8 #ifndef BOTAN_X509_EXTENSIONS_H__
9 #define BOTAN_X509_EXTENSIONS_H__
11 #include <botan/asn1_obj.h>
12 #include <botan/asn1_oid.h>
13 #include <botan/asn1_alt_name.h>
14 #include <botan/cert_status.h>
15 #include <botan/datastor.h>
16 #include <botan/name_constraint.h>
17 #include <botan/key_constraint.h>
18 #include <botan/crl_ent.h>
22 class X509_Certificate;
33 virtual OID oid_of()
const;
53 virtual std::string oid_name()
const = 0;
71 const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
72 std::vector<std::set<Certificate_Status_Code>>& cert_status,
79 virtual std::vector<uint8_t> encode_inner()
const = 0;
80 virtual void decode_inner(
const std::vector<uint8_t>&) = 0;
89 void encode_into(
class DER_Encoder&)
const override;
114 std::unique_ptr<Certificate_Extension>
get(
const OID& oid)
const;
128 if(m_extensions_raw.count(oid) > 0)
130 std::unique_ptr<T> ext(
new T);
131 ext->decode_inner(m_extensions_raw[oid].first);
132 return std::move(ext);
135 catch(std::exception& e)
148 std::vector<std::pair<std::unique_ptr<Certificate_Extension>,
bool>> extensions()
const;
155 std::map<OID, std::pair<std::vector<uint8_t>,
bool>> extensions_raw()
const;
165 explicit Extensions(
bool st =
true) : m_throw_on_unknown_critical(st) {}
170 std::vector<std::pair<std::unique_ptr<Certificate_Extension>,
bool>> m_extensions;
171 bool m_throw_on_unknown_critical;
172 std::map<OID, std::pair<std::vector<uint8_t>,
bool>> m_extensions_raw;
175 namespace Cert_Extension {
177 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
189 m_is_ca(ca), m_path_limit(limit) {}
192 size_t get_path_limit()
const;
195 std::string oid_name()
const override
196 {
return "X509v3.BasicConstraints"; }
198 std::vector<uint8_t> encode_inner()
const override;
199 void decode_inner(
const std::vector<uint8_t>&)
override;
219 std::string oid_name()
const override {
return "X509v3.KeyUsage"; }
221 bool should_encode()
const override
223 std::vector<uint8_t> encode_inner()
const override;
224 void decode_inner(
const std::vector<uint8_t>&)
override;
225 void contents_to(Data_Store&, Data_Store&)
const override;
244 std::string oid_name()
const override
245 {
return "X509v3.SubjectKeyIdentifier"; }
247 bool should_encode()
const override {
return (m_key_id.size() > 0); }
248 std::vector<uint8_t> encode_inner()
const override;
249 void decode_inner(
const std::vector<uint8_t>&)
override;
250 void contents_to(Data_Store&, Data_Store&)
const override;
252 std::vector<uint8_t> m_key_id;
270 std::string oid_name()
const override
271 {
return "X509v3.AuthorityKeyIdentifier"; }
273 bool should_encode()
const override {
return (m_key_id.size() > 0); }
274 std::vector<uint8_t> encode_inner()
const override;
275 void decode_inner(
const std::vector<uint8_t>&)
override;
276 void contents_to(Data_Store&, Data_Store&)
const override;
278 std::vector<uint8_t> m_key_id;
295 std::string oid_name()
const override {
return m_oid_name_str; }
297 bool should_encode()
const override {
return m_alt_name.has_items(); }
298 std::vector<uint8_t> encode_inner()
const override;
299 void decode_inner(
const std::vector<uint8_t>&)
override;
300 void contents_to(Data_Store&, Data_Store&)
const override;
302 std::string m_oid_name_str;
303 AlternativeName m_alt_name;
342 std::vector<OID>
get_oids()
const {
return m_oids; }
345 std::string oid_name()
const override
346 {
return "X509v3.ExtendedKeyUsage"; }
348 bool should_encode()
const override {
return (m_oids.size() > 0); }
349 std::vector<uint8_t> encode_inner()
const override;
350 void decode_inner(
const std::vector<uint8_t>&)
override;
351 void contents_to(Data_Store&, Data_Store&)
const override;
353 std::vector<OID> m_oids;
369 const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
370 std::vector<std::set<Certificate_Status_Code>>& cert_status,
371 size_t pos)
override;
374 std::string oid_name()
const override
375 {
return "X509v3.NameConstraints"; }
377 bool should_encode()
const override {
return true; }
378 std::vector<uint8_t> encode_inner()
const override;
379 void decode_inner(
const std::vector<uint8_t>&)
override;
380 void contents_to(Data_Store&, Data_Store&)
const override;
382 NameConstraints m_name_constraints;
397 std::vector<OID>
get_oids()
const {
return m_oids; }
400 std::string oid_name()
const override
401 {
return "X509v3.CertificatePolicies"; }
403 bool should_encode()
const override {
return (m_oids.size() > 0); }
404 std::vector<uint8_t> encode_inner()
const override;
405 void decode_inner(
const std::vector<uint8_t>&)
override;
406 void contents_to(Data_Store&, Data_Store&)
const override;
408 std::vector<OID> m_oids;
420 m_ocsp_responder(ocsp) {}
423 std::string oid_name()
const override
424 {
return "PKIX.AuthorityInformationAccess"; }
426 bool should_encode()
const override {
return (!m_ocsp_responder.empty()); }
428 std::vector<uint8_t> encode_inner()
const override;
429 void decode_inner(
const std::vector<uint8_t>&)
override;
431 void contents_to(Data_Store&, Data_Store&)
const override;
433 std::string m_ocsp_responder;
447 size_t get_crl_number()
const;
450 std::string oid_name()
const override {
return "X509v3.CRLNumber"; }
452 bool should_encode()
const override {
return m_has_value; }
453 std::vector<uint8_t> encode_inner()
const override;
454 void decode_inner(
const std::vector<uint8_t>&)
override;
455 void contents_to(Data_Store&, Data_Store&)
const override;
475 std::string oid_name()
const override {
return "X509v3.ReasonCode"; }
477 bool should_encode()
const override {
return (m_reason != UNSPECIFIED); }
478 std::vector<uint8_t> encode_inner()
const override;
479 void decode_inner(
const std::vector<uint8_t>&)
override;
480 void contents_to(Data_Store&, Data_Store&)
const override;
494 void encode_into(
class DER_Encoder&)
const override;
508 m_distribution_points(points) {}
511 {
return m_distribution_points; }
514 std::string oid_name()
const override
515 {
return "X509v3.CRLDistributionPoints"; }
517 bool should_encode()
const override
518 {
return !m_distribution_points.empty(); }
520 std::vector<uint8_t> encode_inner()
const override;
521 void decode_inner(
const std::vector<uint8_t>&)
override;
522 void contents_to(Data_Store&, Data_Store&)
const override;
524 std::vector<Distribution_Point> m_distribution_points;
543 const std::vector<std::shared_ptr<const X509_Certificate>>&,
544 std::vector<std::set<Certificate_Status_Code>>& cert_status,
551 std::string oid_name()
const override
552 {
return "Unknown OID name"; }
554 bool should_encode()
const override {
return false; }
555 std::vector<uint8_t> encode_inner()
const override;
556 void decode_inner(
const std::vector<uint8_t>&)
override;
557 void contents_to(Data_Store&, Data_Store&)
const override;
CRL_Distribution_Points * copy() const override
std::vector< uint8_t > get_key_id() const
std::vector< uint8_t > get_key_id() const
Key_Usage * copy() const override
const AlternativeName & point() const
Key_Constraints get_constraints() const
CRL_Code get_reason() const
void validate(const X509_Certificate &, const X509_Certificate &, const std::vector< std::shared_ptr< const X509_Certificate >> &, std::vector< std::set< Certificate_Status_Code >> &cert_status, size_t pos) override
Subject_Alternative_Name * copy() const override
Authority_Key_ID(const std::vector< uint8_t > &k)
Certificate_Policies(const std::vector< OID > &o)
Basic_Constraints(bool ca=false, size_t limit=0)
std::vector< OID > get_oids() const
OID oid_of() const override
CRL_ReasonCode * copy() const override
Name_Constraints * copy() const override
CRL_Distribution_Points(const std::vector< Distribution_Point > &points)
virtual bool should_encode() const
Basic_Constraints * copy() const override
std::vector< OID > get_oids() const
std::vector< Distribution_Point > distribution_points() const
Extended_Key_Usage(const std::vector< OID > &o)
Name_Constraints(const NameConstraints &nc)
AlternativeName get_alt_name() const
std::string as_string() const
Key_Usage(Key_Constraints c=NO_CONSTRAINTS)
std::unique_ptr< T > get_raw(const OID &oid)
Issuer_Alternative_Name * copy() const override
CRL_ReasonCode(CRL_Code r=UNSPECIFIED)
Extended_Key_Usage * copy() const override
Unknown_Critical_Extension * copy() const override
Unknown_Critical_Extension(OID oid)
Authority_Key_ID * copy() const override
Subject_Key_ID * copy() const override
Certificate_Policies * copy() const override