Botan  2.4.0
Crypto and TLS for C++11
Classes | Public Member Functions | List of all members
Botan::Extensions Class Referencefinal

#include <x509_ext.h>

Inheritance diagram for Botan::Extensions:
Botan::ASN1_Object

Public Member Functions

void add (Certificate_Extension *extn, bool critical=false)
 
void contents_to (Data_Store &, Data_Store &) const
 
bool critical_extension_set (const OID &oid) const
 
void decode_from (class BER_Decoder &) override
 
void encode_into (class DER_Encoder &) const override
 
bool extension_set (const OID &oid) const
 
std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > extensions () const
 
 Extensions ()
 
 Extensions (const Extensions &)=default
 
 Extensions (Extensions &&)=default
 
std::map< OID, std::pair< std::vector< uint8_t >, bool > > extensions_raw () const
 
std::unique_ptr< Certificate_Extensionget (const OID &oid) const
 
std::vector< uint8_t > get_extension_bits (const OID &oid) const
 
const Certificate_Extensionget_extension_object (const OID &oid) const
 
template<typename T >
const Tget_extension_object_as (const OID &oid=T::static_oid()) const
 
const std::vector< OID > & get_extension_oids () const
 
template<typename T >
std::unique_ptr< Tget_raw (const OID &oid) const
 
Extensionsoperator= (const Extensions &)=default
 
Extensionsoperator= (Extensions &&)=default
 
void replace (Certificate_Extension *extn, bool critical=false)
 

Detailed Description

X.509 Certificate Extension List

Definition at line 90 of file x509_ext.h.

Constructor & Destructor Documentation

◆ Extensions() [1/3]

Botan::Extensions::Extensions ( )
inline

Definition at line 216 of file x509_ext.h.

References BOTAN_ASSERT_NONNULL.

216 {}

◆ Extensions() [2/3]

Botan::Extensions::Extensions ( const Extensions )
default

◆ Extensions() [3/3]

Botan::Extensions::Extensions ( Extensions &&  )
default

Member Function Documentation

◆ add()

void Botan::Extensions::add ( Certificate_Extension extn,
bool  critical = false 
)

Adds a new extension to the list.

Parameters
extnpointer to the certificate extension (Extensions takes ownership)
criticalwhether this extension should be marked as critical
Exceptions
Invalid_Argumentif the extension is already present in the list

Definition at line 122 of file x509_ext.cpp.

References Botan::Certificate_Extension::oid_name(), and Botan::Certificate_Extension::oid_of().

Referenced by Botan::X509::create_cert_req(), Botan::X509::create_self_signed_cert(), and Botan::X509_CA::update_crl().

123  {
124  // sanity check: we don't want to have the same extension more than once
125  if(m_extension_info.count(extn->oid_of()) > 0)
126  throw Invalid_Argument(extn->oid_name() + " extension already present in Extensions::add");
127 
128  const OID oid = extn->oid_of();
129  Extensions_Info info(critical, extn);
130  m_extension_oids.push_back(oid);
131  m_extension_info.emplace(oid, info);
132  }

◆ contents_to()

void Botan::Extensions::contents_to ( Data_Store subject_info,
Data_Store issuer_info 
) const

Definition at line 260 of file x509_ext.cpp.

References Botan::Data_Store::add().

262  {
263  for(auto&& m_extn_info : m_extension_info)
264  {
265  m_extn_info.second.obj().contents_to(subject_info, issuer_info);
266  subject_info.add(m_extn_info.second.obj().oid_name() + ".is_critical",
267  m_extn_info.second.is_critical());
268  }
269  }

◆ critical_extension_set()

bool Botan::Extensions::critical_extension_set ( const OID oid) const

Return true if an extesion was set and marked critical

Definition at line 150 of file x509_ext.cpp.

151  {
152  auto i = m_extension_info.find(oid);
153  if(i != m_extension_info.end())
154  return i->second.is_critical();
155  return false;
156  }

◆ decode_from()

void Botan::Extensions::decode_from ( class BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 229 of file x509_ext.cpp.

References Botan::BOOLEAN, Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_optional(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::more_items(), Botan::OCTET_STRING, Botan::SEQUENCE, Botan::BER_Decoder::start_cons(), Botan::UNIVERSAL, and Botan::BER_Decoder::verify_end().

230  {
231  m_extension_oids.clear();
232  m_extension_info.clear();
233 
234  BER_Decoder sequence = from_source.start_cons(SEQUENCE);
235 
236  while(sequence.more_items())
237  {
238  OID oid;
239  bool critical;
240  std::vector<uint8_t> bits;
241 
242  sequence.start_cons(SEQUENCE)
243  .decode(oid)
244  .decode_optional(critical, BOOLEAN, UNIVERSAL, false)
245  .decode(bits, OCTET_STRING)
246  .end_cons();
247 
248  std::unique_ptr<Certificate_Extension> obj = create_extn_obj(oid, critical, bits);
249  Extensions_Info info(critical, bits, obj.release());
250 
251  m_extension_oids.push_back(oid);
252  m_extension_info.emplace(oid, info);
253  }
254  sequence.verify_end();
255  }

◆ encode_into()

void Botan::Extensions::encode_into ( class DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 205 of file x509_ext.cpp.

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_optional(), Botan::DER_Encoder::end_cons(), Botan::OCTET_STRING, Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

206  {
207  for(auto ext_info : m_extension_info)
208  {
209  const OID& oid = ext_info.first;
210  const bool should_encode = ext_info.second.obj().should_encode();
211 
212  if(should_encode)
213  {
214  const bool is_critical = ext_info.second.is_critical();
215  const std::vector<uint8_t>& ext_value = ext_info.second.bits();
216 
217  to_object.start_cons(SEQUENCE)
218  .encode(oid)
219  .encode_optional(is_critical, false)
220  .encode(ext_value, OCTET_STRING)
221  .end_cons();
222  }
223  }
224  }

◆ extension_set()

bool Botan::Extensions::extension_set ( const OID oid) const

Return true if an extension was set

Definition at line 145 of file x509_ext.cpp.

146  {
147  return (m_extension_info.find(oid) != m_extension_info.end());
148  }

◆ extensions()

std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > Botan::Extensions::extensions ( ) const

Returns a copy of the list of extensions together with the corresponding criticality flag. All extensions are encoded as some object, falling back to Unknown_Extension class which simply allows reading the bytes as well as the criticality flag.

Definition at line 176 of file x509_ext.cpp.

Referenced by Botan::PKIX::check_chain().

177  {
178  std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> exts;
179  for(auto&& ext : m_extension_info)
180  {
181  exts.push_back(
182  std::make_pair(
183  std::unique_ptr<Certificate_Extension>(ext.second.obj().copy()),
184  ext.second.is_critical())
185  );
186  }
187  return exts;
188  }

◆ extensions_raw()

std::map< OID, std::pair< std::vector< uint8_t >, bool > > Botan::Extensions::extensions_raw ( ) const

Returns the list of extensions as raw, encoded bytes together with the corresponding criticality flag. Contains all extensions, including any extensions encoded as Unknown_Extension

Definition at line 190 of file x509_ext.cpp.

191  {
192  std::map<OID, std::pair<std::vector<uint8_t>, bool>> out;
193  for(auto&& ext : m_extension_info)
194  {
195  out.emplace(ext.first,
196  std::make_pair(ext.second.bits(),
197  ext.second.is_critical()));
198  }
199  return out;
200  }

◆ get()

std::unique_ptr< Certificate_Extension > Botan::Extensions::get ( const OID oid) const

Searches for an extension by OID and returns the result. Only the known extensions types declared in this header are searched for by this function.

Returns
Copy of extension with oid, nullptr if not found. Can avoid creating a copy by using get_extension_object function

Definition at line 167 of file x509_ext.cpp.

References get_extension_object().

168  {
169  if(const Certificate_Extension* ext = this->get_extension_object(oid))
170  {
171  return std::unique_ptr<Certificate_Extension>(ext->copy());
172  }
173  return nullptr;
174  }
const Certificate_Extension * get_extension_object(const OID &oid) const
Definition: x509_ext.cpp:158

◆ get_extension_bits()

std::vector<uint8_t> Botan::Extensions::get_extension_bits ( const OID oid) const

Return the raw bytes of the extension Will throw if OID was not set as an extension.

◆ get_extension_object()

const Certificate_Extension * Botan::Extensions::get_extension_object ( const OID oid) const

Look up an object in the extensions, based on OID Returns nullptr if not set, if the extension was either absent or not handled. The pointer returned is owned by the Extensions object. This would be better with an optional<T> return value

Definition at line 158 of file x509_ext.cpp.

Referenced by get().

159  {
160  auto extn = m_extension_info.find(oid);
161  if(extn == m_extension_info.end())
162  return nullptr;
163 
164  return &extn->second.obj();
165  }

◆ get_extension_object_as()

template<typename T >
const T* Botan::Extensions::get_extension_object_as ( const OID oid = T::static_oid()) const
inline

Definition at line 103 of file x509_ext.h.

References T.

104  {
105  if(const Certificate_Extension* extn = get_extension_object(oid))
106  {
107  if(const T* extn_as_T = dynamic_cast<const T*>(extn))
108  {
109  return extn_as_T;
110  }
111  else
112  {
113  throw Exception("Exception::get_extension_object_as dynamic_cast failed");
114  }
115  }
116 
117  return nullptr;
118  }
fe T
Definition: ge.cpp:37
const Certificate_Extension * get_extension_object(const OID &oid) const
Definition: x509_ext.cpp:158

◆ get_extension_oids()

const std::vector<OID>& Botan::Extensions::get_extension_oids ( ) const
inline

Return the set of extensions in the order they appeared in the certificate (or as they were added, if constructed)

Definition at line 124 of file x509_ext.h.

Referenced by Botan::PKIX::check_chain().

125  {
126  return m_extension_oids;
127  }

◆ get_raw()

template<typename T >
std::unique_ptr<T> Botan::Extensions::get_raw ( const OID oid) const
inline

Searches for an extension by OID and returns the result decoding it to some arbitrary extension type chosen by the application.

Only the unknown extensions, that is, extensions types that are not declared in this header, are searched for by this function.

Returns
Pointer to new extension with oid, nullptr if not found.

Definition at line 184 of file x509_ext.h.

References T.

185  {
186  auto extn_info = m_extension_info.find(oid);
187 
188  if(extn_info != m_extension_info.end())
189  {
190  // Unknown_Extension oid_name is empty
191  if(extn_info->second.obj().oid_name() == "")
192  {
193  std::unique_ptr<T> ext(new T);
194  ext->decode_inner(extn_info->second.bits());
195  return std::move(ext);
196  }
197  }
198  return nullptr;
199  }
fe T
Definition: ge.cpp:37

◆ operator=() [1/2]

Extensions& Botan::Extensions::operator= ( const Extensions )
default

◆ operator=() [2/2]

Extensions& Botan::Extensions::operator= ( Extensions &&  )
default

◆ replace()

void Botan::Extensions::replace ( Certificate_Extension extn,
bool  critical = false 
)

Adds an extension to the list or replaces it.

Parameters
extnthe certificate extension
criticalwhether this extension should be marked as critical

Definition at line 134 of file x509_ext.cpp.

References Botan::Certificate_Extension::oid_of().

Referenced by Botan::X509_CA::sign_request().

135  {
136  // Remove it if it existed
137  m_extension_info.erase(extn->oid_of());
138 
139  const OID oid = extn->oid_of();
140  Extensions_Info info(critical, extn);
141  m_extension_oids.push_back(oid);
142  m_extension_info.emplace(oid, info);
143  }

The documentation for this class was generated from the following files: