Botan  2.6.0
Crypto and TLS for C++11
x509_ext.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Extensions
3 * (C) 1999-2007,2012 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_EXTENSIONS_H_
9 #define BOTAN_X509_EXTENSIONS_H_
10 
11 #include <botan/asn1_obj.h>
12 #include <botan/asn1_oid.h>
13 #include <botan/asn1_alt_name.h>
14 #include <botan/cert_status.h>
15 #include <botan/name_constraint.h>
16 #include <botan/key_constraint.h>
17 #include <botan/crl_ent.h>
18 #include <set>
19 
20 namespace Botan {
21 
22 class Data_Store;
23 class X509_Certificate;
24 
25 /**
26 * X.509 Certificate Extension
27 */
29  {
30  public:
31  /**
32  * @return OID representing this extension
33  */
34  virtual OID oid_of() const = 0;
35 
36  /*
37  * @return specific OID name
38  * If possible OIDS table should match oid_name to OIDS, ie
39  * OIDS::lookup(ext->oid_name()) == ext->oid_of()
40  * Should return empty string if OID is not known
41  */
42  virtual std::string oid_name() const = 0;
43 
44  /**
45  * Make a copy of this extension
46  * @return copy of this
47  */
48  virtual Certificate_Extension* copy() const = 0;
49 
50  /*
51  * Add the contents of this extension into the information
52  * for the subject and/or issuer, as necessary.
53  * @param subject the subject info
54  * @param issuer the issuer info
55  */
56  virtual void contents_to(Data_Store& subject,
57  Data_Store& issuer) const = 0;
58 
59  /*
60  * Callback visited during path validation.
61  *
62  * An extension can implement this callback to inspect
63  * the path during path validation.
64  *
65  * If an error occurs during validation of this extension,
66  * an appropriate status code shall be added to cert_status.
67  *
68  * @param subject Subject certificate that contains this extension
69  * @param issuer Issuer certificate
70  * @param status Certificate validation status codes for subject certificate
71  * @param cert_path Certificate path which is currently validated
72  * @param pos Position of subject certificate in cert_path
73  */
74  virtual void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
75  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
76  std::vector<std::set<Certificate_Status_Code>>& cert_status,
77  size_t pos);
78 
79  virtual ~Certificate_Extension() = default;
80  protected:
81  friend class Extensions;
82  virtual bool should_encode() const { return true; }
83  virtual std::vector<uint8_t> encode_inner() const = 0;
84  virtual void decode_inner(const std::vector<uint8_t>&) = 0;
85  };
86 
87 /**
88 * X.509 Certificate Extension List
89 */
90 class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object
91  {
92  public:
93  /**
94  * Look up an object in the extensions, based on OID Returns
95  * nullptr if not set, if the extension was either absent or not
96  * handled. The pointer returned is owned by the Extensions
97  * object.
98  * This would be better with an optional<T> return value
99  */
100  const Certificate_Extension* get_extension_object(const OID& oid) const;
101 
102  template<typename T>
103  const T* get_extension_object_as(const OID& oid = T::static_oid()) const
104  {
105  if(const Certificate_Extension* extn = get_extension_object(oid))
106  {
107  if(const T* extn_as_T = dynamic_cast<const T*>(extn))
108  {
109  return extn_as_T;
110  }
111  else
112  {
113  throw Exception("Exception::get_extension_object_as dynamic_cast failed");
114  }
115  }
116 
117  return nullptr;
118  }
119 
120  /**
121  * Return the set of extensions in the order they appeared in the certificate
122  * (or as they were added, if constructed)
123  */
124  const std::vector<OID>& get_extension_oids() const
125  {
126  return m_extension_oids;
127  }
128 
129  /**
130  * Return true if an extension was set
131  */
132  bool extension_set(const OID& oid) const;
133 
134  /**
135  * Return true if an extesion was set and marked critical
136  */
137  bool critical_extension_set(const OID& oid) const;
138 
139  /**
140  * Return the raw bytes of the extension
141  * Will throw if OID was not set as an extension.
142  */
143  std::vector<uint8_t> get_extension_bits(const OID& oid) const;
144 
145  void encode_into(class DER_Encoder&) const override;
146  void decode_from(class BER_Decoder&) override;
147  void contents_to(Data_Store&, Data_Store&) const;
148 
149  /**
150  * Adds a new extension to the list.
151  * @param extn pointer to the certificate extension (Extensions takes ownership)
152  * @param critical whether this extension should be marked as critical
153  * @throw Invalid_Argument if the extension is already present in the list
154  */
155  void add(Certificate_Extension* extn, bool critical = false);
156 
157  /**
158  * Adds a new extension to the list unless it already exists. If the extension
159  * already exists within the Extensions object, the extn pointer will be deleted.
160  *
161  * @param extn pointer to the certificate extension (Extensions takes ownership)
162  * @param critical whether this extension should be marked as critical
163  * @return true if the object was added false if the extension was already used
164  */
165  bool add_new(Certificate_Extension* extn, bool critical = false);
166 
167  /**
168  * Adds an extension to the list or replaces it.
169  * @param extn the certificate extension
170  * @param critical whether this extension should be marked as critical
171  */
172  void replace(Certificate_Extension* extn, bool critical = false);
173 
174  /**
175  * Searches for an extension by OID and returns the result.
176  * Only the known extensions types declared in this header
177  * are searched for by this function.
178  * @return Copy of extension with oid, nullptr if not found.
179  * Can avoid creating a copy by using get_extension_object function
180  */
181  std::unique_ptr<Certificate_Extension> get(const OID& oid) const;
182 
183  /**
184  * Searches for an extension by OID and returns the result decoding
185  * it to some arbitrary extension type chosen by the application.
186  *
187  * Only the unknown extensions, that is, extensions types that
188  * are not declared in this header, are searched for by this
189  * function.
190  *
191  * @return Pointer to new extension with oid, nullptr if not found.
192  */
193  template<typename T>
194  std::unique_ptr<T> get_raw(const OID& oid) const
195  {
196  auto extn_info = m_extension_info.find(oid);
197 
198  if(extn_info != m_extension_info.end())
199  {
200  // Unknown_Extension oid_name is empty
201  if(extn_info->second.obj().oid_name() == "")
202  {
203  std::unique_ptr<T> ext(new T);
204  ext->decode_inner(extn_info->second.bits());
205  return std::move(ext);
206  }
207  }
208  return nullptr;
209  }
210 
211  /**
212  * Returns a copy of the list of extensions together with the corresponding
213  * criticality flag. All extensions are encoded as some object, falling back
214  * to Unknown_Extension class which simply allows reading the bytes as well
215  * as the criticality flag.
216  */
217  std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> extensions() const;
218 
219  /**
220  * Returns the list of extensions as raw, encoded bytes
221  * together with the corresponding criticality flag.
