44 explicit X509_DN(
const std::multimap<OID, std::string>& args) {
45 for(
const auto& i : args) {
46 add_attribute(i.first, i.second);
44 explicit X509_DN(
const std::multimap<OID, std::string>& args) {
…}
50 explicit X509_DN(
const std::multimap<std::string, std::string>& args) {
51 for(
const auto& i : args) {
52 add_attribute(i.first, i.second);
50 explicit X509_DN(
const std::multimap<std::string, std::string>& args) {
…}
59 bool has_field(
const OID& oid)
const;
65 const std::vector<uint8_t>&
get_bits()
const {
return m_dn_bits; }
67 std::vector<uint8_t> DER_encode()
const;
69 bool empty()
const {
return m_rdn.empty(); }
71 size_t count()
const {
return m_rdn.size(); }
73 std::string to_string()
const;
75 const std::vector<std::pair<OID, ASN1_String>>&
dn_info()
const {
return m_rdn; }
77 std::multimap<OID, std::string> get_attributes()
const;
78 std::multimap<std::string, std::string> contents()
const;
80 bool has_field(std::string_view attr)
const;
81 std::vector<std::string> get_attribute(std::string_view attr)
const;
82 std::string get_first_attribute(std::string_view attr)
const;
84 void add_attribute(std::string_view key, std::string_view val);
90 static std::string deref_info_field(std::string_view key);
99 static size_t lookup_ub(
const OID& oid);
102 std::vector<std::pair<OID, ASN1_String>> m_rdn;
103 std::vector<uint8_t> m_dn_bits;
130 void add_uri(std::string_view uri);
133 void add_email(std::string_view addr);
136 void add_dns(std::string_view dns);
142 void add_dn(
const X509_DN& dn);
145 void add_ipv4_address(uint32_t ipv4);
148 const std::set<std::string>&
uris()
const {
return m_uri; }
151 const std::set<std::string>&
email()
const {
return m_email; }
154 const std::set<std::string>&
dns()
const {
return m_dns; }
172 size_t count()
const;
175 bool has_items()
const;
178 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
179 std::multimap<std::
string, std::
string> contents() const;
182 bool has_field(std::string_view attr) const;
184 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}
")
185 std::vector<std::string> get_attribute(std::string_view attr) const;
187 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}
")
188 std::multimap<std::string, std::string, std::less<>> get_attributes() const;
190 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}
")
191 std::string get_first_attribute(std::string_view attr) const;
193 BOTAN_DEPRECATED("Use AlternativeName::add_{uri, dns, email, ...}
")
194 void add_attribute(std::string_view type, std::string_view value);
197 void add_othername(const OID& oid, std::string_view value, ASN1_Type type);
199 BOTAN_DEPRECATED("Use AlternativeName::othernames
") std::multimap<OID, ASN1_String> get_othernames() const;
203 BOTAN_DEPRECATED("Use plain constructor plus add_{uri,dns,email,ipv4_address}
")
204 AlternativeName(std::string_view email_addr,
205 std::string_view uri = "",
206 std::string_view dns = "",
207 std::string_view ip_address = "");
210 std::set<std::string> m_dns;
211 std::set<std::string> m_uri;
212 std::set<std::string> m_email;
213 std::set<uint32_t> m_ipv4_addr;
214 std::set<X509_DN> m_dn_names;
215 std::set<std::pair<OID, ASN1_String>> m_othernames;
221class BOTAN_PUBLIC_API(2, 0) Attribute final : public ASN1_Object {
223 void encode_into(DER_Encoder& to) const override;
224 void decode_from(BER_Decoder& from) override;
226 Attribute() = default;
227 Attribute(const OID& oid, const std::vector<uint8_t>& params);
