Botan::Cert_Extension::ASBlocks Class Reference

#include <x509_ext.h>

Inheritance diagram for Botan::Cert_Extension::ASBlocks:

Classes
class	ASIdentifierChoice
class	ASIdentifiers
class	ASIdOrRange

Public Types
typedef uint32_t	asnum_t

Public Member Functions
void	add_asnum (asnum_t asnum)
	Add a single asnum to this extension.
void	add_asnum (asnum_t min, asnum_t max)
	Add an asnum range to this extension.
void	add_rdi (asnum_t min, asnum_t max)
	Add an rdi range to this extension.
void	add_rdi (asnum_t rdi)
	Add a single rdi to this extension.
const ASIdentifiers &	as_identifiers () const
	ASBlocks ()=default
	ASBlocks (const ASIdentifiers &as_idents)
std::unique_ptr< Certificate_Extension >	copy () const override
void	inherit_asnum ()
	Mark the asnum entry as 'inherit'.
void	inherit_rdi ()
	Mark the rdi entry as 'inherit'.
OID	oid_of () const override
void	restrict_asnum ()
	Make the extension contain no allowed asnum's.
void	restrict_rdi ()
	Make the extension contain no allowed rdi's.
void	validate (const X509_Certificate &subject, const std::optional< X509_Certificate > &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override

Static Public Member Functions
static OID	static_oid ()

Detailed Description

AS Blocks Extension

RFC 3779 X.509 Extensions for AS ID

Definition at line 805 of file x509_ext.h.

Member Typedef Documentation

asnum_t

typedef uint32_t Botan::Cert_Extension::ASBlocks::asnum_t

Definition at line 807 of file x509_ext.h.

Constructor & Destructor Documentation

ASBlocks() [1/2]

Botan::Cert_Extension::ASBlocks::ASBlocks ( )

default

Referenced by validate().

ASBlocks() [2/2]

Botan::Cert_Extension::ASBlocks::ASBlocks ( const ASIdentifiers & as_idents )

inlineexplicit

Definition at line 875 of file x509_ext.h.

: m_as_identifiers(as_idents) {}

Member Function Documentation

add_asnum() [1/2]

void Botan::Cert_Extension::ASBlocks::add_asnum ( asnum_t asnum )

inline

Add a single asnum to this extension.

Definition at line 890 of file x509_ext.h.

{ add_asnum(asnum, asnum); }

References add_asnum().

Referenced by add_asnum().

add_asnum() [2/2]

void Botan::Cert_Extension::ASBlocks::add_asnum ( asnum_t min, asnum_t max )

inline

Add an asnum range to this extension.

Definition at line 893 of file x509_ext.h.

                                               {
         m_as_identifiers = ASIdentifiers(add_new(m_as_identifiers.asnum(), min, max), m_as_identifiers.rdi());
      }

add_rdi() [1/2]

void Botan::Cert_Extension::ASBlocks::add_rdi ( asnum_t min, asnum_t max )

inline

Add an rdi range to this extension.

Definition at line 910 of file x509_ext.h.

                                             {
         m_as_identifiers = ASIdentifiers(m_as_identifiers.asnum(), add_new(m_as_identifiers.rdi(), min, max));
      }

add_rdi() [2/2]

void Botan::Cert_Extension::ASBlocks::add_rdi ( asnum_t rdi )

inline

Add a single rdi to this extension.

Definition at line 907 of file x509_ext.h.

{ add_rdi(rdi, rdi); }

References add_rdi().

Referenced by add_rdi().

as_identifiers()

const ASIdentifiers & Botan::Cert_Extension::ASBlocks::as_identifiers ( ) const

inline

Definition at line 923 of file x509_ext.h.

{ return m_as_identifiers; }

Referenced by validate().

copy()

std::unique_ptr< Certificate_Extension > Botan::Cert_Extension::ASBlocks::copy ( ) const

inlineoverridevirtual

Make a copy of this extension

Returns

copy of this

Implements Botan::Certificate_Extension.

Definition at line 877 of file x509_ext.h.

{ return std::make_unique<ASBlocks>(*this); }

inherit_asnum()

void Botan::Cert_Extension::ASBlocks::inherit_asnum ( )

inline

Mark the asnum entry as 'inherit'.

Definition at line 904 of file x509_ext.h.

{ m_as_identifiers = ASIdentifiers(ASIdentifierChoice(), m_as_identifiers.rdi()); }

inherit_rdi()

void Botan::Cert_Extension::ASBlocks::inherit_rdi ( )

inline

Mark the rdi entry as 'inherit'.

Definition at line 921 of file x509_ext.h.

{ m_as_identifiers = ASIdentifiers(m_as_identifiers.asnum(), ASIdentifierChoice()); }

oid_of()

OID Botan::Cert_Extension::ASBlocks::oid_of ( ) const

inlineoverridevirtual

Returns

OID representing this extension

Implements Botan::Certificate_Extension.

Definition at line 881 of file x509_ext.h.

{ return static_oid(); }

References static_oid().

restrict_asnum()

void Botan::Cert_Extension::ASBlocks::restrict_asnum ( )

inline

Make the extension contain no allowed asnum's.

Definition at line 898 of file x509_ext.h.

                            {
         std::vector<ASIdOrRange> empty;
         m_as_identifiers = ASIdentifiers(ASIdentifierChoice(empty), m_as_identifiers.rdi());
      }

restrict_rdi()

void Botan::Cert_Extension::ASBlocks::restrict_rdi ( )

inline

Make the extension contain no allowed rdi's.

Definition at line 915 of file x509_ext.h.

                          {
         std::vector<ASIdOrRange> empty;
         m_as_identifiers = ASIdentifiers(m_as_identifiers.asnum(), ASIdentifierChoice(empty));
      }

static_oid()

OID Botan::Cert_Extension::ASBlocks::static_oid ( )

inlinestatic

Definition at line 879 of file x509_ext.h.

{ return OID({1, 3, 6, 1, 5, 5, 7, 1, 8}); }

Referenced by oid_of().

validate()

void Botan::Cert_Extension::ASBlocks::validate ( const X509_Certificate & subject, const std::optional< X509_Certificate > & issuer, const std::vector< X509_Certificate > & cert_path, std::vector< std::set< Certificate_Status_Code > > & cert_status, size_t pos )

overridevirtual

Reimplemented from Botan::Certificate_Extension.

Definition at line 1795 of file x509_ext.cpp.

                                    {
   // the extension may not contain asnums or rdis, but one of them is always present
   const bool asnum_present = m_as_identifiers.asnum().has_value();
   const bool rdi_present = m_as_identifiers.rdi().has_value();
 
   if(!asnum_present && !rdi_present) {
      // Invalid, should have been caught during decoding
      cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
      return;
   }
 
   bool asnum_needs_check = asnum_present ? m_as_identifiers.asnum().value().ranges().has_value() : false;
   bool rdi_needs_check = rdi_present ? m_as_identifiers.rdi().value().ranges().has_value() : false;
 
   // we are at the (trusted) root cert, there is no parent to verify against
   if(pos == cert_path.size() - 1) {
      // asnum / rdi is present, but has 'inherit' value, but there is nothing to inherit from
      if((asnum_present && !asnum_needs_check) || (rdi_present && !rdi_needs_check)) {
         cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
      }
      return;
   }
 
   // traverse the chain until we find a cert with concrete values for the extension (so not 'inherit')
   for(auto it = cert_path.begin() + pos + 1; it != cert_path.end(); it++) {
      const ASBlocks* const parent_as = it->v3_extensions().get_extension_object_as<ASBlocks>();
      // no extension at all or no asnums or no rdis (if needed)
      if(parent_as == nullptr || (asnum_present && !parent_as->as_identifiers().asnum().has_value()) ||
         (rdi_present && !parent_as->as_identifiers().rdi().has_value())) {
         cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
         return;
      }
      const auto as_identifiers = parent_as->as_identifiers();
 
      // only something to validate if the subject does not have 'inherit' as a value
      if(asnum_needs_check && as_identifiers.asnum().value().ranges().has_value()) {
         const std::vector<ASBlocks::ASIdOrRange>& subject_asnums = m_as_identifiers.asnum()->ranges().value();
         const std::vector<ASBlocks::ASIdOrRange>& issuer_asnums = as_identifiers.asnum()->ranges().value();
 
         if(!validate_subject_in_issuer<ASBlocks::ASIdOrRange>(subject_asnums, issuer_asnums)) {
            cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
            return;
         }
         // successfully validated the asnums, but we may need to step further for rdis
         asnum_needs_check = false;
      }
 
      if(rdi_needs_check && as_identifiers.rdi().value().ranges().has_value()) {
         const std::vector<ASBlocks::ASIdOrRange>& subject_rdis = m_as_identifiers.rdi()->ranges().value();
         const std::vector<ASBlocks::ASIdOrRange>& issuer_rdis = as_identifiers.rdi()->ranges().value();
 
         if(!validate_subject_in_issuer<ASBlocks::ASIdOrRange>(subject_rdis, issuer_rdis)) {
            cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
            return;
         }
         // successfully validated the rdis, but we may need to step further for asnums
         rdi_needs_check = false;
      }
 
      if(!asnum_needs_check && !rdi_needs_check) {
         // we've validated what we need to and can stop traversing the cert chain
         return;
      }
   }
}

References Botan::AS_BLOCKS_ERROR, as_identifiers(), ASBlocks(), Botan::Cert_Extension::ASBlocks::ASIdentifiers::asnum(), and Botan::Cert_Extension::ASBlocks::ASIdentifiers::rdi().

---

The documentation for this class was generated from the following files:

• src/lib/x509/x509_ext.h
• src/lib/x509/x509_ext.cpp