222  * Contains all extensions, including any extensions encoded as Unknown_Extension
223  */
224  std::map<OID, std::pair<std::vector<uint8_t>, bool>> extensions_raw() const;
225 
227 
228  Extensions(const Extensions&) = default;
229  Extensions& operator=(const Extensions&) = default;
230 
231 #if !defined(BOTAN_BUILD_COMPILER_IS_MSVC_2013)
232  Extensions(Extensions&&) = default;
233  Extensions& operator=(Extensions&&) = default;
234 #endif
235 
236  private:
237  static std::unique_ptr<Certificate_Extension>
238  create_extn_obj(const OID& oid,
239  bool critical,
240  const std::vector<uint8_t>& body);
241 
242  class Extensions_Info
243  {
244  public:
245  Extensions_Info(bool critical,
246  Certificate_Extension* ext) :
247  m_obj(ext),
248  m_bits(m_obj->encode_inner()),
249  m_critical(critical)
250  {
251  }
252 
253  Extensions_Info(bool critical,
254  const std::vector<uint8_t>& encoding,
255  Certificate_Extension* ext) :
256  m_obj(ext),
257  m_bits(encoding),
258  m_critical(critical)
259  {
260  }
261 
262  bool is_critical() const { return m_critical; }
263  const std::vector<uint8_t>& bits() const { return m_bits; }
264  const Certificate_Extension& obj() const
265  {
266  BOTAN_ASSERT_NONNULL(m_obj.get());
267  return *m_obj.get();
268  }
269 
270  private:
271  std::shared_ptr<Certificate_Extension> m_obj;
272  std::vector<uint8_t> m_bits;
273  bool m_critical = false;
274  };
275 
276  std::vector<OID> m_extension_oids;
277  std::map<OID, Extensions_Info> m_extension_info;
278  };
279 
280 namespace Cert_Extension {
281 
282 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
283 
284 /**
285 * Basic Constraints Extension
286 */
288  {
289  public:
290  Basic_Constraints* copy() const override
291  { return new Basic_Constraints(m_is_ca, m_path_limit); }
292 
293  Basic_Constraints(bool ca = false, size_t limit = 0) :
294  m_is_ca(ca), m_path_limit(limit) {}
295 
296  bool get_is_ca() const { return m_is_ca; }
297  size_t get_path_limit() const;
298 
299  static OID static_oid() { return OID("2.5.29.19"); }
300  OID oid_of() const override { return static_oid(); }
301 
302  private:
303  std::string oid_name() const override
304  { return "X509v3.BasicConstraints"; }
305 
306  std::vector<uint8_t> encode_inner() const override;
307  void decode_inner(const std::vector<uint8_t>&) override;
308  void contents_to(Data_Store&, Data_Store&) const override;
309 
310  bool m_is_ca;
311  size_t m_path_limit;
312  };
313 
314 /**
315 * Key Usage Constraints Extension
316 */
318  {
319  public:
320  Key_Usage* copy() const override { return new Key_Usage(m_constraints); }
321 
322  explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {}
323 
324  Key_Constraints get_constraints() const { return m_constraints; }
325 
326  static OID static_oid() { return OID("2.5.29.15"); }
327  OID oid_of() const override { return static_oid(); }
328 
329  private:
330  std::string oid_name() const override { return "X509v3.KeyUsage"; }
331 
332  bool should_encode() const override
333  { return (m_constraints != NO_CONSTRAINTS); }
334  std::vector<uint8_t> encode_inner() const override;
335  void decode_inner(const std::vector<uint8_t>&) override;
336  void contents_to(Data_Store&, Data_Store&) const override;
337 
338  Key_Constraints m_constraints;
339  };
340 
341 /**
342 * Subject Key Identifier Extension
343 */
345  {
346  public:
347  Subject_Key_ID() = default;
348 
349  explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
350 
351  Subject_Key_ID(const std::vector<uint8_t>& public_key,
352  const std::string& hash_fn);
353 
354  Subject_Key_ID* copy() const override
355  { return new Subject_Key_ID(m_key_id); }
356 
357  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
358 
359  static OID static_oid() { return OID("2.5.29.14"); }
360  OID oid_of() const override { return static_oid(); }
361 
362  private:
363 
364  std::string oid_name() const override
365  { return "X509v3.SubjectKeyIdentifier"; }
366 
367  bool should_encode() const override { return (m_key_id.size() > 0); }
368  std::vector<uint8_t> encode_inner() const override;
369  void decode_inner(const std::vector<uint8_t>&) override;
