Botan 3.11.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::GeneralName Class Referencefinal

X.509 GeneralName Type. More...

#include <pkix_types.h>

Inheritance diagram for Botan::GeneralName:
Botan::ASN1_Object

Public Types

enum  MatchResult : uint8_t {
  All , Some , None , NotFound ,
  UnknownType
}
enum class  NameType : uint8_t {
  Unknown = 0 , RFC822 = 1 , DNS = 2 , URI = 3 ,
  DN = 4 , IPv4 = 5 , Other = 6
}

Public Member Functions

std::vector< uint8_t > BER_encode () const
std::vector< uint8_t > binary_name () const
void decode_from (BER_Decoder &from) override
void encode_into (DER_Encoder &to) const override
 GeneralName ()=default
MatchResult matches (const X509_Certificate &cert) const
bool matches_dn (const X509_DN &dn) const
bool matches_dns (const std::string &dns_name) const
bool matches_ipv4 (uint32_t ip) const
std::string name () const
std::string type () const
NameType type_code () const

Static Public Member Functions

static GeneralName directory_name (Botan::X509_DN dn)
static GeneralName dns (std::string_view dns)
static GeneralName email (std::string_view email)
static GeneralName ipv4_address (uint32_t ipv4)
static GeneralName ipv4_address (uint32_t ipv4, uint32_t mask)
static GeneralName uri (std::string_view uri)

Detailed Description

X.509 GeneralName Type.

Handles parsing GeneralName types in their BER and canonical string encoding. Allows matching GeneralNames against each other using the rules laid out in the RFC 5280, sec. 4.2.1.10 (Name Constraints).

This entire class is deprecated and will be removed in a future major release

Definition at line 274 of file pkix_types.h.

Member Enumeration Documentation

◆ MatchResult

enum Botan::GeneralName::MatchResult : uint8_t
Enumerator
All 
Some 
None 
NotFound 
UnknownType 

Definition at line 276 of file pkix_types.h.

276 : uint8_t /* NOLINT(*-use-enum-class) */ {
277 All,
278 Some,
279 None,
280 NotFound,
281 UnknownType,
282 };

◆ NameType

enum class Botan::GeneralName::NameType : uint8_t
strong
Enumerator
Unknown 
RFC822 
DNS 
URI 
DN 
IPv4 
Other 

Definition at line 284 of file pkix_types.h.

284 : uint8_t {
285 Unknown = 0,
286 RFC822 = 1,
287 DNS = 2,
288 URI = 3,
289 DN = 4,
290 IPv4 = 5,
291 Other = 6,
292 };

Constructor & Destructor Documentation

◆ GeneralName()

Botan::GeneralName::GeneralName ( )
default

References decode_from(), directory_name(), dns(), email(), encode_into(), GeneralName(), ipv4_address(), and uri().

Referenced by directory_name(), dns(), email(), GeneralName(), ipv4_address(), ipv4_address(), and uri().

Member Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::ASN1_Object::BER_encode ( ) const
inherited

Return the encoding of this object. This is a convenience method when just one object needs to be serialized. Use DER_Encoder for complicated encodings.

Definition at line 20 of file asn1_obj.cpp.

20 {
21 std::vector<uint8_t> output;
22 DER_Encoder der(output);
23 this->encode_into(der);
24 return output;
25}
Botan::ASN1_Object::encode_into
virtual void encode_into(DER_Encoder &to) const =0

References encode_into().

Referenced by decode_from(), Botan::Certificate_Store_In_SQL::find_all_certs(), Botan::Certificate_Store_In_SQL::find_cert(), Botan::Certificate_Store_Windows::find_cert_by_issuer_dn_and_serial_number(), Botan::X509_Certificate::fingerprint(), Botan::Certificate_Store_In_SQL::insert_cert(), Botan::X509_Object::PEM_encode(), Botan::PSS_Params::PSS_Params(), and Botan::Certificate_Store_In_SQL::revoke_cert().

◆ binary_name()

std::vector< uint8_t > Botan::GeneralName::binary_name ( ) const
Returns
The name as binary string. Format depends on type.

Definition at line 109 of file name_constraint.cpp.

109 {
110 return std::visit(Botan::overloaded{
111 [](const Botan::X509_DN& dn) { return Botan::ASN1::put_in_sequence(dn.get_bits()); },
112 [](const std::pair<uint32_t, uint32_t>& ip) {
113 if(ip.second == blind_mask) {
114 return store_be<std::vector<uint8_t>>(ip.first);
115 } else {
116 return concat<std::vector<uint8_t>>(store_be(ip.first), store_be(ip.second));
117 }
118 },
119 [](const auto&) -> std::vector<uint8_t> {
120 throw Invalid_State("Cannot convert GeneralName to binary string");
121 },
122 },
123 m_name);
124}
Botan::ASN1::put_in_sequence
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition asn1_obj.cpp:177
Botan::concat
constexpr auto concat(Rs &&... ranges)
Definition concat_util.h:90
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745
Botan::overloaded
overloaded(Ts...) -> overloaded< Ts... >

References Botan::concat(), Botan::ASN1::put_in_sequence(), and Botan::store_be().

Referenced by botan_x509_general_name_view_binary_value().

◆ decode_from()

void Botan::GeneralName::decode_from ( BER_Decoder & from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 130 of file name_constraint.cpp.

130 {
131 const BER_Object obj = ber.get_next_object();
132
133 if(obj.is_a(0, ASN1_Class::ExplicitContextSpecific)) {
134 m_type = NameType::Other;
135 } else if(obj.is_a(1, ASN1_Class::ContextSpecific)) {
136 m_type = NameType::RFC822;
137 m_name.emplace<RFC822_IDX>(ASN1::to_string(obj));
138 } else if(obj.is_a(2, ASN1_Class::ContextSpecific)) {
139 m_type = NameType::DNS;
140 // Store it in case insensitive form so we don't have to do it
141 // again while matching
142 m_name.emplace<DNS_IDX>(canonicalize_dns_name(ASN1::to_string(obj)));
143 } else if(obj.is_a(6, ASN1_Class::ContextSpecific)) {
144 m_type = NameType::URI;
145 m_name.emplace<URI_IDX>(ASN1::to_string(obj));
146 } else if(obj.is_a(4, ASN1_Class::ContextSpecific | ASN1_Class::Constructed)) {
147 X509_DN dn;
148 BER_Decoder dec(obj);
149 dn.decode_from(dec);
150 m_type = NameType::DN;
151 m_name.emplace<DN_IDX>(dn);
152 } else if(obj.is_a(7, ASN1_Class::ContextSpecific)) {
153 if(obj.length() == 8) {
154 const uint32_t net = load_be<uint32_t>(obj.bits(), 0);
155 const uint32_t mask = load_be<uint32_t>(obj.bits(), 1);
156
157 m_type = NameType::IPv4;
158 m_name.emplace<IPV4_IDX>(std::make_pair(net, mask));
159 } else if(obj.length() == 32) {
160 // IPv6 name constraints are not implemented
161 m_type = NameType::Unknown;
162 } else {
163 throw Decoding_Error("Invalid IP name constraint size " + std::to_string(obj.length()));
164 }
165 } else {
166 m_type = NameType::Unknown;
167 }
168}
Botan::ASN1::to_string
std::string to_string(const BER_Object &obj)
Definition asn1_obj.cpp:190
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504

References Botan::BER_Object::bits(), Botan::Constructed, Botan::ContextSpecific, Botan::X509_DN::decode_from(), DN, DNS, Botan::ExplicitContextSpecific, Botan::BER_Decoder::get_next_object(), IPv4, Botan::BER_Object::is_a(), Botan::BER_Object::length(), Botan::load_be(), Other, RFC822, Botan::ASN1::to_string(), Unknown, and URI.

Referenced by GeneralName().

◆ directory_name()

GeneralName Botan::GeneralName::directory_name ( Botan::X509_DN dn)
static

Definition at line 74 of file name_constraint.cpp.

74 {
75 return GeneralName::make<DN_IDX>(std::move(dn));
76}

References GeneralName().

Referenced by GeneralName().

◆ dns()

GeneralName Botan::GeneralName::dns ( std::string_view dns)
static

Definition at line 66 of file name_constraint.cpp.

66 {
67 return GeneralName::make<DNS_IDX>(dns);
68}
Botan::GeneralName::dns
static GeneralName dns(std::string_view dns)
Definition name_constraint.cpp:66

References dns(), and GeneralName().

Referenced by dns(), GeneralName(), and matches().

◆ email()

GeneralName Botan::GeneralName::email ( std::string_view email)
static

Definition at line 62 of file name_constraint.cpp.

62 {
63 return GeneralName::make<RFC822_IDX>(email);
64}
Botan::GeneralName::email
static GeneralName email(std::string_view email)
Definition name_constraint.cpp:62

References email(), and GeneralName().

Referenced by email(), and GeneralName().

◆ encode_into()

void Botan::GeneralName::encode_into ( DER_Encoder & to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 126 of file name_constraint.cpp.

126 {
127 throw Not_Implemented("GeneralName encoding");
128}

Referenced by GeneralName().

◆ ipv4_address() [1/2]

GeneralName Botan::GeneralName::ipv4_address ( uint32_t ipv4)
static

Definition at line 78 of file name_constraint.cpp.

78 {
79 return GeneralName::ipv4_address(ipv4, blind_mask);
80}
Botan::GeneralName::ipv4_address
static GeneralName ipv4_address(uint32_t ipv4)
Definition name_constraint.cpp:78

References GeneralName(), and ipv4_address().

Referenced by GeneralName(), and ipv4_address().

◆ ipv4_address() [2/2]

GeneralName Botan::GeneralName::ipv4_address ( uint32_t ipv4,
uint32_t mask )
static

Definition at line 82 of file name_constraint.cpp.

82 {
83 return GeneralName::make<IPV4_IDX>(std::pair{ipv4, mask});
84}

References GeneralName().

◆ matches()

GeneralName::MatchResult Botan::GeneralName::matches ( const X509_Certificate & cert) const

Checks whether a given certificate (partially) matches this name.

Parameters
certcertificate to be matched
Returns
the match result

Definition at line 194 of file name_constraint.cpp.

194 {
195 class MatchScore final {
196 public:
197 MatchScore() : m_any(false), m_some(false), m_all(true) {}
198
199 void add(bool m) {
200 m_any = true;
201 m_some |= m;
202 m_all &= m;
203 }
204
205 MatchResult result() const {
206 if(!m_any) {
207 return MatchResult::NotFound;
208 } else if(m_all) {
209 return MatchResult::All;
210 } else if(m_some) {
211 return MatchResult::Some;
212 } else {
213 return MatchResult::None;
214 }
215 }
216
217 private:
218 bool m_any;
219 bool m_some;
220 bool m_all;
221 };
222
223 const X509_DN& dn = cert.subject_dn();
224 const AlternativeName& alt_name = cert.subject_alt_name();
225
226 MatchScore score;
227
228 if(m_type == NameType::DNS) {
229 const auto& constraint = std::get<DNS_IDX>(m_name);
230
231 const auto& alt_names = alt_name.dns();
232
233 for(const std::string& dns : alt_names) {
234 score.add(matches_dns(dns, constraint));
235 }
236
237 if(alt_name.count() == 0) {
238 // Check CN instead...
239 for(const std::string& cn : dn.get_attribute("CN")) {
240 if(!string_to_ipv4(cn).has_value()) {
241 score.add(matches_dns(canonicalize_dns_name(cn), constraint));
242 }
243 }
244 }
245 } else if(m_type == NameType::DN) {
246 const X509_DN& constraint = std::get<DN_IDX>(m_name);
247 score.add(matches_dn(dn, constraint));
248
249 for(const auto& alt_dn : alt_name.directory_names()) {
250 score.add(matches_dn(alt_dn, constraint));
251 }
252 } else if(m_type == NameType::IPv4) {
253 auto [net, mask] = std::get<IPV4_IDX>(m_name);
254
255 if(alt_name.count() == 0) {
256 // Check CN instead...
257 for(const std::string& cn : dn.get_attribute("CN")) {
258 if(auto ipv4 = string_to_ipv4(cn)) {
259 const bool match = (ipv4.value() & mask) == net;
260 score.add(match);
261 }
262 }
263 } else {
264 for(const uint32_t ipv4 : alt_name.ipv4_address()) {
265 const bool match = (ipv4 & mask) == net;
266 score.add(match);
267 }
268 }
269 } else {
270 // URI and email name constraint matching not implemented
271 return MatchResult::UnknownType;
272 }
273
274 return score.result();
275}
Botan::GeneralName::matches_dn
bool matches_dn(const X509_DN &dn) const
Definition name_constraint.cpp:186
Botan::GeneralName::matches_dns
bool matches_dns(const std::string &dns_name) const
Definition name_constraint.cpp:170
Botan::string_to_ipv4
std::optional< uint32_t > string_to_ipv4(std::string_view str)
Definition parsing.cpp:156

References All, Botan::AlternativeName::count(), Botan::AlternativeName::directory_names(), DN, DNS, Botan::AlternativeName::dns(), dns(), Botan::X509_DN::get_attribute(), IPv4, Botan::AlternativeName::ipv4_address(), matches_dn(), matches_dns(), None, NotFound, Some, Botan::string_to_ipv4(), Botan::X509_Certificate::subject_alt_name(), Botan::X509_Certificate::subject_dn(), and UnknownType.

