std::stringstream ss;
53
54 dn.decode_from(dec);
55 ss << dn;
56
57 m_name = ss.str();
58 } else if(obj.is_a(7, ASN1_Class::ContextSpecific)) {
59 if(obj.length() == 8) {
60 m_type = "IP";
61 m_name =
62 ipv4_to_string(load_be<uint32_t>(obj.bits(), 0)) + "/" + ipv4_to_string(load_be<uint32_t>(obj.bits(), 1));
63 } else if(obj.length() == 32) {
64 throw Decoding_Error("Unsupported IPv6 name constraint");
65 } else {
66 throw Decoding_Error("Invalid IP name constraint size " + std::to_string(obj.length()));
67 }
68 } else {
69 throw Decoding_Error("Found unknown GeneralName type");
70 }
71}
std::string to_string(const BER_Object &obj)
Definition asn1_obj.cpp:185
std::string ipv4_to_string(uint32_t ip)
Definition parsing.cpp:181

References Botan::BER_Object::bits(), Botan::Constructed, Botan::ContextSpecific, Botan::X509_DN::decode_from(), Botan::BER_Decoder::get_next_object(), Botan::ipv4_to_string(), Botan::BER_Object::is_a(), Botan::BER_Object::length(), and Botan::ASN1::to_string().

◆ encode_into()

void Botan::GeneralName::encode_into ( DER_Encoder & to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 32 of file name_constraint.cpp.

32 {
33 throw Not_Implemented("GeneralName encoding");
34}

◆ matches()

GeneralName::MatchResult Botan::GeneralName::matches ( const X509_Certificate & cert) const

Checks whether a given certificate (partially) matches this name.

Parameters
certcertificate to be matched
Returns
the match result

Definition at line 73 of file name_constraint.cpp.

73 {
74 std::vector<std::string> nam;
75 std::function<bool(const GeneralName*, const std::string&)> match_fn;
76
77 const X509_DN& dn = cert.subject_dn();
78 const AlternativeName& alt_name = cert.subject_alt_name();
79
80 if(type() == "DNS") {
81 match_fn = std::mem_fn(&GeneralName::matches_dns);
82
83 nam = alt_name.get_attribute("DNS");
84
85 if(nam.empty()) {
86 nam = dn.get_attribute("CN");
87 }
88 } else if(type() == "DN") {
89 match_fn = std::mem_fn(&GeneralName::matches_dn);
90
91 nam.push_back(dn.to_string());
92
93 const auto alt_dn = alt_name.dn();
94 if(alt_dn.empty() == false) {
95 nam.push_back(alt_dn.to_string());
96 }
97 } else if(type() == "IP") {
98 match_fn = std::mem_fn(&GeneralName::matches_ip);
99 nam = alt_name.get_attribute("IP");
100 } else {
102 }
103
104 if(nam.empty()) {
106 }
107
108 bool some = false;
109 bool all = true;
110
111 for(const std::string& n : nam) {
112 bool m = match_fn(this, n);
113
114 some |= m;
115 all &= m;
116 }
117
118 if(all) {
119 return MatchResult::All;
120 } else if(some) {
121 return MatchResult::Some;
122 } else {
123 return MatchResult::None;
124 }
125}
const std::string & type() const
Definition pkix_types.h:209

References All, Botan::AlternativeName::dn(), Botan::X509_DN::get_attribute(), Botan::AlternativeName::get_attribute(), None, NotFound, Some, Botan::X509_Certificate::subject_alt_name(), Botan::X509_Certificate::subject_dn(), Botan::X509_DN::to_string(), type(), and UnknownType.

◆ name()

const std::string & Botan::GeneralName::name ( ) const
inline
Returns
The name as string. Format depends on type.

Definition at line 214 of file pkix_types.h.

214{ return m_name; }

Referenced by Botan::operator<<().

◆ type()

const std::string & Botan::GeneralName::type ( ) const
inline
Returns
Type of the name. Can be DN, DNS, IP, RFC822 or URI.

Definition at line 209 of file pkix_types.h.

209{ return m_type; }

Referenced by matches(), and Botan::operator<<().


The documentation for this class was generated from the following files: