aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509/x509cert.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/cert/x509/x509cert.h')
-rw-r--r--src/lib/cert/x509/x509cert.h32
1 files changed, 27 insertions, 5 deletions
diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h
index c521cf7ca..eb98f9c3d 100644
--- a/src/lib/cert/x509/x509cert.h
+++ b/src/lib/cert/x509/x509cert.h
@@ -33,7 +33,7 @@ enum class Usage_Type
/**
* This class represents X.509 Certificate
*/
-class BOTAN_DLL X509_Certificate final : public X509_Object
+class BOTAN_DLL X509_Certificate : public X509_Object
{
public:
/**
@@ -140,17 +140,39 @@ class BOTAN_DLL X509_Certificate final : public X509_Object
*/
bool is_CA_cert() const;
+ /**
+ * Returns true if the specified @param usage is set in the key usage extension
+ * or if no key usage constraints are set at all.
+ * To check if a certain key constraint is set in the certificate
+ * use @see X509_Certificate#has_constraints.
+ */
bool allowed_usage(Key_Constraints usage) const;
/**
- * Returns true if and only if name (referring to an extended key
- * constraint, eg "PKIX.ServerAuth") is included in the extended
- * key extension.
+ * Returns true if the specified @param usage is set in the extended key usage extension
+ * or if no extended key usage constraints are set at all.
+ * To check if a certain extended key constraint is set in the certificate
+ * use @see X509_Certificate#has_ex_constraint.
*/
- bool allowed_usage(const std::string& usage) const;
+ bool allowed_extended_usage(const std::string& usage) const;
+ /**
+ * Returns true if the required key and extended key constraints are set in the certificate
+ * for the specified @param usage or if no key constraints are set in both the key usage
+ * and extended key usage extension.
+ */
bool allowed_usage(Usage_Type usage) const;
+ /// Returns true if the specified @param constraints are included in the key usage extension.
+ bool has_constraints(Key_Constraints constraints) const;
+
+ /**
+ * Returns true if and only if @param ex_constraint (referring to an extended key
+ * constraint, eg "PKIX.ServerAuth") is included in the extended
+ * key extension.
+ */
+ bool has_ex_constraint(const std::string& ex_constraint) const;
+
/**
* Get the path limit as defined in the BasicConstraints extension of
* this certificate.