273namespace Cert_Extension {
280 throw Invalid_State(
"Basic_Constraints::get_path_limit: Not a CA");
288std::vector<uint8_t> Basic_Constraints::encode_inner()
const {
289 std::vector<uint8_t> output;
292 .
encode_if(m_is_ca,
DER_Encoder().encode(m_is_ca).encode_optional(m_path_limit, NO_CERT_PATH_LIMIT))
300void Basic_Constraints::decode_inner(
const std::vector<uint8_t>& in) {
307 if(m_is_ca ==
false) {
315std::vector<uint8_t> Key_Usage::encode_inner()
const {
316 if(m_constraints.
empty()) {
317 throw Encoding_Error(
"Cannot encode empty PKIX key constraints");
320 const size_t constraint_bits = m_constraints.
value();
321 const size_t unused_bits =
ctz(
static_cast<uint32_t
>(constraint_bits));
323 std::vector<uint8_t> der;
325 der.push_back(2 + ((unused_bits < 8) ? 1 : 0));
326 der.push_back(unused_bits % 8);
327 der.push_back((constraint_bits >> 8) & 0xFF);
328 if(constraint_bits & 0xFF) {
329 der.push_back(constraint_bits & 0xFF);
338void Key_Usage::decode_inner(
const std::vector<uint8_t>& in) {
341 BER_Object obj = ber.get_next_object();
345 if(obj.length() != 2 && obj.length() != 3) {
346 throw BER_Decoding_Error(
"Bad size for BITSTRING in usage constraint");
351 const uint8_t* bits = obj.bits();
354 throw BER_Decoding_Error(
"Invalid unused bits in usage constraint");
357 const uint8_t mask =
static_cast<uint8_t
>(0xFF << bits[0]);
359 if(obj.length() == 2) {
361 }
else if(obj.length() == 3) {
365 m_constraints = Key_Constraints(usage);
371std::vector<uint8_t> Subject_Key_ID::encode_inner()
const {
372 std::vector<uint8_t> output;
380void Subject_Key_ID::decode_inner(
const std::vector<uint8_t>& in) {
390 m_key_id.resize(hash->output_length());
392 hash->update(pub_key);
393 hash->final(m_key_id.data());
396 const size_t max_skid_len = (192 / 8);
397 if(m_key_id.size() > max_skid_len) {
398 m_key_id.resize(max_skid_len);
405std::vector<uint8_t> Authority_Key_ID::encode_inner()
const {
406 std::vector<uint8_t> output;
417void Authority_Key_ID::decode_inner(
const std::vector<uint8_t>& in) {
424std::vector<uint8_t> Subject_Alternative_Name::encode_inner()
const {
425 std::vector<uint8_t> output;
426 DER_Encoder(output).encode(m_alt_name);
433std::vector<uint8_t> Issuer_Alternative_Name::encode_inner()
const {
434 std::vector<uint8_t> output;
435 DER_Encoder(output).encode(m_alt_name);
442void Subject_Alternative_Name::decode_inner(
const std::vector<uint8_t>& in) {
443 BER_Decoder(in).
decode(m_alt_name);
449void Issuer_Alternative_Name::decode_inner(
const std::vector<uint8_t>& in) {
450 BER_Decoder(in).
decode(m_alt_name);
456std::vector<uint8_t> Extended_Key_Usage::encode_inner()
const {
457 std::vector<uint8_t> output;
465void Extended_Key_Usage::decode_inner(
const std::vector<uint8_t>& in) {
472std::vector<uint8_t> Name_Constraints::encode_inner()
const {
473 throw Not_Implemented(
"Name_Constraints encoding");
479void Name_Constraints::decode_inner(
const std::vector<uint8_t>& in) {
480 std::vector<GeneralSubtree> permit, exclude;
482 BER_Decoder ext = ber.start_sequence();
483 BER_Object per = ext.get_next_object();
489 throw Encoding_Error(
"Empty Name Contraint list");
493 BER_Object exc = ext.get_next_object();
497 if(exclude.empty()) {
498 throw Encoding_Error(
"Empty Name Contraint list");
504 if(permit.empty() && exclude.empty()) {
505 throw Encoding_Error(
"Empty Name Contraint extension");
508 m_name_constraints = NameConstraints(std::move(permit), std::move(exclude));
513 const std::vector<X509_Certificate>& cert_path,
514 std::vector<std::set<Certificate_Status_Code>>& cert_status,
516 if(!m_name_constraints.
