diff options
Diffstat (limited to 'src/lib/cert/x509/x509cert.h')
-rw-r--r-- | src/lib/cert/x509/x509cert.h | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h index c521cf7ca..eb98f9c3d 100644 --- a/src/lib/cert/x509/x509cert.h +++ b/src/lib/cert/x509/x509cert.h @@ -33,7 +33,7 @@ enum class Usage_Type /** * This class represents X.509 Certificate */ -class BOTAN_DLL X509_Certificate final : public X509_Object +class BOTAN_DLL X509_Certificate : public X509_Object { public: /** @@ -140,17 +140,39 @@ class BOTAN_DLL X509_Certificate final : public X509_Object */ bool is_CA_cert() const; + /** + * Returns true if the specified @param usage is set in the key usage extension + * or if no key usage constraints are set at all. + * To check if a certain key constraint is set in the certificate + * use @see X509_Certificate#has_constraints. + */ bool allowed_usage(Key_Constraints usage) const; /** - * Returns true if and only if name (referring to an extended key - * constraint, eg "PKIX.ServerAuth") is included in the extended - * key extension. + * Returns true if the specified @param usage is set in the extended key usage extension + * or if no extended key usage constraints are set at all. + * To check if a certain extended key constraint is set in the certificate + * use @see X509_Certificate#has_ex_constraint. */ - bool allowed_usage(const std::string& usage) const; + bool allowed_extended_usage(const std::string& usage) const; + /** + * Returns true if the required key and extended key constraints are set in the certificate + * for the specified @param usage or if no key constraints are set in both the key usage + * and extended key usage extension. + */ bool allowed_usage(Usage_Type usage) const; + /// Returns true if the specified @param constraints are included in the key usage extension. + bool has_constraints(Key_Constraints constraints) const; + + /** + * Returns true if and only if @param ex_constraint (referring to an extended key + * constraint, eg "PKIX.ServerAuth") is included in the extended + * key extension. + */ + bool has_ex_constraint(const std::string& ex_constraint) const; + /** * Get the path limit as defined in the BasicConstraints extension of * this certificate. |