Botan 3.9.0
Crypto and TLS for C&
Botan::Extensions Class Referencefinal

#include <pkix_types.h>

Inheritance diagram for Botan::Extensions:
Botan::ASN1_Object

Public Member Functions

void add (std::unique_ptr< Certificate_Extension > extn, bool critical=false)
bool add_new (std::unique_ptr< Certificate_Extension > extn, bool critical=false)
std::vector< uint8_t > BER_encode () const
bool critical_extension_set (const OID &oid) const
void decode_from (BER_Decoder &from) override
void encode_into (DER_Encoder &to) const override
bool extension_set (const OID &oid) const
 Extensions ()=default
 Extensions (const Extensions &)=default
 Extensions (Extensions &&)=default
std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > extensions () const
std::map< OID, std::pair< std::vector< uint8_t >, bool > > extensions_raw () const
std::unique_ptr< Certificate_Extensionget (const OID &oid) const
std::vector< uint8_t > get_extension_bits (const OID &oid) const
const Certificate_Extensionget_extension_object (const OID &oid) const
template<typename T>
const T * get_extension_object_as (const OID &oid=T::static_oid()) const
const std::vector< OID > & get_extension_oids () const
template<typename T>
std::unique_ptr< T > get_raw (const OID &oid) const
Extensionsoperator= (const Extensions &)=default
Extensionsoperator= (Extensions &&)=default
bool remove (const OID &oid)
void replace (std::unique_ptr< Certificate_Extension > extn, bool critical=false)
 ~Extensions () override=default

Detailed Description

X.509 Certificate Extension List

Definition at line 474 of file pkix_types.h.

Constructor & Destructor Documentation

◆ Extensions() [1/3]

Botan::Extensions::Extensions ( )
default

◆ Extensions() [2/3]

Botan::Extensions::Extensions ( const Extensions & )
default

References Extensions().

◆ Extensions() [3/3]

Botan::Extensions::Extensions ( Extensions && )
default

References Extensions().

◆ ~Extensions()

Botan::Extensions::~Extensions ( )
overridedefault

References BOTAN_UNSTABLE_API.

Member Function Documentation

◆ add()

void Botan::Extensions::add ( std::unique_ptr< Certificate_Extension > extn,
bool critical = false )

Adds a new extension to the list.

Parameters
extnpointer to the certificate extension (Extensions takes ownership)
criticalwhether this extension should be marked as critical
Exceptions
Invalid_Argumentif the extension is already present in the list

Definition at line 143 of file x509_ext.cpp.

143 {
144 // sanity check: we don't want to have the same extension more than once
145 if(m_extension_info.contains(extn->oid_of())) {
146 const std::string name = extn->oid_name();
147 throw Invalid_Argument("Extension " + name + " already present in Extensions::add");
148 }
149
150 const OID oid = extn->oid_of();
151 Extensions_Info info(critical, std::move(extn));
152 m_extension_oids.push_back(oid);
153 m_extension_info.emplace(oid, info);
154}

◆ add_new()

bool Botan::Extensions::add_new ( std::unique_ptr< Certificate_Extension > extn,
bool critical = false )

Adds a new extension to the list unless it already exists. If the extension already exists within the Extensions object, the extn pointer will be deleted.

Parameters
extnpointer to the certificate extension (Extensions takes ownership)
criticalwhether this extension should be marked as critical
Returns
true if the object was added false if the extension was already used

Definition at line 156 of file x509_ext.cpp.

156 {
157 if(m_extension_info.contains(extn->oid_of())) {
158 return false; // already exists
159 }
160
161 const OID oid = extn->oid_of();
162 Extensions_Info info(critical, std::move(extn));
163 m_extension_oids.push_back(oid);
164 m_extension_info.emplace(oid, info);
165 return true;
166}

Referenced by Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 19 of file asn1_obj.cpp.

19 {
20 std::vector<uint8_t> output;
21 DER_Encoder der(output);
22 this->encode_into(der);
23 return output;
24}
virtual void encode_into(DER_Encoder &to) const =0

References encode_into().

Referenced by decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), Botan::PSS_Params::PSS_Params(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ critical_extension_set()

bool Botan::Extensions::critical_extension_set ( const OID & oid) const

Return true if an extesion was set and marked critical

Definition at line 192 of file x509_ext.cpp.

192 {
193 auto i = m_extension_info.find(oid);
194 if(i != m_extension_info.end()) {
195 return i->second.is_critical();
196 }
197 return false;
198}

Referenced by Botan::X509_Certificate::is_critical().

◆ decode_from()

void Botan::Extensions::decode_from ( BER_Decoder & from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 265 of file x509_ext.cpp.

265 {
266 m_extension_oids.clear();
267 m_extension_info.clear();
268
269 BER_Decoder sequence = from_source.start_sequence();
270
271 while(sequence.more_items()) {
272 OID oid;
273 bool critical = false;
274 std::vector<uint8_t> bits;
275
276 sequence.start_sequence()
277 .decode(oid)
278 .decode_optional(critical, ASN1_Type::Boolean, ASN1_Class::Universal, false)
279 .decode(bits, ASN1_Type::OctetString)
280 .end_cons();
281
282 auto obj = create_extn_obj(oid, critical, bits);
283 Extensions_Info info(critical, bits, std::move(obj));
284
285 m_extension_oids.push_back(oid);
286 m_extension_info.emplace(oid, info);
287 }
288 sequence.verify_end();
289}

References Botan::Boolean, Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_optional(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::more_items(), Botan::OctetString, Botan::BER_Decoder::start_sequence(), Botan::Universal, and Botan::BER_Decoder::verify_end().

◆ encode_into()

void Botan::Extensions::encode_into ( DER_Encoder & to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 245 of file x509_ext.cpp.

245 {
246 for(const auto& [oid, extn] : m_extension_info) {
247 const bool should_encode = extn.obj().should_encode();
248
249 if(should_encode) {
250 const auto is_critical = extn.is_critical() ? std::optional<bool>{true} : std::nullopt;
251 const std::vector<uint8_t>& ext_value = extn.bits();
252
253 to_object.start_sequence()
254 .encode(oid)
255 .encode_optional(is_critical)
256 .encode(ext_value, ASN1_Type::OctetString)
257 .end_cons();
258 }
259 }
260}

References Botan::DER_Encoder::encode(), Botan::DER_Encoder::encode_optional(), Botan::DER_Encoder::end_cons(), Botan::OctetString, and Botan::DER_Encoder::start_sequence().

◆ extension_set()

bool Botan::Extensions::extension_set ( const OID & oid) const

Return true if an extension was set

Definition at line 188 of file x509_ext.cpp.

188 {
189 return m_extension_info.contains(oid);
190}

◆ extensions()

std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > Botan::Extensions::extensions ( ) const

Returns a copy of the list of extensions together with the corresponding criticality flag. All extensions are encoded as some object, falling back to Unknown_Extension class which simply allows reading the bytes as well as the criticality flag.

Definition at line 225 of file x509_ext.cpp.

225 {
226 std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> exts;
227 exts.reserve(m_extension_info.size());
228 for(auto&& ext : m_extension_info) {
229 exts.push_back(std::make_pair(ext.second.obj().copy(), ext.second.is_critical()));
230 }
231 return exts;
232}

Referenced by Botan::PKIX::check_chain(), and Botan::X509_CA::choose_extensions().

◆ extensions_raw()

std::map< OID, std::pair< std::vector< uint8_t >, bool > > Botan::Extensions::extensions_raw ( ) const

Returns the list of extensions as raw, encoded bytes together with the corresponding criticality flag. Contains all extensions, including any extensions encoded as Unknown_Extension

Definition at line 234 of file x509_ext.cpp.

234 {
235 std::map<OID, std::pair<std::vector<uint8_t>, bool>> out;
236 for(auto&& ext : m_extension_info) {
237 out.emplace(ext.first, std::make_pair(ext.second.bits(), ext.second.is_critical()));
238 }
239 return out;
240}

◆ get()

std::unique_ptr< Certificate_Extension > Botan::Extensions::get ( const OID & oid) const

Searches for an extension by OID and returns the result. Only the known extensions types declared in this header are searched for by this function.

Returns
Copy of extension with oid, nullptr if not found. Can avoid creating a copy by using get_extension_object function

Definition at line 218 of file x509_ext.cpp.

218 {
219 if(const Certificate_Extension* ext = this->get_extension_object(oid)) {
220 return ext->copy();
221 }
222 return nullptr;
223}
const Certificate_Extension * get_extension_object(const OID &oid) const
Definition x509_ext.cpp:209

References get_extension_object().