◆ matches_dn()

bool Botan::GeneralName::matches_dn ( const X509_DN & dn) const

Definition at line 186 of file name_constraint.cpp.

186 {
187 if(m_type == NameType::DN) {
188 const X509_DN& constraint = std::get<DN_IDX>(m_name);
189 return matches_dn(dn, constraint);
190 }
191 return false;
192}

References DN, and matches_dn().

Referenced by matches(), and matches_dn().

◆ matches_dns()

bool Botan::GeneralName::matches_dns ( const std::string & dns_name) const

Definition at line 170 of file name_constraint.cpp.

170 {
171 if(m_type == NameType::DNS) {
172 const auto& constraint = std::get<DNS_IDX>(m_name);
173 return matches_dns(dns_name, constraint);
174 }
175 return false;
176}

References DNS, and matches_dns().

Referenced by matches(), and matches_dns().

◆ matches_ipv4()

bool Botan::GeneralName::matches_ipv4 ( uint32_t ip) const

Definition at line 178 of file name_constraint.cpp.

178 {
179 if(m_type == NameType::IPv4) {
180 auto [net, mask] = std::get<IPV4_IDX>(m_name);
181 return (ip & mask) == net;
182 }
183 return false;
184}

References IPv4.

◆ name()

std::string Botan::GeneralName::name ( ) const
Returns
The name as string. Format depends on type.

Definition at line 86 of file name_constraint.cpp.

86 {
87 const size_t index = m_name.index();
88
89 if(index == RFC822_IDX) {
90 return std::get<RFC822_IDX>(m_name);
91 } else if(index == DNS_IDX) {
92 return std::get<DNS_IDX>(m_name);
93 } else if(index == URI_IDX) {
94 return std::get<URI_IDX>(m_name);
95 } else if(index == DN_IDX) {
96 return std::get<DN_IDX>(m_name).to_string();
97 } else if(index == IPV4_IDX) {
98 auto [net, mask] = std::get<IPV4_IDX>(m_name);
99 if(mask == blind_mask) {
100 return ipv4_to_string(net);
101 } else {
102 return fmt("{}/{}", ipv4_to_string(net), ipv4_to_string(mask));
103 }
104 } else {
105 BOTAN_ASSERT_UNREACHABLE();
106 }
107}
BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:163
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
Botan::ipv4_to_string
std::string ipv4_to_string(uint32_t ip)
Definition parsing.cpp:225

References BOTAN_ASSERT_UNREACHABLE, Botan::fmt(), and Botan::ipv4_to_string().

Referenced by botan_x509_general_name_view_string_value(), and Botan::operator<<().

◆ type()

std::string Botan::GeneralName::type ( ) const
Returns
Type of the name. Can be DN, DNS, IP, RFC822 or URI.

Definition at line 33 of file name_constraint.cpp.

33 {
34 switch(m_type) {
35 case NameType::Unknown:
36 throw Encoding_Error("Could not convert unknown NameType to string");
37 case NameType::RFC822:
38 return "RFC822";
39 case NameType::DNS:
40 return "DNS";
41 case NameType::URI:
42 return "URI";
43 case NameType::DN:
44 return "DN";
45 case NameType::IPv4:
46 return "IP";
47 case NameType::Other:
48 return "Other";
49 }
50
51 BOTAN_ASSERT_UNREACHABLE();
52}

References BOTAN_ASSERT_UNREACHABLE, DN, DNS, IPv4, Other, RFC822, Unknown, and URI.

Referenced by Botan::operator<<().

◆ type_code()

NameType Botan::GeneralName::type_code ( ) const
inline
Returns
Type of the name expressed in this restriction

Definition at line 311 of file pkix_types.h.

311{ return m_type; }

References type_code().

Referenced by botan_x509_general_name_get_type(), botan_x509_general_name_view_binary_value(), botan_x509_general_name_view_string_value(), and type_code().

◆ uri()

GeneralName Botan::GeneralName::uri ( std::string_view uri)
static

Definition at line 70 of file name_constraint.cpp.

70 {
71 return GeneralName::make<URI_IDX>(uri);
72}
Botan::GeneralName::uri
static GeneralName uri(std::string_view uri)
Definition name_constraint.cpp:70

References GeneralName(), and uri().

Referenced by GeneralName(), and uri().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0