11#ifndef BOTAN_PKIX_TYPES_H_
12#define BOTAN_PKIX_TYPES_H_
14#include <botan/asn1_obj.h>
16#include <botan/assert.h>
17#include <botan/pkix_enums.h>
44 explicit X509_DN(
const std::multimap<OID, std::string>& args) {
45 for(
const auto& i : args) {
50 explicit X509_DN(
const std::multimap<std::string, std::string>& args) {
51 for(
const auto& i : args) {
59 bool has_field(
const OID& oid)
const;
65 const std::vector<uint8_t>&
get_bits()
const {
return m_dn_bits; }
67 std::vector<uint8_t> DER_encode()
const;
69 bool empty()
const {
return m_rdn.empty(); }
71 size_t count()
const {
return m_rdn.size(); }
75 const std::vector<std::pair<OID, ASN1_String>>&
dn_info()
const {
return m_rdn; }
77 std::multimap<OID, std::string> get_attributes()
const;
78 std::multimap<std::string, std::string> contents()
const;
80 bool has_field(std::string_view attr)
const;
81 std::vector<std::string> get_attribute(std::string_view attr)
const;
82 std::string get_first_attribute(std::string_view attr)
const;
84 void add_attribute(std::string_view key, std::string_view val);
90 static std::string deref_info_field(std::string_view key);
99 static size_t lookup_ub(
const OID& oid);
102 std::vector<std::pair<OID, ASN1_String>> m_rdn;
103 std::vector<uint8_t> m_dn_bits;
106BOTAN_PUBLIC_API(2, 0) bool operator==(const X509_DN& dn1, const X509_DN& dn2);
107BOTAN_PUBLIC_API(2, 0)
bool operator!=(const X509_DN& dn1, const X509_DN& dn2);
113BOTAN_PUBLIC_API(2, 0)
bool operator<(const X509_DN& dn1, const X509_DN& dn2);
115BOTAN_PUBLIC_API(2, 0) std::ostream& operator<<(std::ostream& out, const X509_DN& dn);
116BOTAN_PUBLIC_API(2, 0) std::istream& operator>>(std::istream& in, X509_DN& dn);
130 void add_uri(std::string_view uri);
133 void add_email(std::string_view addr);
136 void add_dns(std::string_view dns);
142 void add_dn(
const X509_DN& dn);
145 void add_ipv4_address(uint32_t ipv4);
148 const std::set<std::string>&
uris()
const {
return m_uri; }
151 const std::set<std::string>&
email()
const {
return m_email; }
154 const std::set<std::string>&
dns()
const {
return m_dns; }
172 size_t count()
const;
175 bool has_items()
const;
178 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
179 std::multimap<std::
string, std::
string> contents() const;
181 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}.empty()")
182 bool has_field(std::string_view attr) const;
184 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
185 std::vector<std::
string> get_attribute(std::string_view attr) const;
187 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
188 std::multimap<std::
string, std::
string, std::less<>> get_attributes() const;
190 BOTAN_DEPRECATED(
"Use AlternativeName::{uris, email, dns, othernames, directory_names}")
191 std::
string get_first_attribute(std::string_view attr) const;
194 void add_attribute(std::string_view type, std::string_view value);
197 void add_othername(const
OID& oid, std::string_view value,
ASN1_Type type);
203 BOTAN_DEPRECATED(
"Use plain constructor plus add_{uri,dns,email,ipv4_address}")
205 std::string_view uri =
"",
206 std::string_view
dns =
"",
207 std::string_view ip_address =
"");
210 std::set<std::
string> m_dns;
211 std::set<std::
string> m_uri;
212 std::set<std::
string> m_email;
213 std::set<uint32_t> m_ipv4_addr;
228 Attribute(std::string_view oid_str,
const std::vector<uint8_t>& params);
232 const std::vector<uint8_t>&
parameters()
const {
return m_parameters; }
240 std::vector<uint8_t> m_parameters;
302 bool matches_dns(const std::
string& dns_name) const;
303 bool matches_ipv4(uint32_t ip) const;
304 bool matches_dn(const
X509_DN& dn) const;
307 static constexpr
size_t RFC822_IDX = 0;
308 static constexpr
size_t DNS_IDX = 1;
309 static constexpr
size_t URI_IDX = 2;
310 static constexpr
size_t DN_IDX = 3;
311 static constexpr
size_t IPV4_IDX = 4;
314 std::variant<std::
string, std::
string, std::
string,
X509_DN, std::pair<uint32_t, uint32_t>> m_name;
316 static
bool matches_dns(std::string_view name, std::string_view constraint);
318 static
bool matches_dn(const
X509_DN& name, const
X509_DN& constraint);
353BOTAN_DEPRECATED(
"Deprecated no replacement") std::ostream& operator<<(std::ostream& os, const GeneralSubtree& gs);
373 std::vector<GeneralSubtree>&& excluded_subtrees);
379 return m_permitted_subtrees;
386 return m_excluded_subtrees;
400 std::vector<GeneralSubtree> m_permitted_subtrees;
401 std::vector<GeneralSubtree> m_excluded_subtrees;
403 std::set<GeneralName::NameType> m_permitted_name_types;
404 std::set<GeneralName::NameType> m_excluded_name_types;
430 virtual std::unique_ptr<Certificate_Extension>
copy()
const = 0;
449 const std::vector<X509_Certificate>& cert_path,
450 std::vector<std::set<Certificate_Status_Code>>& cert_status,
478 template <
typename T>
482 if(extn->oid_name().empty()) {
484 }
else if(
const T* extn_as_T =
dynamic_cast<const T*
>(extn)) {
487 throw Decoding_Error(
"Exception::get_extension_object_as dynamic_cast failed");
503 bool extension_set(
const OID& oid)
const;
508 bool critical_extension_set(
const OID& oid)
const;
514 std::vector<uint8_t> get_extension_bits(
const OID& oid)
const;
525 void add(std::unique_ptr<Certificate_Extension> extn,
bool critical =
false);
535 bool add_new(std::unique_ptr<Certificate_Extension> extn,
bool critical =
false);
542 void replace(std::unique_ptr<Certificate_Extension> extn,
bool critical =
false);
548 bool remove(
const OID& oid);
557 std::unique_ptr<Certificate_Extension> get(
const OID& oid)
const;
569 template <
typename T>
571 auto extn_info = m_extension_info.find(oid);
573 if(extn_info != m_extension_info.end()) {
575 if(extn_info->second.obj().oid_name().empty()) {
576 auto ext = std::make_unique<T>();
577 ext->decode_inner(extn_info->second.bits());
590 std::vector<std::pair<std::unique_ptr<Certificate_Extension>,
bool>> extensions()
const;
597 std::map<OID, std::pair<std::vector<uint8_t>,
bool>> extensions_raw()
const;
608 static std::unique_ptr<Certificate_Extension> create_extn_obj(
const OID& oid,
610 const std::vector<uint8_t>& body);
612 class Extensions_Info {
614 Extensions_Info(
bool critical, std::unique_ptr<Certificate_Extension> ext) :
615 m_obj(std::move(ext)), m_bits(m_obj->encode_inner()), m_critical(critical) {}
617 Extensions_Info(
bool critical,
618 const std::vector<uint8_t>& encoding,
619 std::unique_ptr<Certificate_Extension> ext) :
620 m_obj(std::move(ext)), m_bits(encoding), m_critical(critical) {}
622 bool is_critical()
const {
return m_critical; }
624 const std::vector<uint8_t>& bits()
const {
return m_bits; }
626 const Certificate_Extension& obj()
const {
632 std::shared_ptr<Certificate_Extension> m_obj;
633 std::vector<uint8_t> m_bits;
634 bool m_critical =
false;
637 std::vector<OID> m_extension_oids;
638 std::map<OID, Extensions_Info> m_extension_info;
#define BOTAN_PUBLIC_API(maj, min)
#define BOTAN_DEPRECATED(msg)
#define BOTAN_ASSERT_NONNULL(ptr)
const std::set< X509_DN > & directory_names() const
Return the set of directory names included in this alternative name.
const std::set< uint32_t > & ipv4_address() const
Return the set of IPv4 addresses included in this alternative name.
const std::set< std::pair< OID, ASN1_String > > & other_names() const
Return the set of "other names" included in this alternative name.
const std::set< std::string > & uris() const
Return the set of URIs included in this alternative name.
void encode_into(DER_Encoder &) const override
const std::set< std::string > & dns() const
Return the set of DNS names included in this alternative name.
void decode_from(BER_Decoder &) override
AlternativeName()
Create an empty name.
const std::set< std::string > & email() const
Return the set of email addresses included in this alternative name.
std::multimap< OID, ASN1_String > get_othernames() const
const std::vector< uint8_t > & parameters() const
void decode_from(BER_Decoder &from) override
const OID & object_identifier() const
void encode_into(DER_Encoder &to) const override
const std::vector< uint8_t > & get_parameters() const
virtual bool should_encode() const
virtual std::string oid_name() const =0
virtual OID oid_of() const =0
virtual void validate(const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< X509_Certificate > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos)
virtual std::unique_ptr< Certificate_Extension > copy() const =0
virtual std::vector< uint8_t > encode_inner() const =0
virtual ~Certificate_Extension()=default
virtual void decode_inner(const std::vector< uint8_t > &)=0
const Certificate_Extension * get_extension_object(const OID &oid) const
std::unique_ptr< T > get_raw(const OID &oid) const
Extensions & operator=(const Extensions &)=default
Extensions(const Extensions &)=default
Extensions(Extensions &&)=default
const std::vector< OID > & get_extension_oids() const
const T * get_extension_object_as(const OID &oid=T::static_oid()) const
Extensions & operator=(Extensions &&)=default
void encode_into(DER_Encoder &) const override
NameType type_code() const
void decode_from(BER_Decoder &) override
A single Name Constraint.
void decode_from(BER_Decoder &) override
const GeneralName & base() const
void encode_into(DER_Encoder &) const override
const std::vector< GeneralSubtree > & permitted() const
const std::vector< GeneralSubtree > & excluded() const
void add_attribute(const OID &oid, std::string_view val)
void add_attribute(std::string_view key, std::string_view val)
X509_DN(const std::multimap< OID, std::string > &args)
const std::vector< std::pair< OID, ASN1_String > > & dn_info() const
X509_DN(const std::multimap< std::string, std::string > &args)
const std::vector< uint8_t > & get_bits() const
std::string to_string(ErrorType type)
Convert an ErrorType to string.
std::string key_constraints_to_string(Key_Constraints c)