Botan::Key_Constraints Class Reference

#include <pkix_enums.h>

Public Types
enum	Bits : uint32_t {   None = 0 , DigitalSignature = 1 << 15 , NonRepudiation = 1 << 14 , KeyEncipherment = 1 << 13 ,   DataEncipherment = 1 << 12 , KeyAgreement = 1 << 11 , KeyCertSign = 1 << 10 , CrlSign = 1 << 9 ,   EncipherOnly = 1 << 8 , DecipherOnly = 1 << 7 , NO_CONSTRAINTS = None , DIGITAL_SIGNATURE = DigitalSignature ,   NON_REPUDIATION = NonRepudiation , KEY_ENCIPHERMENT = KeyEncipherment , DATA_ENCIPHERMENT = DataEncipherment , KEY_AGREEMENT = KeyAgreement ,   KEY_CERT_SIGN = KeyCertSign , CRL_SIGN = CrlSign , ENCIPHER_ONLY = EncipherOnly , DECIPHER_ONLY = DecipherOnly }

Public Member Functions
bool	compatible_with (const Public_Key &key) const
bool	empty () const
bool	includes (Key_Constraints other) const
bool	includes (Key_Constraints::Bits other) const
bool	includes_any (auto &&... bits) const
	Key_Constraints ()
	Key_Constraints (const Key_Constraints &other)=default
	Key_Constraints (Key_Constraints &&other)=default
	Key_Constraints (Key_Constraints::Bits bits)
	Key_Constraints (uint32_t bits)
Key_Constraints &	operator= (const Key_Constraints &other)=default
Key_Constraints &	operator= (Key_Constraints &&other)=default
bool	operator== (const Key_Constraints &) const =default
void	operator|= (Key_Constraints::Bits other)
std::string	to_string () const
uint32_t	value () const

Static Public Member Functions
static Key_Constraints	ca_constraints ()

Detailed Description

X.509v3 Key Constraints. If updating update copy in ffi.h

Definition at line 108 of file pkix_enums.h.

Member Enumeration Documentation

Bits

enum Botan::Key_Constraints::Bits : uint32_t

Enumerator
None
DigitalSignature
NonRepudiation
KeyEncipherment
DataEncipherment
KeyAgreement
KeyCertSign
CrlSign
EncipherOnly
DecipherOnly
NO_CONSTRAINTS
DIGITAL_SIGNATURE
NON_REPUDIATION
KEY_ENCIPHERMENT
DATA_ENCIPHERMENT
KEY_AGREEMENT
KEY_CERT_SIGN
CRL_SIGN
ENCIPHER_ONLY
DECIPHER_ONLY

Definition at line 110 of file pkix_enums.h.

                : uint32_t {
         None = 0,
         DigitalSignature = 1 << 15,
         NonRepudiation = 1 << 14,
         KeyEncipherment = 1 << 13,
         DataEncipherment = 1 << 12,
         KeyAgreement = 1 << 11,
         KeyCertSign = 1 << 10,
         CrlSign = 1 << 9,
         EncipherOnly = 1 << 8,
         DecipherOnly = 1 << 7,
 
         // Deprecated SHOUTING_CASE names for Key_Constraints
         // will be removed in a future major release
         NO_CONSTRAINTS BOTAN_DEPRECATED("Use None") = None,
         DIGITAL_SIGNATURE BOTAN_DEPRECATED("Use DigitalSignature") = DigitalSignature,
         NON_REPUDIATION BOTAN_DEPRECATED("Use NonRepudiation") = NonRepudiation,
         KEY_ENCIPHERMENT BOTAN_DEPRECATED("Use KeyEncipherment") = KeyEncipherment,
         DATA_ENCIPHERMENT BOTAN_DEPRECATED("Use DataEncipherment") = DataEncipherment,
         KEY_AGREEMENT BOTAN_DEPRECATED("Use KeyAgreement") = KeyAgreement,
         KEY_CERT_SIGN BOTAN_DEPRECATED("Use KeyCertSign") = KeyCertSign,
         CRL_SIGN BOTAN_DEPRECATED("Use CrlSign") = CrlSign,
         ENCIPHER_ONLY BOTAN_DEPRECATED("Use EncipherOnly") = EncipherOnly,
         DECIPHER_ONLY BOTAN_DEPRECATED("Use DecipherOnly") = DecipherOnly,
      };

Constructor & Destructor Documentation

Key_Constraints() [1/5]

Botan::Key_Constraints::Key_Constraints ( const Key_Constraints & other )

default

Key_Constraints() [2/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints && other )

default

Key_Constraints() [3/5]

Botan::Key_Constraints::Key_Constraints ( Key_Constraints::Bits bits )

inline

Definition at line 141 of file pkix_enums.h.

: m_value(bits) {}

Key_Constraints() [4/5]

Botan::Key_Constraints::Key_Constraints ( uint32_t bits )

inlineexplicit

Definition at line 143 of file pkix_enums.h.

: m_value(bits) {}

Key_Constraints() [5/5]

Botan::Key_Constraints::Key_Constraints ( )

inline

Definition at line 145 of file pkix_enums.h.

: m_value(0) {}

Member Function Documentation

ca_constraints()

static Key_Constraints Botan::Key_Constraints::ca_constraints ( )

inlinestatic

Return typical constraints for a CA certificate, namely KeyCertSign and CrlSign

Definition at line 151 of file pkix_enums.h.

                                              {
         return Key_Constraints(Key_Constraints::KeyCertSign | Key_Constraints::CrlSign);
      }

References CrlSign, and KeyCertSign.

Referenced by Botan::X509_CA::choose_extensions(), Botan::X509::create_cert_req(), and Botan::X509::create_self_signed_cert().

compatible_with()

bool Botan::Key_Constraints::compatible_with

(

const Public_Key &

key

)

const

Check that key constraints are permitted for a specific public key.

Parameters

key	the public key on which the constraints shall be enforced on

Returns

false if the constraints are not permitted for this key

Definition at line 70 of file key_constraint.cpp.

                                                                     {
   uint32_t permitted = 0;
 
   if(pub_key.supports_operation(PublicKeyOperation::KeyAgreement)) {
      permitted |= Key_Constraints::KeyAgreement | Key_Constraints::EncipherOnly | Key_Constraints::DecipherOnly;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::Encryption)) {
      permitted |= Key_Constraints::KeyEncipherment | Key_Constraints::DataEncipherment;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::KeyEncapsulation)) {
      permitted |= Key_Constraints::KeyEncipherment;
   }
 
   if(pub_key.supports_operation(PublicKeyOperation::Signature)) {
      permitted |= Key_Constraints::DigitalSignature | Key_Constraints::NonRepudiation | Key_Constraints::KeyCertSign |
                   Key_Constraints::CrlSign;
   }
 
   if((m_value & permitted) != m_value) {
      return false;
   }
 
   return true;
}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, Botan::Encryption, KeyAgreement, Botan::KeyAgreement, KeyCertSign, Botan::KeyEncapsulation, KeyEncipherment, NonRepudiation, Botan::Signature, and Botan::Asymmetric_Key::supports_operation().

empty()

bool Botan::Key_Constraints::empty ( ) const

inline

Definition at line 167 of file pkix_enums.h.

{ return m_value == 0; }

Referenced by Botan::X509_Certificate::to_string().

includes() [1/2]

bool Botan::Key_Constraints::includes ( Key_Constraints other ) const

inline

Definition at line 162 of file pkix_enums.h.

{ return (m_value & other.m_value) == other.m_value; }

includes() [2/2]

bool Botan::Key_Constraints::includes ( Key_Constraints::Bits other ) const

inline

Definition at line 160 of file pkix_enums.h.

{ return (m_value & other) == other; }

Referenced by Botan::X509_Certificate::allowed_usage(), Botan::X509_Certificate::has_constraints(), and Botan::X509_Certificate::to_string().

includes_any()

bool Botan::Key_Constraints::includes_any ( auto &&... bits ) const

inline

Definition at line 165 of file pkix_enums.h.

{ return (m_value & (bits | ...)) > 0; }

operator=() [1/2]

Key_Constraints & Botan::Key_Constraints::operator= ( const Key_Constraints & other )

default

operator=() [2/2]

Key_Constraints & Botan::Key_Constraints::operator= ( Key_Constraints && other )

default

operator==()

bool Botan::Key_Constraints::operator== ( const Key_Constraints & ) const

default

operator|=()

void Botan::Key_Constraints::operator|= ( Key_Constraints::Bits other )

inline

Definition at line 157 of file pkix_enums.h.

{ m_value |= other; }

to_string()

std::string Botan::Key_Constraints::to_string

(

)

const

Definition at line 16 of file key_constraint.cpp.

                                           {
   if(this->m_value == Key_Constraints::None) {
      return "no_constraints";
   }
 
   std::vector<std::string> str;
 
   if(this->m_value & Key_Constraints::DigitalSignature) {
      str.push_back("digital_signature");
   }
 
   if(this->m_value & Key_Constraints::NonRepudiation) {
      str.push_back("non_repudiation");
   }
 
   if(this->m_value & Key_Constraints::KeyEncipherment) {
      str.push_back("key_encipherment");
   }
 
   if(this->m_value & Key_Constraints::DataEncipherment) {
      str.push_back("data_encipherment");
   }
 
   if(this->m_value & Key_Constraints::KeyAgreement) {
      str.push_back("key_agreement");
   }
 
   if(this->m_value & Key_Constraints::KeyCertSign) {
      str.push_back("key_cert_sign");
   }
 
   if(this->m_value & Key_Constraints::CrlSign) {
      str.push_back("crl_sign");
   }
 
   if(this->m_value & Key_Constraints::EncipherOnly) {
      str.push_back("encipher_only");
   }
 
   if(this->m_value & Key_Constraints::DecipherOnly) {
      str.push_back("decipher_only");
   }
 
   // Not 0 (checked at start) but nothing matched above!
   if(str.empty()) {
      return "other_unknown_constraints";
   }
 
   return string_join(str, ',');
}

References CrlSign, DataEncipherment, DecipherOnly, DigitalSignature, EncipherOnly, KeyAgreement, KeyCertSign, KeyEncipherment, None, NonRepudiation, and Botan::string_join().

value()

uint32_t Botan::Key_Constraints::value ( ) const

inline

Definition at line 169 of file pkix_enums.h.

{ return m_value; }

---

The documentation for this class was generated from the following files:

• src/lib/x509/pkix_enums.h
• src/lib/x509/key_constraint.cpp