Botan 3.9.0
Crypto and TLS for C&
Classes | Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::Cert_Extension::ASBlocks Class Referencefinal

#include <x509_ext.h>

Inheritance diagram for Botan::Cert_Extension::ASBlocks:
Botan::Certificate_Extension

Classes

class  ASIdentifierChoice
class  ASIdentifiers
class  ASIdOrRange

Public Types

typedef uint32_t asnum_t

Public Member Functions

void add_asnum (asnum_t asnum)
 Add a single asnum to this extension.
void add_asnum (asnum_t min, asnum_t max)
 Add an asnum range to this extension.
void add_rdi (asnum_t min, asnum_t max)
 Add an rdi range to this extension.
void add_rdi (asnum_t rdi)
 Add a single rdi to this extension.
const ASIdentifiersas_identifiers () const
 ASBlocks ()=default
 ASBlocks (const ASIdentifiers &as_idents)
std::unique_ptr< Certificate_Extensioncopy () const override
void inherit_asnum ()
 Mark the asnum entry as 'inherit'.
void inherit_rdi ()
 Mark the rdi entry as 'inherit'.
OID oid_of () const override
void restrict_asnum ()
 Make the extension contain no allowed asnum's.
void restrict_rdi ()
 Make the extension contain no allowed rdi's.
void validate (const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override

Static Public Member Functions

static OID static_oid ()

Detailed Description

AS Blocks Extension

RFC 3779 X.509 Extensions for AS ID

Definition at line 789 of file x509_ext.h.

Member Typedef Documentation

◆ asnum_t

typedef uint32_t Botan::Cert_Extension::ASBlocks::asnum_t

Definition at line 791 of file x509_ext.h.

Constructor & Destructor Documentation

◆ ASBlocks() [1/2]

Botan::Cert_Extension::ASBlocks::ASBlocks ( )
default

Referenced by validate().

◆ ASBlocks() [2/2]

Botan::Cert_Extension::ASBlocks::ASBlocks ( const ASIdentifiers & as_idents)
inlineexplicit

Definition at line 859 of file x509_ext.h.

859: m_as_identifiers(as_idents) {}

Member Function Documentation

◆ add_asnum() [1/2]

void Botan::Cert_Extension::ASBlocks::add_asnum ( asnum_t asnum)
inline

Add a single asnum to this extension.

Definition at line 874 of file x509_ext.h.

874{ add_asnum(asnum, asnum); }
Botan::Cert_Extension::ASBlocks::add_asnum
void add_asnum(asnum_t asnum)
Add a single asnum to this extension.
Definition x509_ext.h:874

References add_asnum().

Referenced by add_asnum().

◆ add_asnum() [2/2]

void Botan::Cert_Extension::ASBlocks::add_asnum ( asnum_t min,
asnum_t max )
inline

Add an asnum range to this extension.

Definition at line 877 of file x509_ext.h.

877 {
878 m_as_identifiers = ASIdentifiers(add_new(m_as_identifiers.asnum(), min, max), m_as_identifiers.rdi());
879 }
Botan::Cert_Extension::ASBlocks::ASIdentifiers
Definition x509_ext.h:832

◆ add_rdi() [1/2]

void Botan::Cert_Extension::ASBlocks::add_rdi ( asnum_t min,
asnum_t max )
inline

Add an rdi range to this extension.

Definition at line 894 of file x509_ext.h.

894 {
895 m_as_identifiers = ASIdentifiers(m_as_identifiers.asnum(), add_new(m_as_identifiers.rdi(), min, max));
896 }

◆ add_rdi() [2/2]

void Botan::Cert_Extension::ASBlocks::add_rdi ( asnum_t rdi)
inline

Add a single rdi to this extension.

Definition at line 891 of file x509_ext.h.

891{ add_rdi(rdi, rdi); }
Botan::Cert_Extension::ASBlocks::add_rdi
void add_rdi(asnum_t rdi)
Add a single rdi to this extension.
Definition x509_ext.h:891

References add_rdi().

Referenced by add_rdi().

◆ as_identifiers()

const ASIdentifiers & Botan::Cert_Extension::ASBlocks::as_identifiers ( ) const
inline

Definition at line 907 of file x509_ext.h.

907{ return m_as_identifiers; }

Referenced by validate().

◆ copy()

std::unique_ptr< Certificate_Extension > Botan::Cert_Extension::ASBlocks::copy ( ) const
inlineoverridevirtual

Make a copy of this extension

Returns
copy of this

Implements Botan::Certificate_Extension.

Definition at line 861 of file x509_ext.h.

861{ return std::make_unique<ASBlocks>(*this); }

◆ inherit_asnum()

void Botan::Cert_Extension::ASBlocks::inherit_asnum ( )
inline

Mark the asnum entry as 'inherit'.

Definition at line 888 of file x509_ext.h.

888{ m_as_identifiers = ASIdentifiers(ASIdentifierChoice(), m_as_identifiers.rdi()); }
Botan::Cert_Extension::ASBlocks::ASIdentifierChoice
Definition x509_ext.h:817

◆ inherit_rdi()

void Botan::Cert_Extension::ASBlocks::inherit_rdi ( )
inline

Mark the rdi entry as 'inherit'.

Definition at line 905 of file x509_ext.h.

905{ m_as_identifiers = ASIdentifiers(m_as_identifiers.asnum(), ASIdentifierChoice()); }

◆ oid_of()

OID Botan::Cert_Extension::ASBlocks::oid_of ( ) const
inlineoverridevirtual
Returns
OID representing this extension

Implements Botan::Certificate_Extension.

Definition at line 865 of file x509_ext.h.

865{ return static_oid(); }
Botan::Cert_Extension::ASBlocks::static_oid
static OID static_oid()
Definition x509_ext.h:863

References static_oid().

◆ restrict_asnum()

void Botan::Cert_Extension::ASBlocks::restrict_asnum ( )
inline

Make the extension contain no allowed asnum's.

Definition at line 882 of file x509_ext.h.

882 {
883 std::vector<ASIdOrRange> empty;
884 m_as_identifiers = ASIdentifiers(ASIdentifierChoice(empty), m_as_identifiers.rdi());
885 }

◆ restrict_rdi()

void Botan::Cert_Extension::ASBlocks::restrict_rdi ( )
inline

Make the extension contain no allowed rdi's.

Definition at line 899 of file x509_ext.h.

899 {
900 std::vector<ASIdOrRange> empty;
901 m_as_identifiers = ASIdentifiers(m_as_identifiers.asnum(), ASIdentifierChoice(empty));
902 }

◆ static_oid()

OID Botan::Cert_Extension::ASBlocks::static_oid ( )
inlinestatic

Definition at line 863 of file x509_ext.h.

863{ return OID({1, 3, 6, 1, 5, 5, 7, 1, 8}); }

Referenced by oid_of().

◆ validate()

void Botan::Cert_Extension::ASBlocks::validate ( const X509_Certificate & subject,
const X509_Certificate & issuer,
const std::vector< X509_Certificate > & cert_path,
std::vector< std::set< Certificate_Status_Code > > & cert_status,
size_t pos )
overridevirtual

Reimplemented from Botan::Certificate_Extension.

Definition at line 1626 of file x509_ext.cpp.

1630 {
1631 // the extension may not contain asnums or rdis, but one of them is always present
1632 const bool asnum_present = m_as_identifiers.asnum().has_value();
1633 const bool rdi_present = m_as_identifiers.rdi().has_value();
1634 bool asnum_needs_check = asnum_present ? m_as_identifiers.asnum().value().ranges().has_value() : false;
1635 bool rdi_needs_check = rdi_present ? m_as_identifiers.rdi().value().ranges().has_value() : false;
1636 BOTAN_ASSERT_NOMSG(asnum_present || rdi_present);
1637
1638 // we are at the (trusted) root cert, there is no parent to verify against
1639 if(pos == cert_path.size() - 1) {
1640 // asnum / rdi is present, but has 'inherit' value, but there is nothing to inherit from
1641 if((asnum_present && !asnum_needs_check) || (rdi_present && !rdi_needs_check)) {
1642 cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
1643 }
1644 return;
1645 }
1646
1647 // traverse the chain until we find a cert with concrete values for the extension (so not 'inherit')
1648 for(auto it = cert_path.begin() + pos + 1; it != cert_path.end(); it++) {
1649 const ASBlocks* const parent_as = it->v3_extensions().get_extension_object_as<ASBlocks>();
1650 // no extension at all or no asnums or no rdis (if needed)
1651 if(parent_as == nullptr || (asnum_present && !parent_as->as_identifiers().asnum().has_value()) ||
1652 (rdi_present && !parent_as->as_identifiers().rdi().has_value())) {
1653 cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
1654 return;
1655 }
1656 const auto as_identifiers = parent_as->as_identifiers();
1657
1658 // only something to validate if the subject does not have 'inherit' as a value
1659 if(asnum_needs_check && as_identifiers.asnum().value().ranges().has_value()) {
1660 const std::vector<ASBlocks::ASIdOrRange>& subject_asnums = m_as_identifiers.asnum()->ranges().value();
1661 const std::vector<ASBlocks::ASIdOrRange>& issuer_asnums = as_identifiers.asnum()->ranges().value();
1662
1663 if(!validate_subject_in_issuer<ASBlocks::ASIdOrRange>(subject_asnums, issuer_asnums)) {
1664 cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
1665 return;
1666 }
1667 // successfully validated the asnums, but we may need to step further for rdis
1668 asnum_needs_check = false;
1669 }
1670
1671 if(rdi_needs_check && as_identifiers.rdi().value().ranges().has_value()) {
1672 const std::vector<ASBlocks::ASIdOrRange>& subject_rdis = m_as_identifiers.rdi()->ranges().value();
1673 const std::vector<ASBlocks::ASIdOrRange>& issuer_rdis = as_identifiers.rdi()->ranges().value();
1674
1675 if(!validate_subject_in_issuer<ASBlocks::ASIdOrRange>(subject_rdis, issuer_rdis)) {
1676 cert_status.at(pos).insert(Certificate_Status_Code::AS_BLOCKS_ERROR);
1677 return;
1678 }
1679 // successfully validated the rdis, but we may need to step further for asnums
1680 rdi_needs_check = false;
1681 }
1682
1683 if(!asnum_needs_check && !rdi_needs_check) {
1684 // we've validated what we need to and can stop traversing the cert chain
1685 return;
1686 }
1687 }
1688}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::Cert_Extension::ASBlocks::as_identifiers
const ASIdentifiers & as_identifiers() const
Definition x509_ext.h:907
Botan::Cert_Extension::ASBlocks::ASBlocks
ASBlocks()=default

References Botan::AS_BLOCKS_ERROR, as_identifiers(), ASBlocks(), Botan::Cert_Extension::ASBlocks::ASIdentifiers::asnum(), BOTAN_ASSERT_NOMSG, and Botan::Cert_Extension::ASBlocks::ASIdentifiers::rdi().

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0