Botan  2.7.0
Crypto and TLS for C++11
Public Types | Public Member Functions | List of all members
Botan::GeneralName Class Referencefinal

X.509 GeneralName Type. More...

#include <name_constraint.h>

Inheritance diagram for Botan::GeneralName:
Botan::ASN1_Object

Public Types

enum  MatchResult : int {
  All, Some, None, NotFound,
  UnknownType
}
 

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
void decode_from (BER_Decoder &) override
 
void encode_into (DER_Encoder &) const override
 
 GeneralName ()=default
 
 GeneralName (const std::string &str)
 
MatchResult matches (const X509_Certificate &cert) const
 
const std::string & name () const
 
const std::string & type () const
 

Detailed Description

X.509 GeneralName Type.

Handles parsing GeneralName types in their BER and canonical string encoding. Allows matching GeneralNames against each other using the rules laid out in the RFC 5280, sec. 4.2.1.10 (Name Contraints).

Definition at line 28 of file name_constraint.h.

Member Enumeration Documentation

◆ MatchResult

Enumerator
All 
Some 
None 
NotFound 
UnknownType 

Definition at line 31 of file name_constraint.h.

Constructor & Destructor Documentation

◆ GeneralName() [1/2]

Botan::GeneralName::GeneralName ( )
default

Creates an empty GeneralName.

◆ GeneralName() [2/2]

Botan::GeneralName::GeneralName ( const std::string &  str)

Creates a new GeneralName for its string format.

Parameters
strtype and name, colon-separated, e.g., "DNS:google.com"

Definition at line 21 of file name_constraint.cpp.

21  : GeneralName()
22  {
23  size_t p = str.find(':');
24 
25  if(p != std::string::npos)
26  {
27  m_type = str.substr(0, p);
28  m_name = str.substr(p + 1, std::string::npos);
29  }
30  else
31  {
32  throw Invalid_Argument("Failed to decode Name Constraint");
33  }
34  }
GeneralName()=default

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 16 of file asn1_obj.cpp.

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSSR::config_for_x509(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

17  {
18  std::vector<uint8_t> output;
19  DER_Encoder der(output);
20  this->encode_into(der);
21  return output;
22  }
virtual void encode_into(DER_Encoder &to) const =0

◆ decode_from()

void Botan::GeneralName::decode_from ( BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 41 of file name_constraint.cpp.

References Botan::CONTEXT_SPECIFIC, Botan::BER_Decoder::get_next_object(), and Botan::BER_Object::is_a().

42  {
43  BER_Object obj = ber.get_next_object();
44 
45  if(obj.is_a(1, CONTEXT_SPECIFIC))
46  {
47  m_type = "RFC822";
48  m_name = ASN1::to_string(obj);
49  }
50  else if(obj.is_a(2, CONTEXT_SPECIFIC))
51  {
52  m_type = "DNS";
53  m_name = ASN1::to_string(obj);
54  }
55  else if(obj.is_a(6, CONTEXT_SPECIFIC))
56  {
57  m_type = "URI";
58  m_name = ASN1::to_string(obj);
59  }
60  else if(obj.is_a(4, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)))
61  {
62  m_type = "DN";
63  X509_DN dn;
64  BER_Decoder dec(obj);
65  std::stringstream ss;
66 
67  dn.decode_from(dec);
68  ss << dn;
69 
70  m_name = ss.str();
71  }
72  else if(obj.is_a(7, CONTEXT_SPECIFIC))
73  {
74  if(obj.length() == 8)
75  {
76  m_type = "IP";
77  m_name = ipv4_to_string(load_be<uint32_t>(obj.bits(), 0)) + "/" +
78  ipv4_to_string(load_be<uint32_t>(obj.bits(), 1));
79  }
80  else if(obj.length() == 32)
81  {
82  throw Decoding_Error("Unsupported IPv6 name constraint");
83  }
84  else
85  {
86  throw Decoding_Error("Invalid IP name constraint size " + std::to_string(obj.length()));
87  }
88  }
89  else
90  {
91  throw Decoding_Error("Found unknown GeneralName type");
92  }
93  }
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:177
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
ASN1_Tag
Definition: asn1_obj.h:22
std::string ipv4_to_string(uint32_t ip)
Definition: parsing.cpp:294

◆ encode_into()

void Botan::GeneralName::encode_into ( DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 36 of file name_constraint.cpp.

37  {
38  throw Not_Implemented("GeneralName encoding");
39  }

◆ matches()

GeneralName::MatchResult Botan::GeneralName::matches ( const X509_Certificate cert) const

Checks whether a given certificate (partially) matches this name.

Parameters
certcertificate to be matched
Returns
the match result

Definition at line 95 of file name_constraint.cpp.

References Botan::AlternativeName::get_attribute(), Botan::X509_DN::get_attribute(), Botan::X509_Certificate::subject_alt_name(), Botan::X509_Certificate::subject_dn(), and type().

96  {
97  std::vector<std::string> nam;
98  std::function<bool(const GeneralName*, const std::string&)> match_fn;
99 
100  const X509_DN& dn = cert.subject_dn();
101  const AlternativeName& alt_name = cert.subject_alt_name();
102 
103  if(type() == "DNS")
104  {
105  match_fn = std::mem_fn(&GeneralName::matches_dns);
106 
107  nam = alt_name.get_attribute("DNS");
108 
109  if(nam.empty())
110  {
111  nam = dn.get_attribute("CN");
112  }
113  }
114  else if(type() == "DN")
115  {
116  match_fn = std::mem_fn(&GeneralName::matches_dn);
117 
118  std::stringstream ss;
119  ss << dn;
120  nam.push_back(ss.str());
121  }
122  else if(type() == "IP")
123  {
124  match_fn = std::mem_fn(&GeneralName::matches_ip);
125  nam = alt_name.get_attribute("IP");
126  }
127  else
128  {
129  return MatchResult::UnknownType;
130  }
131 
132  if(nam.empty())
133  {
134  return MatchResult::NotFound;
135  }
136 
137  bool some = false;
138  bool all = true;
139 
140  for(const std::string& n: nam)
141  {
142  bool m = match_fn(this, n);
143 
144  some |= m;
145  all &= m;
146  }
147 
148  if(all)
149  {
150  return MatchResult::All;
151  }
152  else if(some)
153  {
154  return MatchResult::Some;
155  }
156  else
157  {
158  return MatchResult::None;
159  }
160  }
const std::string & type() const

◆ name()

const std::string& Botan::GeneralName::name ( ) const
inline
Returns
The name as string. Format depends on type.

Definition at line 63 of file name_constraint.h.

Referenced by Botan::operator<<().

63 { return m_name; }

◆ type()

const std::string& Botan::GeneralName::type ( ) const
inline
Returns
Type of the name. Can be DN, DNS, IP, RFC822 or URI.

Definition at line 58 of file name_constraint.h.

Referenced by matches(), and Botan::operator<<().

58 { return m_type; }

The documentation for this class was generated from the following files: