Botan 2.19.4
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Cert_Extension::Name_Constraints Class Referencefinal

#include <x509_ext.h>

Inheritance diagram for Botan::Cert_Extension::Name_Constraints:
Botan::Certificate_Extension

Public Member Functions

Name_Constraintscopy () const override
 
const NameConstraintsget_name_constraints () const
 
 Name_Constraints ()=default
 
 Name_Constraints (const NameConstraints &nc)
 
OID oid_of () const override
 
void validate (const X509_Certificate &subject, const X509_Certificate &issuer, const std::vector< std::shared_ptr< const X509_Certificate > > &cert_path, std::vector< std::set< Certificate_Status_Code > > &cert_status, size_t pos) override
 

Static Public Member Functions

static OID static_oid ()
 

Detailed Description

Name Constraints

Definition at line 230 of file x509_ext.h.

Constructor & Destructor Documentation

◆ Name_Constraints() [1/2]

Botan::Cert_Extension::Name_Constraints::Name_Constraints ( )
default

◆ Name_Constraints() [2/2]

Botan::Cert_Extension::Name_Constraints::Name_Constraints ( const NameConstraints nc)
inline

Definition at line 237 of file x509_ext.h.

237: m_name_constraints(nc) {}

Member Function Documentation

◆ copy()

Name_Constraints * Botan::Cert_Extension::Name_Constraints::copy ( ) const
inlineoverridevirtual

Make a copy of this extension

Returns
copy of this

Implements Botan::Certificate_Extension.

Definition at line 233 of file x509_ext.h.

234 { return new Name_Constraints(m_name_constraints); }

◆ get_name_constraints()

const NameConstraints & Botan::Cert_Extension::Name_Constraints::get_name_constraints ( ) const
inline

Definition at line 244 of file x509_ext.h.

244{ return m_name_constraints; }

◆ oid_of()

OID Botan::Cert_Extension::Name_Constraints::oid_of ( ) const
inlineoverridevirtual
Returns
OID representing this extension

Implements Botan::Certificate_Extension.

Definition at line 247 of file x509_ext.h.

247{ return static_oid(); }

◆ static_oid()

static OID Botan::Cert_Extension::Name_Constraints::static_oid ( )
inlinestatic

Definition at line 246 of file x509_ext.h.

246{ return OID("2.5.29.30"); }

◆ validate()

void Botan::Cert_Extension::Name_Constraints::validate ( const X509_Certificate subject,
const X509_Certificate issuer,
const std::vector< std::shared_ptr< const X509_Certificate > > &  cert_path,
std::vector< std::set< Certificate_Status_Code > > &  cert_status,
size_t  pos 
)
overridevirtual

Reimplemented from Botan::Certificate_Extension.

Definition at line 654 of file x509_ext.cpp.

658 {
659 if(!m_name_constraints.permitted().empty() || !m_name_constraints.excluded().empty())
660 {
661 if(!subject.is_CA_cert())
662 {
663 cert_status.at(pos).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
664 }
665
666 const bool issuer_name_constraint_critical =
667 issuer.is_critical("X509v3.NameConstraints");
668
669 // Check that all subordinate certs pass the name constraint
670 for(size_t j = 0; j < pos; ++j)
671 {
672 bool permitted = m_name_constraints.permitted().empty();
673 bool failed = false;
674
675 for(auto c: m_name_constraints.permitted())
676 {
677 switch(c.base().matches(*cert_path.at(j)))
678 {
679 case GeneralName::MatchResult::NotFound:
680 case GeneralName::MatchResult::All:
681 permitted = true;
682 break;
683 case GeneralName::MatchResult::UnknownType:
684 failed = issuer_name_constraint_critical;
685 permitted = true;
686 break;
687 default:
688 break;
689 }
690 }
691
692 for(auto c: m_name_constraints.excluded())
693 {
694 switch(c.base().matches(*cert_path.at(j)))
695 {
696 case GeneralName::MatchResult::All:
697 case GeneralName::MatchResult::Some:
698 failed = true;
699 break;
700 case GeneralName::MatchResult::UnknownType:
701 failed = issuer_name_constraint_critical;
702 break;
703 default:
704 break;
705 }
706 }
707
708 if(failed || !permitted)
709 {
710 cert_status.at(j).insert(Certificate_Status_Code::NAME_CONSTRAINT_ERROR);
711 }
712 }
713 }
714 }
const std::vector< GeneralSubtree > & permitted() const
Definition: pkix_types.h:335
const std::vector< GeneralSubtree > & excluded() const
Definition: pkix_types.h:340

References Botan::NameConstraints::excluded(), Botan::X509_Certificate::is_CA_cert(), Botan::X509_Certificate::is_critical(), Botan::NAME_CONSTRAINT_ERROR, and Botan::NameConstraints::permitted().


The documentation for this class was generated from the following files: