#include <x509_ext.h>
Inheritance diagram for Botan::Cert_Extension::Name_Constraints:
Public Member Functions | |
| Name_Constraints * | copy () const override |
| const NameConstraints & | get_name_constraints () const |
| Name_Constraints ()=default | |
| Name_Constraints (const NameConstraints &nc) | |
| OID | oid_of () const override |
| void | validate (const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< std::shared_ptr< const X509_Certificate > > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override |
Static Public Member Functions | |
| static OID | static_oid () |
Detailed Description
Name Constraints
Definition at line 230 of file x509_ext.h.
Constructor & Destructor Documentation
◆ Name_Constraints() [1/2]
|
default |
◆ Name_Constraints() [2/2]
|
inline |
Definition at line 237 of file x509_ext.h.
237: m_name_constraints(nc) {}
Member Function Documentation
◆ copy()
|
inlineoverridevirtual |
Make a copy of this extension
- Returns
- copy of this
Implements Botan::Certificate_Extension.
Definition at line 233 of file x509_ext.h.
Name_Constraints()=default
◆ get_name_constraints()
|
inline |
Definition at line 244 of file x509_ext.h.
244{ return m_name_constraints; }
◆ oid_of()
|
inlineoverridevirtual |
- Returns
- OID representing this extension
Implements Botan::Certificate_Extension.
Definition at line 247 of file x509_ext.h.
static OID static_oid()
Definition: x509_ext.h:246
◆ static_oid()
|
inlinestatic |
Definition at line 246 of file x509_ext.h.
246{ return OID("2.5.29.30"); }
◆ validate()
|
overridevirtual |
Reimplemented from Botan::Certificate_Extension.
Definition at line 653 of file x509_ext.cpp.
657 {
659 {
660 if(!subject.is_CA_cert())
661 {
662 cert_status.at(pos).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
663 }
664
665 const bool issuer_name_constraint_critical =
666 issuer.is_critical("X509v3.NameConstraints");
667
668 // Check that all subordinate certs pass the name constraint
669 for(size_t j = 0; j < pos; ++j)
670 {
672 bool failed = false;
673
675 {
676 switch(c.base().matches(*cert_path.at(j)))
677 {
678 case GeneralName::MatchResult::NotFound:
679 case GeneralName::MatchResult::All:
680 permitted = true;
681 break;
682 case GeneralName::MatchResult::UnknownType:
683 failed = issuer_name_constraint_critical;
684 permitted = true;
685 break;
686 default:
687 break;
688 }
689 }
690
692 {
693 switch(c.base().matches(*cert_path.at(j)))
694 {
695 case GeneralName::MatchResult::All:
696 case GeneralName::MatchResult::Some:
697 failed = true;
698 break;
699 case GeneralName::MatchResult::UnknownType:
700 failed = issuer_name_constraint_critical;
701 break;
702 default:
703 break;
704 }
705 }
706
707 if(failed || !permitted)
708 {
709 cert_status.at(j).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
710 }
711 }
712 }
713 }
const std::vector< GeneralSubtree > & permitted() const
Definition: pkix_types.h:335
const std::vector< GeneralSubtree > & excluded() const
Definition: pkix_types.h:340
@ NAME_CONSTRAINT_ERROR
References Botan::NameConstraints::excluded(), Botan::X509_Certificate::is_CA_cert(), Botan::X509_Certificate::is_critical(), Botan::NAME_CONSTRAINT_ERROR, and Botan::NameConstraints::permitted().
The documentation for this class was generated from the following files:
- src/lib/x509/x509_ext.h
- src/lib/x509/x509_ext.cpp
