/src/botan/build/include/botan/x509_ext.h

Source (jump to first uncovered line)
/*
* X.509 Certificate Extensions
* (C) 1999-2007,2012 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_X509_EXTENSIONS_H_
#define BOTAN_X509_EXTENSIONS_H_

#include <botan/pkix_types.h>
#include <set>

namespace Botan {

class X509_Certificate;

namespace Cert_Extension {

static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;

/**
* Basic Constraints Extension
*/
class BOTAN_PUBLIC_API(2,0) Basic_Constraints final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Basic_Constraints>(m_is_ca, m_path_limit); }

      Basic_Constraints(bool ca = false, size_t limit = 0) :
         m_is_ca(ca), m_path_limit(limit) {}

      bool get_is_ca() const { return m_is_ca; }
      size_t get_path_limit() const;

      static OID static_oid() { return OID("2.5.29.19"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override
         { return "X509v3.BasicConstraints"; }

      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      bool m_is_ca;
      size_t m_path_limit;
   };

/**
* Key Usage Constraints Extension
*/
class BOTAN_PUBLIC_API(2,0) Key_Usage final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         {
         return std::make_unique<Key_Usage>(m_constraints);
         }

      explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {}

      Key_Constraints get_constraints() const { return m_constraints; }

      static OID static_oid() { return OID("2.5.29.15"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override { return "X509v3.KeyUsage"; }

      bool should_encode() const override
         { return (m_constraints != NO_CONSTRAINTS); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      Key_Constraints m_constraints;
   };

/**
* Subject Key Identifier Extension
*/
class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension
   {
   public:
      Subject_Key_ID() = default;

      explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}

      Subject_Key_ID(const std::vector<uint8_t>& public_key,
                     const std::string& hash_fn);

      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Subject_Key_ID>(m_key_id); }

      const std::vector<uint8_t>& get_key_id() const { return m_key_id; }

      static OID static_oid() { return OID("2.5.29.14"); }
      OID oid_of() const override { return static_oid(); }

   private:

      std::string oid_name() const override
         { return "X509v3.SubjectKeyIdentifier"; }

      bool should_encode() const override { return (m_key_id.size() > 0); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      std::vector<uint8_t> m_key_id;
   };

/**
* Authority Key Identifier Extension
*/
class BOTAN_PUBLIC_API(2,0) Authority_Key_ID final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Authority_Key_ID>(m_key_id); }

      Authority_Key_ID() = default;
      explicit Authority_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}

      const std::vector<uint8_t>& get_key_id() const { return m_key_id; }

      static OID static_oid() { return OID("2.5.29.35"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override
         { return "X509v3.AuthorityKeyIdentifier"; }

      bool should_encode() const override { return (m_key_id.size() > 0); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      std::vector<uint8_t> m_key_id;
   };

/**
* Subject Alternative Name Extension
*/
class BOTAN_PUBLIC_API(2,4) Subject_Alternative_Name final : public Certificate_Extension
   {
   public:
      const AlternativeName& get_alt_name() const { return m_alt_name; }

      static OID static_oid() { return OID("2.5.29.17"); }
      OID oid_of() const override { return static_oid(); }

      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Subject_Alternative_Name>(get_alt_name()); }

      explicit Subject_Alternative_Name(const AlternativeName& name = AlternativeName()) :
         m_alt_name(name) {}

   private:
      std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; }

      bool should_encode() const override { return m_alt_name.has_items(); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      AlternativeName m_alt_name;
   };

/**
* Issuer Alternative Name Extension
*/
class BOTAN_PUBLIC_API(2,0) Issuer_Alternative_Name final : public Certificate_Extension
   {
   public:
      const AlternativeName& get_alt_name() const { return m_alt_name; }

      static OID static_oid() { return OID("2.5.29.18"); }
      OID oid_of() const override { return static_oid(); }

      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Issuer_Alternative_Name>(get_alt_name()); }

      explicit Issuer_Alternative_Name(const AlternativeName& name = AlternativeName()) :
         m_alt_name(name) {}

   private:
      std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; }

      bool should_encode() const override { return m_alt_name.has_items(); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      AlternativeName m_alt_name;
   };

/**
* Extended Key Usage Extension
*/
class BOTAN_PUBLIC_API(2,0) Extended_Key_Usage final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Extended_Key_Usage>(m_oids); }

      Extended_Key_Usage() = default;
      explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {}

      const std::vector<OID>& get_oids() const { return m_oids; }

      static OID static_oid() { return OID("2.5.29.37"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; }

      bool should_encode() const override { return (m_oids.size() > 0); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      std::vector<OID> m_oids;
   };

/**
* Name Constraints
*/
class BOTAN_PUBLIC_API(2,0) Name_Constraints final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Name_Constraints>(m_name_constraints); }

      Name_Constraints() = default;
      Name_Constraints(const NameConstraints &nc) : m_name_constraints(nc) {}

      void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
            const std::vector<X509_Certificate>& cert_path,
            std::vector<std::set<Certificate_Status_Code>>& cert_status,
            size_t pos) override;

      const NameConstraints& get_name_constraints() const { return m_name_constraints; }

      static OID static_oid() { return OID("2.5.29.30"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override
         { return "X509v3.NameConstraints"; }

      bool should_encode() const override { return true; }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      NameConstraints m_name_constraints;
   };

/**
* Certificate Policies Extension
*/
class BOTAN_PUBLIC_API(2,0) Certificate_Policies final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Certificate_Policies>(m_oids); }

      Certificate_Policies() = default;
      explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {}

      const std::vector<OID>& get_policy_oids() const { return m_oids; }

      static OID static_oid() { return OID("2.5.29.32"); }
      OID oid_of() const override { return static_oid(); }

      void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
            const std::vector<X509_Certificate>& cert_path,
            std::vector<std::set<Certificate_Status_Code>>& cert_status,
            size_t pos) override;
   private:
      std::string oid_name() const override
         { return "X509v3.CertificatePolicies"; }

      bool should_encode() const override { return (m_oids.size() > 0); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      std::vector<OID> m_oids;
   };

/**
* Authority Information Access Extension
*/
class BOTAN_PUBLIC_API(2,0) Authority_Information_Access final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Authority_Information_Access>(m_ocsp_responder, m_ca_issuers); }

      Authority_Information_Access() = default;

      explicit Authority_Information_Access(const std::string& ocsp, const std::vector<std::string>& ca_issuers = std::vector<std::string>()) :
         m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}

      std::string ocsp_responder() const { return m_ocsp_responder; }

      static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); }
      OID oid_of() const override { return static_oid(); }
      const std::vector<std::string> ca_issuers() const { return m_ca_issuers; }

   private:
      std::string oid_name() const override
         { return "PKIX.AuthorityInformationAccess"; }

      bool should_encode() const override { return (!m_ocsp_responder.empty()); }

      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;


      std::string m_ocsp_responder;
      std::vector<std::string> m_ca_issuers;
   };

/**
* CRL Number Extension
*/
class BOTAN_PUBLIC_API(2,0) CRL_Number final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override;

      CRL_Number() : m_has_value(false), m_crl_number(0) {}
      CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {}

      size_t get_crl_number() const;

      static OID static_oid() { return OID("2.5.29.20"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override { return "X509v3.CRLNumber"; }

      bool should_encode() const override { return m_has_value; }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      bool m_has_value;
      size_t m_crl_number;
   };

/**
* CRL Entry Reason Code Extension
*/
class BOTAN_PUBLIC_API(2,0) CRL_ReasonCode final : public Certificate_Extension
   {
   public:
      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<CRL_ReasonCode>(m_reason); }

      explicit CRL_ReasonCode(CRL_Code r = CRL_Code::UNSPECIFIED) : m_reason(r) {}

      CRL_Code get_reason() const { return m_reason; }

      static OID static_oid() { return OID("2.5.29.21"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override { return "X509v3.ReasonCode"; }

      bool should_encode() const override { return (m_reason != CRL_Code::UNSPECIFIED); }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      CRL_Code m_reason;
   };

/**
* CRL Distribution Points Extension
* todo enforce restrictions from RFC 5280 4.2.1.13
*/
class BOTAN_PUBLIC_API(2,0) CRL_Distribution_Points final : public Certificate_Extension
   {
   public:
      class BOTAN_PUBLIC_API(2,0) Distribution_Point final : public ASN1_Object
         {
         public:
            void encode_into(class DER_Encoder&) const override;
            void decode_from(class BER_Decoder&) override;

            const AlternativeName& point() const { return m_point; }
         private:
            AlternativeName m_point;
         };

      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<CRL_Distribution_Points>(m_distribution_points); }

      CRL_Distribution_Points() = default;

      explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
         m_distribution_points(points) {}

      const std::vector<Distribution_Point>& distribution_points() const
         { return m_distribution_points; }

      const std::vector<std::string>& crl_distribution_urls() const
         { return m_crl_distribution_urls; }

      static OID static_oid() { return OID("2.5.29.31"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override
         { return "X509v3.CRLDistributionPoints"; }

      bool should_encode() const override
         { return !m_distribution_points.empty(); }

      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      std::vector<Distribution_Point> m_distribution_points;
      std::vector<std::string> m_crl_distribution_urls;
   };

/**
* CRL Issuing Distribution Point Extension
* todo enforce restrictions from RFC 5280 5.2.5
*/
class CRL_Issuing_Distribution_Point final : public Certificate_Extension
   {
   public:
      CRL_Issuing_Distribution_Point() = default;

      explicit CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point& distribution_point) :
         m_distribution_point(distribution_point) {}

      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<CRL_Issuing_Distribution_Point>(m_distribution_point); }

      const AlternativeName& get_point() const
         { return m_distribution_point.point(); }

      static OID static_oid() { return OID("2.5.29.28"); }
      OID oid_of() const override { return static_oid(); }

   private:
      std::string oid_name() const override
         { return "X509v3.CRLIssuingDistributionPoint"; }

      bool should_encode() const override { return true; }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      CRL_Distribution_Points::Distribution_Point m_distribution_point;
   };

/**
* An unknown X.509 extension
* Will add a failure to the path validation result, if critical
*/
class BOTAN_PUBLIC_API(2,4) Unknown_Extension final : public Certificate_Extension
   {
   public:
      Unknown_Extension(const OID& oid, bool critical) :
         m_oid(oid), m_critical(critical) {}

      std::unique_ptr<Certificate_Extension> copy() const override
         { return std::make_unique<Unknown_Extension>(m_oid, m_critical); }

      /**
      * Return the OID of this unknown extension
      */
      OID oid_of() const override
         { return m_oid; }

      //static_oid not defined for Unknown_Extension

      /**
      * Return the extension contents
      */
      const std::vector<uint8_t>& extension_contents() const { return m_bytes; }

      /**
      * Return if this extension was marked critical
      */
      bool is_critical_extension() const { return m_critical; }

      void validate(const X509_Certificate&, const X509_Certificate&,
            const std::vector<X509_Certificate>&,
            std::vector<std::set<Certificate_Status_Code>>& cert_status,
            size_t pos) override
         {
         if(m_critical)
            {
            cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION);
            }
         }

   private:
      std::string oid_name() const override { return ""; }

      bool should_encode() const override { return true; }
      std::vector<uint8_t> encode_inner() const override;
      void decode_inner(const std::vector<uint8_t>&) override;

      OID m_oid;
      bool m_critical;
      std::vector<uint8_t> m_bytes;
   };

}

}

#endif

Coverage Report

Created: 2021-05-04 09:02

Line	Count	Source (jump to first uncovered line)
1		/*
2		* X.509 Certificate Extensions
3		* (C) 1999-2007,2012 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#ifndef BOTAN_X509_EXTENSIONS_H_
9		#define BOTAN_X509_EXTENSIONS_H_
10
11		#include <botan/pkix_types.h>
12		#include <set>
13
14		namespace Botan {
15
16		class X509_Certificate;
17
18		namespace Cert_Extension {
19
20		static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
21
22		/**
23		* Basic Constraints Extension
24		*/
25		class BOTAN_PUBLIC_API(2,0) Basic_Constraints final : public Certificate_Extension
26		{
27		public:
28		std::unique_ptr<Certificate_Extension> copy() const override
29	0	{ return std::make_unique<Basic_Constraints>(m_is_ca, m_path_limit); }
30
31		Basic_Constraints(bool ca = false, size_t limit = 0) :
32	1.90k	m_is_ca(ca), m_path_limit(limit) {}
33
34	27	bool get_is_ca() const { return m_is_ca; }
35		size_t get_path_limit() const;
36
37	44.9k	static OID static_oid() { return OID("2.5.29.19"); }
38	0	OID oid_of() const override { return static_oid(); }
39
40		private:
41		std::string oid_name() const override
42	27	{ return "X509v3.BasicConstraints"; }
43
44		std::vector<uint8_t> encode_inner() const override;
45		void decode_inner(const std::vector<uint8_t>&) override;
46
47		bool m_is_ca;
48		size_t m_path_limit;
49		};
50
51		/**
52		* Key Usage Constraints Extension
53		*/
54		class BOTAN_PUBLIC_API(2,0) Key_Usage final : public Certificate_Extension
55		{
56		public:
57		std::unique_ptr<Certificate_Extension> copy() const override
58	0	{
59	0	return std::make_unique<Key_Usage>(m_constraints);
60	0	}
61
62	1.93k	explicit Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : m_constraints(c) {}
63
64	33	Key_Constraints get_constraints() const { return m_constraints; }
65
66	49.9k	static OID static_oid() { return OID("2.5.29.15"); }
67	0	OID oid_of() const override { return static_oid(); }
68
69		private:
70	33	std::string oid_name() const override { return "X509v3.KeyUsage"; }
71
72		bool should_encode() const override
73	0	{ return (m_constraints != NO_CONSTRAINTS); }
74		std::vector<uint8_t> encode_inner() const override;
75		void decode_inner(const std::vector<uint8_t>&) override;
76
77		Key_Constraints m_constraints;
78		};
79
80		/**
81		* Subject Key Identifier Extension
82		*/
83		class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension
84		{
85		public:
86	1.47k	Subject_Key_ID() = default;
87
88	0	explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
89
90		Subject_Key_ID(const std::vector<uint8_t>& public_key,
91		const std::string& hash_fn);
92
93		std::unique_ptr<Certificate_Extension> copy() const override
94	0	{ return std::make_unique<Subject_Key_ID>(m_key_id); }
95
96	4	const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
97
98	51.4k	static OID static_oid() { return OID("2.5.29.14"); }
99	0	OID oid_of() const override { return static_oid(); }
100
101		private:
102
103		std::string oid_name() const override
104	4	{ return "X509v3.SubjectKeyIdentifier"; }
105
106	0	bool should_encode() const override { return (m_key_id.size() > 0); }
107		std::vector<uint8_t> encode_inner() const override;
108		void decode_inner(const std::vector<uint8_t>&) override;
109
110		std::vector<uint8_t> m_key_id;
111		};
112
113		/**
114		* Authority Key Identifier Extension
115		*/
116		class BOTAN_PUBLIC_API(2,0) Authority_Key_ID final : public Certificate_Extension
117		{
118		public:
119		std::unique_ptr<Certificate_Extension> copy() const override
120	0	{ return std::make_unique<Authority_Key_ID>(m_key_id); }
121
122	756	Authority_Key_ID() = default;
123	0	explicit Authority_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {}
124
125	26	const std::vector<uint8_t>& get_key_id() const { return m_key_id; }
126
127	40.5k	static OID static_oid() { return OID("2.5.29.35"); }
128	0	OID oid_of() const override { return static_oid(); }
129
130		private:
131		std::string oid_name() const override
132	26	{ return "X509v3.AuthorityKeyIdentifier"; }
133
134	0	bool should_encode() const override { return (m_key_id.size() > 0); }
135		std::vector<uint8_t> encode_inner() const override;
136		void decode_inner(const std::vector<uint8_t>&) override;
137
138		std::vector<uint8_t> m_key_id;
139		};
140
141		/**
142		* Subject Alternative Name Extension
143		*/
144		class BOTAN_PUBLIC_API(2,4) Subject_Alternative_Name final : public Certificate_Extension
145		{
146		public:
147	115	const AlternativeName& get_alt_name() const { return m_alt_name; }
148
149	48.0k	static OID static_oid() { return OID("2.5.29.17"); }
150	0	OID oid_of() const override { return static_oid(); }
151
152		std::unique_ptr<Certificate_Extension> copy() const override
153	0	{ return std::make_unique<Subject_Alternative_Name>(get_alt_name()); }
154
155		explicit Subject_Alternative_Name(const AlternativeName& name = AlternativeName()) :
156	1.72k	m_alt_name(name) {}
157
158		private:
159	115	std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; }
160
161	0	bool should_encode() const override { return m_alt_name.has_items(); }
162		std::vector<uint8_t> encode_inner() const override;
163		void decode_inner(const std::vector<uint8_t>&) override;
164
165		AlternativeName m_alt_name;
166		};
167
168		/**
169		* Issuer Alternative Name Extension
170		*/
171		class BOTAN_PUBLIC_API(2,0) Issuer_Alternative_Name final : public Certificate_Extension
172		{
173		public:
174	42	const AlternativeName& get_alt_name() const { return m_alt_name; }
175
176	46.3k	static OID static_oid() { return OID("2.5.29.18"); }
177	0	OID oid_of() const override { return static_oid(); }
178
179		std::unique_ptr<Certificate_Extension> copy() const override
180	0	{ return std::make_unique<Issuer_Alternative_Name>(get_alt_name()); }
181
182		explicit Issuer_Alternative_Name(const AlternativeName& name = AlternativeName()) :
183	1.36k	m_alt_name(name) {}
184
185		private:
186	42	std::string oid_name() const override { return "X509v3.IssuerAlternativeName"; }
187
188	0	bool should_encode() const override { return m_alt_name.has_items(); }
189		std::vector<uint8_t> encode_inner() const override;
190		void decode_inner(const std::vector<uint8_t>&) override;
191
192		AlternativeName m_alt_name;
193		};
194
195		/**
196		* Extended Key Usage Extension
197		*/
198		class BOTAN_PUBLIC_API(2,0) Extended_Key_Usage final : public Certificate_Extension
199		{
200		public:
201		std::unique_ptr<Certificate_Extension> copy() const override
202	0	{ return std::make_unique<Extended_Key_Usage>(m_oids); }
203
204	1.36k	Extended_Key_Usage() = default;
205	0	explicit Extended_Key_Usage(const std::vector<OID>& o) : m_oids(o) {}
206
207	32	const std::vector<OID>& get_oids() const { return m_oids; }
208
209	30.1k	static OID static_oid() { return OID("2.5.29.37"); }
210	0	OID oid_of() const override { return static_oid(); }
211
212		private:
213	32	std::string oid_name() const override { return "X509v3.ExtendedKeyUsage"; }
214
215	0	bool should_encode() const override { return (m_oids.size() > 0); }
216		std::vector<uint8_t> encode_inner() const override;
217		void decode_inner(const std::vector<uint8_t>&) override;
218
219		std::vector<OID> m_oids;
220		};
221
222		/**
223		* Name Constraints
224		*/
225		class BOTAN_PUBLIC_API(2,0) Name_Constraints final : public Certificate_Extension
226		{
227		public:
228		std::unique_ptr<Certificate_Extension> copy() const override
229	0	{ return std::make_unique<Name_Constraints>(m_name_constraints); }
230
231	4.01k	Name_Constraints() = default;
232	0	Name_Constraints(const NameConstraints &nc) : m_name_constraints(nc) {}
233
234		void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
235		const std::vector<X509_Certificate>& cert_path,
236		std::vector<std::set<Certificate_Status_Code>>& cert_status,
237		size_t pos) override;
238
239	13	const NameConstraints& get_name_constraints() const { return m_name_constraints; }
240
241	39.3k	static OID static_oid() { return OID("2.5.29.30"); }
242	0	OID oid_of() const override { return static_oid(); }
243
244		private:
245		std::string oid_name() const override
246	13	{ return "X509v3.NameConstraints"; }
247
248	0	bool should_encode() const override { return true; }
249		std::vector<uint8_t> encode_inner() const override;
250		void decode_inner(const std::vector<uint8_t>&) override;
251
252		NameConstraints m_name_constraints;
253		};
254
255		/**
256		* Certificate Policies Extension
257		*/
258		class BOTAN_PUBLIC_API(2,0) Certificate_Policies final : public Certificate_Extension
259		{
260		public:
261		std::unique_ptr<Certificate_Extension> copy() const override
