Botan  2.18.2
Crypto and TLS for C++11
Public Types | Public Member Functions | List of all members
Botan::GeneralName Class Referencefinal

X.509 GeneralName Type. More...

#include <pkix_types.h>

Inheritance diagram for Botan::GeneralName:
Botan::ASN1_Object

Public Types

enum  MatchResult : int {
  All, Some, None, NotFound,
  UnknownType
}
 

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
void decode_from (BER_Decoder &) override
 
void encode_into (DER_Encoder &) const override
 
 GeneralName ()=default
 
 GeneralName (const std::string &str)
 
MatchResult matches (const X509_Certificate &cert) const
 
const std::string & name () const
 
const std::string & type () const
 

Detailed Description

X.509 GeneralName Type.

Handles parsing GeneralName types in their BER and canonical string encoding. Allows matching GeneralNames against each other using the rules laid out in the RFC 5280, sec. 4.2.1.10 (Name Contraints).

Definition at line 195 of file pkix_types.h.

Member Enumeration Documentation

◆ MatchResult

Enumerator
All 
Some 
None 
NotFound 
UnknownType 

Definition at line 198 of file pkix_types.h.

Constructor & Destructor Documentation

◆ GeneralName() [1/2]

Botan::GeneralName::GeneralName ( )
default

Creates an empty GeneralName.

◆ GeneralName() [2/2]

Botan::GeneralName::GeneralName ( const std::string &  str)

Creates a new GeneralName for its string format.

Parameters
strtype and name, colon-separated, e.g., "DNS:google.com"

Definition at line 19 of file name_constraint.cpp.

19  : GeneralName()
20  {
21  size_t p = str.find(':');
22 
23  if(p != std::string::npos)
24  {
25  m_type = str.substr(0, p);
26  m_name = str.substr(p + 1, std::string::npos);
27  }
28  else
29  {
30  throw Invalid_Argument("Failed to decode Name Constraint");
31  }
32  }
GeneralName()=default

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 16 of file asn1_obj.cpp.

References Botan::ASN1_Object::encode_into().

Referenced by Botan::PSSR::config_for_x509(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), and Botan::Certificate_Store_In_SQL::revoke_cert().

17  {
18  std::vector<uint8_t> output;
19  DER_Encoder der(output);
20  this->encode_into(der);
21  return output;
22  }
virtual void encode_into(DER_Encoder &to) const =0

◆ decode_from()

void Botan::GeneralName::decode_from ( BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 39 of file name_constraint.cpp.

References Botan::CONTEXT_SPECIFIC, Botan::BER_Decoder::get_next_object(), and Botan::BER_Object::is_a().

40  {
41  BER_Object obj = ber.get_next_object();
42 
43  if(obj.is_a(1, CONTEXT_SPECIFIC))
44  {
45  m_type = "RFC822";
46  m_name = ASN1::to_string(obj);
47  }
48  else if(obj.is_a(2, CONTEXT_SPECIFIC))
49  {
50  m_type = "DNS";
51  m_name = ASN1::to_string(obj);
52  }
53  else if(obj.is_a(6, CONTEXT_SPECIFIC))
54  {
55  m_type = "URI";
56  m_name = ASN1::to_string(obj);
57  }
58  else if(obj.is_a(4, ASN1_Tag(CONTEXT_SPECIFIC | CONSTRUCTED)))
59  {
60  m_type = "DN";
61  X509_DN dn;
62  BER_Decoder dec(obj);
63  std::stringstream ss;
64 
65  dn.decode_from(dec);
66  ss << dn;
67 
68  m_name = ss.str();
69  }
70  else if(obj.is_a(7, CONTEXT_SPECIFIC))
71  {
72  if(obj.length() == 8)
73  {
74  m_type = "IP";
75  m_name = ipv4_to_string(load_be<uint32_t>(obj.bits(), 0)) + "/" +
76  ipv4_to_string(load_be<uint32_t>(obj.bits(), 1));
77  }
78  else if(obj.length() == 32)
79  {
80  throw Decoding_Error("Unsupported IPv6 name constraint");
81  }
82  else
83  {
84  throw Decoding_Error("Invalid IP name constraint size " + std::to_string(obj.length()));
85  }
86  }
87  else
88  {
89  throw Decoding_Error("Found unknown GeneralName type");
90  }
91  }
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:179
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
ASN1_Tag
Definition: asn1_obj.h:25
std::string ipv4_to_string(uint32_t ip)
Definition: parsing.cpp:278

◆ encode_into()

void Botan::GeneralName::encode_into ( DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 34 of file name_constraint.cpp.

35  {
36  throw Not_Implemented("GeneralName encoding");
37  }

◆ matches()

GeneralName::MatchResult Botan::GeneralName::matches ( const X509_Certificate cert) const

Checks whether a given certificate (partially) matches this name.

Parameters
certcertificate to be matched
Returns
the match result

Definition at line 93 of file name_constraint.cpp.

References Botan::AlternativeName::dn(), Botan::X509_DN::get_attribute(), Botan::AlternativeName::get_attribute(), Botan::X509_Certificate::subject_alt_name(), Botan::X509_Certificate::subject_dn(), Botan::X509_DN::to_string(), and type().

94  {
95  std::vector<std::string> nam;
96  std::function<bool(const GeneralName*, const std::string&)> match_fn;
97 
98  const X509_DN& dn = cert.subject_dn();
99  const AlternativeName& alt_name = cert.subject_alt_name();
100 
101  if(type() == "DNS")
102  {
103  match_fn = std::mem_fn(&GeneralName::matches_dns);
104 
105  nam = alt_name.get_attribute("DNS");
106 
107  if(nam.empty())
108  {
109  nam = dn.get_attribute("CN");
110  }
111  }
112  else if(type() == "DN")
113  {
114  match_fn = std::mem_fn(&GeneralName::matches_dn);
115 
116  nam.push_back(dn.to_string());
117 
118  const auto alt_dn = alt_name.dn();
119  if(alt_dn.empty() == false)
120  {
121  nam.push_back(alt_dn.to_string());
122  }
123  }
124  else if(type() == "IP")
125  {
126  match_fn = std::mem_fn(&GeneralName::matches_ip);
127  nam = alt_name.get_attribute("IP");
128  }
129  else
130  {
131  return MatchResult::UnknownType;
132  }
133 
134  if(nam.empty())
135  {
136  return MatchResult::NotFound;
137  }
138 
139  bool some = false;
140  bool all = true;
141 
142  for(const std::string& n: nam)
143  {
144  bool m = match_fn(this, n);
145 
146  some |= m;
147  all &= m;
148  }
149 
150  if(all)
151  {
152  return MatchResult::All;
153  }
154  else if(some)
155  {
156  return MatchResult::Some;
157  }
158  else
159  {
160  return MatchResult::None;
161  }
162  }
const std::string & type() const
Definition: pkix_types.h:225

◆ name()

const std::string& Botan::GeneralName::name ( ) const
inline
Returns
The name as string. Format depends on type.

Definition at line 230 of file pkix_types.h.

Referenced by Botan::operator<<().

230 { return m_name; }

◆ type()

const std::string& Botan::GeneralName::type ( ) const
inline
Returns
Type of the name. Can be DN, DNS, IP, RFC822 or URI.

Definition at line 225 of file pkix_types.h.

Referenced by matches(), and Botan::operator<<().

225 { return m_type; }

The documentation for this class was generated from the following files: