x509cert.cpp

Go to the documentation of this file.

/*
* X.509 Certificates
* (C) 1999-2010,2015,2017 Jack Lloyd
* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
 
#include <botan/x509cert.h>
#include <botan/x509_key.h>
#include <botan/pk_keys.h>
#include <botan/x509_ext.h>
#include <botan/ber_dec.h>
#include <botan/internal/parsing.h>
#include <botan/bigint.h>
#include <botan/hash.h>
#include <botan/hex.h>
#include <algorithm>
#include <sstream>
 
namespace Botan {
 
struct X509_Certificate_Data
   {
   std::vector<uint8_t> m_serial;
   AlgorithmIdentifier m_sig_algo_inner;
   X509_DN m_issuer_dn;
   X509_DN m_subject_dn;
   std::vector<uint8_t> m_issuer_dn_bits;
   std::vector<uint8_t> m_subject_dn_bits;
   X509_Time m_not_before;
   X509_Time m_not_after;
   std::vector<uint8_t> m_subject_public_key_bits;
   std::vector<uint8_t> m_subject_public_key_bits_seq;
   std::vector<uint8_t> m_subject_public_key_bitstring;
   std::vector<uint8_t> m_subject_public_key_bitstring_sha1;
   AlgorithmIdentifier m_subject_public_key_algid;
 
   std::vector<uint8_t> m_v2_issuer_key_id;
   std::vector<uint8_t> m_v2_subject_key_id;
   Extensions m_v3_extensions;
 
   std::vector<OID> m_extended_key_usage;
   std::vector<uint8_t> m_authority_key_id;
   std::vector<uint8_t> m_subject_key_id;
   std::vector<OID> m_cert_policies;
 
   std::vector<std::string> m_crl_distribution_points;
   std::string m_ocsp_responder;
   std::vector<std::string> m_ca_issuers;
 
   std::vector<uint8_t> m_issuer_dn_bits_sha256;
   std::vector<uint8_t> m_subject_dn_bits_sha256;
 
   std::string m_fingerprint_sha1;
   std::string m_fingerprint_sha256;
 
   AlternativeName m_subject_alt_name;
   AlternativeName m_issuer_alt_name;
   NameConstraints m_name_constraints;
 
   size_t m_version = 0;
   size_t m_path_len_constraint = 0;
   Key_Constraints m_key_constraints;
   bool m_self_signed = false;
   bool m_is_ca_certificate = false;
   bool m_serial_negative = false;
   };
 
std::string X509_Certificate::PEM_label() const
   {
   return "CERTIFICATE";
   }
 
std::vector<std::string> X509_Certificate::alternate_PEM_labels() const
   {
   return { "X509 CERTIFICATE" };
   }
 
X509_Certificate::X509_Certificate(DataSource& src)
   {
   load_data(src);
   }
 
X509_Certificate::X509_Certificate(const std::vector<uint8_t>& vec)
   {
   DataSource_Memory src(vec.data(), vec.size());
   load_data(src);
   }
 
X509_Certificate::X509_Certificate(const uint8_t data[], size_t len)
   {
   DataSource_Memory src(data, len);
   load_data(src);
   }
 
#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
X509_Certificate::X509_Certificate(std::string_view fsname)
   {
   DataSource_Stream src(fsname, true);
   load_data(src);
   }
#endif
 
namespace {
 
std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& obj)
   {
   auto data = std::make_unique<X509_Certificate_Data>();
 
   BigInt serial_bn;
   BER_Object public_key;
   BER_Object v3_exts_data;
 
   BER_Decoder(obj.signed_body())
      .decode_optional(data->m_version, ASN1_Type(0), ASN1_Class::Constructed | ASN1_Class::ContextSpecific)
      .decode(serial_bn)
      .decode(data->m_sig_algo_inner)
      .decode(data->m_issuer_dn)
      .start_sequence()
         .decode(data->m_not_before)
         .decode(data->m_not_after)
      .end_cons()
      .decode(data->m_subject_dn)
      .get_next(public_key)
      .decode_optional_string(data->m_v2_issuer_key_id, ASN1_Type::BitString, 1)
      .decode_optional_string(data->m_v2_subject_key_id, ASN1_Type::BitString, 2)
      .get_next(v3_exts_data)
      .verify_end("TBSCertificate has extra data after extensions block");
 
   if(data->m_version > 2)
      throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version));
   if(obj.signature_algorithm() != data->m_sig_algo_inner)
      throw Decoding_Error("X.509 Certificate had differing algorithm identifers in inner and outer ID fields");
 
   public_key.assert_is_a(ASN1_Type::Sequence, ASN1_Class::Constructed, "X.509 certificate public key");
 
   // crude method to save the serial's sign; will get lost during decoding, otherwise
   data->m_serial_negative = serial_bn.is_negative();
 
   // for general sanity convert wire version (0 based) to standards version (v1 .. v3)
   data->m_version += 1;
 
   data->m_serial = BigInt::encode(serial_bn);
   data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits());
   data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits());
 
   data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length());
 
   data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits);
 
   BER_Decoder(data->m_subject_public_key_bits)
      .decode(data->m_subject_public_key_algid)
      .decode(data->m_subject_public_key_bitstring, ASN1_Type::BitString);
 
   if(v3_exts_data.is_a(3, ASN1_Class::Constructed | ASN1_Class::ContextSpecific))
      {
      // Path validation will reject a v1/v2 cert with v3 extensions
      BER_Decoder(v3_exts_data).decode(data->m_v3_extensions).verify_end();
      }
   else if(v3_exts_data.is_set())
      {
          throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging());
      }
 
   // Now cache some fields from the extensions
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Key_Usage>())
      {
      data->m_key_constraints = ext->get_constraints();
      /*
      RFC 5280: When the keyUsage extension appears in a certificate,
      at least one of the bits MUST be set to 1.
      */
      if(data->m_key_constraints.empty())
         {
         throw Decoding_Error("Certificate has invalid encoding for KeyUsage");
         }
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Key_ID>())
      {
      data->m_subject_key_id = ext->get_key_id();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Key_ID>())
      {
      data->m_authority_key_id = ext->get_key_id();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Name_Constraints>())
      {
      data->m_name_constraints = ext->get_name_constraints();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Basic_Constraints>())
      {
      if(ext->get_is_ca() == true)
         {
         /*
         * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all
         * intermediate CA certificates they issue. Currently we accept it being
         * missing, as do most other implementations. But it may be worth
         * removing this entirely, or alternately adding a warning level
         * validation failure for it.
         */
         if(data->m_key_constraints.empty() ||
            data->m_key_constraints.includes(Key_Constraints::KeyCertSign))
            {
            data->m_is_ca_certificate = true;
            data->m_path_len_constraint = ext->get_path_limit();
            }
         }
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Issuer_Alternative_Name>())
      {
      data->m_issuer_alt_name = ext->get_alt_name();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>())
      {
      data->m_subject_alt_name = ext->get_alt_name();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Extended_Key_Usage>())
      {
      data->m_extended_key_usage = ext->object_identifiers();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Certificate_Policies>())
      {
      data->m_cert_policies = ext->get_policy_oids();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::Authority_Information_Access>())
      {
      data->m_ocsp_responder = ext->ocsp_responder();
      data->m_ca_issuers = ext->ca_issuers();
      }
 
   if(auto ext = data->m_v3_extensions.get_extension_object_as<Cert_Extension::CRL_Distribution_Points>())
      {
      data->m_crl_distribution_points = ext->crl_distribution_urls();
      }
 
   // Check for self-signed vs self-issued certificates
   if(data->m_subject_dn == data->m_issuer_dn)
      {
      if(data->m_subject_key_id.empty() == false && data->m_authority_key_id.empty() == false)
         {
         data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id);
         }
      else
         {
         /*
         If a parse error or unknown algorithm is encountered, default
         to assuming it is self signed. We have no way of being certain but
         that is usually the default case (self-issued is rare in practice).
         */
         data->m_self_signed = true;
 
         try
            {
            auto pub_key = X509::load_key(data->m_subject_public_key_bits_seq);
 
            const auto sig_status = obj.verify_signature(*pub_key);
 
            if(sig_status.first == Certificate_Status_Code::OK ||
               sig_status.first == Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN)
               {
               data->m_self_signed = true;
               }
            else
               {
               data->m_self_signed = false;
               }
            }
         catch(...)
            {
            // ignore errors here to allow parsing to continue
            }
         }
      }
 
   const std::vector<uint8_t> full_encoding = obj.BER_encode();
 
   auto sha1 = HashFunction::create("SHA-1");
   if(sha1)
      {
      sha1->update(data->m_subject_public_key_bitstring);
      data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec();
      // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called
 
      data->m_fingerprint_sha1 = create_hex_fingerprint(full_encoding, "SHA-1");
      }
 
   auto sha256 = HashFunction::create("SHA-256");
   if(sha256)
      {
      sha256->update(data->m_issuer_dn_bits);
      data->m_issuer_dn_bits_sha256 = sha256->final_stdvec();
 
      sha256->update(data->m_subject_dn_bits);
      data->m_subject_dn_bits_sha256 = sha256->final_stdvec();
 
      data->m_fingerprint_sha256 = create_hex_fingerprint(full_encoding, "SHA-256");
      }
 
   return data;
   }
 
}
 
/*
* Decode the TBSCertificate data
*/
void X509_Certificate::force_decode()
   {
   m_data.reset();
   m_data = parse_x509_cert_body(*this);
   }
 
const X509_Certificate_Data& X509_Certificate::data() const
   {
   if(m_data == nullptr)
      {
      throw Invalid_State("X509_Certificate uninitialized");
      }
   return *m_data;
   }
 
uint32_t X509_Certificate::x509_version() const
   {
   return static_cast<uint32_t>(data().m_version);
   }
 
bool X509_Certificate::is_self_signed() const
   {
   return data().m_self_signed;
   }
 
const X509_Time& X509_Certificate::not_before() const
   {
   return data().m_not_before;
   }
 
const X509_Time& X509_Certificate::not_after() const
   {
   return data().m_not_after;
   }
 
const AlgorithmIdentifier& X509_Certificate::subject_public_key_algo() const
   {
   return data().m_subject_public_key_algid;
   }
 
const std::vector<uint8_t>& X509_Certificate::v2_issuer_key_id() const
   {
   return data().m_v2_issuer_key_id;
   }
 
const std::vector<uint8_t>& X509_Certificate::v2_subject_key_id() const
   {
   return data().m_v2_subject_key_id;
   }
 
const std::vector<uint8_t>& X509_Certificate::subject_public_key_bits() const
   {
   return data().m_subject_public_key_bits;
   }
 
const std::vector<uint8_t>& X509_Certificate::subject_public_key_info() const
   {
   return data().m_subject_public_key_bits_seq;
   }
 
const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring() const
   {
   return data().m_subject_public_key_bitstring;
   }
 
const std::vector<uint8_t>& X509_Certificate::subject_public_key_bitstring_sha1() const
   {
   if(data().m_subject_public_key_bitstring_sha1.empty())
      throw Encoding_Error("X509_Certificate::subject_public_key_bitstring_sha1 called but SHA-1 disabled in build");
 
   return data().m_subject_public_key_bitstring_sha1;
   }
 
const std::vector<uint8_t>& X509_Certificate::authority_key_id() const
   {
   return data().m_authority_key_id;
   }
 
const std::vector<uint8_t>& X509_Certificate::subject_key_id() const
   {
   return data().m_subject_key_id;
   }
 
const std::vector<uint8_t>& X509_Certificate::serial_number() const
   {
   return data().m_serial;
   }
 
bool X509_Certificate::is_serial_negative() const
   {
   return data().m_serial_negative;
   }
 
 
const X509_DN& X509_Certificate::issuer_dn() const
   {
   return data().m_issuer_dn;
   }
 
const X509_DN& X509_Certificate::subject_dn() const
   {
   return data().m_subject_dn;
   }
 
const std::vector<uint8_t>& X509_Certificate::raw_issuer_dn() const
   {
   return data().m_issuer_dn_bits;
   }
 
const std::vector<uint8_t>& X509_Certificate::raw_subject_dn() const
   {
   return data().m_subject_dn_bits;
   }
 
bool X509_Certificate::is_CA_cert() const
   {
   if(data().m_version < 3 && data().m_self_signed)
      return true;
 
   return data().m_is_ca_certificate;
   }
 
uint32_t X509_Certificate::path_limit() const
   {
   if(data().m_version < 3 && data().m_self_signed)
      return 32; // in theory infinite, but this is more than enough
 
   return static_cast<uint32_t>(data().m_path_len_constraint);
   }
 
Key_Constraints X509_Certificate::constraints() const
   {
   return data().m_key_constraints;
   }
 
const std::vector<OID>& X509_Certificate::extended_key_usage() const
   {
   return data().m_extended_key_usage;
   }
 
const std::vector<OID>& X509_Certificate::certificate_policy_oids() const
   {
   return data().m_cert_policies;
   }
 
const NameConstraints& X509_Certificate::name_constraints() const
   {
   return data().m_name_constraints;
   }
 
const Extensions& X509_Certificate::v3_extensions() const
   {
   return data().m_v3_extensions;
   }
 
bool X509_Certificate::has_constraints(Key_Constraints usage) const
   {
   // Unlike allowed_usage, returns false if constraints was not set
   return constraints().includes(usage);
   }
 
bool X509_Certificate::allowed_usage(Key_Constraints usage) const
   {
   if(constraints().empty())
      return true;
   return constraints().includes(usage);
   }
 
bool X509_Certificate::allowed_extended_usage(std::string_view usage) const
   {
   return allowed_extended_usage(OID::from_string(usage));
   }
 
bool X509_Certificate::allowed_extended_usage(const OID& usage) const
   {
   const std::vector<OID>& ex = extended_key_usage();
   if(ex.empty())
      return true;
 
   if(std::find(ex.begin(), ex.end(), usage) != ex.end())
      return true;
 
   return false;
   }
 
bool X509_Certificate::allowed_usage(Usage_Type usage) const
   {
   // These follow suggestions in RFC 5280 4.2.1.12
 
   switch(usage)
      {
      case Usage_Type::UNSPECIFIED:
         return true;
 
      case Usage_Type::TLS_SERVER_AUTH:
         return (allowed_usage(Key_Constraints::KeyAgreement) ||
                 allowed_usage(Key_Constraints::KeyEncipherment) ||
                 allowed_usage(Key_Constraints::DigitalSignature)) &&
            allowed_extended_usage("PKIX.ServerAuth");
 
      case Usage_Type::TLS_CLIENT_AUTH:
         return (allowed_usage(Key_Constraints::DigitalSignature) ||
                 allowed_usage(Key_Constraints::KeyAgreement)) &&
            allowed_extended_usage("PKIX.ClientAuth");
 
      case Usage_Type::OCSP_RESPONDER:
         return (allowed_usage(Key_Constraints::DigitalSignature) ||
                 allowed_usage(Key_Constraints::NonRepudiation)) &&
            has_ex_constraint("PKIX.OCSPSigning");
 
      case Usage_Type::CERTIFICATE_AUTHORITY:
         return is_CA_cert();
 
      case Usage_Type::ENCRYPTION:
         return (allowed_usage(Key_Constraints::KeyEncipherment) ||
                 allowed_usage(Key_Constraints::DataEncipherment));
      }
 
   return false;
   }
 
bool X509_Certificate::has_ex_constraint(std::string_view ex_constraint) const
   {
   return has_ex_constraint(OID::from_string(ex_constraint));
   }
 
bool X509_Certificate::has_ex_constraint(const OID& usage) const
   {
   const std::vector<OID>& ex = extended_key_usage();
   return (std::find(ex.begin(), ex.end(), usage) != ex.end());
   }
 
/*
* Return if a certificate extension is marked critical
*/
bool X509_Certificate::is_critical(std::string_view ex_name) const
   {
   return v3_extensions().critical_extension_set(OID::from_string(ex_name));
   }
 
std::string X509_Certificate::ocsp_responder() const
   {
   return data().m_ocsp_responder;
   }
 
std::vector<std::string> X509_Certificate::ca_issuers() const
   {
   return data().m_ca_issuers;
   }
 
std::string X509_Certificate::crl_distribution_point() const
   {
   // just returns the first (arbitrarily)
   if(!data().m_crl_distribution_points.empty())
      return data().m_crl_distribution_points[0];
   return "";
   }
 
const AlternativeName& X509_Certificate::subject_alt_name() const
   {
   return data().m_subject_alt_name;
   }
 
const AlternativeName& X509_Certificate::issuer_alt_name() const
   {
   return data().m_issuer_alt_name;
   }
 
/*
* Return information about the subject
*/
std::vector<std::string>
X509_Certificate::subject_info(std::string_view req) const
   {
   if(req == "Email")
      return this->subject_info("RFC822");
 
   if(subject_dn().has_field(req))
      return subject_dn().get_attribute(req);
 
   if(subject_alt_name().has_field(req))
      return subject_alt_name().get_attribute(req);
 
   return {};
   }
 
/*
* Return information about the issuer
*/
std::vector<std::string>
X509_Certificate::issuer_info(std::string_view req) const
   {
   if(issuer_dn().has_field(req))
      return issuer_dn().get_attribute(req);
 
   if(issuer_alt_name().has_field(req))
      return issuer_alt_name().get_attribute(req);
 
   return {};
   }
 
/*
* Return the public key in this certificate
*/
std::unique_ptr<Public_Key> X509_Certificate::subject_public_key() const
   {
   try
      {
      return std::unique_ptr<Public_Key>(X509::load_key(subject_public_key_info()));
      }
   catch(std::exception& e)
      {
      throw Decoding_Error("X509_Certificate::subject_public_key", e);
      }
   }
 
std::unique_ptr<Public_Key> X509_Certificate::load_subject_public_key() const
   {
   return this->subject_public_key();
   }
 
std::vector<uint8_t> X509_Certificate::raw_issuer_dn_sha256() const
   {
   if(data().m_issuer_dn_bits_sha256.empty())
      throw Encoding_Error("X509_Certificate::raw_issuer_dn_sha256 called but SHA-256 disabled in build");
   return data().m_issuer_dn_bits_sha256;
   }
 
std::vector<uint8_t> X509_Certificate::raw_subject_dn_sha256() const
   {
   if(data().m_subject_dn_bits_sha256.empty())
      throw Encoding_Error("X509_Certificate::raw_subject_dn_sha256 called but SHA-256 disabled in build");
   return data().m_subject_dn_bits_sha256;
   }
 
std::string X509_Certificate::fingerprint(std::string_view hash_name) const
   {
   /*
   * The SHA-1 and SHA-256 fingerprints are precomputed since these
   * are the most commonly used. Especially, SHA-256 fingerprints are
   * used for cycle detection during path construction.
   *
   * If SHA-1 or SHA-256 was missing at parsing time the vectors are
   * left empty in which case we fall back to create_hex_fingerprint
   * which will throw if the hash is unavailable.
   */
   if(hash_name == "SHA-256" && !data().m_fingerprint_sha256.empty())
      return data().m_fingerprint_sha256;
   else if(hash_name == "SHA-1" && !data().m_fingerprint_sha1.empty())
      return data().m_fingerprint_sha1;
   else
      return create_hex_fingerprint(this->BER_encode(), hash_name);
   }
 
bool X509_Certificate::matches_dns_name(std::string_view name) const
   {
   if(name.empty())
      return false;
 
   auto issued_names = subject_info("DNS");
 
   // Fall back to CN only if no DNS names are set (RFC 6125 sec 6.4.4)
   if(issued_names.empty())
      issued_names = subject_info("Name");
 
   for(const auto& issued_name : issued_names)
      {
      if(host_wildcard_match(issued_name, name))
         return true;
      }
 
   return false;
   }
 
/*
* Compare two certificates for equality
*/
bool X509_Certificate::operator==(const X509_Certificate& other) const
   {
   return (this->signature() == other.signature() &&
           this->signature_algorithm() == other.signature_algorithm() &&
           this->signed_body() == other.signed_body());
   }
 
bool X509_Certificate::operator<(const X509_Certificate& other) const
   {
   /* If signature values are not equal, sort by lexicographic ordering of that */
   if(this->signature() != other.signature())
      {
      return (this->signature() < other.signature());
      }
 
   // Then compare the signed contents
   return this->signed_body() < other.signed_body();
   }
 
