Botan  2.0.1
Crypto and TLS for C++11
x509cert.cpp
Go to the documentation of this file.
1 /*
2 * X.509 Certificates
3 * (C) 1999-2010,2015 Jack Lloyd
4 * (C) 2016 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/x509cert.h>
10 #include <botan/x509_ext.h>
11 #include <botan/der_enc.h>
12 #include <botan/ber_dec.h>
13 #include <botan/internal/stl_util.h>
14 #include <botan/parsing.h>
15 #include <botan/bigint.h>
16 #include <botan/oids.h>
17 #include <botan/pem.h>
18 #include <botan/hash.h>
19 #include <botan/hex.h>
20 #include <algorithm>
21 #include <iterator>
22 #include <sstream>
23 
24 namespace Botan {
25 
26 namespace {
27 
28 /*
29 * Lookup each OID in the vector
30 */
31 std::vector<std::string> lookup_oids(const std::vector<std::string>& in)
32  {
33  std::vector<std::string> out;
34 
35  for(auto i = in.begin(); i != in.end(); ++i)
36  out.push_back(OIDS::lookup(OID(*i)));
37  return out;
38  }
39 
40 }
41 
42 /*
43 * X509_Certificate Constructor
44 */
45 X509_Certificate::X509_Certificate(DataSource& in) :
46  X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"),
47  m_self_signed(false),
48  m_v3_extensions(false)
49  {
50  do_decode();
51  }
52 
53 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
54 /*
55 * X509_Certificate Constructor
56 */
57 X509_Certificate::X509_Certificate(const std::string& fsname) :
58  X509_Object(fsname, "CERTIFICATE/X509 CERTIFICATE"),
59  m_self_signed(false),
60  m_v3_extensions(false)
61  {
62  do_decode();
63  }
64 #endif
65 
66 /*
67 * X509_Certificate Constructor
68 */
69 X509_Certificate::X509_Certificate(const std::vector<uint8_t>& in) :
70  X509_Object(in, "CERTIFICATE/X509 CERTIFICATE"),
71  m_self_signed(false),
72  m_v3_extensions(false)
73  {
74  do_decode();
75  }
76 
77 /*
78 * Decode the TBSCertificate data
79 */
80 void X509_Certificate::force_decode()
81  {
82  size_t version;
83  BigInt serial_bn;
84  AlgorithmIdentifier sig_algo_inner;
85  X509_DN dn_issuer, dn_subject;
86  X509_Time start, end;
87 
88  BER_Decoder tbs_cert(m_tbs_bits);
89 
90  tbs_cert.decode_optional(version, ASN1_Tag(0),
92  .decode(serial_bn)
93  .decode(sig_algo_inner)
94  .decode(dn_issuer)
96  .decode(start)
97  .decode(end)
98  .end_cons()
99  .decode(dn_subject);
100 
101  if(version > 2)
102  throw Decoding_Error("Unknown X.509 cert version " + std::to_string(version));
103  if(m_sig_algo != sig_algo_inner)
104  throw Decoding_Error("Algorithm identifier mismatch");
105 
106 
107  m_subject.add(dn_subject.contents());
108  m_issuer.add(dn_issuer.contents());
109 
110  m_subject.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_subject.get_bits()));
111  m_issuer.add("X509.Certificate.dn_bits", ASN1::put_in_sequence(dn_issuer.get_bits()));
112 
113  BER_Object public_key = tbs_cert.get_next_object();
114  if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
115  throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key",
116  public_key.type_tag, public_key.class_tag);
117 
118  std::vector<uint8_t> v2_issuer_key_id, v2_subject_key_id;
119 
120  tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1);
121  tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2);
122 
123  BER_Object v3_exts_data = tbs_cert.get_next_object();
124  if(v3_exts_data.type_tag == 3 &&
125  v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
126  {
127  BER_Decoder(v3_exts_data.value).decode(m_v3_extensions).verify_end();
128  m_v3_extensions.contents_to(m_subject, m_issuer);
129  }
130  else if(v3_exts_data.type_tag != NO_OBJECT)
131  throw BER_Bad_Tag("Unknown tag in X.509 cert",
132  v3_exts_data.type_tag, v3_exts_data.class_tag);
133 
134  if(tbs_cert.more_items())
135  throw Decoding_Error("TBSCertificate has more items that expected");
136 
137  m_subject.add("X509.Certificate.version", static_cast<uint32_t>(version));
138  m_subject.add("X509.Certificate.serial", BigInt::encode(serial_bn));
139  m_subject.add("X509.Certificate.start", start.to_string());
140  m_subject.add("X509.Certificate.end", end.to_string());
141 
142  m_issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id);
143  m_subject.add("X509.Certificate.v2.key_id", v2_subject_key_id);
144 
145  m_subject.add("X509.Certificate.public_key", hex_encode(public_key.value));
146 
147  m_self_signed = false;
148  if(dn_subject == dn_issuer)
149  {
150  std::unique_ptr<Public_Key> pub_key(subject_public_key());
151  m_self_signed = check_signature(*pub_key);
152  }
153 
154  if(m_self_signed && version == 0)
155  {
156  m_subject.add("X509v3.BasicConstraints.is_ca", 1);
157  m_subject.add("X509v3.BasicConstraints.path_constraint", Cert_Extension::NO_CERT_PATH_LIMIT);
158  }
159 
160  if(is_CA_cert() &&
161  !m_subject.has_value("X509v3.BasicConstraints.path_constraint"))
162  {
163  const size_t limit = (x509_version() < 3) ?
164  Cert_Extension::NO_CERT_PATH_LIMIT : 0;
165 
166  m_subject.add("X509v3.BasicConstraints.path_constraint", static_cast<uint32_t>(limit));
167  }
168  }
169 
170 /*
171 * Return the X.509 version in use
172 */
174  {
175  return (m_subject.get1_uint32("X509.Certificate.version") + 1);
176  }
177 
178 /*
179 * Return the time this cert becomes valid
180 */
181 std::string X509_Certificate::start_time() const
182  {
183  return m_subject.get1("X509.Certificate.start");
184  }
185 
186 /*
187 * Return the time this cert becomes invalid
188 */
189 std::string X509_Certificate::end_time() const
190  {
191  return m_subject.get1("X509.Certificate.end");
192  }
193 
194 /*
195 * Return information about the subject
196 */
197 std::vector<std::string>
198 X509_Certificate::subject_info(const std::string& what) const
199  {
200  return m_subject.get(X509_DN::deref_info_field(what));
201  }
202 
203 /*
204 * Return information about the issuer
205 */
206 std::vector<std::string>
207 X509_Certificate::issuer_info(const std::string& what) const
208  {
209  return m_issuer.get(X509_DN::deref_info_field(what));
210  }
211 
212 /*
213 * Return the public key in this certificate
214 */
216  {
217  return X509::load_key(
219  }
220 
221 std::vector<uint8_t> X509_Certificate::subject_public_key_bits() const
222  {
223  return hex_decode(m_subject.get1("X509.Certificate.public_key"));
224  }
225 
227  {
228  // TODO: cache this
229  const std::vector<uint8_t> key_bits = subject_public_key_bits();
230 
231  AlgorithmIdentifier public_key_algid;
232  std::vector<uint8_t> public_key_bitstr;
233 
234  BER_Decoder(key_bits)
235  .decode(public_key_algid)
236  .decode(public_key_bitstr, BIT_STRING);
237 
238  return public_key_bitstr;
239  }
240 
242  {
243  // TODO: cache this value
244  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-1"));
245  hash->update(this->subject_public_key_bitstring());
246  return hash->final_stdvec();
247  }
248 
249 /*
250 * Check if the certificate is for a CA
251 */
253  {
254  if(!m_subject.get1_uint32("X509v3.BasicConstraints.is_ca"))
255  return false;
256 
258  }
259 
261  {
262  if(constraints() == NO_CONSTRAINTS)
263  return true;
264  return ((constraints() & usage) == usage);
265  }
266 
267 bool X509_Certificate::allowed_extended_usage(const std::string& usage) const
268  {
269  const std::vector<std::string> ex = ex_constraints();
270 
271  if(ex.empty())
272  return true;
273 
274  if(std::find(ex.begin(), ex.end(), usage) != ex.end())
275  return true;
276 
277  return false;
278  }
279 
281  {
282  // These follow suggestions in RFC 5280 4.2.1.12
283 
284  switch(usage)
285  {
287  return true;
288 
291 
294 
297 
299  return is_CA_cert();
300  }
301 
302  return false;
303  }
304 
306  {
307  if(this->constraints() == NO_CONSTRAINTS)
308  {
309  return false;
310  }
311 
312  return ((this->constraints() & constraints) != 0);
313  }
314 
315 bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const
316  {
317  const std::vector<std::string> ex = ex_constraints();
318 
319  if(ex.empty())
320  {
321  return false;
322  }
323 
324  if(std::find(ex.begin(), ex.end(), ex_constraint) != ex.end())
325  {
326  return true;
327  }
328 
329  return false;
330  }
331 
332 /*
333 * Return the path length constraint
334 */
336  {
337  return m_subject.get1_uint32("X509v3.BasicConstraints.path_constraint", 0);
338  }
339 
340 /*
341 * Return if a certificate extension is marked critical
342 */
343 bool X509_Certificate::is_critical(const std::string& ex_name) const
344  {
345  return !!m_subject.get1_uint32(ex_name + ".is_critical",0);
346  }
347 
348 /*
349 * Return the key usage constraints
350 */
352  {
353  return Key_Constraints(m_subject.get1_uint32("X509v3.KeyUsage",
354  NO_CONSTRAINTS));
355  }
356 
357 /*
358 * Return the list of extended key usage OIDs
359 */
360 std::vector<std::string> X509_Certificate::ex_constraints() const
361  {
362  return lookup_oids(m_subject.get("X509v3.ExtendedKeyUsage"));
363  }
364 
365 /*
366 * Return the name constraints
367 */
369  {
370  std::vector<GeneralSubtree> permit, exclude;
371 
372  for(const std::string& v: m_subject.get("X509v3.NameConstraints.permitted"))
373  {
374  permit.push_back(GeneralSubtree(v));
375  }
376 
377  for(const std::string& v: m_subject.get("X509v3.NameConstraints.excluded"))
378  {
379  exclude.push_back(GeneralSubtree(v));
380  }
381 
382  return NameConstraints(std::move(permit),std::move(exclude));
383  }
384 
385 /*
386 * Return the list of certificate policies
387 */
388 std::vector<std::string> X509_Certificate::policies() const
389  {
390  return lookup_oids(m_subject.get("X509v3.CertificatePolicies"));
391  }
392 
394  {
395  return m_v3_extensions;
396  }
397 
399  {
400  return m_subject.get1("OCSP.responder", "");
401  }
402 
404  {
405  return m_subject.get1("CRL.DistributionPoint", "");
406  }
407 
408 /*
409 * Return the authority key id
410 */
411 std::vector<uint8_t> X509_Certificate::authority_key_id() const
412  {
413  return m_issuer.get1_memvec("X509v3.AuthorityKeyIdentifier");
414  }
415 
416 /*
417 * Return the subject key id
418 */
419 std::vector<uint8_t> X509_Certificate::subject_key_id() const
420  {
421  return m_subject.get1_memvec("X509v3.SubjectKeyIdentifier");
422  }
423 
424 /*
425 * Return the certificate serial number
426 */
427 std::vector<uint8_t> X509_Certificate::serial_number() const
428  {
429  return m_subject.get1_memvec("X509.Certificate.serial");
430  }
431 
433  {
434  return create_dn(m_issuer);
435  }
436 
437 std::vector<uint8_t> X509_Certificate::raw_issuer_dn() const
438  {
439  return m_issuer.get1_memvec("X509.Certificate.dn_bits");
440  }
441 
442 std::vector<uint8_t> X509_Certificate::raw_issuer_dn_sha256() const
443  {
444  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
445  hash->update(raw_issuer_dn());
446  return hash->final_stdvec();
447  }
448 
450  {
451  return create_dn(m_subject);
452  }
453 
454 std::vector<uint8_t> X509_Certificate::raw_subject_dn() const
455  {
456  return m_subject.get1_memvec("X509.Certificate.dn_bits");
457  }
458 
459 std::vector<uint8_t> X509_Certificate::raw_subject_dn_sha256() const
460  {
461  std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-256"));
462  hash->update(raw_subject_dn());
463  return hash->final_stdvec();
464  }
465 
466 std::string X509_Certificate::fingerprint(const std::string& hash_name) const
467  {
468  std::unique_ptr<HashFunction> hash(HashFunction::create(hash_name));
469  hash->update(this->BER_encode());
470  const auto hex_print = hex_encode(hash->final());
471 
472  std::string formatted_print;
473 
474  for(size_t i = 0; i != hex_print.size(); i += 2)
475  {
476  formatted_print.push_back(hex_print[i]);
477  formatted_print.push_back(hex_print[i+1]);
478 
479  if(i != hex_print.size() - 2)
480  formatted_print.push_back(':');
481  }
482 
483  return formatted_print;
484  }
485 
486 bool X509_Certificate::matches_dns_name(const std::string& name) const
487  {
488  if(name.empty())
489  return false;
490 
491  std::vector<std::string> issued_names = subject_info("DNS");
492 
493  // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4)
494  if(issued_names.empty())
495  issued_names = subject_info("Name");
496 
497  for(size_t i = 0; i != issued_names.size(); ++i)
498  {
499  if(host_wildcard_match(issued_names[i], name))
500  return true;
501  }
502 
503  return false;
504  }
505 
506 /*
507 * Compare two certificates for equality
508 */
510  {
511  return (m_sig == other.m_sig &&
512  m_sig_algo == other.m_sig_algo &&
513  m_self_signed == other.m_self_signed &&
514  m_issuer == other.m_issuer &&
515  m_subject == other.m_subject);
516  }
517 
519  {
520  /* If signature values are not equal, sort by lexicographic ordering of that */
521  if(m_sig != other.m_sig)
522  {
523  if(m_sig < other.m_sig)
524  return true;
525  return false;
526  }
527 
528  // Then compare the signed contents
529  return m_tbs_bits < other.m_tbs_bits;
530  }
531 
532 /*
533 * X.509 Certificate Comparison
534 */
535 bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
536  {
537  return !(cert1 == cert2);
538  }
539 
540 std::string X509_Certificate::to_string() const
541  {
542  const std::vector<std::string> dn_fields{
543  "Name",
544  "Email",
545  "Organization",
546  "Organizational Unit",
547  "Locality",
548  "State",
549  "Country",
550  "IP",
551  "DNS",
552  "URI",
553  "PKIX.XMPPAddr"
554  };
555 
556  std::ostringstream out;
557 
558  for(auto&& field : dn_fields)
559  {
560  for(auto&& val : subject_info(field))
561  {
562  out << "Subject " << field << ": " << val << "\n";
563  }
564  }
565 
566  for(auto&& field : dn_fields)
567  {
568  for(auto&& val : issuer_info(field))
569  {
570  out << "Issuer " << field << ": " << val << "\n";
571  }
572  }
573 
574  out << "Version: " << this->x509_version() << "\n";
575 
576  out << "Not valid before: " << this->start_time() << "\n";
577  out << "Not valid after: " << this->end_time() << "\n";
578 
579  out << "Constraints:\n";
581  if(constraints == NO_CONSTRAINTS)
582  out << " None\n";
583  else
584  {
585  if(constraints & DIGITAL_SIGNATURE)
586  out << " Digital Signature\n";
587  if(constraints & NON_REPUDIATION)
588  out << " Non-Repudiation\n";
589  if(constraints & KEY_ENCIPHERMENT)
590  out << " Key Encipherment\n";
591  if(constraints & DATA_ENCIPHERMENT)
592  out << " Data Encipherment\n";
593  if(constraints & KEY_AGREEMENT)
594  out << " Key Agreement\n";
595  if(constraints & KEY_CERT_SIGN)
596  out << " Cert Sign\n";
597  if(constraints & CRL_SIGN)
598  out << " CRL Sign\n";
599  if(constraints & ENCIPHER_ONLY)
600  out << " Encipher Only\n";
601  if(constraints & DECIPHER_ONLY)
602  out << " Decipher Only\n";
603  }
604 
605  std::vector<std::string> policies = this->policies();
606  if(!policies.empty())
607  {
608  out << "Policies: " << "\n";
609  for(size_t i = 0; i != policies.size(); i++)
610  out << " " << policies[i] << "\n";
611  }
612 
613  std::vector<std::string> ex_constraints = this->ex_constraints();
614  if(!ex_constraints.empty())
615  {
616  out << "Extended Constraints:\n";
617  for(size_t i = 0; i != ex_constraints.size(); i++)
618  out << " " << ex_constraints[i] << "\n";
619  }
620 
622  if(!name_constraints.permitted().empty() ||
623  !name_constraints.excluded().empty())
624  {
625  out << "Name Constraints:\n";
626 
627  if(!name_constraints.permitted().empty())
628  {
629  out << " Permit";
630  for(auto st: name_constraints.permitted())
631  {
632  out << " " << st.base();
633  }
634  out << "\n";
635  }
636 
637  if(!name_constraints.excluded().empty())
638  {
639  out << " Exclude";
640  for(auto st: name_constraints.excluded())
641  {
642  out << " " << st.base();
643  }
644  out << "\n";
645  }
646  }
647 
648  if(!ocsp_responder().empty())
649  out << "OCSP responder " << ocsp_responder() << "\n";
650  if(!crl_distribution_point().empty())
651  out << "CRL " << crl_distribution_point() << "\n";
652 
653  out << "Signature algorithm: " <<
654  OIDS::lookup(this->signature_algorithm().oid) << "\n";
655 
656  out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
657 
658  if(this->authority_key_id().size())
659  out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
660 
661  if(this->subject_key_id().size())
662  out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
663 
664  std::unique_ptr<X509_PublicKey> pubkey(this->subject_public_key());
665  out << "Public Key:\n" << X509::PEM_encode(*pubkey);
666 
667  return out.str();
668  }
669 
670 /*
671 * Create and populate a X509_DN
672 */
674  {
675  auto names = info.search_for(
676  [](const std::string& key, const std::string&)
677  {
678  return (key.find("X520.") != std::string::npos);
679  });
680 
681  X509_DN dn;
682 
683  for(auto i = names.begin(); i != names.end(); ++i)
684  dn.add_attribute(i->first, i->second);
685 
686  return dn;
687  }
688 
689 /*
690 * Create and populate an AlternativeName
691 */
693  {
694  auto names = info.search_for(
695  [](const std::string& key, const std::string&)
696  {
697  return (key == "RFC822" ||
698  key == "DNS" ||
699  key == "URI" ||
700  key == "IP");
701  });
702 
703  AlternativeName alt_name;
704 
705  for(auto i = names.begin(); i != names.end(); ++i)
706  alt_name.add_attribute(i->first, i->second);
707 
708  return alt_name;
709  }
710 
711 }
X509_DN issuer_dn() const
Definition: x509cert.cpp:432
X509_DN subject_dn() const
Definition: x509cert.cpp:449
bool allowed_usage(Key_Constraints usage) const
Definition: x509cert.cpp:260
AlgorithmIdentifier m_sig_algo
Definition: x509_obj.h:109
std::vector< std::string > ex_constraints() const
Definition: x509cert.cpp:360
bool is_critical(const std::string &ex_name) const
Definition: x509cert.cpp:343
void add_attribute(const std::string &, const std::string &)
std::vector< uint8_t > subject_public_key_bits() const
Definition: x509cert.cpp:221
std::vector< uint8_t > raw_issuer_dn_sha256() const
Definition: x509cert.cpp:442
friend class BER_Decoder
Definition: x509cert.h:315
BER_Decoder & decode_optional_string(std::vector< uint8_t, Alloc > &out, ASN1_Tag real_type, uint16_t type_no, ASN1_Tag class_tag=CONTEXT_SPECIFIC)
Definition: ber_dec.h:162
bool operator!=(const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
Definition: alg_id.cpp:82
std::string crl_distribution_point() const
Definition: x509cert.cpp:403
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:37
std::vector< std::string > issuer_info(const std::string &name) const
Definition: x509cert.cpp:207
std::vector< uint8_t > get_bits() const
Definition: x509_dn.cpp:111
std::vector< uint8_t > raw_issuer_dn() const
Definition: x509cert.cpp:437
std::vector< uint8_t > subject_public_key_bitstring() const
Definition: x509cert.cpp:226
std::string end_time() const
Definition: x509cert.cpp:189
const std::vector< GeneralSubtree > & excluded() const
bool has_value(const std::string &) const
Definition: datastor.cpp:27
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:376
void add_attribute(const std::string &, const std::string &)
Definition: x509_dn.cpp:47
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
std::vector< uint8_t > serial_number() const
Definition: x509cert.cpp:427
std::string to_string() const
Definition: x509cert.cpp:540
bool matches_dns_name(const std::string &name) const
Definition: x509cert.cpp:486
bool check_signature(const Public_Key &key) const
Definition: x509_obj.cpp:188
NameConstraints name_constraints() const
Definition: x509cert.cpp:368
std::string ocsp_responder() const
Definition: x509cert.cpp:398
uint32_t get1_uint32(const std::string &, uint32_t=0) const
Definition: datastor.cpp:109
Extensions v3_extensions() const
Definition: x509cert.cpp:393
Key_Constraints constraints() const
Definition: x509cert.cpp:351
bool operator<(const X509_Certificate &other) const
Definition: x509cert.cpp:518
std::vector< uint8_t > get1_memvec(const std::string &) const
Definition: datastor.cpp:92
X509_Object()=default
bool is_CA_cert() const
Definition: x509cert.cpp:252
std::multimap< std::string, std::string > search_for(std::function< bool(std::string, std::string)> predicate) const
Definition: datastor.cpp:35
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
Definition: ber_dec.h:213
bool has_ex_constraint(const std::string &ex_constraint) const
Definition: x509cert.cpp:315
bool has_constraints(Key_Constraints constraints) const
Returns true if the specified.
Definition: x509cert.cpp:305
uint32_t x509_version() const
Definition: x509cert.cpp:173
AlgorithmIdentifier signature_algorithm() const
Definition: x509_obj.cpp:148
std::vector< uint8_t > m_tbs_bits
Definition: x509_obj.h:110
secure_vector< uint8_t > value
Definition: asn1_obj.h:94
bool allowed_extended_usage(const std::string &usage) const
Definition: x509cert.cpp:267
BER_Decoder & end_cons()
Definition: ber_dec.cpp:272
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:673
std::vector< std::string > get(const std::string &) const
Definition: datastor.cpp:50
AlternativeName create_alt_name(const Data_Store &info)
Definition: x509cert.cpp:692
std::string lookup(const OID &oid)
Definition: oids.cpp:18
const std::vector< GeneralSubtree > & permitted() const
ASN1_Tag
Definition: asn1_obj.h:22
uint32_t path_limit() const
Definition: x509cert.cpp:335
std::string start_time() const
Definition: x509cert.cpp:181
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:93
std::vector< std::string > policies() const
Definition: x509cert.cpp:388
std::string fingerprint(const std::string &hash_name="SHA-1") const
Definition: x509cert.cpp:466
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:258
std::string PEM_encode(const Public_Key &key)
Definition: x509_key.cpp:28
Definition: alg_id.cpp:13
void contents_to(Data_Store &, Data_Store &) const
Definition: x509_ext.cpp:254
A single Name Constraint.
std::string to_string() const
Return an internal string representation of the time.
Definition: asn1_time.cpp:60
std::vector< uint8_t > BER_encode() const
Definition: x509_obj.cpp:114
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition: asn1_obj.cpp:35
BER_Object get_next_object()
Definition: ber_dec.cpp:210
ASN1_Tag class_tag
Definition: asn1_obj.h:91
ASN1_Tag type_tag
Definition: asn1_obj.h:91
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
Public_Key * subject_public_key() const
Definition: x509cert.cpp:215
std::vector< uint8_t > subject_public_key_bitstring_sha1() const
Definition: x509cert.cpp:241
std::vector< uint8_t > subject_key_id() const
Definition: x509cert.cpp:419
static std::string deref_info_field(const std::string &)
Definition: x509_dn.cpp:119
std::vector< uint8_t > raw_subject_dn() const
Definition: x509cert.cpp:454
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:14
bool host_wildcard_match(const std::string &issued, const std::string &host)
Definition: parsing.cpp:337
bool operator==(const X509_Certificate &other) const
Definition: x509cert.cpp:509
size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool ignore_ws)
Definition: hex.cpp:49
static std::vector< uint8_t > encode(const BigInt &n, Base base=Binary)
Definition: big_code.cpp:54
bool more_items() const
Definition: ber_dec.cpp:158
std::vector< std::string > subject_info(const std::string &name) const
Definition: x509cert.cpp:198
MechanismType hash
std::vector< uint8_t > m_sig
Definition: x509_obj.h:110
Usage_Type
Definition: x509cert.h:24
std::multimap< std::string, std::string > contents() const
Definition: x509_dn.cpp:85
void add(const std::multimap< std::string, std::string > &)
Definition: datastor.cpp:154
Name Constraints.
std::vector< uint8_t > authority_key_id() const
Definition: x509cert.cpp:411
std::vector< uint8_t > raw_subject_dn_sha256() const
Definition: x509cert.cpp:459