11#ifndef BOTAN_PKIX_TYPES_H_
12#define BOTAN_PKIX_TYPES_H_
14#include <botan/asn1_obj.h>
16#include <botan/pkix_enums.h>
17#include <initializer_list>
45 X509_DN(std::initializer_list<std::pair<std::string_view, std::string_view>> args) {
46 for(
const auto& i : args) {
51 explicit X509_DN(
const std::multimap<OID, std::string>& args) {
52 for(
const auto& i : args) {
57 explicit X509_DN(
const std::multimap<std::string, std::string>& args) {
58 for(
const auto& i : args) {
66 bool has_field(
const OID& oid)
const;
72 const std::vector<uint8_t>&
get_bits()
const {
return m_dn_bits; }
74 std::vector<uint8_t> DER_encode()
const;
76 bool empty()
const {
return m_rdn.empty(); }
78 size_t count()
const {
return m_rdn.size(); }
82 const std::vector<std::pair<OID, ASN1_String>>&
dn_info()
const {
return m_rdn; }
84 std::multimap<OID, std::string> get_attributes()
const;
85 std::multimap<std::string, std::string> contents()
const;
87 bool has_field(std::string_view attr)
const;
88 std::vector<std::string> get_attribute(std::string_view attr)
const;
89 std::string get_first_attribute(std::string_view attr)
const;
91 void add_attribute(std::string_view key, std::string_view val);
97 static std::string deref_info_field(std::string_view key);
106 static size_t lookup_ub(
const OID& oid);
109 std::vector<std::pair<OID, ASN1_String>> m_rdn;
110 std::vector<uint8_t> m_dn_bits;
113BOTAN_PUBLIC_API(2, 0) bool operator==(const X509_DN& dn1, const X509_DN& dn2);
114BOTAN_PUBLIC_API(2, 0)
bool operator!=(const X509_DN& dn1, const X509_DN& dn2);
120BOTAN_PUBLIC_API(2, 0)
bool operator<(const X509_DN& dn1, const X509_DN& dn2);
122BOTAN_PUBLIC_API(2, 0) std::ostream& operator<<(std::ostream& out, const X509_DN& dn);
123BOTAN_PUBLIC_API(2, 0) std::istream& operator>>(std::istream& in, X509_DN& dn);
137 void add_uri(std::string_view uri);
155 const std::set<std::string>&
uris()
const {
return m_uri; }
158 const std::set<std::string>&
email()
const {
return m_email; }
161 const std::set<std::string>&
dns()
const {
return m_dns; }
179 size_t count()
const;
182 bool has_items()
const;
185 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
186 std::multimap<std::
string, std::
string> contents() const;
188 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}.empty()")
189 bool has_field(std::string_view attr) const;
191 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
192 std::vector<std::
string> get_attribute(std::string_view attr) const;
194 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
195 std::multimap<std::
string, std::
string, std::less<>> get_attributes() const;
197 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
198 std::
string get_first_attribute(std::string_view attr) const;
201 void add_attribute(std::string_view type, std::string_view value);
204 void add_othername(const
OID& oid, std::string_view value,
ASN1_Type type);
210 BOTAN_DEPRECATED(
"Use plain constructor plus add_{uri,dns,email,ipv4_address}")
212 std::string_view uri =
"",
213 std::string_view
dns =
"",
214 std::string_view ip_address =
"");
217 std::set<std::
string> m_dns;
218 std::set<std::
string> m_uri;
219 std::set<std::
string> m_email;
220 std::set<uint32_t> m_ipv4_addr;
235 Attribute(std::string_view oid_str,
const std::vector<uint8_t>& params);
239 const std::vector<uint8_t>&
parameters()
const {
return m_parameters; }
247 std::vector<uint8_t> m_parameters;
309 bool matches_dns(const std::
string& dns_name) const;
310 bool matches_ipv4(uint32_t ip) const;
311 bool matches_dn(const
X509_DN& dn) const;
314 static constexpr
size_t RFC822_IDX = 0;
315 static constexpr
size_t DNS_IDX = 1;
316 static constexpr
size_t URI_IDX = 2;
317 static constexpr
size_t DN_IDX = 3;
318 static constexpr
size_t IPV4_IDX = 4;
320 NameType m_type = NameType::
Unknown;
321 std::variant<std::
string, std::
string, std::
string,
X509_DN, std::pair<uint32_t, uint32_t>> m_name;
323 static
bool matches_dns(std::string_view name, std::string_view constraint);
325 static
bool matches_dn(const
X509_DN& name, const
X509_DN& constraint);
360BOTAN_DEPRECATED(
"Deprecated no replacement") std::ostream& operator<<(std::ostream& os, const GeneralSubtree& gs);
380 std::vector<GeneralSubtree>&& excluded_subtrees);
386 return m_permitted_subtrees;
393 return m_excluded_subtrees;
407 std::vector<GeneralSubtree> m_permitted_subtrees;
408 std::vector<GeneralSubtree> m_excluded_subtrees;
410 std::set<GeneralName::NameType> m_permitted_name_types;
411 std::set<GeneralName::NameType> m_excluded_name_types;
437 virtual std::unique_ptr<Certificate_Extension>
copy()
const = 0;
456 const std::vector<X509_Certificate>& cert_path,
457 std::vector<std::set<Certificate_Status_Code>>& cert_status,
485 template <
typename T>
489 if(extn->oid_name().empty()) {
491 }
else if(
const T* extn_as_T =
dynamic_cast<const T*
>(extn)) {
494 throw Decoding_Error(
"Exception::get_extension_object_as dynamic_cast failed");
510 bool extension_set(
const OID& oid)
const;
515 bool critical_extension_set(
const OID& oid)
const;
521 std::vector<uint8_t> get_extension_bits(
const OID& oid)
const;
532 void add(std::unique_ptr<Certificate_Extension> extn,
bool critical =
false);
542 bool add_new(std::unique_ptr<Certificate_Extension> extn,
bool critical =
false);
549 void replace(std::unique_ptr<Certificate_Extension> extn,
bool critical =
false);
555 bool remove(
const OID& oid);
564 std::unique_ptr<Certificate_Extension> get(
const OID& oid)
const;
576 template <
typename T>
578 auto extn_info = m_extension_info.find(oid);
580 if(extn_info != m_extension_info.end()) {
582 if(extn_info->second.obj().oid_name().empty()) {
583 auto ext = std::make_unique<T>();
584 ext->decode_inner(extn_info->second.bits());
597 std::vector<std::pair<std::unique_ptr<Certificate_Extension>,
bool>> extensions()
const;
604 std::map<OID, std::pair<std::vector<uint8_t>,
bool>> extensions_raw()
const;
617 static std::unique_ptr<Certificate_Extension> create_extn_obj(
const OID& oid,
619 const std::vector<uint8_t>& body);
623 Extensions_Info(
bool critical, std::unique_ptr<Certificate_Extension> ext) :
624 m_obj(std::move(ext)), m_bits(m_obj->encode_inner()), m_critical(critical) {}
626 Extensions_Info(
bool critical,
627 const std::vector<uint8_t>& encoding,
628 std::unique_ptr<Certificate_Extension> ext) :
629 m_obj(std::move(ext)), m_bits(encoding), m_critical(critical) {}
631 bool is_critical()
const {
return m_critical; }
633 const std::vector<uint8_t>& bits()
const {
return m_bits; }
635 const Certificate_Extension& obj()
const;
638 std::shared_ptr<Certificate_Extension> m_obj;
639 std::vector<uint8_t> m_bits;
640 bool m_critical =
false;
643 std::vector<OID> m_extension_oids;
644 std::map<OID, Extensions_Info> m_extension_info;
#define BOTAN_PUBLIC_API(maj, min)
#define BOTAN_UNSTABLE_API
#define BOTAN_DEPRECATED(msg)
#define BOTAN_FUTURE_EXPLICIT
const std::set< X509_DN > & directory_names() const
Return the set of directory names included in this alternative name.
void add_dns(std::string_view dns)
Add a DNS name to this AlternativeName.
void add_ipv4_address(uint32_t ipv4)
Add an IP address to this alternative name.
void add_email(std::string_view addr)
Add a URI to this AlternativeName.
const std::set< uint32_t > & ipv4_address() const
Return the set of IPv4 addresses included in this alternative name.
void encode_into(DER_Encoder &to) const override
const std::set< std::pair< OID, ASN1_String > > & other_names() const
Return the set of "other names" included in this alternative name.
const std::set< std::string > & uris() const
Return the set of URIs included in this alternative name.
void add_uri(std::string_view uri)
Add a URI to this AlternativeName.
const std::set< std::string > & dns() const
Return the set of DNS names included in this alternative name.
void add_other_name(const OID &oid, const ASN1_String &value)
Add an "OtherName" identified by object identifier to this AlternativeName.
const std::set< std::string > & email() const
Return the set of email addresses included in this alternative name.
void add_dn(const X509_DN &dn)
Add a directory name to this AlternativeName.
AlternativeName()=default
Create an empty name.
void decode_from(BER_Decoder &from) override
std::multimap< OID, ASN1_String > get_othernames() const
const std::vector< uint8_t > & parameters() const
void decode_from(BER_Decoder &from) override
const OID & object_identifier() const
void encode_into(DER_Encoder &to) const override
const std::vector< uint8_t > & get_parameters() const
virtual bool should_encode() const
virtual std::string oid_name() const =0
virtual OID oid_of() const =0
virtual void validate(const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos)
virtual std::unique_ptr< Certificate_Extension > copy() const =0
virtual std::vector< uint8_t > encode_inner() const =0
virtual ~Certificate_Extension()=default
virtual void decode_inner(const std::vector< uint8_t > &)=0
const Certificate_Extension * get_extension_object(const OID &oid) const
std::unique_ptr< T > get_raw(const OID &oid) const
Extensions & operator=(const Extensions &)=default
Extensions(const Extensions &)=default
~Extensions() override=default
Extensions(Extensions &&)=default
const std::vector< OID > & get_extension_oids() const
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Extensions & operator=(Extensions &&)=default
void decode_from(BER_Decoder &from) override
void encode_into(DER_Encoder &to) const override
NameType type_code() const
A single Name Constraint.
void encode_into(DER_Encoder &to) const override
const GeneralName & base() const
void decode_from(BER_Decoder &from) override
NameConstraints()=default
const std::vector< GeneralSubtree > & permitted() const
const std::vector< GeneralSubtree > & excluded() const
void add_attribute(const OID &oid, std::string_view val)
void add_attribute(std::string_view key, std::string_view val)
X509_DN(const std::multimap< OID, std::string > &args)
const std::vector< std::pair< OID, ASN1_String > > & dn_info() const
X509_DN(const std::multimap< std::string, std::string > &args)
X509_DN(std::initializer_list< std::pair< std::string_view, std::string_view > > args)
const std::vector< uint8_t > & get_bits() const
std::string to_string(ErrorType type)
Convert an ErrorType to string.
std::string key_constraints_to_string(Key_Constraints c)