262	0	{ return std::make_unique<Certificate_Policies>(m_oids); }
263
264	2.23k	Certificate_Policies() = default;
265	0	explicit Certificate_Policies(const std::vector<OID>& o) : m_oids(o) {}
266
267	19	const std::vector<OID>& get_policy_oids() const { return m_oids; }
268
269	32.3k	static OID static_oid() { return OID("2.5.29.32"); }
270	0	OID oid_of() const override { return static_oid(); }
271
272		void validate(const X509_Certificate& subject, const X509_Certificate& issuer,
273		const std::vector<X509_Certificate>& cert_path,
274		std::vector<std::set<Certificate_Status_Code>>& cert_status,
275		size_t pos) override;
276		private:
277		std::string oid_name() const override
278	19	{ return "X509v3.CertificatePolicies"; }
279
280	0	bool should_encode() const override { return (m_oids.size() > 0); }
281		std::vector<uint8_t> encode_inner() const override;
282		void decode_inner(const std::vector<uint8_t>&) override;
283
284		std::vector<OID> m_oids;
285		};
286
287		/**
288		* Authority Information Access Extension
289		*/
290		class BOTAN_PUBLIC_API(2,0) Authority_Information_Access final : public Certificate_Extension
291		{
292		public:
293		std::unique_ptr<Certificate_Extension> copy() const override
294	0	{ return std::make_unique<Authority_Information_Access>(m_ocsp_responder, m_ca_issuers); }
295
296	404	Authority_Information_Access() = default;
297
298		explicit Authority_Information_Access(const std::string& ocsp, const std::vector<std::string>& ca_issuers = std::vector<std::string>()) :
299	0	m_ocsp_responder(ocsp), m_ca_issuers(ca_issuers) {}
300
301	15	std::string ocsp_responder() const { return m_ocsp_responder; }
302
303	28.7k	static OID static_oid() { return OID("1.3.6.1.5.5.7.1.1"); }
304	0	OID oid_of() const override { return static_oid(); }
305	15	const std::vector<std::string> ca_issuers() const { return m_ca_issuers; }
306
307		private:
308		std::string oid_name() const override
309	15	{ return "PKIX.AuthorityInformationAccess"; }
310
311	0	bool should_encode() const override { return (!m_ocsp_responder.empty()); }
312
313		std::vector<uint8_t> encode_inner() const override;
314		void decode_inner(const std::vector<uint8_t>&) override;
315
316
317		std::string m_ocsp_responder;
318		std::vector<std::string> m_ca_issuers;
319		};
320
321		/**
322		* CRL Number Extension
323		*/
324		class BOTAN_PUBLIC_API(2,0) CRL_Number final : public Certificate_Extension
325		{
326		public:
327		std::unique_ptr<Certificate_Extension> copy() const override;
328
329	787	CRL_Number() : m_has_value(false), m_crl_number(0) {}
330	0	CRL_Number(size_t n) : m_has_value(true), m_crl_number(n) {}
331
332		size_t get_crl_number() const;
333
334	34.6k	static OID static_oid() { return OID("2.5.29.20"); }
335	0	OID oid_of() const override { return static_oid(); }
336
337		private:
338	3	std::string oid_name() const override { return "X509v3.CRLNumber"; }
339
340	0	bool should_encode() const override { return m_has_value; }
341		std::vector<uint8_t> encode_inner() const override;
342		void decode_inner(const std::vector<uint8_t>&) override;
343
344		bool m_has_value;
345		size_t m_crl_number;
346		};
347
348		/**
349		* CRL Entry Reason Code Extension
350		*/
351		class BOTAN_PUBLIC_API(2,0) CRL_ReasonCode final : public Certificate_Extension
352		{
353		public:
354		std::unique_ptr<Certificate_Extension> copy() const override
355	0	{ return std::make_unique<CRL_ReasonCode>(m_reason); }
356
357	2.19k	explicit CRL_ReasonCode(CRL_Code r = CRL_Code::UNSPECIFIED) : m_reason(r) {}
358
359	577	CRL_Code get_reason() const { return m_reason; }
360
361	37.8k	static OID static_oid() { return OID("2.5.29.21"); }
362	0	OID oid_of() const override { return static_oid(); }
363
364		private:
365	577	std::string oid_name() const override { return "X509v3.ReasonCode"; }
366
367	0	bool should_encode() const override { return (m_reason != CRL_Code::UNSPECIFIED); }
368		std::vector<uint8_t> encode_inner() const override;
369		void decode_inner(const std::vector<uint8_t>&) override;
370
371		CRL_Code m_reason;
372		};
373
374		/**
375		* CRL Distribution Points Extension
376		* todo enforce restrictions from RFC 5280 4.2.1.13
377		*/
378		class BOTAN_PUBLIC_API(2,0) CRL_Distribution_Points final : public Certificate_Extension
379		{
380		public:
381		class BOTAN_PUBLIC_API(2,0) Distribution_Point final : public ASN1_Object
382		{
383		public:
384		void encode_into(class DER_Encoder&) const override;
385		void decode_from(class BER_Decoder&) override;
386
387	575	const AlternativeName& point() const { return m_point; }
388		private:
389		AlternativeName m_point;
390		};
391
392		std::unique_ptr<Certificate_Extension> copy() const override
393	0	{ return std::make_unique<CRL_Distribution_Points>(m_distribution_points); }
394
395	2.40k	CRL_Distribution_Points() = default;
396
397		explicit CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
398	0	m_distribution_points(points) {}
399
400		const std::vector<Distribution_Point>& distribution_points() const
401	0	{ return m_distribution_points; }
402
403		const std::vector<std::string>& crl_distribution_urls() const
404	34	{ return m_crl_distribution_urls; }
405
406	35.3k	static OID static_oid() { return OID("2.5.29.31"); }
407	0	OID oid_of() const override { return static_oid(); }
408
409		private:
410		std::string oid_name() const override
411	34	{ return "X509v3.CRLDistributionPoints"; }
412
413		bool should_encode() const override
414	0	{ return !m_distribution_points.empty(); }
415
416		std::vector<uint8_t> encode_inner() const override;
417		void decode_inner(const std::vector<uint8_t>&) override;
418
419		std::vector<Distribution_Point> m_distribution_points;
420		std::vector<std::string> m_crl_distribution_urls;
421		};
422
423		/**
424		* CRL Issuing Distribution Point Extension
425		* todo enforce restrictions from RFC 5280 5.2.5
426		*/
427		class CRL_Issuing_Distribution_Point final : public Certificate_Extension
428		{
429		public:
430	517	CRL_Issuing_Distribution_Point() = default;
431
432		explicit CRL_Issuing_Distribution_Point(const CRL_Distribution_Points::Distribution_Point& distribution_point) :
433	0	m_distribution_point(distribution_point) {}
434
435		std::unique_ptr<Certificate_Extension> copy() const override
436	0	{ return std::make_unique<CRL_Issuing_Distribution_Point>(m_distribution_point); }
437
438		const AlternativeName& get_point() const
439	2	{ return m_distribution_point.point(); }
440
441	24.4k	static OID static_oid() { return OID("2.5.29.28"); }
442	0	OID oid_of() const override { return static_oid(); }
443
444		private:
445		std::string oid_name() const override
446	2	{ return "X509v3.CRLIssuingDistributionPoint"; }
447
448	0	bool should_encode() const override { return true; }
449		std::vector<uint8_t> encode_inner() const override;
450		void decode_inner(const std::vector<uint8_t>&) override;
451
452		CRL_Distribution_Points::Distribution_Point m_distribution_point;
453		};
454
455		/**
456		* An unknown X.509 extension
457		* Will add a failure to the path validation result, if critical
458		*/
459		class BOTAN_PUBLIC_API(2,4) Unknown_Extension final : public Certificate_Extension
460		{
461		public:
462		Unknown_Extension(const OID& oid, bool critical) :
463	37.1k	m_oid(oid), m_critical(critical) {}
464
465		std::unique_ptr<Certificate_Extension> copy() const override
466	0	{ return std::make_unique<Unknown_Extension>(m_oid, m_critical); }
467
468		/**
469		* Return the OID of this unknown extension
470		*/
471		OID oid_of() const override
472	0	{ return m_oid; }
473
474		//static_oid not defined for Unknown_Extension
475
476		/**
477		* Return the extension contents
478		*/
479	0	const std::vector<uint8_t>& extension_contents() const { return m_bytes; }
480
481		/**
482		* Return if this extension was marked critical
483		*/
484	0	bool is_critical_extension() const { return m_critical; }
485
486		void validate(const X509_Certificate&, const X509_Certificate&,
487		const std::vector<X509_Certificate>&,
488		std::vector<std::set<Certificate_Status_Code>>& cert_status,
489		size_t pos) override
490	0	{
491	0	if(m_critical)
492	0	{
493	0	cert_status.at(pos).insert(Certificate_Status_Code::UNKNOWN_CRITICAL_EXTENSION);
494	0	}
495	0	}
496
497		private:
498	1.95k	std::string oid_name() const override { return ""; }
499
500	0	bool should_encode() const override { return true; }
501		std::vector<uint8_t> encode_inner() const override;
502		void decode_inner(const std::vector<uint8_t>&) override;
503
504		OID m_oid;
505		bool m_critical;
506		std::vector<uint8_t> m_bytes;
507		};
508
509		}
510
511		}
512
513		#endif