Botan 3.9.0
Crypto and TLS for C&
pkix_types.h
Go to the documentation of this file.
1/*
2* (C) 1999-2010,2012,2018,2020 Jack Lloyd
3* (C) 2007 Yves Jerschow
4* (C) 2015 Kai Michaelis
5* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
6* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#ifndef BOTAN_PKIX_TYPES_H_
12#define BOTAN_PKIX_TYPES_H_
13
14#include <botan/asn1_obj.h>
15
16#include <botan/pkix_enums.h>
17#include <initializer_list>
18#include <iosfwd>
19#include <map>
20#include <memory>
21#include <set>
22#include <string>
23#include <string_view>
24#include <variant>
25#include <vector>
26
27namespace Botan {
28
30class Public_Key;
31
32BOTAN_DEPRECATED("Use Key_Constraints::to_string")
33
35 return c.to_string();
36}
37
38/**
39* Distinguished Name
40*/
41class BOTAN_PUBLIC_API(2, 0) X509_DN final : public ASN1_Object {
42 public:
43 X509_DN() = default;
44
45 X509_DN(std::initializer_list<std::pair<std::string_view, std::string_view>> args) {
46 for(const auto& i : args) {
47 add_attribute(i.first, i.second);
48 }
49 }
50
51 explicit X509_DN(const std::multimap<OID, std::string>& args) {
52 for(const auto& i : args) {
53 add_attribute(i.first, i.second);
54 }
55 }
56
57 explicit X509_DN(const std::multimap<std::string, std::string>& args) {
58 for(const auto& i : args) {
59 add_attribute(i.first, i.second);
60 }
61 }
62
63 void encode_into(DER_Encoder& to) const override;
64 void decode_from(BER_Decoder& from) override;
65
66 bool has_field(const OID& oid) const;
67 ASN1_String get_first_attribute(const OID& oid) const;
68
69 /*
70 * Return the BER encoded data, if any
71 */
72 const std::vector<uint8_t>& get_bits() const { return m_dn_bits; }
73
74 std::vector<uint8_t> DER_encode() const;
75
76 bool empty() const { return m_rdn.empty(); }
77
78 size_t count() const { return m_rdn.size(); }
79
80 std::string to_string() const;
81
82 const std::vector<std::pair<OID, ASN1_String>>& dn_info() const { return m_rdn; }
83
84 std::multimap<OID, std::string> get_attributes() const;
85 std::multimap<std::string, std::string> contents() const;
86
87 bool has_field(std::string_view attr) const;
88 std::vector<std::string> get_attribute(std::string_view attr) const;
89 std::string get_first_attribute(std::string_view attr) const;
90
91 void add_attribute(std::string_view key, std::string_view val);
92
93 void add_attribute(const OID& oid, std::string_view val) { add_attribute(oid, ASN1_String(val)); }
94
95 void add_attribute(const OID& oid, const ASN1_String& val);
96
97 static std::string deref_info_field(std::string_view key);
98
99 /**
100 * Lookup upper bounds in characters for the length of distinguished name fields
101 * as given in RFC 5280, Appendix A.
102 *
103 * @param oid the oid of the DN to lookup
104 * @return the upper bound, or zero if no ub is known to Botan
105 */
106 static size_t lookup_ub(const OID& oid);
107
108 private:
109 std::vector<std::pair<OID, ASN1_String>> m_rdn;
110 std::vector<uint8_t> m_dn_bits;
111};
112
113BOTAN_PUBLIC_API(2, 0) bool operator==(const X509_DN& dn1, const X509_DN& dn2);
114BOTAN_PUBLIC_API(2, 0) bool operator!=(const X509_DN& dn1, const X509_DN& dn2);
115
116/*
117The ordering here is arbitrary and may change from release to release.
118It is intended for allowing DNs as keys in std::map and similiar containers
119*/
120BOTAN_PUBLIC_API(2, 0) bool operator<(const X509_DN& dn1, const X509_DN& dn2);
121
122BOTAN_PUBLIC_API(2, 0) std::ostream& operator<<(std::ostream& out, const X509_DN& dn);
123BOTAN_PUBLIC_API(2, 0) std::istream& operator>>(std::istream& in, X509_DN& dn);
124
125/**
126* Alternative Name
127*/
128class BOTAN_PUBLIC_API(2, 0) AlternativeName final : public ASN1_Object {
129 public:
130 void encode_into(DER_Encoder& to) const override;
131 void decode_from(BER_Decoder& from) override;
132
133 /// Create an empty name
134 AlternativeName() = default;
135
136 /// Add a URI to this AlternativeName
137 void add_uri(std::string_view uri);
138
139 /// Add a URI to this AlternativeName
140 void add_email(std::string_view addr);
141
142 /// Add a DNS name to this AlternativeName
143 void add_dns(std::string_view dns);
144
145 /// Add an "OtherName" identified by object identifier to this AlternativeName
146 void add_other_name(const OID& oid, const ASN1_String& value);
147
148 /// Add a directory name to this AlternativeName
149 void add_dn(const X509_DN& dn);
150
151 /// Add an IP address to this alternative name
152 void add_ipv4_address(uint32_t ipv4);
153
154 /// Return the set of URIs included in this alternative name
155 const std::set<std::string>& uris() const { return m_uri; }
156
157 /// Return the set of email addresses included in this alternative name
158 const std::set<std::string>& email() const { return m_email; }
159
160 /// Return the set of DNS names included in this alternative name
161 const std::set<std::string>& dns() const { return m_dns; }
162
163 /// Return the set of IPv4 addresses included in this alternative name
164 const std::set<uint32_t>& ipv4_address() const { return m_ipv4_addr; }
165
166 /// Return the set of "other names" included in this alternative name
167 BOTAN_DEPRECATED("Support for other names is deprecated")
168 const std::set<std::pair<OID, ASN1_String>>& other_names() const {
169 return m_othernames;
170 }
171
172 /// Return the set of directory names included in this alternative name
173 const std::set<X509_DN>& directory_names() const { return m_dn_names; }
174
175 /// Return the total number of names in this AlternativeName
176 ///
177 /// This only counts names which were parsed, ignoring names which
178 /// were of some unknown type
179 size_t count() const;
180
181 /// Return true if this has any names set
182 bool has_items() const;
183
184 // Old, now deprecated interface follows:
185 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}")
186 std::multimap<std::string, std::string> contents() const;
187
188 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}.empty()")
189 bool has_field(std::string_view attr) const;
190
191 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}")
192 std::vector<std::string> get_attribute(std::string_view attr) const;
193
194 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}")
195 std::multimap<std::string, std::string, std::less<>> get_attributes() const;
196
197 BOTAN_DEPRECATED("Use AlternativeName::{uris, email, dns, othernames, directory_names}")
198 std::string get_first_attribute(std::string_view attr) const;
199
200 BOTAN_DEPRECATED("Use AlternativeName::add_{uri, dns, email, ...}")
201 void add_attribute(std::string_view type, std::string_view value);
202
203 BOTAN_DEPRECATED("Use AlternativeName::add_other_name")
204 void add_othername(const OID& oid, std::string_view value, ASN1_Type type);
205
206 BOTAN_DEPRECATED("Use AlternativeName::othernames") std::multimap<OID, ASN1_String> get_othernames() const;
207
208 BOTAN_DEPRECATED("Use AlternativeName::directory_names") X509_DN dn() const;
209
210 BOTAN_DEPRECATED("Use plain constructor plus add_{uri,dns,email,ipv4_address}")
211 BOTAN_FUTURE_EXPLICIT AlternativeName(std::string_view email_addr,
212 std::string_view uri = "",
213 std::string_view dns = "",
214 std::string_view ip_address = "");
215
216 private:
217 std::set<std::string> m_dns;
218 std::set<std::string> m_uri;
219 std::set<std::string> m_email;
220 std::set<uint32_t> m_ipv4_addr;
221 std::set<X509_DN> m_dn_names;
222 std::set<std::pair<OID, ASN1_String>> m_othernames;
223};
224
225/**
226* Attribute
227*/
228class BOTAN_PUBLIC_API(2, 0) Attribute final : public ASN1_Object {
229 public:
230 void encode_into(DER_Encoder& to) const override;
231 void decode_from(BER_Decoder& from) override;
232
233 Attribute() = default;
234 Attribute(const OID& oid, const std::vector<uint8_t>& params);
235 Attribute(std::string_view oid_str, const std::vector<uint8_t>& params);
236
237 const OID& oid() const { return m_oid; }
238
239 const std::vector<uint8_t>& parameters() const { return m_parameters; }
240
241 const OID& object_identifier() const { return m_oid; }
242
243 const std::vector<uint8_t>& get_parameters() const { return m_parameters; }
244
245 private:
246 OID m_oid;
247 std::vector<uint8_t> m_parameters;
248};
249
250/**
251* @brief X.509 GeneralName Type
252*
253* Handles parsing GeneralName types in their BER and canonical string
254* encoding. Allows matching GeneralNames against each other using
255* the rules laid out in the RFC 5280, sec. 4.2.1.10 (Name Contraints).
256*
257* This entire class is deprecated and will be removed in a future
258* major release
259*/
260class BOTAN_PUBLIC_API(2, 0) GeneralName final : public ASN1_Object {
261 public:
269
270 enum class NameType : uint8_t {
273 DNS = 2,
274 URI = 3,
275 DN = 4,
276 IPv4 = 5,
277 Other = 6,
278 };
279
280 BOTAN_DEPRECATED("Deprecated use NameConstraints") GeneralName() = default;
281
282 // Encoding is not implemented
283 void encode_into(DER_Encoder& to) const override;
284
285 void decode_from(BER_Decoder& from) override;
286
287 /**
288 * @return Type of the name expressed in this restriction
289 */
290 NameType type_code() const { return m_type; }
291
292 /**
293 * @return Type of the name. Can be DN, DNS, IP, RFC822 or URI.
294 */
295 BOTAN_DEPRECATED("Deprecated use type_code") std::string type() const;
296
297 /**
298 * @return The name as string. Format depends on type.
299 */
300 BOTAN_DEPRECATED("Deprecated no replacement") std::string name() const;
301
302 /**
303 * Checks whether a given certificate (partially) matches this name.
304 * @param cert certificate to be matched
305 * @return the match result
306 */
307 BOTAN_DEPRECATED("Deprecated use NameConstraints type") MatchResult matches(const X509_Certificate& cert) const;
308
309 bool matches_dns(const std::string& dns_name) const;
310 bool matches_ipv4(uint32_t ip) const;
311 bool matches_dn(const X509_DN& dn) const;
312
313 private:
314 static constexpr size_t RFC822_IDX = 0;
315 static constexpr size_t DNS_IDX = 1;
316 static constexpr size_t URI_IDX = 2;
317 static constexpr size_t DN_IDX = 3;
318 static constexpr size_t IPV4_IDX = 4;
319
320 NameType m_type = NameType::Unknown;
321 std::variant<std::string, std::string, std::string, X509_DN, std::pair<uint32_t, uint32_t>> m_name;
322
323 static bool matches_dns(std::string_view name, std::string_view constraint);
324
325 static bool matches_dn(const X509_DN& name, const X509_DN& constraint);
326};
327
328BOTAN_DEPRECATED("Deprecated no replacement") std::ostream& operator<<(std::ostream& os, const GeneralName& gn);
329
330/**
331* @brief A single Name Constraint
332*
333* The Name Constraint extension adds a minimum and maximum path
334* length to a GeneralName to form a constraint. The length limits
335* are not used in PKIX.
336*
337* This entire class is deprecated and will be removed in a future
338* major release
339*/
340class BOTAN_PUBLIC_API(2, 0) GeneralSubtree final : public ASN1_Object {
341 public:
342 /**
343 * Creates an empty name constraint.
344 */
345 BOTAN_DEPRECATED("Deprecated use NameConstraints") GeneralSubtree();
346
347 void encode_into(DER_Encoder& to) const override;
348
349 void decode_from(BER_Decoder& from) override;
350
351 /**
352 * @return name
353 */
354 const GeneralName& base() const { return m_base; }
355
356 private:
357 GeneralName m_base;
358};
359
360BOTAN_DEPRECATED("Deprecated no replacement") std::ostream& operator<<(std::ostream& os, const GeneralSubtree& gs);
361
362/**
363* @brief Name Constraints
364*
365* Wraps the Name Constraints associated with a certificate.
366*/
368 public:
369 /**
370 * Creates an empty name NameConstraints.
371 */
372 NameConstraints() = default;
373
374 /**
375 * Creates NameConstraints from a list of permitted and excluded subtrees.
376 * @param permitted_subtrees names for which the certificate is permitted
377 * @param excluded_subtrees names for which the certificate is not permitted
378 */
379 NameConstraints(std::vector<GeneralSubtree>&& permitted_subtrees,
380 std::vector<GeneralSubtree>&& excluded_subtrees);
381
382 /**
383 * @return permitted names
384 */
385 BOTAN_DEPRECATED("Deprecated no replacement") const std::vector<GeneralSubtree>& permitted() const {
386 return m_permitted_subtrees;
387 }
388
389 /**
390 * @return excluded names
391 */
392 BOTAN_DEPRECATED("Deprecated no replacement") const std::vector<GeneralSubtree>& excluded() const {
393 return m_excluded_subtrees;
394 }
395
396 /**
397 * Return true if all of the names in the certificate are permitted
398 */
399 bool is_permitted(const X509_Certificate& cert, bool reject_unknown) const;
400
401 /**
402 * Return true if any of the names in the certificate are excluded
403 */
404 bool is_excluded(const X509_Certificate& cert, bool reject_unknown) const;
405
406 private:
407 std::vector<GeneralSubtree> m_permitted_subtrees;
408 std::vector<GeneralSubtree> m_excluded_subtrees;
409
410 std::set<GeneralName::NameType> m_permitted_name_types;
411 std::set<GeneralName::NameType> m_excluded_name_types;
412};
413
414/**
415* X.509 Certificate Extension
416*/
417class BOTAN_PUBLIC_API(2, 0) Certificate_Extension /* NOLINT(*-special-member-functions) */ {
418 public:
419 /**
420 * @return OID representing this extension
421 */
422 virtual OID oid_of() const = 0;
423
424 /*
425 * @return specific OID name
426 * If possible OIDS table should match oid_name to OIDS, ie
427 * OID::from_string(ext->oid_name()) == ext->oid_of()
428 * Should return empty string if OID is not known
429 */
430 virtual std::string oid_name() const = 0;
431
432 /**
433 * Make a copy of this extension
434 * @return copy of this
435 */
436
437 virtual std::unique_ptr<Certificate_Extension> copy() const = 0;
438
439 /*
440 * Callback visited during path validation.
441 *
442 * An extension can implement this callback to inspect
443 * the path during path validation.
444 *
445 * If an error occurs during validation of this extension,
446 * an appropriate status code shall be added to cert_status.
447 *
448 * @param subject Subject certificate that contains this extension
449 * @param issuer Issuer certificate
450 * @param cert_path Certificate path which is currently validated
451 * @param cert_status Certificate validation status codes for subject certificate
452 * @param pos Position of subject certificate in cert_path
453 */
454 virtual void validate(const X509_Certificate& subject,
455 const X509_Certificate& issuer,
456 const std::vector<X509_Certificate>& cert_path,
457 std::vector<std::set<Certificate_Status_Code>>& cert_status,
458 size_t pos);
459
460 virtual ~Certificate_Extension() = default;
461
462 protected:
463 friend class Extensions;
464
465 virtual bool should_encode() const { return true; }
466
467 virtual std::vector<uint8_t> encode_inner() const = 0;
468 virtual void decode_inner(const std::vector<uint8_t>&) = 0;
469};
470
471/**
472* X.509 Certificate Extension List
473*/
474class BOTAN_PUBLIC_API(2, 0) Extensions final : public ASN1_Object {
475 public:
476 /**
477 * Look up an object in the extensions, based on OID Returns
478 * nullptr if not set, if the extension was either absent or not
479 * handled. The pointer returned is owned by the Extensions
480 * object.
481 * This would be better with an optional<T> return value
482 */
483 const Certificate_Extension* get_extension_object(const OID& oid) const;
484
485 template <typename T>
486 const T* get_extension_object_as(const OID& oid = T::static_oid()) const {
487 if(const Certificate_Extension* extn = get_extension_object(oid)) {
488 // Unknown_Extension oid_name is empty
489 if(extn->oid_name().empty()) {
490 return nullptr;
491 } else if(const T* extn_as_T = dynamic_cast<const T*>(extn)) {
492 return extn_as_T;
493 } else {
494 throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed");
495 }
496 }
497
498 return nullptr;
499 }
500
501 /**
502 * Return the set of extensions in the order they appeared in the certificate
503 * (or as they were added, if constructed)
504 */
505 const std::vector<OID>& get_extension_oids() const { return m_extension_oids; }
506
507 /**
508 * Return true if an extension was set
509 */
510 bool extension_set(const OID& oid) const;
511
512 /**
513 * Return true if an extesion was set and marked critical
514 */
515 bool critical_extension_set(const OID& oid) const;
516
517 /**
518 * Return the raw bytes of the extension
519 * Will throw if OID was not set as an extension.
520 */
521 std::vector<uint8_t> get_extension_bits(const OID& oid) const;
522
523 void encode_into(DER_Encoder& to) const override;
524 void decode_from(BER_Decoder& from) override;
525
526 /**
527 * Adds a new extension to the list.
528 * @param extn pointer to the certificate extension (Extensions takes ownership)
529 * @param critical whether this extension should be marked as critical
530 * @throw Invalid_Argument if the extension is already present in the list
531 */
532 void add(std::unique_ptr<Certificate_Extension> extn, bool critical = false);
533
534 /**
535 * Adds a new extension to the list unless it already exists. If the extension
536 * already exists within the Extensions object, the extn pointer will be deleted.
537 *
538 * @param extn pointer to the certificate extension (Extensions takes ownership)
539 * @param critical whether this extension should be marked as critical
540 * @return true if the object was added false if the extension was already used
541 */
542 bool add_new(std::unique_ptr<Certificate_Extension> extn, bool critical = false);
543
544 /**
545 * Adds an extension to the list or replaces it.
546 * @param extn the certificate extension
547 * @param critical whether this extension should be marked as critical
548 */
549 void replace(std::unique_ptr<Certificate_Extension> extn, bool critical = false);
550
551 /**
552 * Remove an extension from the list. Returns true if the
553 * extension had been set, false otherwise.
554 */
555 bool remove(const OID& oid);
556
557 /**
558 * Searches for an extension by OID and returns the result.
559 * Only the known extensions types declared in this header
560 * are searched for by this function.
561 * @return Copy of extension with oid, nullptr if not found.
562 * Can avoid creating a copy by using get_extension_object function
563 */
564 std::unique_ptr<Certificate_Extension> get(const OID& oid) const;
565
566 /**
567 * Searches for an extension by OID and returns the result decoding
568 * it to some arbitrary extension type chosen by the application.
569 *
570 * Only the unknown extensions, that is, extensions types that
571 * are not declared in this header, are searched for by this
572 * function.
573 *
574 * @return Pointer to new extension with oid, nullptr if not found.
575 */
576 template <typename T>
577 std::unique_ptr<T> get_raw(const OID& oid) const {
578 auto extn_info = m_extension_info.find(oid);
579
580 if(extn_info != m_extension_info.end()) {
581 // Unknown_Extension oid_name is empty
582 if(extn_info->second.obj().oid_name().empty()) {
583 auto ext = std::make_unique<T>();
584 ext->decode_inner(extn_info->second.bits());
585 return ext;
586 }
587 }
588 return nullptr;
589 }
590
591 /**
592 * Returns a copy of the list of extensions together with the corresponding
593 * criticality flag. All extensions are encoded as some object, falling back
594 * to Unknown_Extension class which simply allows reading the bytes as well
595 * as the criticality flag.
596 */
597 std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> extensions() const;
598
599 /**
600 * Returns the list of extensions as raw, encoded bytes
601 * together with the corresponding criticality flag.
602 * Contains all extensions, including any extensions encoded as Unknown_Extension
603 */
604 std::map<OID, std::pair<std::vector<uint8_t>, bool>> extensions_raw() const;
605
606 Extensions() = default;
607
608 Extensions(const Extensions&) = default;
609 Extensions& operator=(const Extensions&) = default;
610
611 Extensions(Extensions&&) = default;
613
614 ~Extensions() override = default;
615
616 private:
617 static std::unique_ptr<Certificate_Extension> create_extn_obj(const OID& oid,
618 bool critical,
619 const std::vector<uint8_t>& body);
620
621 class BOTAN_UNSTABLE_API Extensions_Info {
622 public:
623 Extensions_Info(bool critical, std::unique_ptr<Certificate_Extension> ext) :
624 m_obj(std::move(ext)), m_bits(m_obj->encode_inner()), m_critical(critical) {}
625
626 Extensions_Info(bool critical,
627 const std::vector<uint8_t>& encoding,
628 std::unique_ptr<Certificate_Extension> ext) :
629 m_obj(std::move(ext)), m_bits(encoding), m_critical(critical) {}
630
631 bool is_critical() const { return m_critical; }
632
633 const std::vector<uint8_t>& bits() const { return m_bits; }
634
635 const Certificate_Extension& obj() const;
636
637 private:
638 std::shared_ptr<Certificate_Extension> m_obj;
639 std::vector<uint8_t> m_bits;
640 bool m_critical = false;
641 };
642
643 std::vector<OID> m_extension_oids;
644 std::map<OID, Extensions_Info> m_extension_info;
645};
646
647} // namespace Botan
648
649#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
#define BOTAN_UNSTABLE_API
Definition api.h:34
#define BOTAN_DEPRECATED(msg)
Definition api.h:73
#define BOTAN_FUTURE_EXPLICIT
Definition api.h:52
ASN1_Object()=default
const std::set< X509_DN > & directory_names() const
Return the set of directory names included in this alternative name.
Definition pkix_types.h:173
void add_dns(std::string_view dns)
Add a DNS name to this AlternativeName.
Definition alt_name.cpp:30
void add_ipv4_address(uint32_t ipv4)
Add an IP address to this alternative name.
Definition alt_name.cpp:44
void add_email(std::string_view addr)
Add a URI to this AlternativeName.
Definition alt_name.cpp:24
const std::set< uint32_t > & ipv4_address() const
Return the set of IPv4 addresses included in this alternative name.
Definition pkix_types.h:164
void encode_into(DER_Encoder &to) const override
Definition alt_name.cpp:59
const std::set< std::pair< OID, ASN1_String > > & other_names() const
Return the set of "other names" included in this alternative name.
Definition pkix_types.h:168
const std::set< std::string > & uris() const
Return the set of URIs included in this alternative name.
Definition pkix_types.h:155
void add_uri(std::string_view uri)
Add a URI to this AlternativeName.
Definition alt_name.cpp:18
const std::set< std::string > & dns() const
Return the set of DNS names included in this alternative name.
Definition pkix_types.h:161
void add_other_name(const OID &oid, const ASN1_String &value)
Add an "OtherName" identified by object identifier to this AlternativeName.
Definition alt_name.cpp:36
const std::set< std::string > & email() const
Return the set of email addresses included in this alternative name.
Definition pkix_types.h:158
void add_dn(const X509_DN &dn)
Add a directory name to this AlternativeName.
Definition alt_name.cpp:40
AlternativeName()=default
Create an empty name.
void decode_from(BER_Decoder &from) override
Definition alt_name.cpp:112
std::multimap< OID, ASN1_String > get_othernames() const
const std::vector< uint8_t > & parameters() const
Definition pkix_types.h:239
void decode_from(BER_Decoder &from) override
const OID & object_identifier() const
Definition pkix_types.h:241
const OID & oid() const
Definition pkix_types.h:237
void encode_into(DER_Encoder &to) const override
Attribute()=default
const std::vector< uint8_t > & get_parameters() const
Definition pkix_types.h:243
virtual bool should_encode() const
Definition pkix_types.h:465
virtual std::string oid_name() const =0
virtual OID oid_of() const =0
virtual void validate(const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos)
Definition x509_ext.cpp:134
virtual std::unique_ptr< Certificate_Extension > copy() const =0
virtual std::vector< uint8_t > encode_inner() const =0
virtual ~Certificate_Extension()=default
virtual void decode_inner(const std::vector< uint8_t > &)=0
const Certificate_Extension * get_extension_object(const OID &oid) const
Definition x509_ext.cpp:209
std::unique_ptr< T > get_raw(const OID &oid) const
Definition pkix_types.h:577
Extensions & operator=(const Extensions &)=default
Extensions(const Extensions &)=default
~Extensions() override=default
Extensions(Extensions &&)=default
const std::vector< OID > & get_extension_oids() const
Definition pkix_types.h:505
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Definition pkix_types.h:486
Extensions()=default
Extensions & operator=(Extensions &&)=default
X.509 GeneralName Type.
Definition pkix_types.h:260
void decode_from(BER_Decoder &from) override
GeneralName()=default
void encode_into(DER_Encoder &to) const override
NameType type_code() const
Definition pkix_types.h:290
A single Name Constraint.
Definition pkix_types.h:340
void encode_into(DER_Encoder &to) const override
const GeneralName & base() const
Definition pkix_types.h:354
void decode_from(BER_Decoder &from) override
const std::vector< GeneralSubtree > & permitted() const
Definition pkix_types.h:385
const std::vector< GeneralSubtree > & excluded() const
Definition pkix_types.h:392
void add_attribute(const OID &oid, std::string_view val)
Definition pkix_types.h:93
void add_attribute(std::string_view key, std::string_view val)
Definition x509_dn.cpp:100
X509_DN()=default
X509_DN(const std::multimap< OID, std::string > &args)
Definition pkix_types.h:51
const std::vector< std::pair< OID, ASN1_String > > & dn_info() const
Definition pkix_types.h:82
X509_DN(const std::multimap< std::string, std::string > &args)
Definition pkix_types.h:57
X509_DN(std::initializer_list< std::pair< std::string_view, std::string_view > > args)
Definition pkix_types.h:45
bool empty() const
Definition pkix_types.h:76
const std::vector< uint8_t > & get_bits() const
Definition pkix_types.h:72
size_t count() const
Definition pkix_types.h:78
ASN1_Type
Definition asn1_obj.h:43
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13
std::string key_constraints_to_string(Key_Constraints c)
Definition pkix_types.h:34