1
/*************************************************
2
* X.509 Certificate Extensions Header File *
3
* (C) 1999-2007 The Botan Project *
4
*************************************************/
6
#ifndef BOTAN_X509_EXTENSIONS_H__
7
#define BOTAN_X509_EXTENSIONS_H__
9
#include <botan/asn1_int.h>
10
#include <botan/asn1_oid.h>
11
#include <botan/asn1_obj.h>
12
#include <botan/datastor.h>
13
#include <botan/enums.h>
17
/*************************************************
18
* X.509 Certificate Extension *
19
*************************************************/
20
class Certificate_Extension
25
virtual Certificate_Extension* copy() const = 0;
27
virtual void contents_to(Data_Store&, Data_Store&) const = 0;
28
virtual std::string config_id() const = 0;
29
virtual std::string oid_name() const = 0;
31
virtual ~Certificate_Extension() {}
33
friend class Extensions;
34
virtual bool should_encode() const { return true; }
35
virtual MemoryVector<byte> encode_inner() const = 0;
36
virtual void decode_inner(const MemoryRegion<byte>&) = 0;
39
/*************************************************
40
* X.509 Certificate Extension List *
41
*************************************************/
42
class Extensions : public ASN1_Object
45
void encode_into(class DER_Encoder&) const;
46
void decode_from(class BER_Decoder&);
48
void contents_to(Data_Store&, Data_Store&) const;
50
void add(Certificate_Extension* extn)
51
{ extensions.push_back(extn); }
53
Extensions& operator=(const Extensions& e)
54
{ return copy_this(e); }
56
Extensions(bool st = true) : should_throw(st) {}
57
Extensions(const Extensions& e) : ASN1_Object() { copy_this(e); }
60
Extensions& copy_this(const Extensions&);
61
std::vector<Certificate_Extension*> extensions;
65
namespace Cert_Extension {
67
/*************************************************
68
* Basic Constraints Extension *
69
*************************************************/
70
class Basic_Constraints : public Certificate_Extension
73
Basic_Constraints* copy() const
74
{ return new Basic_Constraints(is_ca, path_limit); }
76
Basic_Constraints(bool ca = false, u32bit limit = 0) :
77
is_ca(ca), path_limit(limit) {}
79
bool get_is_ca() const { return is_ca; }
80
u32bit get_path_limit() const;
82
std::string config_id() const { return "basic_constraints"; }
83
std::string oid_name() const { return "X509v3.BasicConstraints"; }
85
MemoryVector<byte> encode_inner() const;
86
void decode_inner(const MemoryRegion<byte>&);
87
void contents_to(Data_Store&, Data_Store&) const;
93
/*************************************************
94
* Key Usage Constraints Extension *
95
*************************************************/
96
class Key_Usage : public Certificate_Extension
99
Key_Usage* copy() const { return new Key_Usage(constraints); }
101
Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : constraints(c) {}
103
Key_Constraints get_constraints() const { return constraints; }
105
std::string config_id() const { return "key_usage"; }
106
std::string oid_name() const { return "X509v3.KeyUsage"; }
108
bool should_encode() const { return (constraints != NO_CONSTRAINTS); }
109
MemoryVector<byte> encode_inner() const;
110
void decode_inner(const MemoryRegion<byte>&);
111
void contents_to(Data_Store&, Data_Store&) const;
113
Key_Constraints constraints;
116
/*************************************************
117
* Subject Key Identifier Extension *
118
*************************************************/
119
class Subject_Key_ID : public Certificate_Extension
122
Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); }
125
Subject_Key_ID(const MemoryRegion<byte>&);
127
MemoryVector<byte> get_key_id() const { return key_id; }
129
std::string config_id() const { return "subject_key_id"; }
130
std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; }
132
bool should_encode() const { return (key_id.size() > 0); }
133
MemoryVector<byte> encode_inner() const;
134
void decode_inner(const MemoryRegion<byte>&);
135
void contents_to(Data_Store&, Data_Store&) const;
137
MemoryVector<byte> key_id;
140
/*************************************************
141
* Authority Key Identifier Extension *
142
*************************************************/
143
class Authority_Key_ID : public Certificate_Extension
146
Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); }
148
Authority_Key_ID() {}
149
Authority_Key_ID(const MemoryRegion<byte>& k) : key_id(k) {}
151
MemoryVector<byte> get_key_id() const { return key_id; }
153
std::string config_id() const { return "authority_key_id"; }
154
std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; }
156
bool should_encode() const { return (key_id.size() > 0); }
157
MemoryVector<byte> encode_inner() const;
158
void decode_inner(const MemoryRegion<byte>&);
159
void contents_to(Data_Store&, Data_Store&) const;
161
MemoryVector<byte> key_id;
164
/*************************************************
165
* Alternative Name Extension Base Class *
166
*************************************************/
167
class Alternative_Name : public Certificate_Extension
170
AlternativeName get_alt_name() const { return alt_name; }
173
Alternative_Name(const AlternativeName&,
174
const std::string&, const std::string&);
176
Alternative_Name(const std::string&, const std::string&);
178
std::string config_id() const { return config_name_str; }
179
std::string oid_name() const { return oid_name_str; }
181
bool should_encode() const { return alt_name.has_items(); }
182
MemoryVector<byte> encode_inner() const;
183
void decode_inner(const MemoryRegion<byte>&);
184
void contents_to(Data_Store&, Data_Store&) const;
186
std::string config_name_str, oid_name_str;
187
AlternativeName alt_name;
190
/*************************************************
191
* Subject Alternative Name Extension *
192
*************************************************/
193
class Subject_Alternative_Name : public Alternative_Name
196
Subject_Alternative_Name* copy() const
197
{ return new Subject_Alternative_Name(get_alt_name()); }
199
Subject_Alternative_Name(const AlternativeName& = AlternativeName());
202
/*************************************************
203
* Issuer Alternative Name Extension *
204
*************************************************/
205
class Issuer_Alternative_Name : public Alternative_Name
208
Issuer_Alternative_Name* copy() const
209
{ return new Issuer_Alternative_Name(get_alt_name()); }
211
Issuer_Alternative_Name(const AlternativeName& = AlternativeName());
214
/*************************************************
215
* Extended Key Usage Extension *
216
*************************************************/
217
class Extended_Key_Usage : public Certificate_Extension
220
Extended_Key_Usage* copy() const { return new Extended_Key_Usage(oids); }
222
Extended_Key_Usage() {}
223
Extended_Key_Usage(const std::vector<OID>& o) : oids(o) {}
225
std::vector<OID> get_oids() const { return oids; }
227
std::string config_id() const { return "extended_key_usage"; }
228
std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; }
230
bool should_encode() const { return (oids.size() > 0); }
231
MemoryVector<byte> encode_inner() const;
232
void decode_inner(const MemoryRegion<byte>&);
233
void contents_to(Data_Store&, Data_Store&) const;
235
std::vector<OID> oids;
238
/*************************************************
239
* Certificate Policies Extension *
240
*************************************************/
241
class Certificate_Policies : public Certificate_Extension
244
Certificate_Policies* copy() const
245
{ return new Certificate_Policies(oids); }
247
Certificate_Policies() {}
248
Certificate_Policies(const std::vector<OID>& o) : oids(o) {}
250
std::vector<OID> get_oids() const { return oids; }
252
std::string config_id() const { return "policy_info"; }
253
std::string oid_name() const { return "X509v3.CertificatePolicies"; }
255
bool should_encode() const { return (oids.size() > 0); }
256
MemoryVector<byte> encode_inner() const;
257
void decode_inner(const MemoryRegion<byte>&);
258
void contents_to(Data_Store&, Data_Store&) const;
260
std::vector<OID> oids;
263
/*************************************************
264
* CRL Number Extension *
265
*************************************************/
266
class CRL_Number : public Certificate_Extension
269
CRL_Number* copy() const;
271
CRL_Number() : has_value(false), crl_number(0) {}
272
CRL_Number(u32bit n) : has_value(true), crl_number(n) {}
274
u32bit get_crl_number() const;
276
std::string config_id() const { return "crl_number"; }
277
std::string oid_name() const { return "X509v3.CRLNumber"; }
279
bool should_encode() const { return has_value; }
280
MemoryVector<byte> encode_inner() const;
281
void decode_inner(const MemoryRegion<byte>&);
282
void contents_to(Data_Store&, Data_Store&) const;
288
/*************************************************
289
* CRL Entry Reason Code Extension *
290
*************************************************/
291
class CRL_ReasonCode : public Certificate_Extension
294
CRL_ReasonCode* copy() const { return new CRL_ReasonCode(reason); }
296
CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : reason(r) {}
298
CRL_Code get_reason() const { return reason; }
300
std::string config_id() const { return "crl_reason"; }
301
std::string oid_name() const { return "X509v3.ReasonCode"; }
303
bool should_encode() const { return (reason != UNSPECIFIED); }
304
MemoryVector<byte> encode_inner() const;
305
void decode_inner(const MemoryRegion<byte>&);
306
void contents_to(Data_Store&, Data_Store&) const;