228 Attribute(std::string_view oid_str, const std::vector<uint8_t>& params);
230 const OID& oid() const { return m_oid; }
232 const std::vector<uint8_t>& parameters() const { return m_parameters; }
234 const OID& object_identifier() const { return m_oid; }
236 const std::vector<uint8_t>& get_parameters() const { return m_parameters; }
240 std::vector<uint8_t> m_parameters;
253class BOTAN_PUBLIC_API(2, 0) GeneralName final : public ASN1_Object {
255 enum MatchResult : int {
255 enum MatchResult : int {
…};
263 enum class NameType : uint8_t {
263 enum class NameType : uint8_t {
…};
275 // Encoding is not implemented
276 void encode_into(DER_Encoder&) const override;
278 void decode_from(BER_Decoder&) override;
283 NameType type_code() const { return m_type; }
288 BOTAN_DEPRECATED("Deprecated use type_code
") std::string type() const;
293 BOTAN_DEPRECATED("Deprecated no replacement
") std::string name() const;
300 BOTAN_DEPRECATED("Deprecated use
NameConstraints type
") MatchResult matches(const X509_Certificate& cert) const;
302 bool matches_dns(const std::string& dns_name) const;
303 bool matches_ipv4(uint32_t ip) const;
304 bool matches_dn(const X509_DN& dn) const;
307 static constexpr size_t RFC822_IDX = 0;
308 static constexpr size_t DNS_IDX = 1;
309 static constexpr size_t URI_IDX = 2;
310 static constexpr size_t DN_IDX = 3;
311 static constexpr size_t IPV4_IDX = 4;
314 std::variant<std::string, std::string, std::string, X509_DN, std::pair<uint32_t, uint32_t>> m_name;
316 static bool matches_dns(std::string_view name, std::string_view constraint);
318 static bool matches_dn(const X509_DN& name, const X509_DN& constraint);
360class BOTAN_PUBLIC_API(2, 0) NameConstraints final {
365 NameConstraints() : m_permitted_subtrees(), m_excluded_subtrees() {}
372 NameConstraints(std::vector<GeneralSubtree>&& permitted_subtrees,
373 std::vector<GeneralSubtree>&& excluded_subtrees);
378 BOTAN_DEPRECATED("Deprecated no replacement
") const std::vector<GeneralSubtree>& permitted() const {
379 return m_permitted_subtrees;
378 BOTAN_DEPRECATED("Deprecated no replacement
") const std::vector<GeneralSubtree>& permitted() const { {
…}
385 BOTAN_DEPRECATED("Deprecated no replacement
") const std::vector<GeneralSubtree>& excluded() const {
386 return m_excluded_subtrees;
385 BOTAN_DEPRECATED("Deprecated no replacement
") const std::vector<GeneralSubtree>& excluded() const { {
…}
392 bool is_permitted(const X509_Certificate& cert, bool reject_unknown) const;
397 bool is_excluded(const X509_Certificate& cert, bool reject_unknown) const;
400 std::vector<GeneralSubtree> m_permitted_subtrees;
401 std::vector<GeneralSubtree> m_excluded_subtrees;
403 std::set<GeneralName::NameType> m_permitted_name_types;
404 std::set<GeneralName::NameType> m_excluded_name_types;
410class BOTAN_PUBLIC_API(2, 0) Certificate_Extension {
415 virtual OID oid_of() const = 0;
418 * @return specific OID name
419 * If possible OIDS table should match oid_name to OIDS, ie
420 * OID::from_string(ext->oid_name()) == ext->oid_of()
421 * Should return empty string if OID is not known
423 virtual std::string oid_name() const = 0;
430 virtual std::unique_ptr<Certificate_Extension> copy() const = 0;
433 * Callback visited during path validation.
435 * An extension can implement this callback to inspect
436 * the path during path validation.
438 * If an error occurs during validation of this extension,
439 * an appropriate status code shall be added to cert_status.
441 * @param subject Subject certificate that contains this extension
442 * @param issuer Issuer certificate
443 * @param status Certificate validation status codes for subject certificate
444 * @param cert_path Certificate path which is currently validated
445 * @param pos Position of subject certificate in cert_path
447 virtual void validate(const X509_Certificate& subject,
448 const X509_Certificate& issuer,
449 const std::vector<X509_Certificate>& cert_path,
450 std::vector<std::set<Certificate_Status_Code>>& cert_status,
453 virtual ~Certificate_Extension() = default;
456 friend class Extensions;
458 virtual bool should_encode() const { return true; }
460 virtual std::vector<uint8_t> encode_inner() const = 0;
461 virtual void decode_inner(const std::vector<uint8_t>&) = 0;
467class BOTAN_PUBLIC_API(2, 0) Extensions final : public ASN1_Object {
476 const Certificate_Extension* get_extension_object(const OID& oid) const;
478 template <typename T>
479 const T* get_extension_object_as(const OID& oid = T::static_oid()) const {
480 if(const Certificate_Extension* extn = get_extension_object(oid)) {
481 // Unknown_Extension oid_name is empty
482 if(extn->oid_name().empty()) {
484 } else if(const T* extn_as_T = dynamic_cast<const T*>(extn)) {
487 throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed
");
479 const T* get_extension_object_as(const OID& oid = T::static_oid()) const {
…}
498 const std::vector<OID>& get_extension_oids() const { return m_extension_oids; }
503 bool extension_set(const OID& oid) const;
508 bool critical_extension_set(const OID& oid) const;
514 std::vector<uint8_t> get_extension_bits(const OID& oid) const;
516 void encode_into(DER_Encoder&) const override;
517 void decode_from(BER_Decoder&) override;
525 void add(std::unique_ptr<Certificate_Extension> extn, bool critical = false);
535 bool add_new(std::unique_ptr<Certificate_Extension> extn, bool critical = false);
542 void replace(std::unique_ptr<Certificate_Extension> extn, bool critical = false);
548 bool remove(const OID& oid);
557 std::unique_ptr<Certificate_Extension> get(const OID& oid) const;
569 template <typename T>
570 std::unique_ptr<T> get_raw(const OID& oid) const {
571 auto extn_info = m_extension_info.find(oid);
573 if(extn_info != m_extension_info.end()) {
574 // Unknown_Extension oid_name is empty
575 if(extn_info->second.obj().oid_name().empty()) {
576 auto ext = std::make_unique<T>();
577 ext->decode_inner(extn_info->second.bits());
570 std::unique_ptr<T> get_raw(const OID& oid) const {
…}
590 std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> extensions() const;
597 std::map<OID, std::pair<std::vector<uint8_t>, bool>> extensions_raw() const;
599 Extensions() = default;
601 Extensions(const Extensions&) = default;
602 Extensions& operator=(const Extensions&) = default;
604 Extensions(Extensions&&) = default;
605 Extensions& operator=(Extensions&&) = default;
608 static std::unique_ptr<Certificate_Extension> create_extn_obj(const OID& oid,
610 const std::vector<uint8_t>& body);
612 class Extensions_Info {
614 Extensions_Info(bool critical, std::unique_ptr<Certificate_Extension> ext) :
615 m_obj(std::move(ext)), m_bits(m_obj->encode_inner()), m_critical(critical) {}
617 Extensions_Info(bool critical,
618 const std::vector<uint8_t>& encoding,
619 std::unique_ptr<Certificate_Extension> ext) :
620 m_obj(std::move(ext)), m_bits(encoding), m_critical(critical) {}
622 bool is_critical() const { return m_critical; }
624 const std::vector<uint8_t>& bits() const { return m_bits; }
626 const Certificate_Extension& obj() const {
627 BOTAN_ASSERT_NONNULL(m_obj.get());
632 std::shared_ptr<Certificate_Extension> m_obj;
633 std::vector<uint8_t> m_bits;
634 bool m_critical = false;
637 std::vector<OID> m_extension_oids;
638 std::map<OID, Extensions_Info> m_extension_info;