Botan  1.11.15
src/lib/cert/x509/x509_ext.h
Go to the documentation of this file.
00001 /*
00002 * X.509 Certificate Extensions
00003 * (C) 1999-2007,2012 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_X509_EXTENSIONS_H__
00009 #define BOTAN_X509_EXTENSIONS_H__
00010 
00011 #include <botan/asn1_obj.h>
00012 #include <botan/asn1_oid.h>
00013 #include <botan/datastor.h>
00014 #include <botan/crl_ent.h>
00015 
00016 namespace Botan {
00017 
00018 /**
00019 * X.509 Certificate Extension
00020 */
00021 class BOTAN_DLL Certificate_Extension
00022    {
00023    public:
00024       /**
00025       * @return OID representing this extension
00026       */
00027       OID oid_of() const;
00028 
00029       /**
00030       * Make a copy of this extension
00031       * @return copy of this
00032       */
00033       virtual Certificate_Extension* copy() const = 0;
00034 
00035       /*
00036       * Add the contents of this extension into the information
00037       * for the subject and/or issuer, as necessary.
00038       * @param subject the subject info
00039       * @param issuer the issuer info
00040       */
00041       virtual void contents_to(Data_Store& subject,
00042                                Data_Store& issuer) const = 0;
00043 
00044       /*
00045       * @return specific OID name
00046       */
00047       virtual std::string oid_name() const = 0;
00048 
00049       virtual ~Certificate_Extension() {}
00050    protected:
00051       friend class Extensions;
00052       virtual bool should_encode() const { return true; }
00053       virtual std::vector<byte> encode_inner() const = 0;
00054       virtual void decode_inner(const std::vector<byte>&) = 0;
00055    };
00056 
00057 /**
00058 * X.509 Certificate Extension List
00059 */
00060 class BOTAN_DLL Extensions : public ASN1_Object
00061    {
00062    public:
00063       void encode_into(class DER_Encoder&) const;
00064       void decode_from(class BER_Decoder&);
00065 
00066       void contents_to(Data_Store&, Data_Store&) const;
00067 
00068       void add(Certificate_Extension* extn, bool critical = false);
00069 
00070       Extensions& operator=(const Extensions&);
00071 
00072       Extensions(const Extensions&);
00073       Extensions(bool st = true) : m_throw_on_unknown_critical(st) {}
00074       ~Extensions();
00075    private:
00076       static Certificate_Extension* get_extension(const OID&);
00077 
00078       std::vector<std::pair<Certificate_Extension*, bool> > extensions;
00079       bool m_throw_on_unknown_critical;
00080    };
00081 
00082 namespace Cert_Extension {
00083 
00084 static const size_t NO_CERT_PATH_LIMIT = 0xFFFFFFF0;
00085 
00086 /**
00087 * Basic Constraints Extension
00088 */
00089 class BOTAN_DLL Basic_Constraints : public Certificate_Extension
00090    {
00091    public:
00092       Basic_Constraints* copy() const
00093          { return new Basic_Constraints(is_ca, path_limit); }
00094 
00095       Basic_Constraints(bool ca = false, size_t limit = 0) :
00096          is_ca(ca), path_limit(limit) {}
00097 
00098       bool get_is_ca() const { return is_ca; }
00099       size_t get_path_limit() const;
00100    private:
00101       std::string oid_name() const { return "X509v3.BasicConstraints"; }
00102 
00103       std::vector<byte> encode_inner() const;
00104       void decode_inner(const std::vector<byte>&);
00105       void contents_to(Data_Store&, Data_Store&) const;
00106 
00107       bool is_ca;
00108       size_t path_limit;
00109    };
00110 
00111 /**
00112 * Key Usage Constraints Extension
00113 */
00114 class BOTAN_DLL Key_Usage : public Certificate_Extension
00115    {
00116    public:
00117       Key_Usage* copy() const { return new Key_Usage(constraints); }
00118 
00119       Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : constraints(c) {}
00120 
00121       Key_Constraints get_constraints() const { return constraints; }
00122    private:
00123       std::string oid_name() const { return "X509v3.KeyUsage"; }
00124 
00125       bool should_encode() const { return (constraints != NO_CONSTRAINTS); }
00126       std::vector<byte> encode_inner() const;
00127       void decode_inner(const std::vector<byte>&);
00128       void contents_to(Data_Store&, Data_Store&) const;
00129 
00130       Key_Constraints constraints;
00131    };
00132 
00133 /**
00134 * Subject Key Identifier Extension
00135 */
00136 class BOTAN_DLL Subject_Key_ID : public Certificate_Extension
00137    {
00138    public:
00139       Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); }
00140 
00141       Subject_Key_ID() {}
00142       Subject_Key_ID(const std::vector<byte>&);
00143 
00144       std::vector<byte> get_key_id() const { return key_id; }
00145    private:
00146       std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; }
00147 
00148       bool should_encode() const { return (key_id.size() > 0); }
00149       std::vector<byte> encode_inner() const;
00150       void decode_inner(const std::vector<byte>&);
00151       void contents_to(Data_Store&, Data_Store&) const;
00152 
00153       std::vector<byte> key_id;
00154    };
00155 
00156 /**
00157 * Authority Key Identifier Extension
00158 */
00159 class BOTAN_DLL Authority_Key_ID : public Certificate_Extension
00160    {
00161    public:
00162       Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); }
00163 
00164       Authority_Key_ID() {}
00165       Authority_Key_ID(const std::vector<byte>& k) : key_id(k) {}
00166 
00167       std::vector<byte> get_key_id() const { return key_id; }
00168    private:
00169       std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; }
00170 
00171       bool should_encode() const { return (key_id.size() > 0); }
00172       std::vector<byte> encode_inner() const;
00173       void decode_inner(const std::vector<byte>&);
00174       void contents_to(Data_Store&, Data_Store&) const;
00175 
00176       std::vector<byte> key_id;
00177    };
00178 
00179 /**
00180 * Alternative Name Extension Base Class
00181 */
00182 class BOTAN_DLL Alternative_Name : public Certificate_Extension
00183    {
00184    public:
00185       AlternativeName get_alt_name() const { return alt_name; }
00186 
00187    protected:
00188       Alternative_Name(const AlternativeName&, const std::string& oid_name);
00189 
00190       Alternative_Name(const std::string&, const std::string&);
00191    private:
00192       std::string oid_name() const { return oid_name_str; }
00193 
00194       bool should_encode() const { return alt_name.has_items(); }
00195       std::vector<byte> encode_inner() const;
00196       void decode_inner(const std::vector<byte>&);
00197       void contents_to(Data_Store&, Data_Store&) const;
00198 
00199       std::string oid_name_str;
00200       AlternativeName alt_name;
00201    };
00202 
00203 /**
00204 * Subject Alternative Name Extension
00205 */
00206 class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name
00207    {
00208    public:
00209       Subject_Alternative_Name* copy() const
00210          { return new Subject_Alternative_Name(get_alt_name()); }
00211 
00212       Subject_Alternative_Name(const AlternativeName& = AlternativeName());
00213    };
00214 
00215 /**
00216 * Issuer Alternative Name Extension
00217 */
00218 class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name
00219    {
00220    public:
00221       Issuer_Alternative_Name* copy() const
00222          { return new Issuer_Alternative_Name(get_alt_name()); }
00223 
00224       Issuer_Alternative_Name(const AlternativeName& = AlternativeName());
00225    };
00226 
00227 /**
00228 * Extended Key Usage Extension
00229 */
00230 class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension
00231    {
00232    public:
00233       Extended_Key_Usage* copy() const { return new Extended_Key_Usage(oids); }
00234 
00235       Extended_Key_Usage() {}
00236       Extended_Key_Usage(const std::vector<OID>& o) : oids(o) {}
00237 
00238       std::vector<OID> get_oids() const { return oids; }
00239    private:
00240       std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; }
00241 
00242       bool should_encode() const { return (oids.size() > 0); }
00243       std::vector<byte> encode_inner() const;
00244       void decode_inner(const std::vector<byte>&);
00245       void contents_to(Data_Store&, Data_Store&) const;
00246 
00247       std::vector<OID> oids;
00248    };
00249 
00250 /**
00251 * Certificate Policies Extension
00252 */
00253 class BOTAN_DLL Certificate_Policies : public Certificate_Extension
00254    {
00255    public:
00256       Certificate_Policies* copy() const
00257          { return new Certificate_Policies(oids); }
00258 
00259       Certificate_Policies() {}
00260       Certificate_Policies(const std::vector<OID>& o) : oids(o) {}
00261 
00262       std::vector<OID> get_oids() const { return oids; }
00263    private:
00264       std::string oid_name() const { return "X509v3.CertificatePolicies"; }
00265 
00266       bool should_encode() const { return (oids.size() > 0); }
00267       std::vector<byte> encode_inner() const;
00268       void decode_inner(const std::vector<byte>&);
00269       void contents_to(Data_Store&, Data_Store&) const;
00270 
00271       std::vector<OID> oids;
00272    };
00273 
00274 class BOTAN_DLL Authority_Information_Access : public Certificate_Extension
00275    {
00276    public:
00277       Authority_Information_Access* copy() const
00278          { return new Authority_Information_Access(m_ocsp_responder); }
00279 
00280       Authority_Information_Access() {}
00281 
00282       Authority_Information_Access(const std::string& ocsp) :
00283          m_ocsp_responder(ocsp) {}
00284 
00285    private:
00286       std::string oid_name() const { return "PKIX.AuthorityInformationAccess"; }
00287 
00288       bool should_encode() const { return (m_ocsp_responder != ""); }
00289 
00290       std::vector<byte> encode_inner() const;
00291       void decode_inner(const std::vector<byte>&);
00292 
00293       void contents_to(Data_Store&, Data_Store&) const;
00294 
00295       std::string m_ocsp_responder;
00296    };
00297 
00298 /**
00299 * CRL Number Extension
00300 */
00301 class BOTAN_DLL CRL_Number : public Certificate_Extension
00302    {
00303    public:
00304       CRL_Number* copy() const;
00305 
00306       CRL_Number() : has_value(false), crl_number(0) {}
00307       CRL_Number(size_t n) : has_value(true), crl_number(n) {}
00308 
00309       size_t get_crl_number() const;
00310    private:
00311       std::string oid_name() const { return "X509v3.CRLNumber"; }
00312 
00313       bool should_encode() const { return has_value; }
00314       std::vector<byte> encode_inner() const;
00315       void decode_inner(const std::vector<byte>&);
00316       void contents_to(Data_Store&, Data_Store&) const;
00317 
00318       bool has_value;
00319       size_t crl_number;
00320    };
00321 
00322 /**
00323 * CRL Entry Reason Code Extension
00324 */
00325 class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension
00326    {
00327    public:
00328       CRL_ReasonCode* copy() const { return new CRL_ReasonCode(reason); }
00329 
00330       CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : reason(r) {}
00331 
00332       CRL_Code get_reason() const { return reason; }
00333    private:
00334       std::string oid_name() const { return "X509v3.ReasonCode"; }
00335 
00336       bool should_encode() const { return (reason != UNSPECIFIED); }
00337       std::vector<byte> encode_inner() const;
00338       void decode_inner(const std::vector<byte>&);
00339       void contents_to(Data_Store&, Data_Store&) const;
00340 
00341       CRL_Code reason;
00342    };
00343 
00344 /**
00345 * CRL Distribution Points Extension
00346 */
00347 class BOTAN_DLL CRL_Distribution_Points : public Certificate_Extension
00348    {
00349    public:
00350       class BOTAN_DLL Distribution_Point : public ASN1_Object
00351          {
00352          public:
00353             void encode_into(class DER_Encoder&) const;
00354             void decode_from(class BER_Decoder&);
00355 
00356             const AlternativeName& point() const { return m_point; }
00357          private:
00358             AlternativeName m_point;
00359          };
00360 
00361       CRL_Distribution_Points* copy() const
00362          { return new CRL_Distribution_Points(m_distribution_points); }
00363 
00364       CRL_Distribution_Points() {}
00365 
00366       CRL_Distribution_Points(const std::vector<Distribution_Point>& points) :
00367          m_distribution_points(points) {}
00368 
00369       std::vector<Distribution_Point> distribution_points() const
00370          { return m_distribution_points; }
00371 
00372    private:
00373       std::string oid_name() const { return "X509v3.CRLDistributionPoints"; }
00374 
00375       bool should_encode() const { return !m_distribution_points.empty(); }
00376 
00377       std::vector<byte> encode_inner() const;
00378       void decode_inner(const std::vector<byte>&);
00379       void contents_to(Data_Store&, Data_Store&) const;
00380 
00381       std::vector<Distribution_Point> m_distribution_points;
00382    };
00383 
00384 }
00385 
00386 }
00387 
00388 #endif