permitted().empty() || !m_name_constraints.
excluded().empty()) {
521 const bool issuer_name_constraint_critical = issuer.
is_critical(
"X509v3.NameConstraints");
524 for(
size_t j = 0; j < pos; ++j) {
525 bool permitted = m_name_constraints.
permitted().empty();
528 for(
const auto& c : m_name_constraints.
permitted()) {
529 switch(c.base().matches(cert_path.at(j))) {
535 failed = issuer_name_constraint_critical;
543 for(
const auto& c : m_name_constraints.
excluded()) {
544 switch(c.base().matches(cert_path.at(j))) {
550 failed = issuer_name_constraint_critical;
557 if(failed || !permitted) {
571 Policy_Information() =
default;
573 explicit Policy_Information(
const OID& oid) : m_oid(oid) {}
575 const OID& oid()
const {
return m_oid; }
577 void encode_into(DER_Encoder& codec)
const override { codec.start_sequence().encode(m_oid).end_cons(); }
579 void decode_from(BER_Decoder& codec)
override {
580 codec.start_sequence().decode(m_oid).discard_remaining().end_cons();
592std::vector<uint8_t> Certificate_Policies::encode_inner()
const {
593 std::vector<Policy_Information> policies;
595 policies.reserve(m_oids.size());
596 for(
const auto& oid : m_oids) {
597 policies.push_back(Policy_Information(oid));
600 std::vector<uint8_t> output;
601 DER_Encoder(output).start_sequence().encode_list(policies).end_cons();
608void Certificate_Policies::decode_inner(
const std::vector<uint8_t>& in) {
609 std::vector<Policy_Information> policies;
611 BER_Decoder(in).decode_list(policies);
613 for(
const auto& policy : policies) {
614 m_oids.push_back(policy.oid());
620 const std::vector<X509_Certificate>& ,
621 std::vector<std::set<Certificate_Status_Code>>& cert_status,
623 std::set<OID> oid_set(m_oids.begin(), m_oids.end());
624 if(oid_set.size() != m_oids.size()) {
629std::vector<uint8_t> Authority_Information_Access::encode_inner()
const {
630 std::vector<uint8_t> output;
633 der.start_sequence();
635 if(!m_ocsp_responder.empty()) {
644 for(
const auto& ca_isser : m_ca_issuers) {
656void Authority_Information_Access::decode_inner(
const std::vector<uint8_t>& in) {
657 BER_Decoder ber = BER_Decoder(in).start_sequence();
659 while(ber.more_items()) {
662 BER_Decoder info = ber.start_sequence();
667 BER_Object
name = info.get_next_object();
674 BER_Object
name = info.get_next_object();
700 return std::make_unique<CRL_Number>(m_crl_number);
706std::vector<uint8_t> CRL_Number::encode_inner()
const {
707 std::vector<uint8_t> output;
715void CRL_Number::decode_inner(
const std::vector<uint8_t>& in) {
723std::vector<uint8_t> CRL_ReasonCode::encode_inner()
const {
724 std::vector<uint8_t> output;
732void CRL_ReasonCode::decode_inner(
const std::vector<uint8_t>& in) {
733 size_t reason_code = 0;
735 m_reason =
static_cast<CRL_Code>(reason_code);
738std::vector<uint8_t> CRL_Distribution_Points::encode_inner()
const {
739 std::vector<uint8_t> output;
740 DER_Encoder(output).start_sequence().encode_list(m_distribution_points).end_cons();
744void CRL_Distribution_Points::decode_inner(
const std::vector<uint8_t>& buf) {
745 BER_Decoder(buf).decode_list(m_distribution_points).verify_end();
747 std::stringstream ss;
749 for(
const auto& distribution_point : m_distribution_points) {
750 auto contents = distribution_point.point().contents();
752 for(
const auto& pair : contents) {
753 ss << pair.first <<
": " << pair.second <<
" ";
757 m_crl_distribution_urls.push_back(ss.str());
767 for(
auto i = range.first; i != range.second; ++i) {
790std::vector<uint8_t> CRL_Issuing_Distribution_Point::encode_inner()
const {
794void CRL_Issuing_Distribution_Point::decode_inner(
const std::vector<uint8_t>& buf) {
798void OCSP_NoCheck::decode_inner(
const std::vector<uint8_t>& buf) {
802std::vector<uint8_t> Unknown_Extension::encode_inner()
const {
806void Unknown_Extension::decode_inner(
const std::vector<uint8_t>& bytes) {