Botan 3.4.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Cert_Extension::Name_Constraints Class Referencefinal

#include <x509_ext.h>

Inheritance diagram for Botan::Cert_Extension::Name_Constraints:
Botan::Certificate_Extension

Public Member Functions

std::unique_ptr< Certificate_Extensioncopy () const override
 
const NameConstraintsget_name_constraints () const
 
 Name_Constraints ()=default
 
 Name_Constraints (const NameConstraints &nc)
 
OID oid_of () const override
 
void validate (const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override
 

Static Public Member Functions

static OID static_oid ()
 

Detailed Description

Name Constraints

Definition at line 232 of file x509_ext.h.

Constructor & Destructor Documentation

◆ Name_Constraints() [1/2]

Botan::Cert_Extension::Name_Constraints::Name_Constraints ( )
default

◆ Name_Constraints() [2/2]

Botan::Cert_Extension::Name_Constraints::Name_Constraints ( const NameConstraints & nc)
inline

Definition at line 240 of file x509_ext.h.

240: m_name_constraints(nc) {}

Member Function Documentation

◆ copy()

std::unique_ptr< Certificate_Extension > Botan::Cert_Extension::Name_Constraints::copy ( ) const
inlineoverridevirtual

Make a copy of this extension

Returns
copy of this

Implements Botan::Certificate_Extension.

Definition at line 234 of file x509_ext.h.

234 {
235 return std::make_unique<Name_Constraints>(m_name_constraints);
236 }

◆ get_name_constraints()

const NameConstraints & Botan::Cert_Extension::Name_Constraints::get_name_constraints ( ) const
inline

Definition at line 248 of file x509_ext.h.

248{ return m_name_constraints; }

◆ oid_of()

OID Botan::Cert_Extension::Name_Constraints::oid_of ( ) const
inlineoverridevirtual
Returns
OID representing this extension

Implements Botan::Certificate_Extension.

Definition at line 252 of file x509_ext.h.

252{ return static_oid(); }
Botan::Cert_Extension::Name_Constraints::static_oid
static OID static_oid()
Definition x509_ext.h:250

◆ static_oid()

static OID Botan::Cert_Extension::Name_Constraints::static_oid ( )
inlinestatic

Definition at line 250 of file x509_ext.h.

250{ return OID("2.5.29.30"); }

◆ validate()

void Botan::Cert_Extension::Name_Constraints::validate ( const X509_Certificate & subject,
const X509_Certificate & issuer,
const std::vector< X509_Certificate > & cert_path,
std::vector< std::set< Certificate_Status_Code > > & cert_status,
size_t pos )
overridevirtual

Reimplemented from Botan::Certificate_Extension.

Definition at line 511 of file x509_ext.cpp.

515 {
516 if(!m_name_constraints.permitted().empty() || !m_name_constraints.excluded().empty()) {
517 if(!subject.is_CA_cert()) {
518 cert_status.at(pos).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
519 }
520
521 const bool issuer_name_constraint_critical = issuer.is_critical("X509v3.NameConstraints");
522
523 // Check that all subordinate certs pass the name constraint
524 for(size_t j = 0; j < pos; ++j) {
525 bool permitted = m_name_constraints.permitted().empty();
526 bool failed = false;
527
528 for(const auto& c : m_name_constraints.permitted()) {
529 switch(c.base().matches(cert_path.at(j))) {
530 case GeneralName::MatchResult::NotFound:
531 case GeneralName::MatchResult::All:
532 permitted = true;
533 break;
534 case GeneralName::MatchResult::UnknownType:
535 failed = issuer_name_constraint_critical;
536 permitted = true;
537 break;
538 default:
539 break;
540 }
541 }
542
543 for(const auto& c : m_name_constraints.excluded()) {
544 switch(c.base().matches(cert_path.at(j))) {
545 case GeneralName::MatchResult::All:
546 case GeneralName::MatchResult::Some:
547 failed = true;
548 break;
549 case GeneralName::MatchResult::UnknownType:
550 failed = issuer_name_constraint_critical;
551 break;
552 default:
553 break;
554 }
555 }
556
557 if(failed || !permitted) {
558 cert_status.at(j).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
559 }
560 }
561 }
562}
Botan::NameConstraints::permitted
const std::vector< GeneralSubtree > & permitted() const
Definition pkix_types.h:313
Botan::NameConstraints::excluded
const std::vector< GeneralSubtree > & excluded() const
Definition pkix_types.h:318

References Botan::GeneralName::All, Botan::NameConstraints::excluded(), Botan::X509_Certificate::is_CA_cert(), Botan::X509_Certificate::is_critical(), Botan::NAME_CONSTRAINT_ERROR, Botan::GeneralName::NotFound, Botan::NameConstraints::permitted(), Botan::GeneralName::Some, and Botan::GeneralName::UnknownType.

The documentation for this class was generated from the following files:
Generated by doxygen 1.10.0