/*
* X.509 Certificate Comparison
*/
bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
   {
   return !(cert1 == cert2);
   }
 
std::string X509_Certificate::to_string() const
   {
   std::ostringstream out;
 
   out << "Version: " << this->x509_version() << "\n";
   out << "Subject: " << subject_dn() << "\n";
   out << "Issuer: " << issuer_dn() << "\n";
   out << "Issued: " << this->not_before().readable_string() << "\n";
   out << "Expires: " << this->not_after().readable_string() << "\n";
 
   out << "Constraints:\n";
   Key_Constraints constraints = this->constraints();
   if(constraints.empty())
      out << " None\n";
   else
      {
      if(constraints.includes(Key_Constraints::DigitalSignature))
         out << "   Digital Signature\n";
      if(constraints.includes(Key_Constraints::NonRepudiation))
         out << "   Non-Repudiation\n";
      if(constraints.includes(Key_Constraints::KeyEncipherment))
         out << "   Key Encipherment\n";
      if(constraints.includes(Key_Constraints::DataEncipherment))
         out << "   Data Encipherment\n";
      if(constraints.includes(Key_Constraints::KeyAgreement))
         out << "   Key Agreement\n";
      if(constraints.includes(Key_Constraints::KeyCertSign))
         out << "   Cert Sign\n";
      if(constraints.includes(Key_Constraints::CrlSign))
         out << "   CRL Sign\n";
      if(constraints.includes(Key_Constraints::EncipherOnly))
         out << "   Encipher Only\n";
      if(constraints.includes(Key_Constraints::DecipherOnly))
         out << "   Decipher Only\n";
      }
 
   const std::vector<OID>& policies = this->certificate_policy_oids();
   if(!policies.empty())
      {
      out << "Policies: " << "\n";
      for(const auto& oid : policies)
         out << "   " << oid.to_string() << "\n";
      }
 
   const std::vector<OID>& ex_constraints = this->extended_key_usage();
   if(!ex_constraints.empty())
      {
      out << "Extended Constraints:\n";
      for(auto&& oid : ex_constraints)
         {
         out << "   " << oid.to_formatted_string() << "\n";
         }
      }
 
   const NameConstraints& name_constraints = this->name_constraints();
 
   if(!name_constraints.permitted().empty() || !name_constraints.excluded().empty())
      {
      out << "Name Constraints:\n";
 
      if(!name_constraints.permitted().empty())
         {
         out << "   Permit";
         for(const auto& st: name_constraints.permitted())
            {
            out << " " << st.base();
            }
         out << "\n";
         }
 
      if(!name_constraints.excluded().empty())
         {
         out << "   Exclude";
         for(const auto& st: name_constraints.excluded())
            {
            out << " " << st.base();
            }
         out << "\n";
         }
      }
 
   if(!ocsp_responder().empty())
      out << "OCSP responder " << ocsp_responder() << "\n";
 
   const std::vector<std::string> ca_issuers = this->ca_issuers();
   if(!ca_issuers.empty())
      {
      out << "CA Issuers:\n";
      for(const auto& ca_issuer : ca_issuers)
         out << "   URI: " << ca_issuer << "\n";
      }
 
   if(!crl_distribution_point().empty())
      out << "CRL " << crl_distribution_point() << "\n";
 
   out << "Signature algorithm: " << this->signature_algorithm().oid().to_formatted_string() << "\n";
 
   out << "Serial number: " << hex_encode(this->serial_number()) << "\n";
 
   if(!this->authority_key_id().empty())
     out << "Authority keyid: " << hex_encode(this->authority_key_id()) << "\n";
 
   if(!this->subject_key_id().empty())
     out << "Subject keyid: " << hex_encode(this->subject_key_id()) << "\n";
 
   try
      {
      auto pubkey = this->subject_public_key();
      out << "Public Key [" << pubkey->algo_name() << "-" << pubkey->key_length() << "]\n\n";
      out << X509::PEM_encode(*pubkey);
      }
   catch(Decoding_Error&)
      {
      const AlgorithmIdentifier& alg_id = this->subject_public_key_algo();
      out << "Failed to decode key with oid " << alg_id.oid().to_string() << "\n";
      }
 
   return out.str();
   }
 
}