Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::Extensions Class Reference

#include <x509_ext.h>

Inheritance diagram for Botan::Extensions:
Botan::ASN1_Object

Public Member Functions

void add (Certificate_Extension *extn, bool critical=false)
 
void contents_to (Data_Store &, Data_Store &) const
 
void decode_from (class BER_Decoder &) override
 
void encode_into (class DER_Encoder &) const override
 
std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > extensions () const
 
 Extensions (const Extensions &)
 
 Extensions (bool st=true)
 
std::map< OID, std::pair< std::vector< uint8_t >, bool > > extensions_raw () const
 
std::unique_ptr< Certificate_Extensionget (const OID &oid) const
 
template<typename T >
std::unique_ptr< T > get_raw (const OID &oid)
 
Extensionsoperator= (const Extensions &)
 
void replace (Certificate_Extension *extn, bool critical=false)
 

Detailed Description

X.509 Certificate Extension List

Definition at line 86 of file x509_ext.h.

Constructor & Destructor Documentation

Botan::Extensions::Extensions ( const Extensions extensions)

Definition at line 50 of file x509_ext.cpp.

References extensions().

50  : ASN1_Object()
51  {
52  *this = extensions;
53  }
std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > extensions() const
Definition: x509_ext.cpp:139
ASN1_Object()=default
Botan::Extensions::Extensions ( bool  st = true)
inlineexplicit
Parameters
stwhether to throw an exception when encountering an unknown extension type during decoding

Definition at line 165 of file x509_ext.h.

165 : m_throw_on_unknown_critical(st) {}

Member Function Documentation

void Botan::Extensions::add ( Certificate_Extension extn,
bool  critical = false 
)

Adds a new extension to the list.

Parameters
extnthe certificate extension
criticalwhether this extension should be marked as critical
Exceptions
Invalid_Argumentif the extension is already present in the list

Definition at line 91 of file x509_ext.cpp.

References Botan::Certificate_Extension::encode_inner(), Botan::Certificate_Extension::oid_name(), and Botan::Certificate_Extension::oid_of().

Referenced by Botan::X509::create_cert_req(), Botan::X509::create_self_signed_cert(), and Botan::CRL_Entry::encode_into().

92  {
93  // sanity check: we don't want to have the same extension more than once
94  for(const auto& ext : m_extensions)
95  {
96  if(ext.first->oid_of() == extn->oid_of())
97  {
98  throw Invalid_Argument(extn->oid_name() + " extension already present");
99  }
100  }
101 
102  if(m_extensions_raw.count(extn->oid_of()) > 0)
103  {
104  throw Invalid_Argument(extn->oid_name() + " extension already present");
105  }
106 
107  m_extensions.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(extn), critical));
108  m_extensions_raw.emplace(extn->oid_of(), std::make_pair(extn->encode_inner(), critical));
109  }
void Botan::Extensions::contents_to ( Data_Store subject_info,
Data_Store issuer_info 
) const

Definition at line 254 of file x509_ext.cpp.

References Botan::Data_Store::add().

Referenced by Botan::CRL_Entry::decode_from().

256  {
257  for(size_t i = 0; i != m_extensions.size(); ++i)
258  {
259  m_extensions[i].first->contents_to(subject_info, issuer_info);
260  subject_info.add(m_extensions[i].first->oid_name() + ".is_critical", (m_extensions[i].second ? 1 : 0));
261  }
262  }
void Botan::Extensions::decode_from ( class BER_Decoder from)
overridevirtual

Decode whatever this object is from from

Parameters
fromthe BER_Decoder that will be read from

Implements Botan::ASN1_Object.

Definition at line 205 of file x509_ext.cpp.

References Botan::OID::as_string(), Botan::BOOLEAN, Botan::BER_Decoder::decode(), Botan::BER_Decoder::decode_optional(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::more_items(), Botan::OCTET_STRING, Botan::SEQUENCE, Botan::BER_Decoder::start_cons(), Botan::UNIVERSAL, and Botan::BER_Decoder::verify_end().

206  {
207  m_extensions.clear();
208  m_extensions_raw.clear();
209 
210  BER_Decoder sequence = from_source.start_cons(SEQUENCE);
211 
212  while(sequence.more_items())
213  {
214  OID oid;
215  std::vector<uint8_t> value;
216  bool critical;
217 
218  sequence.start_cons(SEQUENCE)
219  .decode(oid)
220  .decode_optional(critical, BOOLEAN, UNIVERSAL, false)
221  .decode(value, OCTET_STRING)
222  .end_cons();
223 
224  m_extensions_raw.emplace(oid, std::make_pair(value, critical));
225 
226  std::unique_ptr<Certificate_Extension> ext(create_extension(oid, critical));
227 
228  if(!ext && critical && m_throw_on_unknown_critical)
229  throw Decoding_Error("Encountered unknown X.509 extension marked "
230  "as critical; OID = " + oid.as_string());
231 
232  if(ext)
233  {
234  try
235  {
236  ext->decode_inner(value);
237  }
238  catch(std::exception& e)
239  {
240  throw Decoding_Error("Exception while decoding extension " +
241  oid.as_string() + ": " + e.what());
242  }
243 
244  m_extensions.push_back(std::make_pair(std::move(ext), critical));
245  }
246  }
247 
248  sequence.verify_end();
249  }
void Botan::Extensions::encode_into ( class DER_Encoder to) const
overridevirtual

Encode whatever this object is into to

Parameters
tothe DER_Encoder that will be written to

Implements Botan::ASN1_Object.

Definition at line 157 of file x509_ext.cpp.

References Botan::DER_Encoder::encode(), Botan::Certificate_Extension::encode_inner(), Botan::DER_Encoder::encode_optional(), Botan::DER_Encoder::end_cons(), Botan::OCTET_STRING, Botan::Certificate_Extension::oid_of(), Botan::SEQUENCE, Botan::Certificate_Extension::should_encode(), and Botan::DER_Encoder::start_cons().

158  {
159  // encode any known extensions
160  for(size_t i = 0; i != m_extensions.size(); ++i)
161  {
162  const Certificate_Extension* ext = m_extensions[i].first.get();
163  const bool is_critical = m_extensions[i].second;
164 
165  const bool should_encode = ext->should_encode();
166 
167  if(should_encode)
168  {
169  to_object.start_cons(SEQUENCE)
170  .encode(ext->oid_of())
171  .encode_optional(is_critical, false)
172  .encode(ext->encode_inner(), OCTET_STRING)
173  .end_cons();
174  }
175  }
176 
177  // encode any unknown extensions
178  for(const auto& ext_raw : m_extensions_raw)
179  {
180  const bool is_critical = ext_raw.second.second;
181  const OID oid = ext_raw.first;
182  const std::vector<uint8_t> value = ext_raw.second.first;
183 
184  auto pos = std::find_if(std::begin(m_extensions), std::end(m_extensions),
185  [&oid](const std::pair<std::unique_ptr<Certificate_Extension>, bool>& ext) -> bool
186  {
187  return ext.first->oid_of() == oid;
188  });
189 
190  if(pos == std::end(m_extensions))
191  {
192  // not found in m_extensions, must be unknown
193  to_object.start_cons(SEQUENCE)
194  .encode(oid)
195  .encode_optional(is_critical, false)
196  .encode(value, OCTET_STRING)
197  .end_cons();
198  }
199  }
200  }
std::vector< std::pair< std::unique_ptr< Certificate_Extension >, bool > > Botan::Extensions::extensions ( ) const

Returns the list of extensions together with the corresponding criticality flag. Only contains the known extensions types declared in this header.

Definition at line 139 of file x509_ext.cpp.

Referenced by Botan::PKIX::check_chain(), and Extensions().

140  {
141  std::vector<std::pair<std::unique_ptr<Certificate_Extension>, bool>> exts;
142  for(auto& ext : m_extensions)
143  {
144  exts.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(ext.first->copy()), ext.second));
145  }
146  return exts;
147  }
std::map< OID, std::pair< std::vector< uint8_t >, bool > > Botan::Extensions::extensions_raw ( ) const

Returns the list of extensions as raw, encoded bytes together with the corresponding criticality flag. Contains all extensions, known as well as unknown extensions.

Definition at line 149 of file x509_ext.cpp.

150  {
151  return m_extensions_raw;
152  }
std::unique_ptr< Certificate_Extension > Botan::Extensions::get ( const OID oid) const

Searches for an extension by OID and returns the result. Only the known extensions types declared in this header are searched for by this function.

Returns
Pointer to extension with oid, nullptr if not found.

Definition at line 126 of file x509_ext.cpp.

Referenced by Botan::PKCS10_Request::constraints(), Botan::PKCS10_Request::ex_constraints(), Botan::PKCS10_Request::is_CA(), and Botan::PKCS10_Request::path_limit().

127  {
128  for(auto& ext : m_extensions)
129  {
130  if(ext.first->oid_of() == oid)
131  {
132  return std::unique_ptr<Certificate_Extension>(ext.first->copy());
133  }
134  }
135 
136  return nullptr;
137  }
template<typename T >
std::unique_ptr<T> Botan::Extensions::get_raw ( const OID oid)
inline

Searches for an extension by OID and returns the result. Only the unknown extensions, that is, extensions types that are not declared in this header, are searched for by this function.

Returns
Pointer to extension with oid, nullptr if not found.

Definition at line 124 of file x509_ext.h.

References Botan::OID::as_string().

125  {
126  try
127  {
128  if(m_extensions_raw.count(oid) > 0)
129  {
130  std::unique_ptr<T> ext(new T);
131  ext->decode_inner(m_extensions_raw[oid].first);
132  return std::move(ext);
133  }
134  }
135  catch(std::exception& e)
136  {
137  throw Decoding_Error("Exception while decoding extension " +
138  oid.as_string() + ": " + e.what());
139  }
140  return nullptr;
141  }
Extensions & Botan::Extensions::operator= ( const Extensions other)

Definition at line 58 of file x509_ext.cpp.

59  {
60  m_extensions.clear();
61 
62  for(size_t i = 0; i != other.m_extensions.size(); ++i)
63  m_extensions.push_back(
64  std::make_pair(std::unique_ptr<Certificate_Extension>(other.m_extensions[i].first->copy()),
65  other.m_extensions[i].second));
66 
67  m_extensions_raw = other.m_extensions_raw;
68  m_throw_on_unknown_critical = other.m_throw_on_unknown_critical;
69 
70  return (*this);
71  }
void Botan::Extensions::replace ( Certificate_Extension extn,
bool  critical = false 
)

Adds an extension to the list or replaces it.

Parameters
extnthe certificate extension
criticalwhether this extension should be marked as critical

Definition at line 111 of file x509_ext.cpp.

References Botan::Certificate_Extension::encode_inner(), and Botan::Certificate_Extension::oid_of().

Referenced by Botan::X509_CA::sign_request().

112  {
113  for(auto it = m_extensions.begin(); it != m_extensions.end(); ++it)
114  {
115  if(it->first->oid_of() == extn->oid_of())
116  {
117  m_extensions.erase(it);
118  break;
119  }
120  }
121 
122  m_extensions.push_back(std::make_pair(std::unique_ptr<Certificate_Extension>(extn), critical));
123  m_extensions_raw[extn->oid_of()] = std::make_pair(extn->encode_inner(), critical);
124  }

The documentation for this class was generated from the following files: