1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/*
* (C) 2013 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_X509_PKIX_ENUMS_H_
#define BOTAN_X509_PKIX_ENUMS_H_
#include <botan/types.h>
namespace Botan {
/**
* Certificate validation status code
*/
enum class Certificate_Status_Code {
OK = 0,
VERIFIED = 0,
// Revocation status
OCSP_RESPONSE_GOOD = 1,
OCSP_SIGNATURE_OK = 2,
VALID_CRL_CHECKED = 3,
OCSP_NO_HTTP = 4,
// Warnings
FIRST_WARNING_STATUS = 500,
CERT_SERIAL_NEGATIVE = 500,
DN_TOO_LONG = 501,
OCSP_NO_REVOCATION_URL = 502,
OCSP_SERVER_NOT_AVAILABLE = 503,
// Typo versions of above - will be removed in future major release
OSCP_NO_REVOCATION_URL = 502,
OSCP_SERVER_NOT_AVAILABLE = 503,
// Errors
FIRST_ERROR_STATUS = 1000,
SIGNATURE_METHOD_TOO_WEAK = 1000,
UNTRUSTED_HASH = 1001,
NO_REVOCATION_DATA = 1002,
NO_MATCHING_CRLDP = 1003,
// Time problems
CERT_NOT_YET_VALID = 2000,
CERT_HAS_EXPIRED = 2001,
OCSP_NOT_YET_VALID = 2002,
OCSP_HAS_EXPIRED = 2003,
CRL_NOT_YET_VALID = 2004,
CRL_HAS_EXPIRED = 2005,
OCSP_IS_TOO_OLD = 2006,
// Chain generation problems
CERT_ISSUER_NOT_FOUND = 3000,
CANNOT_ESTABLISH_TRUST = 3001,
CERT_CHAIN_LOOP = 3002,
CHAIN_LACKS_TRUST_ROOT = 3003,
CHAIN_NAME_MISMATCH = 3004,
// Validation errors
POLICY_ERROR = 4000,
INVALID_USAGE = 4001,
CERT_CHAIN_TOO_LONG = 4002,
CA_CERT_NOT_FOR_CERT_ISSUER = 4003,
NAME_CONSTRAINT_ERROR = 4004,
// Revocation errors
CA_CERT_NOT_FOR_CRL_ISSUER = 4005,
OCSP_CERT_NOT_LISTED = 4006,
OCSP_BAD_STATUS = 4007,
// Other problems
CERT_NAME_NOMATCH = 4008,
UNKNOWN_CRITICAL_EXTENSION = 4009,
DUPLICATE_CERT_EXTENSION = 4010,
OCSP_SIGNATURE_ERROR = 4501,
OCSP_ISSUER_NOT_FOUND = 4502,
OCSP_RESPONSE_MISSING_KEYUSAGE = 4503,
OCSP_RESPONSE_INVALID = 4504,
EXT_IN_V1_V2_CERT = 4505,
DUPLICATE_CERT_POLICY = 4506,
V2_IDENTIFIERS_IN_V1_CERT = 4507,
// Hard failures
CERT_IS_REVOKED = 5000,
CRL_BAD_SIGNATURE = 5001,
SIGNATURE_ERROR = 5002,
CERT_PUBKEY_INVALID = 5003,
SIGNATURE_ALGO_UNKNOWN = 5004,
SIGNATURE_ALGO_BAD_PARAMS = 5005
};
/**
* Convert a status code to a human readable diagnostic message
* @param code the certifcate status
* @return string literal constant, or nullptr if code unknown
*/
BOTAN_PUBLIC_API(2,0) const char* to_string(Certificate_Status_Code code);
/**
* X.509v3 Key Constraints.
* If updating update copy in ffi.h
*/
enum Key_Constraints {
NO_CONSTRAINTS = 0,
DIGITAL_SIGNATURE = 1 << 15,
NON_REPUDIATION = 1 << 14,
KEY_ENCIPHERMENT = 1 << 13,
DATA_ENCIPHERMENT = 1 << 12,
KEY_AGREEMENT = 1 << 11,
KEY_CERT_SIGN = 1 << 10,
CRL_SIGN = 1 << 9,
ENCIPHER_ONLY = 1 << 8,
DECIPHER_ONLY = 1 << 7
};
/**
* X.509v2 CRL Reason Code.
* This will become an enum class in a future major release
*/
enum CRL_Code : uint32_t {
UNSPECIFIED = 0,
KEY_COMPROMISE = 1,
CA_COMPROMISE = 2,
AFFILIATION_CHANGED = 3,
SUPERSEDED = 4,
CESSATION_OF_OPERATION = 5,
CERTIFICATE_HOLD = 6,
REMOVE_FROM_CRL = 8,
PRIVLEDGE_WITHDRAWN = 9,
PRIVILEGE_WITHDRAWN = 9,
AA_COMPROMISE = 10,
DELETE_CRL_ENTRY = 0xFF00,
OCSP_GOOD = 0xFF01,
OCSP_UNKNOWN = 0xFF02
};
}
#endif
|
