Botan 3.3.0
Crypto and TLS for C&
pkix_enums.h
Go to the documentation of this file.
1/*
2* (C) 2013,2023 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#ifndef BOTAN_X509_PKIX_ENUMS_H_
8#define BOTAN_X509_PKIX_ENUMS_H_
9
10#include <botan/types.h>
11#include <string>
12
13namespace Botan {
14
15class Public_Key;
16
17/**
18* Certificate validation status code
19*/
21 OK = 0,
22 VERIFIED = 0,
23
24 // Revocation status
28 OCSP_NO_HTTP = 4,
29
30 // Warnings
33 DN_TOO_LONG = 501,
36
37 // Errors
38 FIRST_ERROR_STATUS = 1000,
39
41 UNTRUSTED_HASH = 1001,
42 NO_REVOCATION_DATA = 1002,
43 NO_MATCHING_CRLDP = 1003,
45
46 // Time problems
47 CERT_NOT_YET_VALID = 2000,
48 CERT_HAS_EXPIRED = 2001,
49 OCSP_NOT_YET_VALID = 2002,
50 OCSP_HAS_EXPIRED = 2003,
51 CRL_NOT_YET_VALID = 2004,
52 CRL_HAS_EXPIRED = 2005,
53 OCSP_IS_TOO_OLD = 2006,
54
55 // Chain generation problems
58 CERT_CHAIN_LOOP = 3002,
61
62 // Validation errors
63 POLICY_ERROR = 4000,
64 INVALID_USAGE = 4001,
68
69 // Revocation errors
72 OCSP_BAD_STATUS = 4007,
73
74 // Other problems
75 CERT_NAME_NOMATCH = 4008,
82 EXT_IN_V1_V2_CERT = 4505,
85
86 // Hard failures
87 CERT_IS_REVOKED = 5000,
88 CRL_BAD_SIGNATURE = 5001,
89 SIGNATURE_ERROR = 5002,
93};
94
95/**
96* Convert a status code to a human readable diagnostic message
97* @param code the certifcate status
98* @return string literal constant, or nullptr if code unknown
99*/
101
102/**
103* X.509v3 Key Constraints.
104* If updating update copy in ffi.h
105*/
107 public:
108 enum Bits : uint32_t {
109 None = 0,
110 DigitalSignature = 1 << 15,
111 NonRepudiation = 1 << 14,
112 KeyEncipherment = 1 << 13,
113 DataEncipherment = 1 << 12,
114 KeyAgreement = 1 << 11,
115 KeyCertSign = 1 << 10,
116 CrlSign = 1 << 9,
117 EncipherOnly = 1 << 8,
118 DecipherOnly = 1 << 7,
119
120 // Deprecated SHOUTING_CASE names for Key_Constraints
121 // will be removed in a future major release
123 DIGITAL_SIGNATURE BOTAN_DEPRECATED("Use DigitalSignature") = DigitalSignature,
124 NON_REPUDIATION BOTAN_DEPRECATED("Use NonRepudiation") = NonRepudiation,
125 KEY_ENCIPHERMENT BOTAN_DEPRECATED("Use KeyEncipherment") = KeyEncipherment,
126 DATA_ENCIPHERMENT BOTAN_DEPRECATED("Use DataEncipherment") = DataEncipherment,
128 KEY_CERT_SIGN BOTAN_DEPRECATED("Use KeyCertSign") = KeyCertSign,
129 CRL_SIGN BOTAN_DEPRECATED("Use CrlSign") = CrlSign,
130 ENCIPHER_ONLY BOTAN_DEPRECATED("Use EncipherOnly") = EncipherOnly,
131 DECIPHER_ONLY BOTAN_DEPRECATED("Use DecipherOnly") = DecipherOnly,
132 };
133
134 Key_Constraints(const Key_Constraints& other) = default;
136 Key_Constraints& operator=(const Key_Constraints& other) = default;
138
139 Key_Constraints(Key_Constraints::Bits bits) : m_value(bits) {}
140
141 explicit Key_Constraints(uint32_t bits) : m_value(bits) {}
142
143 Key_Constraints() : m_value(0) {}
144
145 /**
146 * Return typical constraints for a CA certificate, namely
147 * KeyCertSign and CrlSign
148 */
152
153 bool operator==(const Key_Constraints&) const = default;
154
155 void operator|=(Key_Constraints::Bits other) { m_value |= other; }
156
157 // Return true if all bits in mask are set
158 bool includes(Key_Constraints::Bits other) const { return (m_value & other) == other; }
159
160 bool includes(Key_Constraints other) const { return (m_value & other.m_value) == other.m_value; }
161
162 // Return true if any of the bits provided are set
163 bool includes_any(auto&&... bits) const { return (m_value & (bits | ...)) > 0; }
164
165 bool empty() const { return m_value == 0; }
166
167 uint32_t value() const { return m_value; }
168
169 std::string to_string() const;
170
171 /**
172 * Check that key constraints are permitted for a specific public key.
173 * @param key the public key on which the constraints shall be enforced on
174 * @return false if the constraints are not permitted for this key
175 */
176 bool compatible_with(const Public_Key& key) const;
177
178 private:
179 uint32_t m_value;
180};
181
182/**
183* X.509v2 CRL Reason Code.
184*/
185enum class CRL_Code : uint32_t {
186 Unspecified = 0,
187 KeyCompromise = 1,
188 CaCompromise = 2,
190 Superseded = 4,
192 CertificateHold = 6,
193 RemoveFromCrl = 8,
195 AaCompromise = 10,
196};
197
198} // namespace Botan
199
200#endif
static Key_Constraints ca_constraints()
Definition pkix_enums.h:149
bool includes(Key_Constraints other) const
Definition pkix_enums.h:160
void operator|=(Key_Constraints::Bits other)
Definition pkix_enums.h:155
bool operator==(const Key_Constraints &) const =default
Key_Constraints(uint32_t bits)
Definition pkix_enums.h:141
Key_Constraints(Key_Constraints &&other)=default
bool includes(Key_Constraints::Bits other) const
Definition pkix_enums.h:158
uint32_t value() const
Definition pkix_enums.h:167
Key_Constraints(const Key_Constraints &other)=default
bool includes_any(auto &&... bits) const
Definition pkix_enums.h:163
Key_Constraints & operator=(Key_Constraints &&other)=default
Key_Constraints & operator=(const Key_Constraints &other)=default
Key_Constraints(Key_Constraints::Bits bits)
Definition pkix_enums.h:139
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
#define BOTAN_DEPRECATED(msg)
Definition compiler.h:125
@ KEY_ENCIPHERMENT
Definition ffi.h:1755
@ NO_CONSTRAINTS
Definition ffi.h:1752
@ CRL_SIGN
Definition ffi.h:1759
@ DIGITAL_SIGNATURE
Definition ffi.h:1753
@ KEY_AGREEMENT
Definition ffi.h:1757
@ DATA_ENCIPHERMENT
Definition ffi.h:1756
@ KEY_CERT_SIGN
Definition ffi.h:1758
@ ENCIPHER_ONLY
Definition ffi.h:1760
@ NON_REPUDIATION
Definition ffi.h:1754
@ DECIPHER_ONLY
Definition ffi.h:1761
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13
Certificate_Status_Code
Definition pkix_enums.h:20