#include <pkix_enums.h>

Public Types
enum	Bits : uint32_t { None = 0 , DigitalSignature = 1 << 15 , NonRepudiation = 1 << 14 , KeyEncipherment = 1 << 13 , DataEncipherment = 1 << 12 , KeyAgreement = 1 << 11 , KeyCertSign = 1 << 10 , CrlSign = 1 << 9 , EncipherOnly = 1 << 8 , DecipherOnly = 1 << 7 , NO_CONSTRAINTS = None , DIGITAL_SIGNATURE = DigitalSignature , NON_REPUDIATION = NonRepudiation , KEY_ENCIPHERMENT = KeyEncipherment , DATA_ENCIPHERMENT = DataEncipherment , KEY_AGREEMENT = KeyAgreement , KEY_CERT_SIGN = KeyCertSign , CRL_SIGN = CrlSign , ENCIPHER_ONLY = EncipherOnly , DECIPHER_ONLY = DecipherOnly }

Public Member Functions
bool	compatible_with (const Public_Key &key) const

bool	empty () const

bool	includes (Key_Constraints other) const

bool	includes (Key_Constraints::Bits other) const

bool	includes_any (auto &&... bits) const

	Key_Constraints ()

	Key_Constraints (const Key_Constraints &other)=default

	Key_Constraints (Key_Constraints &&other)=default

	Key_Constraints (Key_Constraints::Bits bits)

	Key_Constraints (uint32_t bits)

Key_Constraints &	operator= (const Key_Constraints &other)=default

Key_Constraints &	operator= (Key_Constraints &&other)=default

bool	operator== (const Key_Constraints &) const =default

void	operator\|= (Key_Constraints::Bits other)

std::string	to_string () const

uint32_t	value () const

Static Public Member Functions
static Key_Constraints	ca_constraints ()

Detailed Description

X.509v3 Key Constraints. If updating update copy in ffi.h

Definition at line 108 of file pkix_enums.h.

Member Enumeration Documentation

◆ Bits

enum Botan::Key_Constraints::Bits : uint32_t

Enumerator
None
DigitalSignature
NonRepudiation
KeyEncipherment
DataEncipherment
KeyAgreement
KeyCertSign
CrlSign
EncipherOnly
DecipherOnly
NO_CONSTRAINTS
DIGITAL_SIGNATURE
NON_REPUDIATION
KEY_ENCIPHERMENT
DATA_ENCIPHERMENT
KEY_AGREEMENT
KEY_CERT_SIGN
CRL_SIGN
ENCIPHER_ONLY
DECIPHER_ONLY

Definition at line 110 of file pkix_enums.h.

                : uint32_t {
         None = 0,
         DigitalSignature = 1 << 15,
         NonRepudiation = 1 << 14,
         KeyEncipherment = 1 << 13,
         DataEncipherment = 1 << 12,
         KeyAgreement = 1 << 11,
         KeyCertSign = 1 << 10,
         CrlSign = 1 << 9,
         EncipherOnly = 1 << 8,
         DecipherOnly = 1 << 7,
 
         // Deprecated SHOUTING_CASE names for Key_Constraints
         // will be removed in a future major release
         NO_CONSTRAINTS BOTAN_DEPRECATED("Use None") = None,
         DIGITAL_SIGNATURE BOTAN_DEPRECATED("Use DigitalSignature") = DigitalSignature,
         NON_REPUDIATION BOTAN_DEPRECATED("Use NonRepudiation") = NonRepudiation,
         KEY_ENCIPHERMENT BOTAN_DEPRECATED("Use KeyEncipherment") = KeyEncipherment,
         DATA_ENCIPHERMENT BOTAN_DEPRECATED("Use DataEncipherment") = DataEncipherment,
         KEY_AGREEMENT BOTAN_DEPRECATED("Use KeyAgreement") = KeyAgreement,
         KEY_CERT_SIGN BOTAN_DEPRECATED("Use KeyCertSign") = KeyCertSign,
         CRL_SIGN BOTAN_DEPRECATED("Use CrlSign") = CrlSign,
         ENCIPHER_ONLY BOTAN_DEPRECATED("Use EncipherOnly") = EncipherOnly,
         DECIPHER_ONLY BOTAN_DEPRECATED("Use DecipherOnly") = DecipherOnly,
      };

Constructor & Destructor Documentation

◆ Key_Constraints() [1/5]

Botan::Key_Constraints::Key_Constraints ( const Key_Constraints & other )

default

◆ Key_Constraints() [2/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints && other )

default

◆ Key_Constraints() [3/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints::Bits bits )

inline

Definition at line 141 of file pkix_enums.h.

141: m_value(bits) {}

◆ Key_Constraints() [4/5]

Botan::Key_Constraints::Key_Constraints ( uint32_t bits )

inlineexplicit

Definition at line 143 of file pkix_enums.h.

143: m_value(bits) {}

◆ Key_Constraints() [5/5]

Botan::Key_Constraints::Key_Constraints ( )

inline

Definition at line 145 of file pkix_enums.h.

145: m_value(0) {}

Member Function Documentation

◆ ca_constraints()

static Key_Constraints Botan::Key_Constraints::ca_constraints ( )

inlinestatic

Return typical constraints for a CA certificate, namely KeyCertSign and CrlSign

Definition at line 151 of file pkix_enums.h.

                                              {
         return Key_Constraints(Key_Constraints::KeyCertSign | Key_Constraints::CrlSign);
      }

References CrlSign, and KeyCertSign.

Referenced by Botan::X509_CA::choose_extensions(), Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

◆ compatible_with()

bool Botan::Key_Constraints::compatible_with ( const Public_Key & key ) const

Check that key constraints are permitted for a specific public key.

Parameters

key	the public key on which the constraints shall be enforced on

Returns: false if the constraints are not permitted for this key

Definition at line 70 of file key_constraint.cpp.

                                                                     {
   uint32_t permitted = 0;
 
   if(pub_key.supports_operation(PublicKeyOperation::KeyAgreement)) {
      permitted |= Key_Constraints::KeyAgreement | Key_Constraints::EncipherOnly | Key_Constraints::DecipherOnly;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::Encryption) ||
      pub_key.supports_operation(PublicKeyOperation::KeyEncapsulation)) {
      permitted |= Key_Constraints::KeyEncipherment | Key_Constraints::DataEncipherment;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::Signature)) {
      permitted |= Key_Constraints::DigitalSignature | Key_Constraints::NonRepudiation | Key_Constraints::KeyCertSign |
                   Key_Constraints::CrlSign;
   }
 
   if((m_value & permitted) != m_value) {
      return false;
   }
 
   return true;
}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, Botan::Encryption, Botan::KeyAgreement, KeyAgreement, KeyCertSign, Botan::KeyEncapsulation, KeyEncipherment, NonRepudiation, Botan::Signature, and Botan::Asymmetric_Key::supports_operation().

◆ empty()

bool Botan::Key_Constraints::empty ( ) const

inline

Definition at line 167 of file pkix_enums.h.

167{ return m_value == 0; }

Referenced by Botan::X509_Certificate::to_string().

◆ includes() [1/2]

bool Botan::Key_Constraints::includes ( Key_Constraints other ) const

inline

Definition at line 162 of file pkix_enums.h.

162{ return (m_value & other.m_value) == other.m_value; }

◆ includes() [2/2]

bool Botan::Key_Constraints::includes ( Key_Constraints::Bits other ) const

inline

Definition at line 160 of file pkix_enums.h.

160{ return (m_value & other) == other; }

Referenced by Botan::X509_Certificate::allowed_usage(), Botan::X509_Certificate::has_constraints(), and Botan::X509_Certificate::to_string().

◆ includes_any()

bool Botan::Key_Constraints::includes_any ( auto &&... bits ) const

inline

Definition at line 165 of file pkix_enums.h.

165{ return (m_value & (bits | ...)) > 0; }

◆ operator=() [1/2]

Key_Constraints & Botan::Key_Constraints::operator= ( const Key_Constraints & other )

default

◆ operator=() [2/2]

Key_Constraints & Botan::Key_Constraints::operator= ( Key_Constraints && other )

default

◆ operator==()

bool Botan::Key_Constraints::operator== ( const Key_Constraints & ) const

default

◆ operator|=()

void Botan::Key_Constraints::operator|= ( Key_Constraints::Bits other )

inline

Definition at line 157 of file pkix_enums.h.

157{ m_value |= other; }

◆ to_string()

std::string Botan::Key_Constraints::to_string ( ) const

Definition at line 16 of file key_constraint.cpp.

                                           {
   if(this->m_value == Key_Constraints::None) {
      return "no_constraints";
   }
 
   std::vector<std::string> str;
 
   if(this->m_value & Key_Constraints::DigitalSignature) {
      str.push_back("digital_signature");
   }
 
   if(this->m_value & Key_Constraints::NonRepudiation) {
      str.push_back("non_repudiation");
   }
 
   if(this->m_value & Key_Constraints::KeyEncipherment) {
      str.push_back("key_encipherment");
   }
 
   if(this->m_value & Key_Constraints::DataEncipherment) {
      str.push_back("data_encipherment");
   }
 
   if(this->m_value & Key_Constraints::KeyAgreement) {
      str.push_back("key_agreement");
   }
 
   if(this->m_value & Key_Constraints::KeyCertSign) {
      str.push_back("key_cert_sign");
   }
 
   if(this->m_value & Key_Constraints::CrlSign) {
      str.push_back("crl_sign");
   }
 
   if(this->m_value & Key_Constraints::EncipherOnly) {
      str.push_back("encipher_only");
   }
 
   if(this->m_value & Key_Constraints::DecipherOnly) {
      str.push_back("decipher_only");
   }
 
   // Not 0 (checked at start) but nothing matched above!
   if(str.empty()) {
      return "other_unknown_constraints";
   }
 
   return string_join(str, ',');
}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, KeyAgreement, KeyCertSign, KeyEncipherment, None, NonRepudiation, and Botan::string_join().

◆ value()

uint32_t Botan::Key_Constraints::value ( ) const

inline

Definition at line 169 of file pkix_enums.h.

169{ return m_value; }

The documentation for this class was generated from the following files:

src/lib/x509/pkix_enums.h
src/lib/x509/key_constraint.cpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

◆ Bits

Constructor & Destructor Documentation

◆ Key_Constraints() [1/5]

◆ Key_Constraints() [2/5]

◆ Key_Constraints() [3/5]

◆ Key_Constraints() [4/5]

◆ Key_Constraints() [5/5]

Member Function Documentation

◆ ca_constraints()

◆ compatible_with()

◆ empty()

◆ includes() [1/2]

◆ includes() [2/2]

◆ includes_any()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ operator==()

◆ operator|=()

◆ to_string()

◆ value()