Botan  2.4.0
Crypto and TLS for C++11
x509_ext.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Extensions
3 * (C) 1999-2007,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_EXTENSIONS_H_
9 #define BOTAN_X509_EXTENSIONS_H_
10 
11 #include <botan/asn1_obj.h>
12 #include <botan/asn1_oid.h>
13 #include <botan/asn1_alt_name.h>
14 #include <botan/cert_status.h>
15 #include <botan/name_constraint.h>
16 #include <botan/key_constraint.h>
17 #include <botan/crl_ent.h>
18 #include <set>
19 
20 namespace Botan {
21 
22 class Data_Store;
23 class X509_Certificate;
24 
25 /**
26 * X.509 Certificate Extension
27 */
29  {
30  public:
31  /**
32  * @return OID representing this extension
33  */
34  virtual OID oid_of() const = 0;
35 
36  /*
37  * @return specific OID name
38  * If possible OIDS table should match oid_name to OIDS, ie
39  * OIDS::lookup(ext->oid_name()) == ext->oid_of()
40  * Should return empty string if OID is not known
41  */
42  virtual std::string oid_name() const = 0;
43 
44  /**
45  * Make a copy of this extension
46  * @return copy of this
47  */
48  virtual Certificate_Extension* copy() const = 0;
49 
50  /*
51  * Add the contents of this extension into the information
52  * for the subject and/or issuer, as necessary.
53  * @param subject the subject info
54  * @param issuer the issuer info
55  */
56  virtual void contents_to(Data_Store& subject,
57  Data_Store& issuer) const = 0;
58 
59  /*
60  * Callback visited during path validation.
61  *
62  * An extension can implement this callback to inspect
63  * the path during path validation.
64  *
65  * If an error occurs during validation of this extension,
66  * an appropriate status code shall be added to cert_status.
67  *
68  * @param subject Subject certificate that contains this extension
69  * @param issuer Issuer certificate
70  * @param status Certificate validation status codes for subject certificate
71  * @param cert_path Certificate path which is currently validated
72  * @param pos Position of subject certificate in cert_path
73  */
74  virtual void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
75  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
76  std::vector<std::set<Certificate_Status_Code>>& cert_status,
77  size_t pos);
78 
79  virtual ~Certificate_Extension() = default;
80  protected:
81  friend class Extensions;
82  virtual bool should_encode() const { return true; }
83  virtual std::vector<uint8_t> encode_inner() const = 0;
84  virtual void decode_inner(const std::vector<uint8_t>&) = 0;
85  };
86 
87 /**
88 * X.509 Certificate Extension List
89 */
90 class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object
91  {
92  public:
93  /**
94  * Look up an object in the extensions, based on OID Returns
95  * nullptr if not set, if the extension was either absent or not
96  * handled. The pointer returned is owned by the Extensions
97  * object.
98  * This would be better with an optional<T> return value
99  */
100  const Certificate_Extension* get_extension_object(const OID& oid) const;
101 
102  template<typename T>
103  const T* get_extension_object_as(const OID& oid = T::static_oid()) const
104  {
105  if(const Certificate_Extension* extn = get_extension_object(oid))
106  {
107  if(const T* extn_as_T = dynamic_cast<const T*>(extn))
108  {
109  return extn_as_T;
110  }
111  else
112  {
113  throw Exception("Exception::get_extension_object_as dynamic_cast failed");
114  }
115  }
116 
117  return nullptr;
118  }
119 
120  /**
121  * Return the set of extensions in the order they appeared in the certificate
122  * (or as they were added, if constructed)
123  */
124  const std::vector<OID>& get_extension_oids() const
125  {
126  return m_extension_oids;
127  }
128 
129  /**
130  * Return true if an extension was set
131  */
132  bool extension_set(const OID& oid) const;
133 
134  /**
135  * Return true if an extesion was set and marked critical
136  */
137  bool critical_extension_set(const OID& oid) const;
138 
139  /**
140  * Return the raw bytes of the extension
141  * Will throw if OID was not set as an extension.
