8#ifndef BOTAN_X509_EXTENSIONS_H_
9#define BOTAN_X509_EXTENSIONS_H_
11#include <botan/pkix_types.h>
17class X509_Certificate;
19namespace Cert_Extension {
21static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
33 m_is_ca(ca), m_path_limit(limit) {}
36 size_t get_path_limit()
const;
39 OID oid_of()
const override {
return static_oid(); }
42 std::string oid_name()
const override
43 {
return "X509v3.BasicConstraints"; }
45 std::vector<uint8_t> encode_inner()
const override;
46 void decode_inner(
const std::vector<uint8_t>&)
override;
66 OID oid_of()
const override {
return static_oid(); }
69 std::string oid_name()
const override {
return "X509v3.KeyUsage"; }
71 bool should_encode()
const override
73 std::vector<uint8_t> encode_inner()
const override;
74 void decode_inner(
const std::vector<uint8_t>&)
override;
75 void contents_to(Data_Store&, Data_Store&)
const override;
91 const std::string& hash_fn);
96 const std::vector<uint8_t>&
get_key_id()
const {
return m_key_id; }
99 OID oid_of()
const override {
return static_oid(); }
103 std::string oid_name()
const override
104 {
return "X509v3.SubjectKeyIdentifier"; }
106 bool should_encode()
const override {
return (m_key_id.size() > 0); }
107 std::vector<uint8_t> encode_inner()
const override;
108 void decode_inner(
const std::vector<uint8_t>&)
override;
109 void contents_to(Data_Store&, Data_Store&)
const override;
111 std::vector<uint8_t> m_key_id;
126 const std::vector<uint8_t>&
get_key_id()
const {
return m_key_id; }
132 std::string oid_name()
const override
133 {
return "X509v3.AuthorityKeyIdentifier"; }
135 bool should_encode()
const override {
return (m_key_id.size() > 0); }
136 std::vector<uint8_t> encode_inner()
const override;
137 void decode_inner(
const std::vector<uint8_t>&)
override;
138 void contents_to(Data_Store&, Data_Store&)
const override;
140 std::vector<uint8_t> m_key_id;
161 std::string oid_name()
const override {
return "X509v3.SubjectAlternativeName"; }
163 bool should_encode()
const override {
return m_alt_name.has_items(); }
164 std::vector<uint8_t> encode_inner()
const override;
165 void decode_inner(
const std::vector<uint8_t>&)
override;
166 void contents_to(Data_Store&, Data_Store&)
const override;
168 AlternativeName m_alt_name;
189 std::string oid_name()
const override {
return "X509v3.IssuerAlternativeName"; }
191 bool should_encode()
const override {
return m_alt_name.has_items(); }
192 std::vector<uint8_t> encode_inner()
const override;
193 void decode_inner(
const std::vector<uint8_t>&)
override;
194 void contents_to(Data_Store&, Data_Store&)
const override;
196 AlternativeName m_alt_name;
211 const std::vector<OID>&
get_oids()
const {
return m_oids; }
217 std::string oid_name()
const override {
return "X509v3.ExtendedKeyUsage"; }
219 bool should_encode()
const override {
return (m_oids.size() > 0); }
220 std::vector<uint8_t> encode_inner()
const override;
221 void decode_inner(
const std::vector<uint8_t>&)
override;
222 void contents_to(Data_Store&, Data_Store&)
const override;
224 std::vector<OID> m_oids;
240 const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
241 std::vector<std::set<Certificate_Status_Code>>& cert_status,
242 size_t pos)
override;
250 std::string oid_name()
const override
251 {
return "X509v3.NameConstraints"; }
253 bool should_encode()
const override {
return true; }
254 std::vector<uint8_t> encode_inner()
const override;
255 void decode_inner(
const std::vector<uint8_t>&)
override;
256 void contents_to(Data_Store&, Data_Store&)
const override;
258 NameConstraints m_name_constraints;
273 BOTAN_DEPRECATED(
"Use get_policy_oids")
274 std::vector<
OID> get_oids()
const {
return m_oids; }
282 const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
283 std::vector<std::set<Certificate_Status_Code>>& cert_status,
284 size_t pos)
override;
286 std::string oid_name()
const override
287 {
return "X509v3.CertificatePolicies"; }
289 bool should_encode()
const override {
return (m_oids.size() > 0); }
290 std::vector<uint8_t> encode_inner()
const override;
291 void decode_inner(
const std::vector<uint8_t>&)
override;
292 void contents_to(Data_Store&, Data_Store&)
const override;
294 std::vector<OID> m_oids;
309 m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}
315 const std::vector<std::string>
ca_issuers()
const {
return m_ca_issuers; }
318 std::string oid_name()
const override
319 {
return "PKIX.AuthorityInformationAccess"; }
321 bool should_encode()
const override {
return (!m_ocsp_responder.empty()); }
323 std::vector<uint8_t> encode_inner()
const override;
324 void decode_inner(
const std::vector<uint8_t>&)
override;
326 void contents_to(Data_Store&, Data_Store&)
const override;
328 std::string m_ocsp_responder;
329 std::vector<std::string> m_ca_issuers;
343 size_t get_crl_number()
const;
349 std::string oid_name()
const override {
return "X509v3.CRLNumber"; }
351 bool should_encode()
const override {
return m_has_value; }
352 std::vector<uint8_t> encode_inner()
const override;
353 void decode_inner(
const std::vector<uint8_t>&)
override;
354 void contents_to(Data_Store&, Data_Store&)
const override;
377 std::string oid_name()
const override {
return "X509v3.ReasonCode"; }
379 bool should_encode()
const override {
return (m_reason != UNSPECIFIED); }
380 std::vector<uint8_t> encode_inner()
const override;
381 void decode_inner(
const std::vector<uint8_t>&)
override;
382 void contents_to(Data_Store&, Data_Store&)
const override;
397 void encode_into(
class DER_Encoder&)
const override;
411 m_distribution_points(points) {}
414 {
return m_distribution_points; }
417 {
return m_crl_distribution_urls; }
423 std::string oid_name()
const override
424 {
return "X509v3.CRLDistributionPoints"; }
426 bool should_encode()
const override
427 {
return !m_distribution_points.empty(); }
429 std::vector<uint8_t> encode_inner()
const override;
430 void decode_inner(
const std::vector<uint8_t>&)
override;
431 void contents_to(Data_Store&, Data_Store&)
const override;
433 std::vector<Distribution_Point> m_distribution_points;
434 std::vector<std::string> m_crl_distribution_urls;
447 m_distribution_point(distribution_point) {}
453 {
return m_distribution_point.
point(); }
459 std::string oid_name()
const override
460 {
return "X509v3.CRLIssuingDistributionPoint"; }
462 bool should_encode()
const override {
return true; }
463 std::vector<uint8_t> encode_inner()
const override;
464 void decode_inner(
const std::vector<uint8_t>&)
override;
465 void contents_to(Data_Store&, Data_Store&)
const override;
467 CRL_Distribution_Points::Distribution_Point m_distribution_point;
478 m_oid(oid), m_critical(critical) {}
502 const std::vector<std::shared_ptr<const X509_Certificate>>&,
503 std::vector<std::set<Certificate_Status_Code>>& cert_status,
513 std::string oid_name()
const override {
return ""; }
515 bool should_encode()
const override {
return true; }
516 std::vector<uint8_t> encode_inner()
const override;
517 void decode_inner(
const std::vector<uint8_t>&)
override;
518 void contents_to(Data_Store&, Data_Store&)
const override;
522 std::vector<uint8_t> m_bytes;
Authority_Key_ID(const std::vector< uint8_t > &k)
OID oid_of() const override
Authority_Key_ID()=default
const std::vector< uint8_t > & get_key_id() const
Authority_Key_ID * copy() const override
OID oid_of() const override
Basic_Constraints(bool ca=false, size_t limit=0)
Basic_Constraints * copy() const override
const AlternativeName & point() const
CRL_Distribution_Points(const std::vector< Distribution_Point > &points)
CRL_Distribution_Points * copy() const override
CRL_Distribution_Points()=default
OID oid_of() const override
const std::vector< std::string > & crl_distribution_urls() const
const std::vector< Distribution_Point > & distribution_points() const
const AlternativeName & get_point() const
OID oid_of() const override
CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point &distribution_point)
CRL_Issuing_Distribution_Point * copy() const override
CRL_Issuing_Distribution_Point()=default
OID oid_of() const override
CRL_Code get_reason() const
CRL_ReasonCode * copy() const override
CRL_ReasonCode(CRL_Code r=UNSPECIFIED)
OID oid_of() const override
Certificate_Policies()=default
Certificate_Policies * copy() const override
const std::vector< OID > & get_policy_oids() const
Certificate_Policies(const std::vector< OID > &o)
OID oid_of() const override
OID oid_of() const override
Extended_Key_Usage()=default
Extended_Key_Usage * copy() const override
Extended_Key_Usage(const std::vector< OID > &o)
const std::vector< OID > & get_oids() const
const AlternativeName & get_alt_name() const
Issuer_Alternative_Name(const AlternativeName &name=AlternativeName())
OID oid_of() const override
Issuer_Alternative_Name * copy() const override
OID oid_of() const override
Key_Constraints get_constraints() const
Key_Usage(Key_Constraints c=NO_CONSTRAINTS)
Key_Usage * copy() const override
Name_Constraints(const NameConstraints &nc)
OID oid_of() const override
const NameConstraints & get_name_constraints() const
Name_Constraints * copy() const override
Name_Constraints()=default
Subject_Alternative_Name * copy() const override
const AlternativeName & get_alt_name() const
OID oid_of() const override
Subject_Alternative_Name(const AlternativeName &name=AlternativeName())
OID oid_of() const override
Subject_Key_ID * copy() const override
Subject_Key_ID(const std::vector< uint8_t > &k)
const std::vector< uint8_t > & get_key_id() const
OID oid_of() const override
Unknown_Extension(const OID &oid, bool critical)
Unknown_Extension * copy() const override
const std::vector< uint8_t > & extension_contents() const
void validate(const X509_Certificate &, const X509_Certificate &, const std::vector< std::shared_ptr< const X509_Certificate > > &, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override
bool is_critical_extension() const
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
@ UNKNOWN_CRITICAL_EXTENSION