Botan::Cert_Extension::Name_Constraints Class Reference

#include <x509_ext.h>

Inheritance diagram for Botan::Cert_Extension::Name_Constraints:

Public Member Functions
std::unique_ptr< Certificate_Extension >	copy () const override
const NameConstraints &	get_name_constraints () const
	Name_Constraints ()=default
	Name_Constraints (const NameConstraints &nc)
OID	oid_of () const override
void	validate (const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override

Static Public Member Functions
static OID	static_oid ()

Detailed Description

Name Constraints

Definition at line 232 of file x509_ext.h.

Constructor & Destructor Documentation

Name_Constraints() [1/2]

Botan::Cert_Extension::Name_Constraints::Name_Constraints ( )

default

Name_Constraints() [2/2]

Botan::Cert_Extension::Name_Constraints::Name_Constraints ( const NameConstraints & nc )

inline

Definition at line 240 of file x509_ext.h.

: m_name_constraints(nc) {}

Member Function Documentation

copy()

std::unique_ptr< Certificate_Extension > Botan::Cert_Extension::Name_Constraints::copy ( ) const

inlineoverridevirtual

Make a copy of this extension

Returns

copy of this

Implements Botan::Certificate_Extension.

Definition at line 234 of file x509_ext.h.

                                                                 {
         return std::make_unique<Name_Constraints>(m_name_constraints);
      }

get_name_constraints()

const NameConstraints & Botan::Cert_Extension::Name_Constraints::get_name_constraints ( ) const

inline

Definition at line 248 of file x509_ext.h.

{ return m_name_constraints; }

oid_of()

OID Botan::Cert_Extension::Name_Constraints::oid_of ( ) const

inlineoverridevirtual

Returns

OID representing this extension

Implements Botan::Certificate_Extension.

Definition at line 252 of file x509_ext.h.

{ return static_oid(); }

static_oid()

static OID Botan::Cert_Extension::Name_Constraints::static_oid ( )

inlinestatic

Definition at line 250 of file x509_ext.h.

{ return OID("2.5.29.30"); }

validate()

void Botan::Cert_Extension::Name_Constraints::validate ( const X509_Certificate & subject, const X509_Certificate & issuer, const std::vector< X509_Certificate > & cert_path, std::vector< std::set< Certificate_Status_Code > > & cert_status, size_t pos )

overridevirtual

Reimplemented from Botan::Certificate_Extension.

Definition at line 524 of file x509_ext.cpp.

                                            {
   if(!m_name_constraints.permitted().empty() || !m_name_constraints.excluded().empty()) {
      if(!subject.is_CA_cert()) {
         cert_status.at(pos).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
      }
 
      const bool issuer_name_constraint_critical = subject.is_critical("X509v3.NameConstraints");
 
      // Check that all subordinate certs pass the name constraint
      for(size_t j = 0; j < pos; ++j) {
         const auto& cert = cert_path.at(j);
 
         if(!m_name_constraints.is_permitted(cert, issuer_name_constraint_critical)) {
            cert_status.at(j).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
            continue;
         }
 
         if(m_name_constraints.is_excluded(cert, issuer_name_constraint_critical)) {
            cert_status.at(j).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
            continue;
         }
      }
   }
}

References Botan::NameConstraints::excluded(), Botan::X509_Certificate::is_CA_cert(), Botan::X509_Certificate::is_critical(), Botan::NameConstraints::is_excluded(), Botan::NameConstraints::is_permitted(), Botan::NAME_CONSTRAINT_ERROR, and Botan::NameConstraints::permitted().

---

The documentation for this class was generated from the following files:

• src/lib/x509/x509_ext.h
• src/lib/x509/x509_ext.cpp