370  void contents_to(Data_Store&, Data_Store&) const override;
371 
372  std::vector<uint8_t> m_key_id;
373  };
374 
375 /**
376 * Authority Key Identifier Extension
377 */
379  {
380  public:
381  Authority_Key_ID* copy() const override
382  { return new Authority_Key_ID(m_key_id); }
383 
384  Authority_Key_ID() = default;
385  explicit Authority_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
386 
387  const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
388 
389  static OID static_oid() { return OID("2.5.29.35"); }
390  OID oid_of() const override { return static_oid(); }
391 
392  private:
393  std::string oid_name() const override
394  { return "X509v3.AuthorityKeyIdentifier"; }
395 
396  bool should_encode() const override { return (m_key_id.size() > 0); }
397  std::vector<uint8_t> encode_inner() const override;
398  void decode_inner(const std::vector<uint8_t>&) override;
399  void contents_to(Data_Store&, Data_Store&) const override;
400 
401  std::vector<uint8_t> m_key_id;
402  };
403 
404 /**
405 * Subject Alternative Name Extension
406 */
408  {
409  public:
410  const AlternativeName& get_alt_name() const { return m_alt_name; }
411 
412  static OID static_oid() { return OID("2.5.29.17"); }
413  OID oid_of() const override { return static_oid(); }
414 
415  Subject_Alternative_Name* copy() const override
416  { return new Subject_Alternative_Name(get_alt_name()); }
417 
419  m_alt_name(name) {}
420 
421  private:
422  std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; }
423 
424  bool should_encode() const override { return m_alt_name.has_items(); }
425  std::vector<uint8_t> encode_inner() const override;
426  void decode_inner(const std::vector<uint8_t>&) override;
427  void contents_to(Data_Store&, Data_Store&) const override;
428 
429  AlternativeName m_alt_name;
430  };
431 
432 /**
433 * Issuer Alternative Name Extension
434 */
436  {
437  public:
438  const AlternativeName& get_alt_name() const { return m_alt_name; }
439 
440  static OID static_oid() { return OID("2.5.29.18"); }
441  OID oid_of() const override { return static_oid(); }
442 
443  Issuer_Alternative_Name* copy() const override
444  { return new Issuer_Alternative_Name(get_alt_name()); }
445 
447  m_alt_name(name) {}
448 
449  private:
450  std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; }
451 
452  bool should_encode() const override { return m_alt_name.has_items(); }
453  std::vector<uint8_t> encode_inner() const override;
454  void decode_inner(const std::vector<uint8_t>&) override;
455  void contents_to(Data_Store&, Data_Store&) const override;
456 
457  AlternativeName m_alt_name;
458  };
459 
460 /**
461 * Extended Key Usage Extension
462 */
464  {
465  public:
466  Extended_Key_Usage* copy() const override
467  { return new Extended_Key_Usage(m_oids); }
468 
469  Extended_Key_Usage() = default;
470  explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {}
471 
472  const std::vector<OID>& get_oids() const { return m_oids; }
473 
474  static OID static_oid() { return OID("2.5.29.37"); }
475  OID oid_of() const override { return static_oid(); }
476 
477  private:
478  std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; }
479 
480  bool should_encode() const override { return (m_oids.size() > 0); }
481  std::vector<uint8_t> encode_inner() const override;
482  void decode_inner(const std::vector<uint8_t>&) override;
483  void contents_to(Data_Store&, Data_Store&) const override;
484 
485  std::vector<OID> m_oids;
486  };
487 
488 /**
489 * Name Constraints
490 */
492  {
493  public:
494  Name_Constraints* copy() const override
495  { return new Name_Constraints(m_name_constraints); }
496 
497  Name_Constraints() = default;
498  Name_Constraints(const NameConstraints &nc) : m_name_constraints(nc) {}
499 
500  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
501  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
502  std::vector<std::set<Certificate_Status_Code>>& cert_status,
503  size_t pos) override;
504 
505  const NameConstraints& get_name_constraints() const { return m_name_constraints; }
506 
507  static OID static_oid() { return OID("2.5.29.30"); }
508  OID oid_of() const override { return static_oid(); }
509 
510  private:
511  std::string oid_name() const override
512  { return "X509v3.NameConstraints"; }
513 
514  bool should_encode() const override { return true; }
515  std::vector<uint8_t> encode_inner() const override;
516  void decode_inner(const std::vector<uint8_t>&) override;
517  void contents_to(Data_Store&, Data_Store&) const override;
518 
519  NameConstraints m_name_constraints;
520  };
521 
522 /**
523 * Certificate Policies Extension
524 */
526  {
527  public:
528  Certificate_Policies* copy() const override
529  { return new Certificate_Policies(m_oids); }
530 
531  Certificate_Policies() = default;
532  explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {}
533 
534  BOTAN_DEPRECATED("Use get_policy_oids")
535  std::vector<OID> get_oids() const { return m_oids; }
536 
537  const std::vector<OID>& get_policy_oids() const { return m_oids; }
538 
539  static OID static_oid() { return OID("2.5.29.32"); }
540  OID oid_of() const override { return static_oid(); }
541 
542  void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
543  const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
544  std::vector<std::set<Certificate_Status_Code>>& cert_status,
545  size_t pos) override;
546  private:
547  std::string oid_name() const override
548  { return "X509v3.CertificatePolicies"; }
549 
550  bool should_encode() const override { return (m_oids.size() > 0); }
551  std::vector<uint8_t> encode_inner() const override;
552  void decode_inner(const std::vector<uint8_t>&) override;
553  void contents_to(Data_Store&, Data_Store&) const override;
554 
555  std::vector<OID> m_oids;
556  };
557 
558 /**
559 * Authority Information Access Extension
560 */
562  {
563  public:
565  { return new Authority_Information_Access(m_ocsp_responder, m_ca_issuers); }
566 
567  Authority_Information_Access() = default;
568 
569  explicit Authority_Information_Access(const std::string& ocsp, const std::vector<std::string>& ca_issuers = std::vector<std::string>()) :
570  m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}
571 
572  std::string ocsp_responder() const { return m_ocsp_responder; }
573 
574  static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); }
575  OID oid_of() const override { return static_oid(); }
576  const std::vector<std::string> ca_issuers() const { return m_ca_issuers; }
577 
578  private:
579  std::string oid_name() const override
580  { return "PKIX.AuthorityInformationAccess"; }
581 
582  bool should_encode() const override { return (!m_ocsp_responder.empty()); }
583 
584  std::vector<uint8_t> encode_inner() const override;
585  void decode_inner(const std::vector<uint8_t>&) override;
586 
587  void contents_to(Data_Store&, Data_Store&) const override;
588 
589  std::string m_ocsp_responder;
590  std::vector<std::string> m_ca_issuers;
591  };
592 
593 /**
594 * CRL Number Extension
595 */
597  {
598  public:
599  CRL_Number* copy() const override;
600 
601  CRL_Number() : m_has_value(false), m_crl_number(0) {}
602  CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {}
603 
604  size_t get_crl_number() const;
605 
606  static OID static_oid() { return OID("2.5.29.20"); }
607  OID oid_of() const override { return static_oid(); }
608 
609  private:
610  std::string oid_name() const override { return "X509v3.CRLNumber"; }
611 
612  bool should_encode() const override { return m_has_value; }
613  std::vector<uint8_t> encode_inner() const override;
614  void decode_inner(const std::vector<uint8_t>&) override;
615  void contents_to(Data_Store&, Data_Store&) const override;
616 
617  bool m_has_value;
618  size_t m_crl_number;
619  };
620 
621 /**
622 * CRL Entry Reason Code Extension
623 */
625  {
626  public:
627  CRL_ReasonCode* copy() const override
628  { return new CRL_ReasonCode(m_reason); }
629 
630  explicit CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : m_reason(r) {}
631 
632  CRL_Code get_reason() const { return m_reason; }
633 
634  static OID static_oid() { return OID("2.5.29.21"); }
635  OID oid_of() const override { return static_oid(); }
636 
637  private:
638  std::string oid_name() const override { return "X509v3.ReasonCode"; }
