Botan
1.11.15
|
00001 /* 00002 * X.509 Certificate Extensions 00003 * (C) 1999-2007,2012 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_X509_EXTENSIONS_H__ 00009 #define BOTAN_X509_EXTENSIONS_H__ 00010 00011 #include <botan/asn1_obj.h> 00012 #include <botan/asn1_oid.h> 00013 #include <botan/datastor.h> 00014 #include <botan/crl_ent.h> 00015 00016 namespace Botan { 00017 00018 /** 00019 * X.509 Certificate Extension 00020 */ 00021 class BOTAN_DLL Certificate_Extension 00022 { 00023 public: 00024 /** 00025 * @return OID representing this extension 00026 */ 00027 OID oid_of() const; 00028 00029 /** 00030 * Make a copy of this extension 00031 * @return copy of this 00032 */ 00033 virtual Certificate_Extension* copy() const = 0; 00034 00035 /* 00036 * Add the contents of this extension into the information 00037 * for the subject and/or issuer, as necessary. 00038 * @param subject the subject info 00039 * @param issuer the issuer info 00040 */ 00041 virtual void contents_to(Data_Store& subject, 00042 Data_Store& issuer) const = 0; 00043 00044 /* 00045 * @return specific OID name 00046 */ 00047 virtual std::string oid_name() const = 0; 00048 00049 virtual ~Certificate_Extension() {} 00050 protected: 00051 friend class Extensions; 00052 virtual bool should_encode() const { return true; } 00053 virtual std::vector<byte> encode_inner() const = 0; 00054 virtual void decode_inner(const std::vector<byte>&) = 0; 00055 }; 00056 00057 /** 00058 * X.509 Certificate Extension List 00059 */ 00060 class BOTAN_DLL Extensions : public ASN1_Object 00061 { 00062 public: 00063 void encode_into(class DER_Encoder&) const; 00064 void decode_from(class BER_Decoder&); 00065 00066 void contents_to(Data_Store&, Data_Store&) const; 00067 00068 void add(Certificate_Extension* extn, bool critical = false); 00069 00070 Extensions& operator=(const Extensions&); 00071 00072 Extensions(const Extensions&); 00073 Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} 00074 ~Extensions(); 00075 private: 00076 static Certificate_Extension* get_extension(const OID&); 00077 00078 std::vector<std::pair<Certificate_Extension*, bool> > extensions; 00079 bool m_throw_on_unknown_critical; 00080 }; 00081 00082 namespace Cert_Extension { 00083 00084 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0; 00085 00086 /** 00087 * Basic Constraints Extension 00088 */ 00089 class BOTAN_DLL Basic_Constraints : public Certificate_Extension 00090 { 00091 public: 00092 Basic_Constraints* copy() const 00093 { return new Basic_Constraints(is_ca, path_limit); } 00094 00095 Basic_Constraints(bool ca = false, size_t limit = 0) : 00096 is_ca(ca), path_limit(limit) {} 00097 00098 bool get_is_ca() const { return is_ca; } 00099 size_t get_path_limit() const; 00100 private: 00101 std::string oid_name() const { return "X509v3.BasicConstraints"; } 00102 00103 std::vector<byte> encode_inner() const; 00104 void decode_inner(const std::vector<byte>&); 00105 void contents_to(Data_Store&, Data_Store&) const; 00106 00107 bool is_ca; 00108 size_t path_limit; 00109 }; 00110 00111 /** 00112 * Key Usage Constraints Extension 00113 */ 00114 class BOTAN_DLL Key_Usage : public Certificate_Extension 00115 { 00116 public: 00117 Key_Usage* copy() const { return new Key_Usage(constraints); } 00118 00119 Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : constraints(c) {} 00120 00121 Key_Constraints get_constraints() const { return constraints; } 00122 private: 00123 std::string oid_name() const { return "X509v3.KeyUsage"; } 00124 00125 bool should_encode() const { return (constraints != NO_CONSTRAINTS); } 00126 std::vector<byte> encode_inner() const; 00127 void decode_inner(const std::vector<byte>&); 00128 void contents_to(Data_Store&, Data_Store&) const; 00129 00130 Key_Constraints constraints; 00131 }; 00132 00133 /** 00134 * Subject Key Identifier Extension 00135 */ 00136 class BOTAN_DLL Subject_Key_ID : public Certificate_Extension 00137 { 00138 public: 00139 Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } 00140 00141 Subject_Key_ID() {} 00142 Subject_Key_ID(const std::vector<byte>&); 00143 00144 std::vector<byte> get_key_id() const { return key_id; } 00145 private: 00146 std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } 00147 00148 bool should_encode() const { return (key_id.size() > 0); } 00149 std::vector<byte> encode_inner() const; 00150 void decode_inner(const std::vector<byte>&); 00151 void contents_to(Data_Store&, Data_Store&) const; 00152 00153 std::vector<byte> key_id; 00154 }; 00155 00156 /** 00157 * Authority Key Identifier Extension 00158 */ 00159 class BOTAN_DLL Authority_Key_ID : public Certificate_Extension 00160 { 00161 public: 00162 Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } 00163 00164 Authority_Key_ID() {} 00165 Authority_Key_ID(const std::vector<byte>& k) : key_id(k) {} 00166 00167 std::vector<byte> get_key_id() const { return key_id; } 00168 private: 00169 std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } 00170 00171 bool should_encode() const { return (key_id.size() > 0); } 00172 std::vector<byte> encode_inner() const; 00173 void decode_inner(const std::vector<byte>&); 00174 void contents_to(Data_Store&, Data_Store&) const; 00175 00176 std::vector<byte> key_id; 00177 }; 00178 00179 /** 00180 * Alternative Name Extension Base Class 00181 */ 00182 class BOTAN_DLL Alternative_Name : public Certificate_Extension 00183 { 00184 public: 00185 AlternativeName get_alt_name() const { return alt_name; } 00186 00187 protected: 00188 Alternative_Name(const AlternativeName&, const std::string& oid_name); 00189 00190 Alternative_Name(const std::string&, const std::string&); 00191 private: 00192 std::string oid_name() const { return oid_name_str; } 00193 00194 bool should_encode() const { return alt_name.has_items(); } 00195 std::vector<byte> encode_inner() const; 00196 void decode_inner(const std::vector<byte>&); 00197 void contents_to(Data_Store&, Data_Store&) const; 00198 00199 std::string oid_name_str; 00200 AlternativeName alt_name; 00201 }; 00202 00203 /** 00204 * Subject Alternative Name Extension 00205 */ 00206 class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name 00207 { 00208 public: 00209 Subject_Alternative_Name* copy() const 00210 { return new Subject_Alternative_Name(get_alt_name()); } 00211 00212 Subject_Alternative_Name(const AlternativeName& = AlternativeName()); 00213 }; 00214 00215 /** 00216 * Issuer Alternative Name Extension 00217 */ 00218 class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name 00219 { 00220 public: 00221 Issuer_Alternative_Name* copy() const 00222 { return new Issuer_Alternative_Name(get_alt_name()); } 00223 00224 Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); 00225 }; 00226 00227 /** 00228 * Extended Key Usage Extension 00229 */ 00230 class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension 00231 { 00232 public: 00233 Extended_Key_Usage* copy() const { return new Extended_Key_Usage(oids); } 00234 00235 Extended_Key_Usage() {} 00236 Extended_Key_Usage(const std::vector<OID>& o) : oids(o) {} 00237 00238 std::vector<OID> get_oids() const { return oids; } 00239 private: 00240 std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } 00241 00242 bool should_encode() const { return (oids.size() > 0); } 00243 std::vector<byte> encode_inner() const; 00244 void decode_inner(const std::vector<byte>&); 00245 void contents_to(Data_Store&, Data_Store&) const; 00246 00247 std::vector<OID> oids; 00248 }; 00249 00250 /** 00251 * Certificate Policies Extension 00252 */ 00253 class BOTAN_DLL Certificate_Policies : public Certificate_Extension 00254 { 00255 public: 00256 Certificate_Policies* copy() const 00257 { return new Certificate_Policies(oids); } 00258 00259 Certificate_Policies() {} 00260 Certificate_Policies(const std::vector<OID>& o) : oids(o) {} 00261 00262 std::vector<OID> get_oids() const { return oids; } 00263 private: 00264 std::string oid_name() const { return "X509v3.CertificatePolicies"; } 00265 00266 bool should_encode() const { return (oids.size() > 0); } 00267 std::vector<byte> encode_inner() const; 00268 void decode_inner(const std::vector<byte>&); 00269 void contents_to(Data_Store&, Data_Store&) const; 00270 00271 std::vector<OID> oids; 00272 }; 00273 00274 class BOTAN_DLL Authority_Information_Access : public Certificate_Extension 00275 { 00276 public: 00277 Authority_Information_Access* copy() const 00278 { return new Authority_Information_Access(m_ocsp_responder); } 00279 00280 Authority_Information_Access() {} 00281 00282 Authority_Information_Access(const std::string& ocsp) : 00283 m_ocsp_responder(ocsp) {} 00284 00285 private: 00286 std::string oid_name() const { return "PKIX.AuthorityInformationAccess"; } 00287 00288 bool should_encode() const { return (m_ocsp_responder != ""); } 00289 00290 std::vector<byte> encode_inner() const; 00291 void decode_inner(const std::vector<byte>&); 00292 00293 void contents_to(Data_Store&, Data_Store&) const; 00294 00295 std::string m_ocsp_responder; 00296 }; 00297 00298 /** 00299 * CRL Number Extension 00300 */ 00301 class BOTAN_DLL CRL_Number : public Certificate_Extension 00302 { 00303 public: 00304 CRL_Number* copy() const; 00305 00306 CRL_Number() : has_value(false), crl_number(0) {} 00307 CRL_Number(size_t n) : has_value(true), crl_number(n) {} 00308 00309 size_t get_crl_number() const; 00310 private: 00311 std::string oid_name() const { return "X509v3.CRLNumber"; } 00312 00313 bool should_encode() const { return has_value; } 00314 std::vector<byte> encode_inner() const; 00315 void decode_inner(const std::vector<byte>&); 00316 void contents_to(Data_Store&, Data_Store&) const; 00317 00318 bool has_value; 00319 size_t crl_number; 00320 }; 00321 00322 /** 00323 * CRL Entry Reason Code Extension 00324 */ 00325 class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension 00326 { 00327 public: 00328 CRL_ReasonCode* copy() const { return new CRL_ReasonCode(reason); } 00329 00330 CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : reason(r) {} 00331 00332 CRL_Code get_reason() const { return reason; } 00333 private: 00334 std::string oid_name() const { return "X509v3.ReasonCode"; } 00335 00336 bool should_encode() const { return (reason != UNSPECIFIED); } 00337 std::vector<byte> encode_inner() const; 00338 void decode_inner(const std::vector<byte>&); 00339 void contents_to(Data_Store&, Data_Store&) const; 00340 00341 CRL_Code reason; 00342 }; 00343 00344 /** 00345 * CRL Distribution Points Extension 00346 */ 00347 class BOTAN_DLL CRL_Distribution_Points : public Certificate_Extension 00348 { 00349 public: 00350 class BOTAN_DLL Distribution_Point : public ASN1_Object 00351 { 00352 public: 00353 void encode_into(class DER_Encoder&) const; 00354 void decode_from(class BER_Decoder&); 00355 00356 const AlternativeName& point() const { return m_point; } 00357 private: 00358 AlternativeName m_point; 00359 }; 00360 00361 CRL_Distribution_Points* copy() const 00362 { return new CRL_Distribution_Points(m_distribution_points); } 00363 00364 CRL_Distribution_Points() {} 00365 00366 CRL_Distribution_Points(const std::vector<Distribution_Point>& points) : 00367 m_distribution_points(points) {} 00368 00369 std::vector<Distribution_Point> distribution_points() const 00370 { return m_distribution_points; } 00371 00372 private: 00373 std::string oid_name() const { return "X509v3.CRLDistributionPoints"; } 00374 00375 bool should_encode() const { return !m_distribution_points.empty(); } 00376 00377 std::vector<byte> encode_inner() const; 00378 void decode_inner(const std::vector<byte>&); 00379 void contents_to(Data_Store&, Data_Store&) const; 00380 00381 std::vector<Distribution_Point> m_distribution_points; 00382 }; 00383 00384 } 00385 00386 } 00387 00388 #endif