Botan  2.10.0
Crypto and TLS for C++11
x509_ext.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Extensions
3 * (C) 1999-2007,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_EXTENSIONS_H_
9 #define BOTAN_X509_EXTENSIONS_H_
10 
11 #include <botan/asn1_obj.h>
12 #include <botan/asn1_oid.h>
13 #include <botan/asn1_alt_name.h>
14 #include <botan/cert_status.h>
15 #include <botan/name_constraint.h>
16 #include <botan/key_constraint.h>
17 #include <botan/crl_ent.h>
18 #include <set>
19 
20 namespace Botan {
21 
22 class Data_Store;
23 class X509_Certificate;
24 
25 /**
26 * X.509 Certificate Extension
27 */
29  {
30  public:
31  /**
32  * @return OID representing this extension
33  */
34  virtual OID oid_of() const = 0;
35 
36  /*
37  * @return specific OID name
38  * If possible OIDS table should match oid_name to OIDS, ie
39  * OIDS::lookup(ext->oid_name()) == ext->oid_of()
40  * Should return empty string if OID is not known
41  */
42  virtual std::string oid_name() const = 0;
43 
44  /**
45  * Make a copy of this extension
46  * @return copy of this
47  */
48  virtual Certificate_Extension* copy() const = 0;
49 
50  /*
51  * Add the contents of this extension into the information
52  * for the subject and/or issuer, as necessary.
53  * @param subject the subject info
54  * @param issuer the issuer info
55  */
56  virtual void contents_to(Data_Store& subject,
57  Data_Store& issuer) const = 0;
58 
59  /*
60  * Callback visited during path validation.
61  *
62  * An extension can implement this callback to inspect
63  * the path during path validation.
64  *
65  * If an error occurs during validation of this extension,
66  * an appropriate status code shall be added to cert_status.
67  *
68  * @param subject Subject certificate that contains this extension
69  * @param issuer Issuer certificate
70  * @param status Certificate validation status codes for subject certificate
71  * @param cert_path Certificate path which is currently validated
72  * @param pos Position of subject certificate in cert_path
73  */
74  virtual void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
75  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
76  std::vector<std::set<Certificate_Status_Code>>& cert_status,
77  size_t pos);
78 
79  virtual ~Certificate_Extension() = default;
80  protected:
81  friend class Extensions;
82  virtual bool should_encode() const { return true; }
83  virtual std::vector<uint8_t> encode_inner() const = 0;
84  virtual void decode_inner(const std::vector<uint8_t>&) = 0;
85  };
86 
87 /**
88 * X.509 Certificate Extension List
89 */
91  {
92  public:
93  /**
94  * Look up an object in the extensions, based on OID Returns
95  * nullptr if not set, if the extension was either absent or not
96  * handled. The pointer returned is owned by the Extensions
97  * object.
98  * This would be better with an optional<T> return value
99  */
100  const Certificate_Extension* get_extension_object(const OID& oid) const;
101 
102  template<typename T>
103  const T* get_extension_object_as(const OID& oid = T::static_oid()) const
104  {
105  if(const Certificate_Extension* extn = get_extension_object(oid))
106  {
107  // Unknown_Extension oid_name is empty
108  if(extn->oid_name().empty())
109  {
110  return nullptr;
111  }
112  else if(const T* extn_as_T = dynamic_cast<const T*>(extn))
113  {
114  return extn_as_T;
115  }
116  else
117  {
118  throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed");
119  }
120  }
121 
122  return nullptr;
123  }
124 
125  /**
126  * Return the set of extensions in the order they appeared in the certificate
127  * (or as they were added, if constructed)
128  */
129  const std::vector<OID>& get_extension_oids() const
130  {
131  return m_extension_oids;
132  }
133 
134  /**
135  * Return true if an extension was set
136  */
137  bool extension_set(const OID& oid) const;
138 
139  /**
140  * Return true if an extesion was set and marked critical
141  */
142  bool critical_extension_set(const OID& oid) const;
143 
144  /**
145  * Return the raw bytes of the extension
146  * Will throw if OID was not set as an extension.
147  */
148  std::vector<uint8_t> get_extension_bits(const OID& oid) const;
149 
150  void encode_into(class DER_Encoder&) const override;
151  void decode_from(class BER_Decoder&) override;
152  void contents_to(Data_Store&, Data_Store&) const;
153 
154  /**
155  * Adds a new extension to the list.
156  * @param extn pointer to the certificate extension (Extensions takes ownership)
157  * @param critical whether this extension should be marked as critical
158  * @throw Invalid_Argument if the extension is already present in the list
159  */
160  void add(Certificate_Extension* extn, bool critical = false);
161 
162  /**
163  * Adds a new extension to the list unless it already exists. If the extension
164  * already exists within the Extensions object, the extn pointer will be deleted.
165  *
166  * @param extn pointer to the certificate extension (Extensions takes ownership)
167  * @param critical whether this extension should be marked as critical
168  * @return true if the object was added false if the extension was already used
169  */
170  bool add_new(Certificate_Extension* extn, bool critical = false);
171 
172  /**
173  * Adds an extension to the list or replaces it.
174  * @param extn the certificate extension
175  * @param critical whether this extension should be marked as critical
176  */
177  void replace(Certificate_Extension* extn, bool critical = false);
178 
179  /**
180  * Searches for an extension by OID and returns the result.
181  * Only the known extensions types declared in this header
182  * are searched for by this function.
183  * @return Copy of extension with oid, nullptr if not found.
184  * Can avoid creating a copy by using get_extension_object function
185  */
186  std::unique_ptr<Certificate_Extension> get(const OID& oid) const;
187 
188  /**
189  * Searches for an extension by OID and returns the result decoding
190  * it to some arbitrary extension type chosen by the application.
191  *
192  * Only the unknown extensions, that is, extensions types that
193  * are not declared in this header, are searched for by this
194  * function.
195  *
196  * @return Pointer to new extension with oid, nullptr if not found.
197  */
198  template<typename T>
199  std::unique_ptr<T> get_raw(const OID& oid) const
200  {
201  auto extn_info = m_extension_info.find(oid);
202 
203  if(extn_info != m_extension_info.end())
204  {
205  // Unknown_Extension oid_name is empty
206  if(extn_info->second.obj().oid_name() == "")
207  {
208  std::unique_ptr<T> ext(new T);
209  ext->decode_inner(extn_info->second.bits());
210  return ext;
211  }
212  }
213  return nullptr;
214  }
215 
216  /**
217  * Returns a copy of the list of extensions together with the corresponding
218  * criticality flag. All extensions are encoded as some object, falling back
219  * to Unknown_Extension class which simply allows reading the bytes as well
220  * as the criticality flag.
221  */
222  std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> extensions() const;
223 
224  /**
225  * Returns the list of extensions as raw, encoded bytes
226  * together with the corresponding criticality flag.
227  * Contains all extensions, including any extensions encoded as Unknown_Extension
228  */
229  std::map<OID, std::pair<std::vector<uint8_t>, bool>> extensions_raw() const;
230 
232 
233  Extensions(const Extensions&) = default;
234  Extensions& operator=(const Extensions&) = default;
235 
236  Extensions(Extensions&&) = default;
237  Extensions& operator=(Extensions&&) = default;
238 
239  private:
240  static std::unique_ptr<Certificate_Extension>
241  create_extn_obj(const OID& oid,
242  bool critical,
243  const std::vector<uint8_t>& body);
244 
245  class Extensions_Info
246  {
247  public:
248  Extensions_Info(bool critical,
249  Certificate_Extension* ext) :
250  m_obj(ext),
251  m_bits(m_obj->encode_inner()),
252  m_critical(critical)
253  {
254  }
255 
256  Extensions_Info(bool critical,
257  const std::vector<uint8_t>& encoding,
258  Certificate_Extension* ext) :
259  m_obj(ext),
260  m_bits(encoding),
261  m_critical(critical)
262  {
263  }
264 
265  bool is_critical() const { return m_critical; }
266  const std::vector<uint8_t>& bits() const { return m_bits; }
267  const Certificate_Extension& obj() const
268  {
269  BOTAN_ASSERT_NONNULL(m_obj.get());
270  return *m_obj.get();
271  }
272 
273  private:
274  std::shared_ptr<Certificate_Extension> m_obj;
275  std::vector<uint8_t> m_bits;
276  bool m_critical = false;
277  };
278 
279  std::vector<OID> m_extension_oids;
280  std::map<OID, Extensions_Info> m_extension_info;
281  };
282 
283 namespace Cert_Extension {
284 
285 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
286 
287 /**
288 * Basic Constraints Extension
289 */
291  {
292  public:
293  Basic_Constraints* copy() const override
294  { return new Basic_Constraints(m_is_ca, m_path_limit); }
295 
296  Basic_Constraints(bool ca = false, size_t limit = 0) :
297  m_is_ca(ca), m_path_limit(limit) {}
298 
299  bool get_is_ca() const { return m_is_ca; }
300  size_t get_path_limit() const;
301 
302  static OID static_oid() { return OID("2.5.29.19"); }
303  OID oid_of() const override { return static_oid(); }
304 
305  private:
306  std::string oid_name() const override
307  { return "X509v3.BasicConstraints"; }
308 
309  std::vector<uint8_t> encode_inner() const override;
310  void decode_inner(const std::vector<uint8_t>&) override;
311  void contents_to(Data_Store&, Data_Store&) const override;
312 
313  bool m_is_ca;
314  size_t m_path_limit;
315  };
316 
317 /**
318 * Key Usage Constraints Extension
319 */
321  {
322  public:
323  Key_Usage* copy() const override { return new Key_Usage(m_constraints); }
324 
325  explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {}
326 
327  Key_Constraints get_constraints() const { return m_constraints; }
328 
329  static OID static_oid() { return OID("2.5.29.15"); }
330  OID oid_of() const override { return static_oid(); }
331 
332  private:
333  std::string oid_name() const override { return "X509v3.KeyUsage"; }
334 
335  bool should_encode() const override
336  { return (m_constraints != NO_CONSTRAINTS); }
337  std::vector<uint8_t> encode_inner() const override;
338  void decode_inner(const std::vector<uint8_t>&) override;
339  void contents_to(Data_Store&, Data_Store&) const override;
340 
341  Key_Constraints m_constraints;
342  };
343 
344 /**
345 * Subject Key Identifier Extension
346 */
348  {
349  public:
350  Subject_Key_ID() = default;
351 
352  explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
353 
354  Subject_Key_ID(const std::vector<uint8_t>& public_key,
355  const std::string& hash_fn);
356 
357  Subject_Key_ID* copy() const override
358  { return new Subject_Key_ID(m_key_id); }
359 
360  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
361 
362  static OID static_oid() { return OID("2.5.29.14"); }
363  OID oid_of() const override { return static_oid(); }
364 
365  private:
366 
367  std::string oid_name() const override
368  { return "X509v3.SubjectKeyIdentifier"; }
369 
370  bool should_encode() const override { return (m_key_id.size() > 0); }
371  std::vector<uint8_t> encode_inner() const override;
372  void decode_inner(const std::vector<uint8_t>&) override;