142  */
143  std::vector<uint8_t> get_extension_bits(const OID& oid) const;
144 
145  void encode_into(class DER_Encoder&) const override;
146  void decode_from(class BER_Decoder&) override;
147  void contents_to(Data_Store&, Data_Store&) const;
148 
149  /**
150  * Adds a new extension to the list.
151  * @param extn pointer to the certificate extension (Extensions takes ownership)
152  * @param critical whether this extension should be marked as critical
153  * @throw Invalid_Argument if the extension is already present in the list
154  */
155  void add(Certificate_Extension* extn, bool critical = false);
156 
157  /**
158  * Adds an extension to the list or replaces it.
159  * @param extn the certificate extension
160  * @param critical whether this extension should be marked as critical
161  */
162  void replace(Certificate_Extension* extn, bool critical = false);
163 
164  /**
165  * Searches for an extension by OID and returns the result.
166  * Only the known extensions types declared in this header
167  * are searched for by this function.
168  * @return Copy of extension with oid, nullptr if not found.
169  * Can avoid creating a copy by using get_extension_object function
170  */
171  std::unique_ptr<Certificate_Extension> get(const OID& oid) const;
172 
173  /**
174  * Searches for an extension by OID and returns the result decoding
175  * it to some arbitrary extension type chosen by the application.
176  *
177  * Only the unknown extensions, that is, extensions types that
178  * are not declared in this header, are searched for by this
179  * function.
180  *
181  * @return Pointer to new extension with oid, nullptr if not found.
182  */
183  template<typename T>
184  std::unique_ptr<T> get_raw(const OID& oid) const
185  {
186  auto extn_info = m_extension_info.find(oid);
187 
188  if(extn_info != m_extension_info.end())
189  {
190  // Unknown_Extension oid_name is empty
191  if(extn_info->second.obj().oid_name() == "")
192  {
193  std::unique_ptr<T> ext(new T);
194  ext->decode_inner(extn_info->second.bits());
195  return std::move(ext);
196  }
197  }
198  return nullptr;
199  }
200 
201  /**
202  * Returns a copy of the list of extensions together with the corresponding
203  * criticality flag. All extensions are encoded as some object, falling back
204  * to Unknown_Extension class which simply allows reading the bytes as well
205  * as the criticality flag.
206  */
207  std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> extensions() const;
208 
209  /**
210  * Returns the list of extensions as raw, encoded bytes
211  * together with the corresponding criticality flag.
212  * Contains all extensions, including any extensions encoded as Unknown_Extension
213  */
214  std::map<OID, std::pair<std::vector<uint8_t>, bool>> extensions_raw() const;
215 
217 
218  Extensions(const Extensions&) = default;
219  Extensions& operator=(const Extensions&) = default;
220 
221 #if !defined(BOTAN_BUILD_COMPILER_IS_MSVC_2013)
222  Extensions(Extensions&&) = default;
223  Extensions& operator=(Extensions&&) = default;
224 #endif
225 
226  private:
227  static std::unique_ptr<Certificate_Extension>
228  create_extn_obj(const OID& oid,
229  bool critical,
230  const std::vector<uint8_t>& body);
231 
232  class Extensions_Info
233  {
234  public:
235  Extensions_Info(bool critical,
236  Certificate_Extension* ext) :
237  m_obj(ext),
238  m_bits(m_obj->encode_inner()),
239  m_critical(critical)
240  {
241  }
242 
243  Extensions_Info(bool critical,
244  const std::vector<uint8_t>& encoding,
245  Certificate_Extension* ext) :
246  m_obj(ext),
247  m_bits(encoding),
248  m_critical(critical)
249  {
250  }
251 
252  bool is_critical() const { return m_critical; }
253  const std::vector<uint8_t>& bits() const { return m_bits; }
254  const Certificate_Extension& obj() const
255  {
256  BOTAN_ASSERT_NONNULL(m_obj.get());
257  return *m_obj.get();
258  }
259 
260  private:
261  std::shared_ptr<Certificate_Extension> m_obj;
262  std::vector<uint8_t> m_bits;
263  bool m_critical = false;
264  };
265 
266  std::vector<OID> m_extension_oids;
267  std::map<OID, Extensions_Info> m_extension_info;
268  };
269 
270 namespace Cert_Extension {
271 
272 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
273 
274 /**
275 * Basic Constraints Extension
276 */
278  {
279  public:
280  Basic_Constraints* copy() const override
281  { return new Basic_Constraints(m_is_ca, m_path_limit); }
282 
283  Basic_Constraints(bool ca = false, size_t limit = 0) :
284  m_is_ca(ca), m_path_limit(limit) {}
285 
286  bool get_is_ca() const { return m_is_ca; }
287  size_t get_path_limit() const;
288 
289  static OID static_oid() { return OID("2.5.29.19"); }
290  OID oid_of() const override { return static_oid(); }
291 
292  private:
293  std::string oid_name() const override
294  { return "X509v3.BasicConstraints"; }
295 
296  std::vector<uint8_t> encode_inner() const override;
297  void decode_inner(const std::vector<uint8_t>&) override;
298  void contents_to(Data_Store&, Data_Store&) const override;
299 
300  bool m_is_ca;
301  size_t m_path_limit;
302  };
303 
304 /**
305 * Key Usage Constraints Extension
306 */
308  {
309  public:
310  Key_Usage* copy() const override { return new Key_Usage(m_constraints); }
311 
312  explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {}
313 
314  Key_Constraints get_constraints() const { return m_constraints; }
315 
316  static OID static_oid() { return OID("2.5.29.15"); }
317  OID oid_of() const override { return static_oid(); }
318 
319  private:
320  std::string oid_name() const override { return "X509v3.KeyUsage"; }
321 
322  bool should_encode() const override
323  { return (m_constraints != NO_CONSTRAINTS); }
324  std::vector<uint8_t> encode_inner() const override;
325  void decode_inner(const std::vector<uint8_t>&) override;
326  void contents_to(Data_Store&, Data_Store&) const override;
327 
328  Key_Constraints m_constraints;
329  };
330 
331 /**
332 * Subject Key Identifier Extension
333 */
335  {
336  public:
337  Subject_Key_ID() = default;
338 
339  Subject_Key_ID(const std::vector<uint8_t>& public_key,
340  const std::string& hash_fn);
341 
342  Subject_Key_ID* copy() const override
343  { return new Subject_Key_ID(m_key_id); }
344 
345  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
346 
347  static OID static_oid() { return OID("2.5.29.14"); }
348  OID oid_of() const override { return static_oid(); }
349 
350  private:
351  explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
352 
353  std::string oid_name() const override
354  { return "X509v3.SubjectKeyIdentifier"; }
355 
356  bool should_encode() const override { return (m_key_id.size() > 0); }
357  std::vector<uint8_t> encode_inner() const override;
358  void decode_inner(const std::vector<uint8_t>&) override;
359  void contents_to(Data_Store&, Data_Store&) const override;
360 
361  std::vector<uint8_t> m_key_id;
362  };
363 
364 /**
365 * Authority Key Identifier Extension
366 */
368  {
369  public:
370  Authority_Key_ID* copy() const override
371  { return new Authority_Key_ID(m_key_id); }
372 
373  Authority_Key_ID() = default;
374  explicit Authority_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
375 
376  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
377 
378  static OID static_oid() { return OID("2.5.29.35"); }
379  OID oid_of() const override { return static_oid(); }
380 
381  private:
382  std::string oid_name() const override
383  { return "X509v3.AuthorityKeyIdentifier"; }
384 
385  bool should_encode() const override { return (m_key_id.size() > 0); }
386  std::vector<uint8_t> encode_inner() const override;
387  void decode_inner(const std::vector<uint8_t>&) override;
388  void contents_to(Data_Store&, Data_Store&) const override;
389 
390  std::vector<uint8_t> m_key_id;
391  };
392 
393 /**
394 * Subject Alternative Name Extension
395 */
397  {
398  public:
399  const AlternativeName& get_alt_name() const { return m_alt_name; }
400 
401  static OID static_oid() { return OID("2.5.29.17"); }
402  OID oid_of() const override { return static_oid(); }
403 
404  Subject_Alternative_Name* copy() const override
405  { return new Subject_Alternative_Name(get_alt_name()); }
406 
408  m_alt_name(name) {}
409 
410  private:
411  std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; }
412 
413  bool should_encode() const override { return m_alt_name.has_items(); }
414  std::vector<uint8_t> encode_inner() const override;
415  void decode_inner(const std::vector<uint8_t>&) override;
416  void contents_to(Data_Store&, Data_Store&) const override;
417 
418  AlternativeName m_alt_name;
419  };
420 
421 /**
422 * Issuer Alternative Name Extension
423 */
425  {
426  public:
427  const AlternativeName& get_alt_name() const { return m_alt_name; }
428 
429  static OID static_oid() { return OID("2.5.29.18"); }
430  OID oid_of() const override { return static_oid(); }
431 
432  Issuer_Alternative_Name* copy() const override
433  { return new Issuer_Alternative_Name(get_alt_name()); }
434 
436  m_alt_name(name) {}
437 
438  private:
439  std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; }
440 
441  bool should_encode() const override { return m_alt_name.has_items(); }
442  std::vector<uint8_t> encode_inner() const override;
443  void decode_inner(const std::vector<uint8_t>&) override;
444  void contents_to(Data_Store&, Data_Store&) const override;
445 
446  AlternativeName m_alt_name;
447  };
448 
449 /**
450 * Extended Key Usage Extension
451 */
453  {
454  public:
455  Extended_Key_Usage* copy() const override
456  { return new Extended_Key_Usage(m_oids); }
457 
458  Extended_Key_Usage() = default;
459  explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {}
460 
461  const std::vector<OID>& get_oids() const { return m_oids; }
462 
463  static OID static_oid() { return OID("2.5.29.37"); }
464  OID oid_of() const override { return static_oid(); }
465 
466  private:
467  std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; }
468 
469  bool should_encode() const override { return (m_oids.size() > 0); }
470  std::vector<uint8_t> encode_inner() const override;
471  void decode_inner(const std::vector<uint8_t>&) override;
472  void contents_to(Data_Store&, Data_Store&) const override;
473 
474  std::vector<OID> m_oids;
475  };
476 
477 /**
478 * Name Constraints
479 */
481  {
482  public:
483  Name_Constraints* copy() const override
484  { return new Name_Constraints(m_name_constraints); }
485 
486  Name_Constraints() = default;
487  Name_Constraints(const NameConstraints &nc) : m_name_constraints(nc) {}
488 
489  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
490  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
491  std::vector<std::set<Certificate_Status_Code>>& cert_status,
492  size_t pos) override;
493 
494  const NameConstraints& get_name_constraints() const { return m_name_constraints; }
495 
496  static OID static_oid() { return OID("2.5.29.30"); }
497  OID oid_of() const override { return static_oid(); }
498 
499  private:
500  std::string oid_name() const override
501  { return "X509v3.NameConstraints"; }
502 
503  bool should_encode() const override { return true; }
504  std::vector<uint8_t> encode_inner() const override;
505  void decode_inner(const std::vector<uint8_t>&) override;
506  void contents_to(Data_Store&, Data_Store&) const override;
507 
508  NameConstraints m_name_constraints;
509  };
510 
511 /**
512 * Certificate Policies Extension
513 */
515  {
516  public:
517  Certificate_Policies* copy() const override
518  { return new Certificate_Policies(m_oids); }
519 
520  Certificate_Policies() = default;
521  explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {}
522 
523  BOTAN_DEPRECATED("Use get_policy_oids")
524  std::vector<OID> get_oids() const { return m_oids; }
525 
526  const std::vector<OID>& get_policy_oids() const { return m_oids; }
527 
528  static OID static_oid() { return OID("2.5.29.32"); }
529  OID oid_of() const override { return static_oid(); }
530 
531  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
532  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
533  std::vector<std::set<Certificate_Status_Code>>& cert_status,
534  size_t pos) override;
535  private:
536  std::string oid_name() const override
537  { return "X509v3.CertificatePolicies"; }
538 
539  bool should_encode() const override { return (m_oids.size() > 0); }
540  std::vector<uint8_t> encode_inner() const override;
541  void decode_inner(const std::vector<uint8_t>&) override;
542  void contents_to(Data_Store&, Data_Store&) const override;
543 
544  std::vector<OID> m_oids;
545  };
546 
547 /**
548 * Authority Information Access Extension
549 */
551  {
552  public:
554  { return new Authority_Information_Access(m_ocsp_responder, m_ca_issuers); }
555 
556  Authority_Information_Access() = default;
557 
558  explicit Authority_Information_Access(const std::string& ocsp, const std::vector<std::string>& ca_issuers = std::vector<std::string>()) :
559  m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}
560 
561  std::string ocsp_responder() const { return m_ocsp_responder; }
562 
563  static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); }
564  OID oid_of() const override { return static_oid(); }
565  const std::vector<std::string> ca_issuers() const { return m_ca_issuers; }
566 
567  private:
568  std::string oid_name() const override
569  { return "PKIX.AuthorityInformationAccess"; }
570 
571  bool should_encode() const override { return (!m_ocsp_responder.empty()); }
572 
573  std::vector<uint8_t> encode_inner() const override;
574  void decode_inner(const std::vector<uint8_t>&) override;
575 
576  void contents_to(Data_Store&, Data_Store&) const override;
577 
578  std::string m_ocsp_responder;
579  std::vector<std::string> m_ca_issuers;
580  };
581 
582 /**
583 * CRL Number Extension
584 */
586  {
587  public:
588  CRL_Number* copy() const override;
589 
590  CRL_Number() : m_has_value(false), m_crl_number(0) {}
591  CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {}
592 
593  size_t get_crl_number() const;
594 
595  static OID static_oid() { return OID("2.5.29.20"); }
596  OID oid_of() const override { return static_oid(); }
597 
598  private:
599  std::string oid_name() const override { return "X509v3.CRLNumber"; }
600 
601  bool should_encode() const override { return m_has_value; }
602  std::vector<uint8_t> encode_inner() const override;
603  void decode_inner(const std::vector<uint8_t>&) override;
604  void contents_to(Data_Store&, Data_Store&) const override;
605 
606  bool m_has_value;
607  size_t m_crl_number;
608  };
609 
610 /**
611 * CRL Entry Reason Code Extension
612 */
614  {
615  public:
616  CRL_ReasonCode* copy() const override
617  { return new CRL_ReasonCode(m_reason); }
618 
619  explicit CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {}
620 
621  CRL_Code get_reason() const { return m_reason; }
622 
623  static OID static_oid() { return OID("2.5.29.21"); }
624  OID oid_of() const override { return static_oid(); }
625 
626  private:
627  std::string oid_name() const override { return "X509v3.ReasonCode"; }
628 
629  bool should_encode() const override { return (m_reason != UNSPECIFIED); }
630  std::vector<uint8_t> encode_inner() const override;
631  void decode_inner(const std::vector<uint8_t>&) override;
632  void contents_to(Data_Store&, Data_Store&) const override;
633 
634  CRL_Code m_reason;
635  };
636 
637 /**
638 * CRL Distribution Points Extension
639 * todo enforce restrictions from RFC 5280 4.2.1.13
640 */
642  {
643  public:
645  {
646  public:
647  void encode_into(class DER_Encoder&) const override;
648  void decode_from(class BER_Decoder&) override;
649 
650  const AlternativeName& point() const { return m_point; }
651  private:
652  AlternativeName m_point;
653  };
654 
655  CRL_Distribution_Points* copy() const override
656  { return new CRL_Distribution_Points(m_distribution_points); }
657 
658  CRL_Distribution_Points() = default;
659 
660  explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
661  m_distribution_points(points) {}
662 
663  const std::vector<Distribution_Point>& distribution_points() const
664  { return m_distribution_points; }
665 
666  const std::vector<std::string>& crl_distribution_urls() const
667  { return m_crl_distribution_urls; }
668 
669  static OID static_oid() { return OID("2.5.29.31"); }
670  OID oid_of() const override { return static_oid(); }
671 
672  private:
673  std::string oid_name() const override
674  { return "X509v3.CRLDistributionPoints"; }
675 
676  bool should_encode() const override
677  { return !m_distribution_points.empty(); }
678 
679  std::vector<uint8_t> encode_inner() const override;
680  void decode_inner(const std::vector<uint8_t>&) override;
681  void contents_to(Data_Store&, Data_Store&) const override;
682 
683  std::vector<Distribution_Point> m_distribution_points;
684  std::vector<std::string> m_crl_distribution_urls;
685  };
686 
687 /**
688 * CRL Issuing Distribution Point Extension
689 * todo enforce restrictions from RFC 5280 5.2.5
690 */
692  {
693  public:
694  CRL_Issuing_Distribution_Point() = default;
695 
697  m_distribution_point(distribution_point) {}
698 
700  { return new CRL_Issuing_Distribution_Point(m_distribution_point); }
701 
702  const AlternativeName& get_point() const
703  { return m_distribution_point.point(); }
704 
705  static OID static_oid() { return OID("2.5.29.28"); }
706  OID oid_of() const override { return static_oid(); }
707 
708  private:
709  std::string oid_name() const override
710  { return "X509v3.CRLIssuingDistributionPoint"; }
711 
712  bool should_encode() const override { return true; }
713  std::vector<uint8_t> encode_inner() const override;
714  void decode_inner(const std::vector<uint8_t>&) override;
715  void contents_to(Data_Store&, Data_Store&) const override;
716 
717  CRL_Distribution_Points::Distribution_Point m_distribution_point;
718  };
719 
720 /**
721 * An unknown X.509 extension
722 * Will add a failure to the path validation result, if critical
723 */
725  {
726  public:
727  Unknown_Extension(const OID& oid, bool critical) :
728  m_oid(oid), m_critical(critical) {}
729 
730  Unknown_Extension* copy() const override
731  { return new Unknown_Extension(m_oid, m_critical); }
732 
733  /**
734  * Return the OID of this unknown extension
735  */
736  OID oid_of() const override
737  { return m_oid; }
738 
739  //static_oid not defined for Unknown_Extension
740 
741  /**
742  * Return the extension contents
743  */
744  const std::vector<uint8_t>& extension_contents() const { return m_bytes; }
745 
746  /**
747  * Return if this extension was marked critical
748  */
749  bool is_critical_extension() const { return m_critical; }
750 
752  const std::vector<std::shared_ptr<const X509_Certificate>>&,
753  std::vector<std::set<Certificate_Status_Code>>& cert_status,
754  size_t pos) override
755  {
756  if(m_critical)
757  {
758  cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION);
759  }
760  }
761 
762  private:
763  std::string oid_name() const override { return ""; }
764 
765  bool should_encode() const override { return true; }
766  std::vector<uint8_t> encode_inner() const override;
767  void decode_inner(const std::vector<uint8_t>&) override;
768  void contents_to(Data_Store&, Data_Store&) const override;
769 
770  OID m_oid;
771  bool m_critical;
772  std::vector<uint8_t> m_bytes;
773  };
774 
775  }
776 
777 }
778 
779 #endif
const AlternativeName & get_point() const
Definition: x509_ext.h:702
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:399
CRL_Distribution_Points * copy() const override
Definition: x509_ext.h:655
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:345
Key_Constraints get_constraints() const
Definition: x509_ext.h:314
Authority_Information_Access(const std::string &ocsp, const std::vector< std::string > &ca_issuers=std::vector< std::string >())
Definition: x509_ext.h:558
Key_Usage * copy() const override
Definition: x509_ext.h:310
CRL_Code
Definition: crl_ent.h:22
const std::vector< OID > & get_policy_oids() const
Definition: x509_ext.h:526
const std::vector< uint8_t > & extension_contents() const
Definition: x509_ext.h:744
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:635
Issuer_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:435
CRL_Issuing_Distribution_Point * copy() const override
Definition: x509_ext.h:699
Unknown_Extension * copy() const override
Definition: x509_ext.h:730
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Definition: x509_ext.h:103
OID oid_of() const override
Definition: x509_ext.h:596
Subject_Alternative_Name * copy() const override
Definition: x509_ext.h:404
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:376
Authority_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:374
const std::vector< std::string > & crl_distribution_urls() const
Definition: x509_ext.h:666
Certificate_Policies(const std::vector< OID > &o)
Definition: x509_ext.h:521
const std::vector< OID > & get_extension_oids() const
Definition: x509_ext.h:124
Basic_Constraints(bool ca=false, size_t limit=0)
Definition: x509_ext.h:283
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:81
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:427
std::unique_ptr< T > get_raw(const OID &oid) const
Definition: x509_ext.h:184
CRL_ReasonCode * copy() const override
Definition: x509_ext.h:616
Name_Constraints * copy() const override
Definition: x509_ext.h:483
CRL_Distribution_Points(const std::vector< Distribution_Point > &points)
Definition: x509_ext.h:660
Basic_Constraints * copy() const override
Definition: x509_ext.h:280
Definition: alg_id.cpp:13
const std::vector< Distribution_Point > & distribution_points() const
Definition: x509_ext.h:663
Extended_Key_Usage(const std::vector< OID > &o)
Definition: x509_ext.h:459
Name_Constraints(const NameConstraints &nc)
Definition: x509_ext.h:487
OID oid_of() const override
Definition: x509_ext.h:317
Key_Usage(Key_Constraints c=NO_CONSTRAINTS)
Definition: x509_ext.h:312
fe T
Definition: ge.cpp:37
CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point &distribution_point)
Definition: x509_ext.h:696
void validate(const X509_Certificate &, const X509_Certificate &, const std::vector< std::shared_ptr< const X509_Certificate >> &, std::vector< std::set< Certificate_Status_Code >> &cert_status, size_t pos) override
Definition: x509_ext.h:751
Issuer_Alternative_Name * copy() const override
Definition: x509_ext.h:432
CRL_ReasonCode(CRL_Code r=UNSPECIFIED)
Definition: x509_ext.h:619
Extended_Key_Usage * copy() const override
Definition: x509_ext.h:455
Authority_Information_Access * copy() const override
Definition: x509_ext.h:553
Unknown_Extension(const OID &oid, bool critical)
Definition: x509_ext.h:727
const std::vector< OID > & get_oids() const
Definition: x509_ext.h:461
Authority_Key_ID * copy() const override
Definition: x509_ext.h:370
Subject_Key_ID * copy() const override
Definition: x509_ext.h:342
Subject_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:407
virtual bool should_encode() const
Definition: x509_ext.h:82
const std::vector< std::string > ca_issuers() const
Definition: x509_ext.h:565
const NameConstraints & get_name_constraints() const
Definition: x509_ext.h:494
Certificate_Policies * copy() const override
Definition: x509_ext.h:517
Name Constraints.