diff options
| author | lloyd <[email protected]> | 2008-09-28 19:16:15 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2008-09-28 19:16:15 +0000 |
| commit | 8534c9a67226ccffe7acbefbf3905aba10e88de3 (patch) | |
| tree | 536e96a8b2763515104d6c90abddd3eb8aa74b19 /include | |
| parent | 26ad026e8eb0521a9fb2f313f07f8fc7222d2ea8 (diff) | |
Create an x509 module containing all of the X509 certificate and CA
code as well as the code for handling PKCS #10 requests.
Diffstat (limited to 'include')
| -rw-r--r-- | include/certstor.h | 37 | ||||
| -rw-r--r-- | include/crl_ent.h | 44 | ||||
| -rw-r--r-- | include/pkcs10.h | 46 | ||||
| -rw-r--r-- | include/x509_ca.h | 68 | ||||
| -rw-r--r-- | include/x509_crl.h | 46 | ||||
| -rw-r--r-- | include/x509_ext.h | 315 | ||||
| -rw-r--r-- | include/x509_obj.h | 56 | ||||
| -rw-r--r-- | include/x509cert.h | 72 | ||||
| -rw-r--r-- | include/x509find.h | 58 | ||||
| -rw-r--r-- | include/x509self.h | 75 | ||||
| -rw-r--r-- | include/x509stor.h | 137 |
11 files changed, 0 insertions, 954 deletions
diff --git a/include/certstor.h b/include/certstor.h deleted file mode 100644 index ca0480496..000000000 --- a/include/certstor.h +++ /dev/null @@ -1,37 +0,0 @@ -/************************************************* -* Certificate Store Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_CERT_STORE_H__ -#define BOTAN_CERT_STORE_H__ - -#include <botan/x509cert.h> -#include <botan/x509_crl.h> - -namespace Botan { - -/************************************************* -* Certificate Store Interface * -*************************************************/ -class BOTAN_DLL Certificate_Store - { - public: - virtual std::vector<X509_Certificate> - by_SKID(const MemoryRegion<byte>&) const = 0; - - virtual std::vector<X509_Certificate> by_name(const std::string&) const; - virtual std::vector<X509_Certificate> by_email(const std::string&) const; - virtual std::vector<X509_Certificate> by_dn(const X509_DN&) const; - - virtual std::vector<X509_CRL> - get_crls_for(const X509_Certificate&) const; - - virtual Certificate_Store* clone() const = 0; - - virtual ~Certificate_Store() {} - }; - -} - -#endif diff --git a/include/crl_ent.h b/include/crl_ent.h deleted file mode 100644 index 05a9338b3..000000000 --- a/include/crl_ent.h +++ /dev/null @@ -1,44 +0,0 @@ -/************************************************* -* CRL Entry Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_CRL_ENTRY_H__ -#define BOTAN_CRL_ENTRY_H__ - -#include <botan/x509cert.h> - -namespace Botan { - -/************************************************* -* CRL Entry * -*************************************************/ -class BOTAN_DLL CRL_Entry : public ASN1_Object - { - public: - void encode_into(class DER_Encoder&) const; - void decode_from(class BER_Decoder&); - - MemoryVector<byte> serial_number() const { return serial; } - X509_Time expire_time() const { return time; } - CRL_Code reason_code() const { return reason; } - - CRL_Entry(); - CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED); - - private: - MemoryVector<byte> serial; - X509_Time time; - CRL_Code reason; - }; - -/************************************************* -* Comparison Operations * -*************************************************/ -BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&); -BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&); -BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&); - -} - -#endif diff --git a/include/pkcs10.h b/include/pkcs10.h deleted file mode 100644 index f688688ee..000000000 --- a/include/pkcs10.h +++ /dev/null @@ -1,46 +0,0 @@ -/************************************************* -* PKCS #10 Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_PKCS10_H__ -#define BOTAN_PKCS10_H__ - -#include <botan/x509_obj.h> -#include <botan/pkcs8.h> -#include <botan/datastor.h> -#include <vector> - -namespace Botan { - -/************************************************* -* PKCS #10 Certificate Request * -*************************************************/ -class BOTAN_DLL PKCS10_Request : public X509_Object - { - public: - Public_Key* subject_public_key() const; - - MemoryVector<byte> raw_public_key() const; - X509_DN subject_dn() const; - AlternativeName subject_alt_name() const; - Key_Constraints constraints() const; - std::vector<OID> ex_constraints() const; - - bool is_CA() const; - u32bit path_limit() const; - - std::string challenge_password() const; - - PKCS10_Request(DataSource&); - PKCS10_Request(const std::string&); - private: - void force_decode(); - void handle_attribute(const Attribute&); - - Data_Store info; - }; - -} - -#endif diff --git a/include/x509_ca.h b/include/x509_ca.h deleted file mode 100644 index 969e62558..000000000 --- a/include/x509_ca.h +++ /dev/null @@ -1,68 +0,0 @@ -/************************************************* -* X.509 Certificate Authority Header File * -* (C) 1999-2008 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_CA_H__ -#define BOTAN_X509_CA_H__ - -#include <botan/x509cert.h> -#include <botan/x509_crl.h> -#include <botan/x509_ext.h> -#include <botan/pkcs8.h> -#include <botan/pkcs10.h> -#include <botan/pubkey.h> - -namespace Botan { - -/************************************************* -* X.509 Certificate Authority * -*************************************************/ -class BOTAN_DLL X509_CA - { - public: - X509_Certificate sign_request(const PKCS10_Request& req, - RandomNumberGenerator& rng, - const X509_Time& not_before, - const X509_Time& not_after); - - X509_Certificate ca_certificate() const; - - X509_CRL new_crl(RandomNumberGenerator& rng, u32bit = 0) const; - X509_CRL update_crl(const X509_CRL&, - const std::vector<CRL_Entry>&, - RandomNumberGenerator& rng, - u32bit = 0) const; - - static X509_Certificate make_cert(PK_Signer*, - RandomNumberGenerator&, - const AlgorithmIdentifier&, - const MemoryRegion<byte>&, - const X509_Time&, const X509_Time&, - const X509_DN&, const X509_DN&, - const Extensions&); - - X509_CA(const X509_Certificate&, const Private_Key&); - ~X509_CA(); - private: - X509_CA(const X509_CA&) {} - X509_CA& operator=(const X509_CA&) { return (*this); } - - X509_CRL make_crl(const std::vector<CRL_Entry>&, - u32bit, u32bit, RandomNumberGenerator&) const; - - AlgorithmIdentifier ca_sig_algo; - X509_Certificate cert; - PK_Signer* signer; - }; - -/************************************************* -* Choose a signing format for the key * -*************************************************/ -BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key&, - AlgorithmIdentifier&); - - -} - -#endif diff --git a/include/x509_crl.h b/include/x509_crl.h deleted file mode 100644 index f7623b940..000000000 --- a/include/x509_crl.h +++ /dev/null @@ -1,46 +0,0 @@ -/************************************************* -* X.509 CRL Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_CRL_H__ -#define BOTAN_X509_CRL_H__ - -#include <botan/x509_obj.h> -#include <botan/crl_ent.h> -#include <vector> - -namespace Botan { - -/************************************************* -* X.509 CRL * -*************************************************/ -class BOTAN_DLL X509_CRL : public X509_Object - { - public: - struct X509_CRL_Error : public Exception - { - X509_CRL_Error(const std::string& error) : - Exception("X509_CRL: " + error) {} - }; - - std::vector<CRL_Entry> get_revoked() const; - - X509_DN issuer_dn() const; - MemoryVector<byte> authority_key_id() const; - - u32bit crl_number() const; - X509_Time this_update() const; - X509_Time next_update() const; - - X509_CRL(DataSource&); - X509_CRL(const std::string&); - private: - void force_decode(); - std::vector<CRL_Entry> revoked; - Data_Store info; - }; - -} - -#endif diff --git a/include/x509_ext.h b/include/x509_ext.h deleted file mode 100644 index 5b302df0d..000000000 --- a/include/x509_ext.h +++ /dev/null @@ -1,315 +0,0 @@ -/************************************************* -* X.509 Certificate Extensions Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_EXTENSIONS_H__ -#define BOTAN_X509_EXTENSIONS_H__ - -#include <botan/asn1_int.h> -#include <botan/asn1_oid.h> -#include <botan/asn1_obj.h> -#include <botan/datastor.h> -#include <botan/enums.h> - -namespace Botan { - -/************************************************* -* X.509 Certificate Extension * -*************************************************/ -class BOTAN_DLL Certificate_Extension - { - public: - OID oid_of() const; - - virtual Certificate_Extension* copy() const = 0; - - virtual void contents_to(Data_Store&, Data_Store&) const = 0; - virtual std::string config_id() const = 0; - virtual std::string oid_name() const = 0; - - virtual ~Certificate_Extension() {} - protected: - friend class Extensions; - virtual bool should_encode() const { return true; } - virtual MemoryVector<byte> encode_inner() const = 0; - virtual void decode_inner(const MemoryRegion<byte>&) = 0; - }; - -/************************************************* -* X.509 Certificate Extension List * -*************************************************/ -class BOTAN_DLL Extensions : public ASN1_Object - { - public: - void encode_into(class DER_Encoder&) const; - void decode_from(class BER_Decoder&); - - void contents_to(Data_Store&, Data_Store&) const; - - void add(Certificate_Extension* extn) - { extensions.push_back(extn); } - - Extensions& operator=(const Extensions&); - - Extensions(const Extensions&); - Extensions(bool st = true) : should_throw(st) {} - ~Extensions(); - private: - static Certificate_Extension* get_extension(const OID&); - - std::vector<Certificate_Extension*> extensions; - bool should_throw; - }; - -namespace Cert_Extension { - -/************************************************* -* Basic Constraints Extension * -*************************************************/ -class BOTAN_DLL Basic_Constraints : public Certificate_Extension - { - public: - Basic_Constraints* copy() const - { return new Basic_Constraints(is_ca, path_limit); } - - Basic_Constraints(bool ca = false, u32bit limit = 0) : - is_ca(ca), path_limit(limit) {} - - bool get_is_ca() const { return is_ca; } - u32bit get_path_limit() const; - private: - std::string config_id() const { return "basic_constraints"; } - std::string oid_name() const { return "X509v3.BasicConstraints"; } - - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - bool is_ca; - u32bit path_limit; - }; - -/************************************************* -* Key Usage Constraints Extension * -*************************************************/ -class BOTAN_DLL Key_Usage : public Certificate_Extension - { - public: - Key_Usage* copy() const { return new Key_Usage(constraints); } - - Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : constraints(c) {} - - Key_Constraints get_constraints() const { return constraints; } - private: - std::string config_id() const { return "key_usage"; } - std::string oid_name() const { return "X509v3.KeyUsage"; } - - bool should_encode() const { return (constraints != NO_CONSTRAINTS); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - Key_Constraints constraints; - }; - -/************************************************* -* Subject Key Identifier Extension * -*************************************************/ -class BOTAN_DLL Subject_Key_ID : public Certificate_Extension - { - public: - Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } - - Subject_Key_ID() {} - Subject_Key_ID(const MemoryRegion<byte>&); - - MemoryVector<byte> get_key_id() const { return key_id; } - private: - std::string config_id() const { return "subject_key_id"; } - std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } - - bool should_encode() const { return (key_id.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - MemoryVector<byte> key_id; - }; - -/************************************************* -* Authority Key Identifier Extension * -*************************************************/ -class BOTAN_DLL Authority_Key_ID : public Certificate_Extension - { - public: - Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } - - Authority_Key_ID() {} - Authority_Key_ID(const MemoryRegion<byte>& k) : key_id(k) {} - - MemoryVector<byte> get_key_id() const { return key_id; } - private: - std::string config_id() const { return "authority_key_id"; } - std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } - - bool should_encode() const { return (key_id.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - MemoryVector<byte> key_id; - }; - -/************************************************* -* Alternative Name Extension Base Class * -*************************************************/ -class BOTAN_DLL Alternative_Name : public Certificate_Extension - { - public: - AlternativeName get_alt_name() const { return alt_name; } - - protected: - Alternative_Name(const AlternativeName&, - const std::string&, const std::string&); - - Alternative_Name(const std::string&, const std::string&); - private: - std::string config_id() const { return config_name_str; } - std::string oid_name() const { return oid_name_str; } - - bool should_encode() const { return alt_name.has_items(); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - std::string config_name_str, oid_name_str; - AlternativeName alt_name; - }; - -/************************************************* -* Subject Alternative Name Extension * -*************************************************/ -class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name - { - public: - Subject_Alternative_Name* copy() const - { return new Subject_Alternative_Name(get_alt_name()); } - - Subject_Alternative_Name(const AlternativeName& = AlternativeName()); - }; - -/************************************************* -* Issuer Alternative Name Extension * -*************************************************/ -class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name - { - public: - Issuer_Alternative_Name* copy() const - { return new Issuer_Alternative_Name(get_alt_name()); } - - Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); - }; - -/************************************************* -* Extended Key Usage Extension * -*************************************************/ -class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension - { - public: - Extended_Key_Usage* copy() const { return new Extended_Key_Usage(oids); } - - Extended_Key_Usage() {} - Extended_Key_Usage(const std::vector<OID>& o) : oids(o) {} - - std::vector<OID> get_oids() const { return oids; } - private: - std::string config_id() const { return "extended_key_usage"; } - std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } - - bool should_encode() const { return (oids.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - std::vector<OID> oids; - }; - -/************************************************* -* Certificate Policies Extension * -*************************************************/ -class BOTAN_DLL Certificate_Policies : public Certificate_Extension - { - public: - Certificate_Policies* copy() const - { return new Certificate_Policies(oids); } - - Certificate_Policies() {} - Certificate_Policies(const std::vector<OID>& o) : oids(o) {} - - std::vector<OID> get_oids() const { return oids; } - private: - std::string config_id() const { return "policy_info"; } - std::string oid_name() const { return "X509v3.CertificatePolicies"; } - - bool should_encode() const { return (oids.size() > 0); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - std::vector<OID> oids; - }; - -/************************************************* -* CRL Number Extension * -*************************************************/ -class BOTAN_DLL CRL_Number : public Certificate_Extension - { - public: - CRL_Number* copy() const; - - CRL_Number() : has_value(false), crl_number(0) {} - CRL_Number(u32bit n) : has_value(true), crl_number(n) {} - - u32bit get_crl_number() const; - private: - std::string config_id() const { return "crl_number"; } - std::string oid_name() const { return "X509v3.CRLNumber"; } - - bool should_encode() const { return has_value; } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - bool has_value; - u32bit crl_number; - }; - -/************************************************* -* CRL Entry Reason Code Extension * -*************************************************/ -class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension - { - public: - CRL_ReasonCode* copy() const { return new CRL_ReasonCode(reason); } - - CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : reason(r) {} - - CRL_Code get_reason() const { return reason; } - private: - std::string config_id() const { return "crl_reason"; } - std::string oid_name() const { return "X509v3.ReasonCode"; } - - bool should_encode() const { return (reason != UNSPECIFIED); } - MemoryVector<byte> encode_inner() const; - void decode_inner(const MemoryRegion<byte>&); - void contents_to(Data_Store&, Data_Store&) const; - - CRL_Code reason; - }; - -} - -} - -#endif diff --git a/include/x509_obj.h b/include/x509_obj.h deleted file mode 100644 index 8808fd686..000000000 --- a/include/x509_obj.h +++ /dev/null @@ -1,56 +0,0 @@ -/************************************************* -* X.509 SIGNED Object Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_OBJECT_H__ -#define BOTAN_X509_OBJECT_H__ - -#include <botan/asn1_obj.h> -#include <botan/pipe.h> -#include <botan/enums.h> -#include <botan/rng.h> -#include <vector> - -namespace Botan { - -/************************************************* -* Generic X.509 SIGNED Object * -*************************************************/ -class BOTAN_DLL X509_Object - { - public: - SecureVector<byte> tbs_data() const; - SecureVector<byte> signature() const; - AlgorithmIdentifier signature_algorithm() const; - - static MemoryVector<byte> make_signed(class PK_Signer*, - RandomNumberGenerator&, - const AlgorithmIdentifier&, - const MemoryRegion<byte>&); - - bool check_signature(class Public_Key&) const; - - void encode(Pipe&, X509_Encoding = PEM) const; - SecureVector<byte> BER_encode() const; - std::string PEM_encode() const; - - X509_Object(DataSource&, const std::string&); - X509_Object(const std::string&, const std::string&); - virtual ~X509_Object() {} - protected: - void do_decode(); - X509_Object() {} - AlgorithmIdentifier sig_algo; - SecureVector<byte> tbs_bits, sig; - private: - virtual void force_decode() = 0; - void init(DataSource&, const std::string&); - void decode_info(DataSource&); - std::vector<std::string> PEM_labels_allowed; - std::string PEM_label_pref; - }; - -} - -#endif diff --git a/include/x509cert.h b/include/x509cert.h deleted file mode 100644 index c8dc2c435..000000000 --- a/include/x509cert.h +++ /dev/null @@ -1,72 +0,0 @@ -/************************************************* -* X.509 Certificates Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_CERTS_H__ -#define BOTAN_X509_CERTS_H__ - -#include <botan/x509_obj.h> -#include <botan/x509_key.h> -#include <botan/datastor.h> -#include <botan/enums.h> -#include <map> - -namespace Botan { - -/************************************************* -* X.509 Certificate * -*************************************************/ -class BOTAN_DLL X509_Certificate : public X509_Object - { - public: - Public_Key* subject_public_key() const; - - X509_DN issuer_dn() const; - X509_DN subject_dn() const; - std::vector<std::string> subject_info(const std::string&) const; - std::vector<std::string> issuer_info(const std::string&) const; - - std::string start_time() const; - std::string end_time() const; - - u32bit x509_version() const; - MemoryVector<byte> serial_number() const; - - MemoryVector<byte> authority_key_id() const; - MemoryVector<byte> subject_key_id() const; - bool is_self_signed() const { return self_signed; } - bool is_CA_cert() const; - - u32bit path_limit() const; - Key_Constraints constraints() const; - std::vector<std::string> ex_constraints() const; - std::vector<std::string> policies() const; - - bool operator==(const X509_Certificate&) const; - - X509_Certificate(DataSource&); - X509_Certificate(const std::string&); - private: - void force_decode(); - friend class X509_CA; - X509_Certificate() {} - - Data_Store subject, issuer; - bool self_signed; - }; - -/************************************************* -* X.509 Certificate Comparison * -*************************************************/ -BOTAN_DLL bool operator!=(const X509_Certificate&, const X509_Certificate&); - -/************************************************* -* Data Store Extraction Operations * -*************************************************/ -BOTAN_DLL X509_DN create_dn(const Data_Store&); -BOTAN_DLL AlternativeName create_alt_name(const Data_Store&); - -} - -#endif diff --git a/include/x509find.h b/include/x509find.h deleted file mode 100644 index 65781199f..000000000 --- a/include/x509find.h +++ /dev/null @@ -1,58 +0,0 @@ -/************************************************* -* X.509 Certificate Store Searching Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_CERT_STORE_SEARCH_H__ -#define BOTAN_X509_CERT_STORE_SEARCH_H__ - -#include <botan/x509stor.h> - -namespace Botan { - -/************************************************* -* Search based on the contents of a DN entry * -*************************************************/ -class BOTAN_DLL DN_Check : public X509_Store::Search_Func - { - public: - typedef bool (*compare_fn)(const std::string&, const std::string&); - enum Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; - - bool match(const X509_Certificate& cert) const; - - DN_Check(const std::string&, const std::string&, compare_fn); - DN_Check(const std::string&, const std::string&, Search_Type); - private: - std::string dn_entry, looking_for; - compare_fn compare; - }; - -/************************************************* -* Search for a certificate by issuer/serial * -*************************************************/ -class BOTAN_DLL IandS_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const; - IandS_Match(const X509_DN&, const MemoryRegion<byte>&); - private: - X509_DN issuer; - MemoryVector<byte> serial; - }; - -/************************************************* -* Search for a certificate by subject keyid * -*************************************************/ -class BOTAN_DLL SKID_Match : public X509_Store::Search_Func - { - public: - bool match(const X509_Certificate& cert) const; - SKID_Match(const MemoryRegion<byte>& s) : skid(s) {} - private: - MemoryVector<byte> skid; - }; - -} - -#endif diff --git a/include/x509self.h b/include/x509self.h deleted file mode 100644 index 2f83a12be..000000000 --- a/include/x509self.h +++ /dev/null @@ -1,75 +0,0 @@ -/************************************************* -* X.509 Self-Signed Certificate Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_SELF_H__ -#define BOTAN_X509_SELF_H__ - -#include <botan/x509cert.h> -#include <botan/pkcs8.h> -#include <botan/pkcs10.h> - -namespace Botan { - -/************************************************* -* Options for X.509 Certificates * -*************************************************/ -class BOTAN_DLL X509_Cert_Options - { - public: - std::string common_name; - std::string country; - std::string organization; - std::string org_unit; - std::string locality; - std::string state; - std::string serial_number; - - std::string email, uri, dns, ip, xmpp; - - std::string challenge; - - X509_Time start, end; - - bool is_CA; - u32bit path_limit; - Key_Constraints constraints; - std::vector<OID> ex_constraints; - - void sanity_check() const; - - void CA_key(u32bit = 8); - void not_before(const std::string&); - void not_after(const std::string&); - - void add_constraints(Key_Constraints); - void add_ex_constraint(const OID&); - void add_ex_constraint(const std::string&); - - X509_Cert_Options(const std::string& = "", - u32bit expire = 365 * 24 * 60 * 60); - }; - -namespace X509 { - -/************************************************* -* Create a self-signed X.509 certificate * -*************************************************/ -BOTAN_DLL X509_Certificate -create_self_signed_cert(const X509_Cert_Options&, - const Private_Key&, - RandomNumberGenerator& rng); - -/************************************************* -* Create a PKCS #10 certificate request * -*************************************************/ -BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options&, - const Private_Key&, - RandomNumberGenerator& rng); - -} - -} - -#endif diff --git a/include/x509stor.h b/include/x509stor.h deleted file mode 100644 index 3f3f38ea0..000000000 --- a/include/x509stor.h +++ /dev/null @@ -1,137 +0,0 @@ -/************************************************* -* X.509 Certificate Store Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_X509_CERT_STORE_H__ -#define BOTAN_X509_CERT_STORE_H__ - -#include <botan/x509cert.h> -#include <botan/x509_crl.h> -#include <botan/certstor.h> - -namespace Botan { - -/************************************************* -* X.509 Certificate Validation Result * -*************************************************/ -enum X509_Code { - VERIFIED, - UNKNOWN_X509_ERROR, - CANNOT_ESTABLISH_TRUST, - CERT_CHAIN_TOO_LONG, - SIGNATURE_ERROR, - POLICY_ERROR, - INVALID_USAGE, - - CERT_FORMAT_ERROR, - CERT_ISSUER_NOT_FOUND, - CERT_NOT_YET_VALID, - CERT_HAS_EXPIRED, - CERT_IS_REVOKED, - - CRL_FORMAT_ERROR, - CRL_ISSUER_NOT_FOUND, - CRL_NOT_YET_VALID, - CRL_HAS_EXPIRED, - - CA_CERT_CANNOT_SIGN, - CA_CERT_NOT_FOR_CERT_ISSUER, - CA_CERT_NOT_FOR_CRL_ISSUER -}; - -/************************************************* -* X.509 Certificate Store * -*************************************************/ -class BOTAN_DLL X509_Store - { - public: - class BOTAN_DLL Search_Func - { - public: - virtual bool match(const X509_Certificate&) const = 0; - virtual ~Search_Func() {} - }; - - enum Cert_Usage { - ANY = 0x00, - TLS_SERVER = 0x01, - TLS_CLIENT = 0x02, - CODE_SIGNING = 0x04, - EMAIL_PROTECTION = 0x08, - TIME_STAMPING = 0x10, - CRL_SIGNING = 0x20 - }; - - X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY); - - std::vector<X509_Certificate> get_certs(const Search_Func&) const; - std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&); - std::string PEM_encode() const; - - X509_Code add_crl(const X509_CRL&); - void add_cert(const X509_Certificate&, bool = false); - void add_certs(DataSource&); - void add_trusted_certs(DataSource&); - - void add_new_certstore(Certificate_Store*); - - static X509_Code check_sig(const X509_Object&, Public_Key*); - - X509_Store(u32bit time_slack = 24*60*60, - u32bit cache_results = 30*60); - - X509_Store(const X509_Store&); - ~X509_Store(); - private: - X509_Store& operator=(const X509_Store&) { return (*this); } - - class BOTAN_DLL Cert_Info - { - public: - bool is_verified(u32bit timeout) const; - bool is_trusted() const; - X509_Code verify_result() const; - void set_result(X509_Code) const; - Cert_Info(const X509_Certificate&, bool = false); - - X509_Certificate cert; - bool trusted; - private: - mutable bool checked; - mutable X509_Code result; - mutable u64bit last_checked; - }; - - class BOTAN_DLL CRL_Data - { - public: - X509_DN issuer; - MemoryVector<byte> serial, auth_key_id; - bool operator==(const CRL_Data&) const; - bool operator!=(const CRL_Data&) const; - bool operator<(const CRL_Data&) const; - }; - - u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const; - X509_Code check_sig(const Cert_Info&, const Cert_Info&) const; - void recompute_revoked_info() const; - - void do_add_certs(DataSource&, bool); - X509_Code construct_cert_chain(const X509_Certificate&, - std::vector<u32bit>&, bool = false); - - u32bit find_parent_of(const X509_Certificate&); - bool is_revoked(const X509_Certificate&) const; - - static const u32bit NO_CERT_FOUND = 0xFFFFFFFF; - std::vector<Cert_Info> certs; - std::vector<CRL_Data> revoked; - std::vector<Certificate_Store*> stores; - u32bit time_slack, validation_cache_timeout; - mutable bool revoked_info_valid; - }; - -} - -#endif |