diff options
author | lloyd <[email protected]> | 2006-07-31 03:30:23 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2006-07-31 03:30:23 +0000 |
commit | bc7e4f4e47197f2f3573b256f74edf4d61a47348 (patch) | |
tree | c16a0d6ba0fa81f60ecbd86505680fea25ca6402 | |
parent | 64222356ca5a9ce94d27811d158adab5b813bd4b (diff) |
Move include of x509_ext.h to x509_ca.h, instead of using forward
declaration.
Remove not_before and not_after variables, as they were only used once.
Use the computed Key_Constraints value when signing a new certificate.
-rw-r--r-- | include/x509_ca.h | 3 | ||||
-rw-r--r-- | src/x509_ca.cpp | 21 |
2 files changed, 10 insertions, 14 deletions
diff --git a/include/x509_ca.h b/include/x509_ca.h index f799b05d8..e1c31b09a 100644 --- a/include/x509_ca.h +++ b/include/x509_ca.h @@ -8,6 +8,7 @@ #include <botan/x509cert.h> #include <botan/x509_crl.h> +#include <botan/x509_ext.h> #include <botan/pkcs8.h> #include <botan/pkcs10.h> #include <botan/pubkey.h> @@ -32,7 +33,7 @@ class X509_CA const MemoryRegion<byte>&, const X509_Time&, const X509_Time&, const X509_DN&, const X509_DN&, - const class Extensions&); + const Extensions&); X509_CA(const X509_Certificate&, const PKCS8_PrivateKey&); ~X509_CA(); diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index fa4b7cf92..7e556f164 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -4,7 +4,6 @@ *************************************************/ #include <botan/x509_ca.h> -#include <botan/x509_ext.h> #include <botan/x509stor.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -64,25 +63,15 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, constraints = X509::find_constraints(*key, req.constraints()); } - if(expire_time == 0) - expire_time = global_config().option_as_time("x509/ca/default_expire"); - - const u64bit current_time = system_time(); - - X509_Time not_before(current_time); - X509_Time not_after(current_time + expire_time); - Extensions extensions; - // POLICY: which extensions extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); - extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.add( new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit())); - extensions.add(new Cert_Extension::Key_Usage(req.constraints())); + extensions.add(new Cert_Extension::Key_Usage(constraints)); extensions.add( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); @@ -94,8 +83,14 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, new Cert_Extension::Issuer_Alternative_Name(issuer_alt)); */ + if(expire_time == 0) + expire_time = global_config().option_as_time("x509/ca/default_expire"); + + const u64bit current_time = system_time(); + return make_cert(signer, ca_sig_algo, req.raw_public_key(), - not_before, not_after, + X509_Time(current_time), + X509_Time(current_time + expire_time), cert.subject_dn(), req.subject_dn(), extensions); } |