373  void contents_to(Data_Store&, Data_Store&) const override;
374 
375  std::vector<uint8_t> m_key_id;
376  };
377 
378 /**
379 * Authority Key Identifier Extension
380 */
382  {
383  public:
384  Authority_Key_ID* copy() const override
385  { return new Authority_Key_ID(m_key_id); }
386 
387  Authority_Key_ID() = default;
388  explicit Authority_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
389 
390  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
391 
392  static OID static_oid() { return OID("2.5.29.35"); }
393  OID oid_of() const override { return static_oid(); }
394 
395  private:
396  std::string oid_name() const override
397  { return "X509v3.AuthorityKeyIdentifier"; }
398 
399  bool should_encode() const override { return (m_key_id.size() > 0); }
400  std::vector<uint8_t> encode_inner() const override;
401  void decode_inner(const std::vector<uint8_t>&) override;
402  void contents_to(Data_Store&, Data_Store&) const override;
403 
404  std::vector<uint8_t> m_key_id;
405  };
406 
407 /**
408 * Subject Alternative Name Extension
409 */
411  {
412  public:
413  const AlternativeName& get_alt_name() const { return m_alt_name; }
414 
415  static OID static_oid() { return OID("2.5.29.17"); }
416  OID oid_of() const override { return static_oid(); }
417 
418  Subject_Alternative_Name* copy() const override
419  { return new Subject_Alternative_Name(get_alt_name()); }
420 
422  m_alt_name(name) {}
423 
424  private:
425  std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; }
426 
427  bool should_encode() const override { return m_alt_name.has_items(); }
428  std::vector<uint8_t> encode_inner() const override;
429  void decode_inner(const std::vector<uint8_t>&) override;
430  void contents_to(Data_Store&, Data_Store&) const override;
431 
432  AlternativeName m_alt_name;
433  };
434 
435 /**
436 * Issuer Alternative Name Extension
437 */
439  {
440  public:
441  const AlternativeName& get_alt_name() const { return m_alt_name; }
442 
443  static OID static_oid() { return OID("2.5.29.18"); }
444  OID oid_of() const override { return static_oid(); }
445 
446  Issuer_Alternative_Name* copy() const override
447  { return new Issuer_Alternative_Name(get_alt_name()); }
448 
450  m_alt_name(name) {}
451 
452  private:
453  std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; }
454 
455  bool should_encode() const override { return m_alt_name.has_items(); }
456  std::vector<uint8_t> encode_inner() const override;
457  void decode_inner(const std::vector<uint8_t>&) override;
458  void contents_to(Data_Store&, Data_Store&) const override;
459 
460  AlternativeName m_alt_name;
461  };
462 
463 /**
464 * Extended Key Usage Extension
465 */
467  {
468  public:
469  Extended_Key_Usage* copy() const override
470  { return new Extended_Key_Usage(m_oids); }
471 
472  Extended_Key_Usage() = default;
473  explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {}
474 
475  const std::vector<OID>& get_oids() const { return m_oids; }
476 
477  static OID static_oid() { return OID("2.5.29.37"); }
478  OID oid_of() const override { return static_oid(); }
479 
480  private:
481  std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; }
482 
483  bool should_encode() const override { return (m_oids.size() > 0); }
484  std::vector<uint8_t> encode_inner() const override;
485  void decode_inner(const std::vector<uint8_t>&) override;
486  void contents_to(Data_Store&, Data_Store&) const override;
487 
488  std::vector<OID> m_oids;
489  };
490 
491 /**
492 * Name Constraints
493 */
495  {
496  public:
497  Name_Constraints* copy() const override
498  { return new Name_Constraints(m_name_constraints); }
499 
500  Name_Constraints() = default;
501  Name_Constraints(const NameConstraints &nc) : m_name_constraints(nc) {}
502 
503  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
504  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
505  std::vector<std::set<Certificate_Status_Code>>& cert_status,
506  size_t pos) override;
507 
508  const NameConstraints& get_name_constraints() const { return m_name_constraints; }
509 
510  static OID static_oid() { return OID("2.5.29.30"); }
511  OID oid_of() const override { return static_oid(); }
512 
513  private:
514  std::string oid_name() const override
515  { return "X509v3.NameConstraints"; }
516 
517  bool should_encode() const override { return true; }
518  std::vector<uint8_t> encode_inner() const override;
519  void decode_inner(const std::vector<uint8_t>&) override;
520  void contents_to(Data_Store&, Data_Store&) const override;
521 
522  NameConstraints m_name_constraints;
523  };
524 
525 /**
526 * Certificate Policies Extension
527 */
529  {
530  public:
531  Certificate_Policies* copy() const override
532  { return new Certificate_Policies(m_oids); }
533 
534  Certificate_Policies() = default;
535  explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {}
536 
537  BOTAN_DEPRECATED("Use get_policy_oids")
538  std::vector<OID> get_oids() const { return m_oids; }
539 
540  const std::vector<OID>& get_policy_oids() const { return m_oids; }
541 
542  static OID static_oid() { return OID("2.5.29.32"); }
543  OID oid_of() const override { return static_oid(); }
544 
545  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
546  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
547  std::vector<std::set<Certificate_Status_Code>>& cert_status,
548  size_t pos) override;
549  private:
550  std::string oid_name() const override
551  { return "X509v3.CertificatePolicies"; }
552 
553  bool should_encode() const override { return (m_oids.size() > 0); }
554  std::vector<uint8_t> encode_inner() const override;
555  void decode_inner(const std::vector<uint8_t>&) override;
556  void contents_to(Data_Store&, Data_Store&) const override;
557 
558  std::vector<OID> m_oids;
559  };
560 
561 /**
562 * Authority Information Access Extension
563 */
565  {
566  public:
568  { return new Authority_Information_Access(m_ocsp_responder, m_ca_issuers); }
569 
570  Authority_Information_Access() = default;
571 
572  explicit Authority_Information_Access(const std::string& ocsp, const std::vector<std::string>& ca_issuers = std::vector<std::string>()) :
573  m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}
574 
575  std::string ocsp_responder() const { return m_ocsp_responder; }
576 
577  static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); }
578  OID oid_of() const override { return static_oid(); }
579  const std::vector<std::string> ca_issuers() const { return m_ca_issuers; }
580 
581  private:
582  std::string oid_name() const override
583  { return "PKIX.AuthorityInformationAccess"; }
584 
585  bool should_encode() const override { return (!m_ocsp_responder.empty()); }
586 
587  std::vector<uint8_t> encode_inner() const override;
588  void decode_inner(const std::vector<uint8_t>&) override;
589 
590  void contents_to(Data_Store&, Data_Store&) const override;
591 
592  std::string m_ocsp_responder;
593  std::vector<std::string> m_ca_issuers;
594  };
595 
596 /**
597 * CRL Number Extension
598 */
600  {
601  public:
602  CRL_Number* copy() const override;
603 
604  CRL_Number() : m_has_value(false), m_crl_number(0) {}
605  CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {}
606 
607  size_t get_crl_number() const;
608 
609  static OID static_oid() { return OID("2.5.29.20"); }
610  OID oid_of() const override { return static_oid(); }
611 
612  private:
613  std::string oid_name() const override { return "X509v3.CRLNumber"; }
614 
615  bool should_encode() const override { return m_has_value; }
616  std::vector<uint8_t> encode_inner() const override;
617  void decode_inner(const std::vector<uint8_t>&) override;
618  void contents_to(Data_Store&, Data_Store&) const override;
619 
620  bool m_has_value;
621  size_t m_crl_number;
622  };
623 
624 /**
625 * CRL Entry Reason Code Extension
626 */
628  {
629  public:
630  CRL_ReasonCode* copy() const override
631  { return new CRL_ReasonCode(m_reason); }
632 
633  explicit CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {}
634 
635  CRL_Code get_reason() const { return m_reason; }
636 
637  static OID static_oid() { return OID("2.5.29.21"); }
638  OID oid_of() const override { return static_oid(); }
639 
640  private:
641  std::string oid_name() const override { return "X509v3.ReasonCode"; }
642 
643  bool should_encode() const override { return (m_reason != UNSPECIFIED); }
644  std::vector<uint8_t> encode_inner() const override;
645  void decode_inner(const std::vector<uint8_t>&) override;
646  void contents_to(Data_Store&, Data_Store&) const override;
647 
648  CRL_Code m_reason;
649  };
650 
651 /**
652 * CRL Distribution Points Extension
653 * todo enforce restrictions from RFC 5280 4.2.1.13
654 */
656  {
657  public:
659  {
660  public:
661  void encode_into(class DER_Encoder&) const override;
662  void decode_from(class BER_Decoder&) override;
663 
664  const AlternativeName& point() const { return m_point; }
665  private:
666  AlternativeName m_point;
667  };
668 
669  CRL_Distribution_Points* copy() const override
670  { return new CRL_Distribution_Points(m_distribution_points); }
671 
672  CRL_Distribution_Points() = default;
673 
674  explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
675  m_distribution_points(points) {}
676 
677  const std::vector<Distribution_Point>& distribution_points() const
678  { return m_distribution_points; }
679 
680  const std::vector<std::string>& crl_distribution_urls() const
681  { return m_crl_distribution_urls; }
682 
683  static OID static_oid() { return OID("2.5.29.31"); }
684  OID oid_of() const override { return static_oid(); }
685 
686  private:
687  std::string oid_name() const override
688  { return "X509v3.CRLDistributionPoints"; }
689 
690  bool should_encode() const override
691  { return !m_distribution_points.empty(); }
692 
693  std::vector<uint8_t> encode_inner() const override;
694  void decode_inner(const std::vector<uint8_t>&) override;
695  void contents_to(Data_Store&, Data_Store&) const override;
696 
697  std::vector<Distribution_Point> m_distribution_points;
698  std::vector<std::string> m_crl_distribution_urls;
699  };
700 
701 /**
702 * CRL Issuing Distribution Point Extension
703 * todo enforce restrictions from RFC 5280 5.2.5
704 */
706  {
707  public:
708  CRL_Issuing_Distribution_Point() = default;
709 
711  m_distribution_point(distribution_point) {}
712 
714  { return new CRL_Issuing_Distribution_Point(m_distribution_point); }
715 
716  const AlternativeName& get_point() const
717  { return m_distribution_point.point(); }
718 
719  static OID static_oid() { return OID("2.5.29.28"); }
720  OID oid_of() const override { return static_oid(); }
721 
722  private:
723  std::string oid_name() const override
724  { return "X509v3.CRLIssuingDistributionPoint"; }
725 
726  bool should_encode() const override { return true; }
727  std::vector<uint8_t> encode_inner() const override;
728  void decode_inner(const std::vector<uint8_t>&) override;
729  void contents_to(Data_Store&, Data_Store&) const override;
730 
731  CRL_Distribution_Points::Distribution_Point m_distribution_point;
732  };
733 
734 /**
735 * An unknown X.509 extension
736 * Will add a failure to the path validation result, if critical
737 */
739  {
740  public:
741  Unknown_Extension(const OID& oid, bool critical) :
742  m_oid(oid), m_critical(critical) {}
743 
744  Unknown_Extension* copy() const override
745  { return new Unknown_Extension(m_oid, m_critical); }
746 
747  /**
748  * Return the OID of this unknown extension
749  */
750  OID oid_of() const override
751  { return m_oid; }
752 
753  //static_oid not defined for Unknown_Extension
754 
755  /**
756  * Return the extension contents
757  */
758  const std::vector<uint8_t>& extension_contents() const { return m_bytes; }
759 
760  /**
761  * Return if this extension was marked critical
762  */
763  bool is_critical_extension() const { return m_critical; }
764 
766  const std::vector<std::shared_ptr<const X509_Certificate>>&,
767  std::vector<std::set<Certificate_Status_Code>>& cert_status,
768  size_t pos) override
769  {
770  if(m_critical)
771  {
772  cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION);
773  }
774  }
775 
776  private:
777  std::string oid_name() const override { return ""; }
778 
779  bool should_encode() const override { return true; }
780  std::vector<uint8_t> encode_inner() const override;
781  void decode_inner(const std::vector<uint8_t>&) override;
782  void contents_to(Data_Store&, Data_Store&) const override;
783 
784  OID m_oid;
785  bool m_critical;
786  std::vector<uint8_t> m_bytes;
787  };
788 
789  }
790 
791 }
792 
793 #endif
const AlternativeName & get_point() const
Definition: x509_ext.h:716
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:413
CRL_Distribution_Points * copy() const override
Definition: x509_ext.h:669
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:360
Key_Constraints get_constraints() const
Definition: x509_ext.h:327
Authority_Information_Access(const std::string &ocsp, const std::vector< std::string > &ca_issuers=std::vector< std::string >())
Definition: x509_ext.h:572
Key_Usage * copy() const override
Definition: x509_ext.h:323
CRL_Code
Definition: crl_ent.h:22
const std::vector< OID > & get_policy_oids() const
Definition: x509_ext.h:540
const std::vector< uint8_t > & extension_contents() const
Definition: x509_ext.h:758
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: bigint.h:1136
Issuer_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:449
CRL_Issuing_Distribution_Point * copy() const override
Definition: x509_ext.h:713
Unknown_Extension * copy() const override
Definition: x509_ext.h:744
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Definition: x509_ext.h:103
OID oid_of() const override
Definition: x509_ext.h:610
Subject_Alternative_Name * copy() const override
Definition: x509_ext.h:418
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:390
Authority_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:388
const std::vector< std::string > & crl_distribution_urls() const
Definition: x509_ext.h:680
std::string name
Certificate_Policies(const std::vector< OID > &o)
Definition: x509_ext.h:535
const std::vector< OID > & get_extension_oids() const
Definition: x509_ext.h:129
Basic_Constraints(bool ca=false, size_t limit=0)
Definition: x509_ext.h:296
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:441
std::unique_ptr< T > get_raw(const OID &oid) const
Definition: x509_ext.h:199
CRL_ReasonCode * copy() const override
Definition: x509_ext.h:630
Name_Constraints * copy() const override
Definition: x509_ext.h:497
CRL_Distribution_Points(const std::vector< Distribution_Point > &points)
Definition: x509_ext.h:674
Basic_Constraints * copy() const override
Definition: x509_ext.h:293
Definition: alg_id.cpp:13
const std::vector< Distribution_Point > & distribution_points() const
Definition: x509_ext.h:677
Extended_Key_Usage(const std::vector< OID > &o)
Definition: x509_ext.h:473
Name_Constraints(const NameConstraints &nc)
Definition: x509_ext.h:501
Subject_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:352
OID oid_of() const override
Definition: x509_ext.h:330
Key_Usage(Key_Constraints c=NO_CONSTRAINTS)
Definition: x509_ext.h:325
fe T
Definition: ge.cpp:37
CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point &distribution_point)
Definition: x509_ext.h:710
void validate(const X509_Certificate &, const X509_Certificate &, const std::vector< std::shared_ptr< const X509_Certificate >> &, std::vector< std::set< Certificate_Status_Code >> &cert_status, size_t pos) override
Definition: x509_ext.h:765
Issuer_Alternative_Name * copy() const override
Definition: x509_ext.h:446
CRL_ReasonCode(CRL_Code r=UNSPECIFIED)
Definition: x509_ext.h:633
Extended_Key_Usage * copy() const override
Definition: x509_ext.h:469
Authority_Information_Access * copy() const override
Definition: x509_ext.h:567
Unknown_Extension(const OID &oid, bool critical)
Definition: x509_ext.h:741
const std::vector< OID > & get_oids() const
Definition: x509_ext.h:475
Authority_Key_ID * copy() const override
Definition: x509_ext.h:384
Subject_Key_ID * copy() const override
Definition: x509_ext.h:357
Subject_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:421
virtual bool should_encode() const
Definition: x509_ext.h:82
const std::vector< std::string > ca_issuers() const
Definition: x509_ext.h:579
const NameConstraints & get_name_constraints() const
Definition: x509_ext.h:508
Certificate_Policies * copy() const override
Definition: x509_ext.h:531
Name Constraints.