◆ get_extension_bits()

std::vector< uint8_t > Botan::Extensions::get_extension_bits ( const OID & oid) const

Return the raw bytes of the extension Will throw if OID was not set as an extension.

Definition at line 200 of file x509_ext.cpp.

200 {
201 auto i = m_extension_info.find(oid);
202 if(i == m_extension_info.end()) {
203 throw Invalid_Argument("Extensions::get_extension_bits no such extension set");
204 }
205
206 return i->second.bits();
207}

◆ get_extension_object()

const Certificate_Extension * Botan::Extensions::get_extension_object ( const OID & oid) const

Look up an object in the extensions, based on OID Returns nullptr if not set, if the extension was either absent or not handled. The pointer returned is owned by the Extensions object. This would be better with an optional<T> return value

Definition at line 209 of file x509_ext.cpp.

209 {
210 auto extn = m_extension_info.find(oid);
211 if(extn == m_extension_info.end()) {
212 return nullptr;
213 }
214
215 return &extn->second.obj();
216}

Referenced by get(), and get_extension_object_as().

◆ get_extension_object_as()

template<typename T>
const T * Botan::Extensions::get_extension_object_as ( const OID & oid = T::static_oid()) const
inline

Definition at line 486 of file pkix_types.h.

486 {
487 if(const Certificate_Extension* extn = get_extension_object(oid)) {
488 // Unknown_Extension oid_name is empty
489 if(extn->oid_name().empty()) {
490 return nullptr;
491 } else if(const T* extn_as_T = dynamic_cast<const T*>(extn)) {
492 return extn_as_T;
493 } else {
494 throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed");
495 }
496 }
497
498 return nullptr;
499 }

References get_extension_object().

◆ get_extension_oids()

const std::vector< OID > & Botan::Extensions::get_extension_oids ( ) const
inline

Return the set of extensions in the order they appeared in the certificate (or as they were added, if constructed)

Definition at line 505 of file pkix_types.h.

505{ return m_extension_oids; }

Referenced by Botan::PKIX::check_chain().

◆ get_raw()

template<typename T>
std::unique_ptr< T > Botan::Extensions::get_raw ( const OID & oid) const
inline

Searches for an extension by OID and returns the result decoding it to some arbitrary extension type chosen by the application.

Only the unknown extensions, that is, extensions types that are not declared in this header, are searched for by this function.

Returns
Pointer to new extension with oid, nullptr if not found.

Definition at line 577 of file pkix_types.h.

577 {
578 auto extn_info = m_extension_info.find(oid);
579
580 if(extn_info != m_extension_info.end()) {
581 // Unknown_Extension oid_name is empty
582 if(extn_info->second.obj().oid_name().empty()) {
583 auto ext = std::make_unique<T>();
584 ext->decode_inner(extn_info->second.bits());
585 return ext;
586 }
587 }
588 return nullptr;
589 }

◆ operator=() [1/2]

Extensions & Botan::Extensions::operator= ( const Extensions & )
default

References Extensions().

◆ operator=() [2/2]

Extensions & Botan::Extensions::operator= ( Extensions && )
default

References Extensions().

◆ remove()

bool Botan::Extensions::remove ( const OID & oid)

Remove an extension from the list. Returns true if the extension had been set, false otherwise.

Definition at line 168 of file x509_ext.cpp.

168 {
169 const bool erased = m_extension_info.erase(oid) > 0;
170
171 if(erased) {
172 m_extension_oids.erase(std::find(m_extension_oids.begin(), m_extension_oids.end(), oid));
173 }
174
175 return erased;
176}

Referenced by replace().

◆ replace()

void Botan::Extensions::replace ( std::unique_ptr< Certificate_Extension > extn,
bool critical = false )

Adds an extension to the list or replaces it.

Parameters
extnthe certificate extension
criticalwhether this extension should be marked as critical

Definition at line 178 of file x509_ext.cpp.

178 {
179 // Remove it if it existed
180 remove(extn->oid_of());
181
182 const OID oid = extn->oid_of();
183 Extensions_Info info(critical, std::move(extn));
184 m_extension_oids.push_back(oid);
185 m_extension_info.emplace(oid, info);
186}
bool remove(const OID &oid)
Definition x509_ext.cpp:168

References remove().

Referenced by Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().


The documentation for this class was generated from the following files: