312namespace Cert_Extension {
320 throw Invalid_State(
"Basic_Constraints::get_path_limit: Not a CA");
327std::vector<uint8_t> Basic_Constraints::encode_inner()
const
329 std::vector<uint8_t> output;
335 .encode_optional(m_path_limit, NO_CERT_PATH_LIMIT)
344void Basic_Constraints::decode_inner(
const std::vector<uint8_t>& in)
359void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&)
const
361 subject.add(
"X509v3.BasicConstraints.is_ca", (m_is_ca ? 1 : 0));
362 subject.add(
"X509v3.BasicConstraints.path_constraint",
static_cast<uint32_t
>(m_path_limit));
368std::vector<uint8_t> Key_Usage::encode_inner()
const
371 throw Encoding_Error(
"Cannot encode zero usage constraints");
373 const size_t unused_bits =
ctz(
static_cast<uint32_t
>(m_constraints));
375 std::vector<uint8_t> der;
377 der.push_back(2 + ((unused_bits < 8) ? 1 : 0));
378 der.push_back(unused_bits % 8);
379 der.push_back((m_constraints >> 8) & 0xFF);
380 if(m_constraints & 0xFF)
381 der.push_back(m_constraints & 0xFF);
389void Key_Usage::decode_inner(
const std::vector<uint8_t>& in)
393 BER_Object obj = ber.get_next_object();
397 if(obj.length() != 2 && obj.length() != 3)
398 throw BER_Decoding_Error(
"Bad size for BITSTRING in usage constraint");
402 const uint8_t* bits = obj.bits();
405 throw BER_Decoding_Error(
"Invalid unused bits in usage constraint");
407 const uint8_t mask =
static_cast<uint8_t
>(0xFF << bits[0]);
409 if(obj.length() == 2)
413 else if(obj.length() == 3)
424void Key_Usage::contents_to(Data_Store& subject, Data_Store&)
const
426 subject.add(
"X509v3.KeyUsage", m_constraints);
432std::vector<uint8_t> Subject_Key_ID::encode_inner()
const
434 std::vector<uint8_t> output;
442void Subject_Key_ID::decode_inner(
const std::vector<uint8_t>& in)
444 BER_Decoder(in).decode(m_key_id,
OCTET_STRING).verify_end();
450void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&)
const
452 subject.add(
"X509v3.SubjectKeyIdentifier", m_key_id);
462 m_key_id.resize(
hash->output_length());
464 hash->update(pub_key);
465 hash->final(m_key_id.data());
468 const size_t max_skid_len = (192 / 8);
469 if(m_key_id.size() > max_skid_len)
470 m_key_id.resize(max_skid_len);
476std::vector<uint8_t> Authority_Key_ID::encode_inner()
const
478 std::vector<uint8_t> output;
489void Authority_Key_ID::decode_inner(
const std::vector<uint8_t>& in)
499void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer)
const
502 issuer.add(
"X509v3.AuthorityKeyIdentifier", m_key_id);
508std::vector<uint8_t> Subject_Alternative_Name::encode_inner()
const
510 std::vector<uint8_t> output;
511 DER_Encoder(output).encode(m_alt_name);
518std::vector<uint8_t> Issuer_Alternative_Name::encode_inner()
const
520 std::vector<uint8_t> output;
521 DER_Encoder(output).encode(m_alt_name);
528void Subject_Alternative_Name::decode_inner(
const std::vector<uint8_t>& in)
530 BER_Decoder(in).
decode(m_alt_name);
536void Issuer_Alternative_Name::decode_inner(
const std::vector<uint8_t>& in)
538 BER_Decoder(in).
decode(m_alt_name);
544void Subject_Alternative_Name::contents_to(Data_Store& subject_info,
553void Issuer_Alternative_Name::contents_to(Data_Store&, Data_Store& issuer_info)
const
561std::vector<uint8_t> Extended_Key_Usage::encode_inner()
const
563 std::vector<uint8_t> output;
574void Extended_Key_Usage::decode_inner(
const std::vector<uint8_t>& in)
582void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&)
const
584 for(
size_t i = 0; i != m_oids.size(); ++i)
585 subject.add(
"X509v3.ExtendedKeyUsage", m_oids[i].to_string());
591std::vector<uint8_t> Name_Constraints::encode_inner()
const
593 throw Not_Implemented(
"Name_Constraints encoding");
600void Name_Constraints::decode_inner(
const std::vector<uint8_t>& in)
602 std::vector<GeneralSubtree> permit, exclude;
604 BER_Decoder ext = ber.start_cons(
SEQUENCE);
605 BER_Object per = ext.get_next_object();
612 throw Encoding_Error(
"Empty Name Contraint list");
615 BER_Object exc = ext.get_next_object();
621 throw Encoding_Error(
"Empty Name Contraint list");
626 if(permit.empty() && exclude.empty())
627 throw Encoding_Error(
"Empty Name Contraint extension");
629 m_name_constraints = NameConstraints(std::move(permit),std::move(exclude));
635void Name_Constraints::contents_to(Data_Store& subject, Data_Store&)
const
637 std::stringstream ss;
639 for(
const GeneralSubtree& gs: m_name_constraints.permitted())
642 subject.add(
"X509v3.NameConstraints.permitted", ss.str());
643 ss.str(std::string());
645 for(
const GeneralSubtree& gs: m_name_constraints.excluded())
648 subject.add(
"X509v3.NameConstraints.excluded", ss.str());
649 ss.str(std::string());
654 const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
655 std::vector<std::set<Certificate_Status_Code>>& cert_status,
658 if(!m_name_constraints.
permitted().empty() || !m_name_constraints.
excluded().empty())
665 const bool issuer_name_constraint_critical =
669 for(
size_t j = 0; j < pos; ++j)
671 bool permitted = m_name_constraints.
permitted().empty();
674 for(
auto c: m_name_constraints.
permitted())
676 switch(c.base().matches(*cert_path.at(j)))
683 failed = issuer_name_constraint_critical;
691 for(
auto c: m_name_constraints.
excluded())
693 switch(c.base().matches(*cert_path.at(j)))
700 failed = issuer_name_constraint_critical;
707 if(failed || !permitted)
723 Policy_Information() =
default;
724 explicit Policy_Information(
const OID& oid) : m_oid(oid) {}
726 const OID& oid()
const {
return m_oid; }
728 void encode_into(DER_Encoder& codec)
const override
735 void decode_from(BER_Decoder& codec)
override
752std::vector<uint8_t> Certificate_Policies::encode_inner()
const
754 std::vector<Policy_Information> policies;
756 for(
size_t i = 0; i != m_oids.size(); ++i)
757 policies.push_back(Policy_Information(m_oids[i]));
759 std::vector<uint8_t> output;
762 .encode_list(policies)
770void Certificate_Policies::decode_inner(
const std::vector<uint8_t>& in)
772 std::vector<Policy_Information> policies;
774 BER_Decoder(in).decode_list(policies);
776 for(
size_t i = 0; i != policies.size(); ++i)
777 m_oids.push_back(policies[i].oid());
783void Certificate_Policies::contents_to(Data_Store& info, Data_Store&)
const
785 for(
size_t i = 0; i != m_oids.size(); ++i)
786 info.add(
"X509v3.CertificatePolicies", m_oids[i].to_string());
792 const std::vector<std::shared_ptr<const X509_Certificate>>& ,
793 std::vector<std::set<Certificate_Status_Code>>& cert_status,
796 std::set<OID> oid_set(m_oids.begin(), m_oids.end());
797 if(oid_set.size() != m_oids.size())
803std::vector<uint8_t> Authority_Information_Access::encode_inner()
const
807 std::vector<uint8_t> output;
818void Authority_Information_Access::decode_inner(
const std::vector<uint8_t>& in)
852void Authority_Information_Access::contents_to(Data_Store& subject, Data_Store&)
const
854 if(!m_ocsp_responder.empty())
855 subject.add(
"OCSP.responder", m_ocsp_responder);
856 for(
const std::string& ca_issuer : m_ca_issuers)
857 subject.add(
"PKIX.CertificateAuthorityIssuers", ca_issuer);
883std::vector<uint8_t> CRL_Number::encode_inner()
const
885 std::vector<uint8_t> output;
893void CRL_Number::decode_inner(
const std::vector<uint8_t>& in)
902void CRL_Number::contents_to(Data_Store& info, Data_Store&)
const
904 info.add(
"X509v3.CRLNumber",
static_cast<uint32_t
>(m_crl_number));
910std::vector<uint8_t> CRL_ReasonCode::encode_inner()
const
912 std::vector<uint8_t> output;
920void CRL_ReasonCode::decode_inner(
const std::vector<uint8_t>& in)
922 size_t reason_code = 0;
924 m_reason =
static_cast<CRL_Code>(reason_code);
930void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&)
const
932 info.add(
"X509v3.CRLReasonCode", m_reason);
935std::vector<uint8_t> CRL_Distribution_Points::encode_inner()
const
937 throw Not_Implemented(
"CRL_Distribution_Points encoding");
940void CRL_Distribution_Points::decode_inner(
const std::vector<uint8_t>& buf)
943 .decode_list(m_distribution_points)
946 std::stringstream ss;
948 for(
size_t i = 0; i != m_distribution_points.size(); ++i)
950 auto contents = m_distribution_points[i].point().contents();
952 for(
const auto& pair : contents)
954 ss << pair.first <<
": " << pair.second <<
" ";
958 m_crl_distribution_urls.push_back(ss.str());
961void CRL_Distribution_Points::contents_to(Data_Store& subject, Data_Store&)
const
963 for(
const std::string& crl_url : m_crl_distribution_urls)
964 subject.add(
"CRL.DistributionPoint", crl_url);
982std::vector<uint8_t> CRL_Issuing_Distribution_Point::encode_inner()
const
987void CRL_Issuing_Distribution_Point::decode_inner(
const std::vector<uint8_t>& buf)
994 auto contents = m_distribution_point.point().contents();
995 std::stringstream ss;
997 for(
const auto& pair : contents)
999 ss << pair.first <<
": " << pair.second <<
" ";
1002 info.
add(
"X509v3.CRLIssuingDistributionPoint", ss.str());
1005std::vector<uint8_t> Unknown_Extension::encode_inner()
const
1010void Unknown_Extension::decode_inner(
const std::vector<uint8_t>& bytes)
1016void Unknown_Extension::contents_to(Data_Store&, Data_Store&)
const