Botan  2.13.0
Crypto and TLS for C++11
x509_ext.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Extensions
3 * (C) 1999-2007,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_EXTENSIONS_H_
9 #define BOTAN_X509_EXTENSIONS_H_
10 
11 #include <botan/asn1_obj.h>
12 #include <botan/asn1_oid.h>
13 #include <botan/asn1_alt_name.h>
14 #include <botan/cert_status.h>
15 #include <botan/name_constraint.h>
16 #include <botan/key_constraint.h>
17 #include <botan/crl_ent.h>
18 #include <set>
19 
20 namespace Botan {
21 
22 class Data_Store;
23 class X509_Certificate;
24 
25 /**
26 * X.509 Certificate Extension
27 */
29  {
30  public:
31  /**
32  * @return OID representing this extension
33  */
34  virtual OID oid_of() const = 0;
35 
36  /*
37  * @return specific OID name
38  * If possible OIDS table should match oid_name to OIDS, ie
39  * OID::from_string(ext->oid_name()) == ext->oid_of()
40  * Should return empty string if OID is not known
41  */
42  virtual std::string oid_name() const = 0;
43 
44  /**
45  * Make a copy of this extension
46  * @return copy of this
47  */
48  virtual Certificate_Extension* copy() const = 0;
49 
50  /*
51  * Add the contents of this extension into the information
52  * for the subject and/or issuer, as necessary.
53  * @param subject the subject info
54  * @param issuer the issuer info
55  */
56  virtual void contents_to(Data_Store& subject,
57  Data_Store& issuer) const = 0;
58 
59  /*
60  * Callback visited during path validation.
61  *
62  * An extension can implement this callback to inspect
63  * the path during path validation.
64  *
65  * If an error occurs during validation of this extension,
66  * an appropriate status code shall be added to cert_status.
67  *
68  * @param subject Subject certificate that contains this extension
69  * @param issuer Issuer certificate
70  * @param status Certificate validation status codes for subject certificate
71  * @param cert_path Certificate path which is currently validated
72  * @param pos Position of subject certificate in cert_path
73  */
74  virtual void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
75  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
76  std::vector<std::set<Certificate_Status_Code>>& cert_status,
77  size_t pos);
78 
79  virtual ~Certificate_Extension() = default;
80  protected:
81  friend class Extensions;
82  virtual bool should_encode() const { return true; }
83  virtual std::vector<uint8_t> encode_inner() const = 0;
84  virtual void decode_inner(const std::vector<uint8_t>&) = 0;
85  };
86 
87 /**
88 * X.509 Certificate Extension List
89 */
91  {
92  public:
93  /**
94  * Look up an object in the extensions, based on OID Returns
95  * nullptr if not set, if the extension was either absent or not
96  * handled. The pointer returned is owned by the Extensions
97  * object.
98  * This would be better with an optional<T> return value
99  */
100  const Certificate_Extension* get_extension_object(const OID& oid) const;
101 
102  template<typename T>
103  const T* get_extension_object_as(const OID& oid = T::static_oid()) const
104  {
105  if(const Certificate_Extension* extn = get_extension_object(oid))
106  {
107  // Unknown_Extension oid_name is empty
108  if(extn->oid_name().empty())
109  {
110  return nullptr;
111  }
112  else if(const T* extn_as_T = dynamic_cast<const T*>(extn))
113  {
114  return extn_as_T;
115  }
116  else
117  {
118  throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed");
119  }
120  }
121 
122  return nullptr;
123  }
124 
125  /**
126  * Return the set of extensions in the order they appeared in the certificate
127  * (or as they were added, if constructed)
128  */
129  const std::vector<OID>& get_extension_oids() const
130  {
131  return m_extension_oids;
132  }
133 
134  /**
135  * Return true if an extension was set
136  */
137  bool extension_set(const OID& oid) const;
138 
139  /**
140  * Return true if an extesion was set and marked critical
141  */
142  bool critical_extension_set(const OID& oid) const;
143 
144  /**
145  * Return the raw bytes of the extension
146  * Will throw if OID was not set as an extension.
147  */
148  std::vector<uint8_t> get_extension_bits(const OID& oid) const;
149 
150  void encode_into(class DER_Encoder&) const override;
151  void decode_from(class BER_Decoder&) override;
152  void contents_to(Data_Store&, Data_Store&) const;
153 
154  /**
155  * Adds a new extension to the list.
156  * @param extn pointer to the certificate extension (Extensions takes ownership)
157  * @param critical whether this extension should be marked as critical
158  * @throw Invalid_Argument if the extension is already present in the list
159  */
160  void add(Certificate_Extension* extn, bool critical = false);
161 
162  /**
163  * Adds a new extension to the list unless it already exists. If the extension
164  * already exists within the Extensions object, the extn pointer will be deleted.
165  *
166  * @param extn pointer to the certificate extension (Extensions takes ownership)
167  * @param critical whether this extension should be marked as critical
168  * @return true if the object was added false if the extension was already used
169  */
170  bool add_new(Certificate_Extension* extn, bool critical = false);
171 
172  /**
173  * Adds an extension to the list or replaces it.
174  * @param extn the certificate extension
175  * @param critical whether this extension should be marked as critical
176  */
177  void replace(Certificate_Extension* extn, bool critical = false);
178 
179  /**
180  * Remove an extension from the list. Returns true if the
181  * extension had been set, false otherwise.
182  */
183  bool remove(const OID& oid);
184 
185  /**
186  * Searches for an extension by OID and returns the result.
187  * Only the known extensions types declared in this header
188  * are searched for by this function.
189  * @return Copy of extension with oid, nullptr if not found.
190  * Can avoid creating a copy by using get_extension_object function
191  */
192  std::unique_ptr<Certificate_Extension> get(const OID& oid) const;
193 
194  /**
195  * Searches for an extension by OID and returns the result decoding
196  * it to some arbitrary extension type chosen by the application.
197  *
198  * Only the unknown extensions, that is, extensions types that
199  * are not declared in this header, are searched for by this
200  * function.
201  *
202  * @return Pointer to new extension with oid, nullptr if not found.
203  */
204  template<typename T>
205  std::unique_ptr<T> get_raw(const OID& oid) const
206  {
207  auto extn_info = m_extension_info.find(oid);
208 
209  if(extn_info != m_extension_info.end())
210  {
211  // Unknown_Extension oid_name is empty
212  if(extn_info->second.obj().oid_name() == "")
213  {
214  std::unique_ptr<T> ext(new T);
215  ext->decode_inner(extn_info->second.bits());
216  return ext;
217  }
218  }
219  return nullptr;
220  }
221 
222  /**
223  * Returns a copy of the list of extensions together with the corresponding
224  * criticality flag. All extensions are encoded as some object, falling back
225  * to Unknown_Extension class which simply allows reading the bytes as well
226  * as the criticality flag.
227  */
228  std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> extensions() const;
229 
230  /**
231  * Returns the list of extensions as raw, encoded bytes
232  * together with the corresponding criticality flag.
233  * Contains all extensions, including any extensions encoded as Unknown_Extension
234  */
235  std::map<OID, std::pair<std::vector<uint8_t>, bool>> extensions_raw() const;
236 
238 
239  Extensions(const Extensions&) = default;
240  Extensions& operator=(const Extensions&) = default;
241 
242  Extensions(Extensions&&) = default;
243  Extensions& operator=(Extensions&&) = default;
244 
245  private:
246  static std::unique_ptr<Certificate_Extension>
247  create_extn_obj(const OID& oid,
248  bool critical,
249  const std::vector<uint8_t>& body);
250 
251  class Extensions_Info
252  {
253  public:
254  Extensions_Info(bool critical,
255  Certificate_Extension* ext) :
256  m_obj(ext),
257  m_bits(m_obj->encode_inner()),
258  m_critical(critical)
259  {
260  }
261 
262  Extensions_Info(bool critical,
263  const std::vector<uint8_t>& encoding,
264  Certificate_Extension* ext) :
265  m_obj(ext),
266  m_bits(encoding),
267  m_critical(critical)
268  {
269  }
270 
271  bool is_critical() const { return m_critical; }
272  const std::vector<uint8_t>& bits() const { return m_bits; }
273  const Certificate_Extension& obj() const
274  {
275  BOTAN_ASSERT_NONNULL(m_obj.get());
276  return *m_obj.get();
277  }
278 
279  private:
280  std::shared_ptr<Certificate_Extension> m_obj;
281  std::vector<uint8_t> m_bits;
282  bool m_critical = false;
283  };
284 
285  std::vector<OID> m_extension_oids;
286  std::map<OID, Extensions_Info> m_extension_info;
287  };
288 
289 namespace Cert_Extension {
290 
291 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
292 
293 /**
294 * Basic Constraints Extension
295 */
297  {
298  public:
299  Basic_Constraints* copy() const override
300  { return new Basic_Constraints(m_is_ca, m_path_limit); }
301 
302  Basic_Constraints(bool ca = false, size_t limit = 0) :
303  m_is_ca(ca), m_path_limit(limit) {}
304 
305  bool get_is_ca() const { return m_is_ca; }
306  size_t get_path_limit() const;
307 
308  static OID static_oid() { return OID("2.5.29.19"); }
309  OID oid_of() const override { return static_oid(); }
310 
311  private:
312  std::string oid_name() const override
313  { return "X509v3.BasicConstraints"; }
314 
315  std::vector<uint8_t> encode_inner() const override;
316  void decode_inner(const std::vector<uint8_t>&) override;
317  void contents_to(Data_Store&, Data_Store&) const override;
318 
319  bool m_is_ca;
320  size_t m_path_limit;
321  };
322 
323 /**
324 * Key Usage Constraints Extension
325 */
327  {
328  public:
329  Key_Usage* copy() const override { return new Key_Usage(m_constraints); }
330 
331  explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {}
332 
333  Key_Constraints get_constraints() const { return m_constraints; }
334 
335  static OID static_oid() { return OID("2.5.29.15"); }
336  OID oid_of() const override { return static_oid(); }
337 
338  private:
339  std::string oid_name() const override { return "X509v3.KeyUsage"; }
340 
341  bool should_encode() const override
342  { return (m_constraints != NO_CONSTRAINTS); }
343  std::vector<uint8_t> encode_inner() const override;
344  void decode_inner(const std::vector<uint8_t>&) override;
345  void contents_to(Data_Store&, Data_Store&) const override;
346 
347  Key_Constraints m_constraints;
348  };
349 
350 /**
351 * Subject Key Identifier Extension
352 */
354  {
355  public:
356  Subject_Key_ID() = default;
357 
358  explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
359 
360  Subject_Key_ID(const std::vector<uint8_t>& public_key,
361  const std::string& hash_fn);
362 
363  Subject_Key_ID* copy() const override
364  { return new Subject_Key_ID(m_key_id); }
365 
366  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
367 
368  static OID static_oid() { return OID("2.5.29.14"); }
369  OID oid_of() const override { return static_oid(); }
370 
371  private:
372 
373  std::string oid_name() const override
374  { return "X509v3.SubjectKeyIdentifier"; }
375 
376  bool should_encode() const override { return (m_key_id.size() > 0); }
377  std::vector<uint8_t> encode_inner() const override;
378  void decode_inner(const std::vector<uint8_t>&) override;
379  void contents_to(Data_Store&, Data_Store&) const override;
380 
381  std::vector<uint8_t> m_key_id;
382  };
383 
384 /**
385 * Authority Key Identifier Extension
386 */
388  {
389  public:
390  Authority_Key_ID* copy() const override
391  { return new Authority_Key_ID(m_key_id); }
392 
393  Authority_Key_ID() = default;
394  explicit Authority_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
395 
396  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
397 
398  static OID static_oid() { return OID("2.5.29.35"); }
399  OID oid_of() const override { return static_oid(); }
400 
401  private:
402  std::string oid_name() const override
403  { return "X509v3.AuthorityKeyIdentifier"; }
404 
405  bool should_encode() const override { return (m_key_id.size() > 0); }
406  std::vector<uint8_t> encode_inner() const override;
407  void decode_inner(const std::vector<uint8_t>&) override;
408  void contents_to(Data_Store&, Data_Store&) const override;
409 
410  std::vector<uint8_t> m_key_id;
411  };
412 
413 /**
414 * Subject Alternative Name Extension
415 */
417  {
418  public:
419  const AlternativeName& get_alt_name() const { return m_alt_name; }
420 
421  static OID static_oid() { return OID("2.5.29.17"); }
422  OID oid_of() const override { return static_oid(); }
423 
424  Subject_Alternative_Name* copy() const override
425  { return new Subject_Alternative_Name(get_alt_name()); }
426 
428  m_alt_name(name) {}
429 
430  private:
431  std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; }
432 
433  bool should_encode() const override { return m_alt_name.has_items(); }
434  std::vector<uint8_t> encode_inner() const override;
435  void decode_inner(const std::vector<uint8_t>&) override;
436  void contents_to(Data_Store&, Data_Store&) const override;
437 
438  AlternativeName m_alt_name;
439  };
440 
441 /**
442 * Issuer Alternative Name Extension
443 */
445  {
446  public:
447  const AlternativeName& get_alt_name() const { return m_alt_name; }
448 
449  static OID static_oid() { return OID("2.5.29.18"); }
450  OID oid_of() const override { return static_oid(); }
451 
452  Issuer_Alternative_Name* copy() const override
453  { return new Issuer_Alternative_Name(get_alt_name()); }
454 
456  m_alt_name(name) {}
457 
458  private:
459  std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; }
460 
461  bool should_encode() const override { return m_alt_name.has_items(); }
462  std::vector<uint8_t> encode_inner() const override;
463  void decode_inner(const std::vector<uint8_t>&) override;
464  void contents_to(Data_Store&, Data_Store&) const override;
465 
466  AlternativeName m_alt_name;
467  };
468 
469 /**
470 * Extended Key Usage Extension
471 */
473  {
474  public:
475  Extended_Key_Usage* copy() const override
476  { return new Extended_Key_Usage(m_oids); }
477 
478  Extended_Key_Usage() = default;
479  explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {}
480 
481  const std::vector<OID>& get_oids() const { return m_oids; }
482 
483  static OID static_oid() { return OID("2.5.29.37"); }
484  OID oid_of() const override { return static_oid(); }
485 
486  private:
487  std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; }
488 
489  bool should_encode() const override { return (m_oids.size() > 0); }
490  std::vector<uint8_t> encode_inner() const override;
491  void decode_inner(const std::vector<uint8_t>&) override;
492  void contents_to(Data_Store&, Data_Store&) const override;
493 
494  std::vector<OID> m_oids;
495  };
496 
497 /**
498 * Name Constraints
499 */
501  {
502  public:
503  Name_Constraints* copy() const override
504  { return new Name_Constraints(m_name_constraints); }
505 
506  Name_Constraints() = default;
507  Name_Constraints(const NameConstraints &nc) : m_name_constraints(nc) {}
508 
509  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
510  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
511  std::vector<std::set<Certificate_Status_Code>>& cert_status,
512  size_t pos) override;
513 
514  const NameConstraints& get_name_constraints() const { return m_name_constraints; }
515 
516  static OID static_oid() { return OID("2.5.29.30"); }
517  OID oid_of() const override { return static_oid(); }
518 
519  private:
520  std::string oid_name() const override
521  { return "X509v3.NameConstraints"; }
522 
523  bool should_encode() const override { return true; }
524  std::vector<uint8_t> encode_inner() const override;
525  void decode_inner(const std::vector<uint8_t>&) override;
526  void contents_to(Data_Store&, Data_Store&) const override;
527 
528  NameConstraints m_name_constraints;
529  };
530 
531 /**
532 * Certificate Policies Extension
533 */
535  {
536  public:
537  Certificate_Policies* copy() const override
538  { return new Certificate_Policies(m_oids); }
539 
540  Certificate_Policies() = default;
541  explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {}
542 
543  BOTAN_DEPRECATED("Use get_policy_oids")
544  std::vector<OID> get_oids() const { return m_oids; }
545 
546  const std::vector<OID>& get_policy_oids() const { return m_oids; }
547 
548  static OID static_oid() { return OID("2.5.29.32"); }
549  OID oid_of() const override { return static_oid(); }
550 
551  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
552  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
553  std::vector<std::set<Certificate_Status_Code>>& cert_status,
554  size_t pos) override;
555  private:
556  std::string oid_name() const override
557  { return "X509v3.CertificatePolicies"; }
558 
559  bool should_encode() const override { return (m_oids.size() > 0); }
560  std::vector<uint8_t> encode_inner() const override;
561  void decode_inner(const std::vector<uint8_t>&) override;
562  void contents_to(Data_Store&, Data_Store&) const override;
563 
564  std::vector<OID> m_oids;
565  };
566 
567 /**
568 * Authority Information Access Extension
569 */
571  {
572  public:
574  { return new Authority_Information_Access(m_ocsp_responder, m_ca_issuers); }
575 
576  Authority_Information_Access() = default;
577 
578  explicit Authority_Information_Access(const std::string& ocsp, const std::vector<std::string>& ca_issuers = std::vector<std::string>()) :
579  m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}
580 
581  std::string ocsp_responder() const { return m_ocsp_responder; }
582 
583  static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); }
584  OID oid_of() const override { return static_oid(); }
585  const std::vector<std::string> ca_issuers() const { return m_ca_issuers; }
586 
587  private:
588  std::string oid_name() const override
589  { return "PKIX.AuthorityInformationAccess"; }
590 
591  bool should_encode() const override { return (!m_ocsp_responder.empty()); }
592 
593  std::vector<uint8_t> encode_inner() const override;
594  void decode_inner(const std::vector<uint8_t>&) override;
595 
596  void contents_to(Data_Store&, Data_Store&) const override;
597 
598  std::string m_ocsp_responder;
599  std::vector<std::string> m_ca_issuers;
600  };
601 
602 /**
603 * CRL Number Extension
604 */
606  {
607  public:
608  CRL_Number* copy() const override;
609 
610  CRL_Number() : m_has_value(false), m_crl_number(0) {}
611  CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {}
612 
613  size_t get_crl_number() const;
614 
615  static OID static_oid() { return OID("2.5.29.20"); }
616  OID oid_of() const override { return static_oid(); }
617 
618  private:
619  std::string oid_name() const override { return "X509v3.CRLNumber"; }
620 
621  bool should_encode() const override { return m_has_value; }
622  std::vector<uint8_t> encode_inner() const override;
623  void decode_inner(const std::vector<uint8_t>&) override;
624  void contents_to(Data_Store&, Data_Store&) const override;
625 
626  bool m_has_value;
627  size_t m_crl_number;
628  };
629 
630 /**
631 * CRL Entry Reason Code Extension
632 */
634  {
635  public:
636  CRL_ReasonCode* copy() const override
637  { return new CRL_ReasonCode(m_reason); }
638 
639  explicit CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {}
640 
641  CRL_Code get_reason() const { return m_reason; }
642 
643  static OID static_oid() { return OID("2.5.29.21"); }
644  OID oid_of() const override { return static_oid(); }
645 
646  private:
647  std::string oid_name() const override { return "X509v3.ReasonCode"; }
648 
649  bool should_encode() const override { return (m_reason != UNSPECIFIED); }
650  std::vector<uint8_t> encode_inner() const override;
651  void decode_inner(const std::vector<uint8_t>&) override;
652  void contents_to(Data_Store&, Data_Store&) const override;
653 
654  CRL_Code m_reason;
655  };
656 
657 /**
658 * CRL Distribution Points Extension
659 * todo enforce restrictions from RFC 5280 4.2.1.13
660 */
662  {
663  public:
665  {
666  public:
667  void encode_into(class DER_Encoder&) const override;
668  void decode_from(class BER_Decoder&) override;
669 
670  const AlternativeName& point() const { return m_point; }
671  private:
672  AlternativeName m_point;
673  };
674 
675  CRL_Distribution_Points* copy() const override
676  { return new CRL_Distribution_Points(m_distribution_points); }
677 
678  CRL_Distribution_Points() = default;
679 
680  explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
681  m_distribution_points(points) {}
682 
683  const std::vector<Distribution_Point>& distribution_points() const
684  { return m_distribution_points; }
685 
686  const std::vector<std::string>& crl_distribution_urls() const
687  { return m_crl_distribution_urls; }
688 
689  static OID static_oid() { return OID("2.5.29.31"); }
690  OID oid_of() const override { return static_oid(); }
691 
692  private:
693  std::string oid_name() const override
694  { return "X509v3.CRLDistributionPoints"; }
695 
696  bool should_encode() const override
697  { return !m_distribution_points.empty(); }
698 
699  std::vector<uint8_t> encode_inner() const override;
700  void decode_inner(const std::vector<uint8_t>&) override;
701  void contents_to(Data_Store&, Data_Store&) const override;
702 
703  std::vector<Distribution_Point> m_distribution_points;
704  std::vector<std::string> m_crl_distribution_urls;
705  };
706 
707 /**
708 * CRL Issuing Distribution Point Extension
709 * todo enforce restrictions from RFC 5280 5.2.5
710 */
712  {
713  public:
714  CRL_Issuing_Distribution_Point() = default;
715 
717  m_distribution_point(distribution_point) {}
718 
720  { return new CRL_Issuing_Distribution_Point(m_distribution_point); }
721 
722  const AlternativeName& get_point() const
723  { return m_distribution_point.point(); }
724 
725  static OID static_oid() { return OID("2.5.29.28"); }
726  OID oid_of() const override { return static_oid(); }
727 
728  private:
729  std::string oid_name() const override
730  { return "X509v3.CRLIssuingDistributionPoint"; }
731 
732  bool should_encode() const override { return true; }
733  std::vector<uint8_t> encode_inner() const override;
734  void decode_inner(const std::vector<uint8_t>&) override;
735  void contents_to(Data_Store&, Data_Store&) const override;
736 
737  CRL_Distribution_Points::Distribution_Point m_distribution_point;
738  };
739 
740 /**
741 * An unknown X.509 extension
742 * Will add a failure to the path validation result, if critical
743 */
745  {
746  public:
747  Unknown_Extension(const OID& oid, bool critical) :
748  m_oid(oid), m_critical(critical) {}
749 
750  Unknown_Extension* copy() const override
751  { return new Unknown_Extension(m_oid, m_critical); }
752 
753  /**
754  * Return the OID of this unknown extension
755  */
756  OID oid_of() const override
757  { return m_oid; }
758 
759  //static_oid not defined for Unknown_Extension
760 
761  /**
762  * Return the extension contents
763  */
764  const std::vector<uint8_t>& extension_contents() const { return m_bytes; }
765 
766  /**
767  * Return if this extension was marked critical
768  */
769  bool is_critical_extension() const { return m_critical; }
770 
772  const std::vector<std::shared_ptr<const X509_Certificate>>&,
773  std::vector<std::set<Certificate_Status_Code>>& cert_status,
774  size_t pos) override
775  {
776  if(m_critical)
777  {
778  cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION);
779  }
780  }
781 
782  private:
783  std::string oid_name() const override { return ""; }
784 
785  bool should_encode() const override { return true; }
786  std::vector<uint8_t> encode_inner() const override;
787  void decode_inner(const std::vector<uint8_t>&) override;
788  void contents_to(Data_Store&, Data_Store&) const override;
789 
790  OID m_oid;
791  bool m_critical;
792  std::vector<uint8_t> m_bytes;
793  };
794 
795  }
796 
797 }
798 
799 #endif
const AlternativeName & get_point() const
Definition: x509_ext.h:722
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:419
CRL_Distribution_Points * copy() const override
Definition: x509_ext.h:675
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:366
Key_Constraints get_constraints() const
Definition: x509_ext.h:333
Authority_Information_Access(const std::string &ocsp, const std::vector< std::string > &ca_issuers=std::vector< std::string >())
Definition: x509_ext.h:578
Key_Usage * copy() const override
Definition: x509_ext.h:329
CRL_Code
Definition: crl_ent.h:23
const std::vector< OID > & get_policy_oids() const
Definition: x509_ext.h:546
const std::vector< uint8_t > & extension_contents() const
Definition: x509_ext.h:764
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: bigint.h:1135
Issuer_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:455
CRL_Issuing_Distribution_Point * copy() const override
Definition: x509_ext.h:719
Unknown_Extension * copy() const override
Definition: x509_ext.h:750
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Definition: x509_ext.h:103
OID oid_of() const override
Definition: x509_ext.h:616
Subject_Alternative_Name * copy() const override
Definition: x509_ext.h:424
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:396
Authority_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:394
const std::vector< std::string > & crl_distribution_urls() const
Definition: x509_ext.h:686
std::string name
Certificate_Policies(const std::vector< OID > &o)
Definition: x509_ext.h:541
const std::vector< OID > & get_extension_oids() const
Definition: x509_ext.h:129
Basic_Constraints(bool ca=false, size_t limit=0)
Definition: x509_ext.h:302
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:447
std::unique_ptr< T > get_raw(const OID &oid) const
Definition: x509_ext.h:205
CRL_ReasonCode * copy() const override
Definition: x509_ext.h:636
Name_Constraints * copy() const override
Definition: x509_ext.h:503
CRL_Distribution_Points(const std::vector< Distribution_Point > &points)
Definition: x509_ext.h:680
Basic_Constraints * copy() const override
Definition: x509_ext.h:299
Definition: alg_id.cpp:13
const std::vector< Distribution_Point > & distribution_points() const
Definition: x509_ext.h:683
Extended_Key_Usage(const std::vector< OID > &o)
Definition: x509_ext.h:479
Name_Constraints(const NameConstraints &nc)
Definition: x509_ext.h:507
Subject_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:358
OID oid_of() const override
Definition: x509_ext.h:336
Key_Usage(Key_Constraints c=NO_CONSTRAINTS)
Definition: x509_ext.h:331
fe T
Definition: ge.cpp:37
CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point &distribution_point)
Definition: x509_ext.h:716
void validate(const X509_Certificate &, const X509_Certificate &, const std::vector< std::shared_ptr< const X509_Certificate >> &, std::vector< std::set< Certificate_Status_Code >> &cert_status, size_t pos) override
Definition: x509_ext.h:771
Issuer_Alternative_Name * copy() const override
Definition: x509_ext.h:452
CRL_ReasonCode(CRL_Code r=UNSPECIFIED)
Definition: x509_ext.h:639
Extended_Key_Usage * copy() const override
Definition: x509_ext.h:475
Authority_Information_Access * copy() const override
Definition: x509_ext.h:573
Unknown_Extension(const OID &oid, bool critical)
Definition: x509_ext.h:747
const std::vector< OID > & get_oids() const
Definition: x509_ext.h:481
Authority_Key_ID * copy() const override
Definition: x509_ext.h:390
Subject_Key_ID * copy() const override
Definition: x509_ext.h:363
Subject_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:427
virtual bool should_encode() const
Definition: x509_ext.h:82
const std::vector< std::string > ca_issuers() const
Definition: x509_ext.h:585
const NameConstraints & get_name_constraints() const
Definition: x509_ext.h:514
Certificate_Policies * copy() const override
Definition: x509_ext.h:537
Name Constraints.