aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2006-07-31 03:30:23 +0000
committerlloyd <[email protected]>2006-07-31 03:30:23 +0000
commitbc7e4f4e47197f2f3573b256f74edf4d61a47348 (patch)
treec16a0d6ba0fa81f60ecbd86505680fea25ca6402
parent64222356ca5a9ce94d27811d158adab5b813bd4b (diff)
Move include of x509_ext.h to x509_ca.h, instead of using forward
declaration. Remove not_before and not_after variables, as they were only used once. Use the computed Key_Constraints value when signing a new certificate.
-rw-r--r--include/x509_ca.h3
-rw-r--r--src/x509_ca.cpp21
2 files changed, 10 insertions, 14 deletions
diff --git a/include/x509_ca.h b/include/x509_ca.h
index f799b05d8..e1c31b09a 100644
--- a/include/x509_ca.h
+++ b/include/x509_ca.h
@@ -8,6 +8,7 @@
#include <botan/x509cert.h>
#include <botan/x509_crl.h>
+#include <botan/x509_ext.h>
#include <botan/pkcs8.h>
#include <botan/pkcs10.h>
#include <botan/pubkey.h>
@@ -32,7 +33,7 @@ class X509_CA
const MemoryRegion<byte>&,
const X509_Time&, const X509_Time&,
const X509_DN&, const X509_DN&,
- const class Extensions&);
+ const Extensions&);
X509_CA(const X509_Certificate&, const PKCS8_PrivateKey&);
~X509_CA();
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp
index fa4b7cf92..7e556f164 100644
--- a/src/x509_ca.cpp
+++ b/src/x509_ca.cpp
@@ -4,7 +4,6 @@
*************************************************/
#include <botan/x509_ca.h>
-#include <botan/x509_ext.h>
#include <botan/x509stor.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
@@ -64,25 +63,15 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
constraints = X509::find_constraints(*key, req.constraints());
}
- if(expire_time == 0)
- expire_time = global_config().option_as_time("x509/ca/default_expire");
-
- const u64bit current_time = system_time();
-
- X509_Time not_before(current_time);
- X509_Time not_after(current_time + expire_time);
-
Extensions extensions;
- // POLICY: which extensions
extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
-
extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key()));
extensions.add(
new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()));
- extensions.add(new Cert_Extension::Key_Usage(req.constraints()));
+ extensions.add(new Cert_Extension::Key_Usage(constraints));
extensions.add(
new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));
@@ -94,8 +83,14 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
new Cert_Extension::Issuer_Alternative_Name(issuer_alt));
*/
+ if(expire_time == 0)
+ expire_time = global_config().option_as_time("x509/ca/default_expire");
+
+ const u64bit current_time = system_time();
+
return make_cert(signer, ca_sig_algo, req.raw_public_key(),
- not_before, not_after,
+ X509_Time(current_time),
+ X509_Time(current_time + expire_time),
cert.subject_dn(), req.subject_dn(),
extensions);
}