All of the X509 modules were actually mutually dependent. Ideally this

would be fixed but it's quite hard to do, makes more sense for now to
merge then back into one big x509 blog.

1 files changed, 110 insertions, 0 deletions

diff --git a/src/cert/x509/x509path.h b/src/cert/x509/x509path.h
new file mode 100644
index 000000000..c389431d8
--- /dev/null
+++ b/src/cert/x509/x509path.h
@@ -0,0 +1,110 @@
+/*
+* X.509 Cert Path Validation
+* (C) 2010-2011 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_X509_CERT_PATH_VALIDATION_H__
+#define BOTAN_X509_CERT_PATH_VALIDATION_H__
+
+#include <botan/x509cert.h>
+#include <botan/certstor.h>
+#include <set>
+
+namespace Botan {
+
+/**
+* X.509 Certificate Validation Result
+*/
+enum X509_Path_Validation_Code {
+   VERIFIED,
+   UNKNOWN_X509_ERROR,
+   CANNOT_ESTABLISH_TRUST,
+   CERT_CHAIN_TOO_LONG,
+   SIGNATURE_ERROR,
+   POLICY_ERROR,
+   INVALID_USAGE,
+
+   CERT_MULTIPLE_ISSUERS_FOUND,
+
+   CERT_FORMAT_ERROR,
+   CERT_ISSUER_NOT_FOUND,
+   CERT_NOT_YET_VALID,
+   CERT_HAS_EXPIRED,
+   CERT_IS_REVOKED,
+
+   CRL_NOT_FOUND,
+   CRL_FORMAT_ERROR,
+   CRL_ISSUER_NOT_FOUND,
+   CRL_NOT_YET_VALID,
+   CRL_HAS_EXPIRED,
+
+   CA_CERT_CANNOT_SIGN,
+   CA_CERT_NOT_FOR_CERT_ISSUER,
+   CA_CERT_NOT_FOR_CRL_ISSUER
+};
+
+enum Usage_Restrictions {
+   NO_RESTRICTIONS  = 0x00,
+   TLS_SERVER       = 0x01,
+   TLS_CLIENT       = 0x02,
+   CODE_SIGNING     = 0x04,
+   EMAIL_PROTECTION = 0x08,
+   TIME_STAMPING    = 0x10,
+   CRL_SIGNING      = 0x20
+};
+
+class BOTAN_DLL Path_Validation_Result
+   {
+   public:
+      Path_Validation_Result() :
+         m_result(UNKNOWN_X509_ERROR),
+         m_usages(NO_RESTRICTIONS)
+         {}
+
+      /**
+      * Returns the set of hash functions you are implicitly
+      * trusting by trusting this result.
+      */
+      std::set<std::string> trusted_hashes() const;
+
+      const X509_Certificate& trust_root() const;
+
+      const std::vector<X509_Certificate>& cert_path() const { return m_cert_path; }
+
+      bool successful_validation() const { return result() == VERIFIED; }
+
+      X509_Path_Validation_Code result() const { return m_result; }
+   private:
+      friend Path_Validation_Result x509_path_validate(
+         const std::vector<X509_Certificate>& end_certs,
+         const std::vector<Certificate_Store*>& certstores);
+
+      void set_result(X509_Path_Validation_Code result) { m_result = result; }
+
+      X509_Path_Validation_Code m_result;
+      Usage_Restrictions m_usages;
+
+      std::vector<X509_Certificate> m_cert_path;
+   };
+
+Path_Validation_Result BOTAN_DLL x509_path_validate(
+   const std::vector<X509_Certificate>& end_certs,
+   const std::vector<Certificate_Store*>& certstores);
+
+Path_Validation_Result BOTAN_DLL x509_path_validate(
+   const X509_Certificate& end_cert,
+   const std::vector<Certificate_Store*>& certstores);
+
+Path_Validation_Result BOTAN_DLL x509_path_validate(
+   const X509_Certificate& end_cert,
+   Certificate_Store& store);
+
+Path_Validation_Result BOTAN_DLL x509_path_validate(
+   const std::vector<X509_Certificate>& end_certs,
+   Certificate_Store& store);
+
+}
+
+#endif