639 
640  bool should_encode() const override { return (m_reason != UNSPECIFIED); }
641  std::vector<uint8_t> encode_inner() const override;
642  void decode_inner(const std::vector<uint8_t>&) override;
643  void contents_to(Data_Store&, Data_Store&) const override;
644 
645  CRL_Code m_reason;
646  };
647 
648 /**
649 * CRL Distribution Points Extension
650 * todo enforce restrictions from RFC 5280 4.2.1.13
651 */
653  {
654  public:
656  {
657  public:
658  void encode_into(class DER_Encoder&) const override;
659  void decode_from(class BER_Decoder&) override;
660 
661  const AlternativeName& point() const { return m_point; }
662  private:
663  AlternativeName m_point;
664  };
665 
666  CRL_Distribution_Points* copy() const override
667  { return new CRL_Distribution_Points(m_distribution_points); }
668 
669  CRL_Distribution_Points() = default;
670 
671  explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
672  m_distribution_points(points) {}
673 
674  const std::vector<Distribution_Point>& distribution_points() const
675  { return m_distribution_points; }
676 
677  const std::vector<std::string>& crl_distribution_urls() const
678  { return m_crl_distribution_urls; }
679 
680  static OID static_oid() { return OID("2.5.29.31"); }
681  OID oid_of() const override { return static_oid(); }
682 
683  private:
684  std::string oid_name() const override
685  { return "X509v3.CRLDistributionPoints"; }
686 
687  bool should_encode() const override
688  { return !m_distribution_points.empty(); }
689 
690  std::vector<uint8_t> encode_inner() const override;
691  void decode_inner(const std::vector<uint8_t>&) override;
692  void contents_to(Data_Store&, Data_Store&) const override;
693 
694  std::vector<Distribution_Point> m_distribution_points;
695  std::vector<std::string> m_crl_distribution_urls;
696  };
697 
698 /**
699 * CRL Issuing Distribution Point Extension
700 * todo enforce restrictions from RFC 5280 5.2.5
701 */
703  {
704  public:
705  CRL_Issuing_Distribution_Point() = default;
706 
708  m_distribution_point(distribution_point) {}
709 
711  { return new CRL_Issuing_Distribution_Point(m_distribution_point); }
712 
713  const AlternativeName& get_point() const
714  { return m_distribution_point.point(); }
715 
716  static OID static_oid() { return OID("2.5.29.28"); }
717  OID oid_of() const override { return static_oid(); }
718 
719  private:
720  std::string oid_name() const override
721  { return "X509v3.CRLIssuingDistributionPoint"; }
722 
723  bool should_encode() const override { return true; }
724  std::vector<uint8_t> encode_inner() const override;
725  void decode_inner(const std::vector<uint8_t>&) override;
726  void contents_to(Data_Store&, Data_Store&) const override;
727 
728  CRL_Distribution_Points::Distribution_Point m_distribution_point;
729  };
730 
731 /**
732 * An unknown X.509 extension
733 * Will add a failure to the path validation result, if critical
734 */
736  {
737  public:
738  Unknown_Extension(const OID& oid, bool critical) :
739  m_oid(oid), m_critical(critical) {}
740 
741  Unknown_Extension* copy() const override
742  { return new Unknown_Extension(m_oid, m_critical); }
743 
744  /**
745  * Return the OID of this unknown extension
746  */
747  OID oid_of() const override
748  { return m_oid; }
749 
750  //static_oid not defined for Unknown_Extension
751 
752  /**
753  * Return the extension contents
754  */
755  const std::vector<uint8_t>& extension_contents() const { return m_bytes; }
756 
757  /**
758  * Return if this extension was marked critical
759  */
760  bool is_critical_extension() const { return m_critical; }
761 
763  const std::vector<std::shared_ptr<const X509_Certificate>>&,
764  std::vector<std::set<Certificate_Status_Code>>& cert_status,
765  size_t pos) override
766  {
767  if(m_critical)
768  {
769  cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION);
770  }
771  }
772 
773  private:
774  std::string oid_name() const override { return ""; }
775 
776  bool should_encode() const override { return true; }
777  std::vector<uint8_t> encode_inner() const override;
778  void decode_inner(const std::vector<uint8_t>&) override;
779  void contents_to(Data_Store&, Data_Store&) const override;
780 
781  OID m_oid;
782  bool m_critical;
783  std::vector<uint8_t> m_bytes;
784  };
785 
786  }
787 
788 }
789 
790 #endif
const AlternativeName & get_point() const
Definition: x509_ext.h:713
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:410
CRL_Distribution_Points * copy() const override
Definition: x509_ext.h:666
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:357
Key_Constraints get_constraints() const
Definition: x509_ext.h:324
Authority_Information_Access(const std::string &ocsp, const std::vector< std::string > &ca_issuers=std::vector< std::string >())
Definition: x509_ext.h:569
Key_Usage * copy() const override
Definition: x509_ext.h:320
CRL_Code
Definition: crl_ent.h:22
const std::vector< OID > & get_policy_oids() const
Definition: x509_ext.h:537
const std::vector< uint8_t > & extension_contents() const
Definition: x509_ext.h:755
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:719
Issuer_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:446
CRL_Issuing_Distribution_Point * copy() const override
Definition: x509_ext.h:710
Unknown_Extension * copy() const override
Definition: x509_ext.h:741
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Definition: x509_ext.h:103
OID oid_of() const override
Definition: x509_ext.h:607
Subject_Alternative_Name * copy() const override
Definition: x509_ext.h:415
const std::vector< uint8_t > & get_key_id() const
Definition: x509_ext.h:387
Authority_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:385
const std::vector< std::string > & crl_distribution_urls() const
Definition: x509_ext.h:677
Certificate_Policies(const std::vector< OID > &o)
Definition: x509_ext.h:532
const std::vector< OID > & get_extension_oids() const
Definition: x509_ext.h:124
Basic_Constraints(bool ca=false, size_t limit=0)
Definition: x509_ext.h:293
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:82
const AlternativeName & get_alt_name() const
Definition: x509_ext.h:438
std::unique_ptr< T > get_raw(const OID &oid) const
Definition: x509_ext.h:194
CRL_ReasonCode * copy() const override
Definition: x509_ext.h:627
Name_Constraints * copy() const override
Definition: x509_ext.h:494
CRL_Distribution_Points(const std::vector< Distribution_Point > &points)
Definition: x509_ext.h:671
Basic_Constraints * copy() const override
Definition: x509_ext.h:290
Definition: alg_id.cpp:13
const std::vector< Distribution_Point > & distribution_points() const
Definition: x509_ext.h:674
Extended_Key_Usage(const std::vector< OID > &o)
Definition: x509_ext.h:470
Name_Constraints(const NameConstraints &nc)
Definition: x509_ext.h:498
Subject_Key_ID(const std::vector< uint8_t > &k)
Definition: x509_ext.h:349
OID oid_of() const override
Definition: x509_ext.h:327
Key_Usage(Key_Constraints c=NO_CONSTRAINTS)
Definition: x509_ext.h:322
fe T
Definition: ge.cpp:37
CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point &distribution_point)
Definition: x509_ext.h:707
void validate(const X509_Certificate &, const X509_Certificate &, const std::vector< std::shared_ptr< const X509_Certificate >> &, std::vector< std::set< Certificate_Status_Code >> &cert_status, size_t pos) override
Definition: x509_ext.h:762
Issuer_Alternative_Name * copy() const override
Definition: x509_ext.h:443
CRL_ReasonCode(CRL_Code r=UNSPECIFIED)
Definition: x509_ext.h:630
Extended_Key_Usage * copy() const override
Definition: x509_ext.h:466
Authority_Information_Access * copy() const override
Definition: x509_ext.h:564
Unknown_Extension(const OID &oid, bool critical)
Definition: x509_ext.h:738
const std::vector< OID > & get_oids() const
Definition: x509_ext.h:472
Authority_Key_ID * copy() const override
Definition: x509_ext.h:381
Subject_Key_ID * copy() const override
Definition: x509_ext.h:354
Subject_Alternative_Name(const AlternativeName &name=AlternativeName())
Definition: x509_ext.h:418
virtual bool should_encode() const
Definition: x509_ext.h:82
const std::vector< std::string > ca_issuers() const
Definition: x509_ext.h:576
const NameConstraints & get_name_constraints() const
Definition: x509_ext.h:505
Certificate_Policies * copy() const override
Definition: x509_ext.h:528
Name Constraints.