8 #include <botan/name_constraint.h>
9 #include <botan/ber_dec.h>
10 #include <botan/der_enc.h>
11 #include <botan/charset.h>
12 #include <botan/loadstor.h>
13 #include <botan/x509_dn.h>
14 #include <botan/x509cert.h>
21 size_t p = str.find(
':');
23 if(p != std::string::npos)
25 m_type = str.substr(0, p);
26 m_name = str.substr(p + 1, std::string::npos);
44 throw Decoding_Error(
"Invalid class tag while decoding GeneralName");
48 if(tag == 1 || tag == 2 || tag == 6)
68 std::multimap<std::string, std::string> nam;
80 if(obj.
value.size() == 8)
82 const std::vector<uint8_t> ip(obj.
value.begin(), obj.
value.begin() + 4);
83 const std::vector<uint8_t> net(obj.
value.begin() + 4, obj.
value.end());
87 else if(obj.
value.size() == 32)
105 std::vector<std::string> nam;
106 std::function<bool(const GeneralName*, const std::string&)> match_fn;
110 match_fn = std::mem_fn(&GeneralName::matches_dns);
118 else if(
type() ==
"DN")
120 match_fn = std::mem_fn(&GeneralName::matches_dn);
122 std::stringstream ss;
124 nam.push_back(ss.str());
126 else if(
type() ==
"IP")
128 match_fn = std::mem_fn(&GeneralName::matches_ip);
133 return MatchResult::UnknownType;
138 return MatchResult::NotFound;
144 for(
const std::string& n: nam)
146 bool m = match_fn(
this, n);
154 return MatchResult::All;
158 return MatchResult::Some;
162 return MatchResult::None;
166 bool GeneralName::matches_dns(
const std::string& nam)
const
168 if(nam.size() ==
name().size())
170 return nam ==
name();
172 else if(
name().size() > nam.size())
178 std::string constr =
name().front() ==
'.' ?
name() :
"." +
name();
180 return constr == nam.substr(nam.size() - constr.size(), constr.size());
184 bool GeneralName::matches_dn(
const std::string& nam)
const
186 std::stringstream ss(nam);
187 std::stringstream tt(
name());
188 X509_DN nam_dn, my_dn;
193 auto attr = nam_dn.get_attributes();
197 for(
const std::pair<OID,std::string>& c: my_dn.get_attributes())
199 auto i = attr.equal_range(c.first);
201 if(i.first != i.second)
204 ret &= i.first->second == c.second;
208 return trys > 0 && ret;
211 bool GeneralName::matches_ip(
const std::string& nam)
const
217 throw Decoding_Error(
"failed to parse IPv4 address");
222 return (ip & mask) == net;
227 os << gn.
type() <<
":" << gn.
name();
234 size_t min = std::stoull(str, &p0, 10);
235 size_t max = std::stoull(str.substr(p0 + 1), &p1, 10);
void decode_from(class BER_Decoder &) override
MatchResult matches(const X509_Certificate &cert) const
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
std::ostream & operator<<(std::ostream &out, const X509_DN &dn)
std::vector< std::string > split_on(const std::string &str, char delim)
BER_Decoder & decode(bool &v)
std::string to_string(const BER_Object &obj)
std::string ipv4_to_string(uint32_t ip)
void decode_from(class BER_Decoder &) override
void encode_into(class DER_Encoder &) const override
BER_Decoder & decode_optional(T &out, ASN1_Tag type_tag, ASN1_Tag class_tag, const T &default_value=T())
secure_vector< uint8_t > value
std::string transcode(const std::string &str, Character_Set to, Character_Set from)
void encode_into(class DER_Encoder &) const override
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
A single Name Constraint.
const std::string & name() const
BER_Object get_next_object()
const std::string & type() const
void decode_from(class BER_Decoder &) override
std::vector< std::string > subject_info(const std::string &name) const
uint32_t string_to_ipv4(const std::string &str)
X509_DN subject_dn() const