aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-06-17 21:48:55 +0000
committerlloyd <[email protected]>2010-06-17 21:48:55 +0000
commitc06b260b3328c5ce4be44c4f1a88feb55ee3dbc4 (patch)
tree41b05df5982b5b2e8a23b55972263d2172d6a9fd /src/cert/x509
parent0eecae9f21172c0a74ad62acaf77148c94a25be7 (diff)
parent3dde5683f69b9cb9f558bfb18087ce35fbbec78a (diff)
propagate from branch 'net.randombit.botan' (head 294e2082ce9231d6165276e2f2a4153a0116aca3)
to branch 'net.randombit.botan.c++0x' (head 0b695fad10f924601e07b009fcd781191fafcb28)
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/certstor.h2
-rw-r--r--src/cert/x509/crl_ent.h9
-rw-r--r--src/cert/x509/pkcs10.h16
-rw-r--r--src/cert/x509/x509_ca.h8
-rw-r--r--src/cert/x509/x509_crl.h16
-rw-r--r--src/cert/x509/x509_ext.h50
-rw-r--r--src/cert/x509/x509_obj.h2
-rw-r--r--src/cert/x509/x509cert.h30
-rw-r--r--src/cert/x509/x509self.cpp24
-rw-r--r--src/cert/x509/x509self.h4
-rw-r--r--src/cert/x509/x509stor.h30
11 files changed, 103 insertions, 88 deletions
diff --git a/src/cert/x509/certstor.h b/src/cert/x509/certstor.h
index d5004e366..2e39a7178 100644
--- a/src/cert/x509/certstor.h
+++ b/src/cert/x509/certstor.h
@@ -13,7 +13,7 @@
namespace Botan {
-/*
+/**
* Certificate Store Interface
*/
class BOTAN_DLL Certificate_Store
diff --git a/src/cert/x509/crl_ent.h b/src/cert/x509/crl_ent.h
index 050356c84..ec90750db 100644
--- a/src/cert/x509/crl_ent.h
+++ b/src/cert/x509/crl_ent.h
@@ -23,19 +23,19 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
/**
* Get the serial number of the certificate associated with this entry.
- * @return the certificate's serial number
+ * @return certificate's serial number
*/
MemoryVector<byte> serial_number() const { return serial; }
/**
* Get the revocation date of the certificate associated with this entry
- * @return the certificate's revocation date
+ * @return certificate's revocation date
*/
X509_Time expire_time() const { return time; }
/**
* Get the entries reason code
- * @return the reason code
+ * @return reason code
*/
CRL_Code reason_code() const { return reason; }
@@ -49,7 +49,8 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
* @param cert the certificate to revoke
* @param reason the reason code to set in the entry
*/
- CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED);
+ CRL_Entry(const X509_Certificate& cert,
+ CRL_Code reason = UNSPECIFIED);
private:
bool throw_on_unknown_critical;
diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h
index 9b435de52..d1be9e0d3 100644
--- a/src/cert/x509/pkcs10.h
+++ b/src/cert/x509/pkcs10.h
@@ -23,38 +23,38 @@ class BOTAN_DLL PKCS10_Request : public X509_Object
public:
/**
* Get the subject public key.
- * @return the subject public key
+ * @return subject public key
*/
Public_Key* subject_public_key() const;
/**
* Get the raw DER encoded public key.
- * @return the raw DER encoded public key
+ * @return raw DER encoded public key
*/
MemoryVector<byte> raw_public_key() const;
/**
* Get the subject DN.
- * @return the subject DN
+ * @return subject DN
*/
X509_DN subject_dn() const;
/**
* Get the subject alternative name.
- * @return the subject alternative name.
+ * @return subject alternative name.
*/
AlternativeName subject_alt_name() const;
/**
* Get the key constraints for the key associated with this
* PKCS#10 object.
- * @return the key constraints
+ * @return key constraints
*/
Key_Constraints constraints() const;
/**
* Get the extendend key constraints (if any).
- * @return the extended key constraints
+ * @return extended key constraints
*/
std::vector<OID> ex_constraints() const;
@@ -67,13 +67,13 @@ class BOTAN_DLL PKCS10_Request : public X509_Object
/**
* Return the constraint on the path length defined
* in the BasicConstraints extension.
- * @return the path limit
+ * @return path limit
*/
u32bit path_limit() const;
/**
* Get the challenge password for this request
- * @return the challenge password for this request
+ * @return challenge password for this request
*/
std::string challenge_password() const;
diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h
index b680bd0e4..7aca26d03 100644
--- a/src/cert/x509/x509_ca.h
+++ b/src/cert/x509/x509_ca.h
@@ -30,7 +30,7 @@ class BOTAN_DLL X509_CA
* @param rng the rng to use
* @param not_before the starting time for the certificate
* @param not_after the expiration time for the certificate
- * @return the resulting certificate
+ * @return resulting certificate
*/
X509_Certificate sign_request(const PKCS10_Request& req,
RandomNumberGenerator& rng,
@@ -39,7 +39,7 @@ class BOTAN_DLL X509_CA
/**
* Get the certificate of this CA.
- * @return the CA certificate
+ * @return CA certificate
*/
X509_Certificate ca_certificate() const;
@@ -48,7 +48,7 @@ class BOTAN_DLL X509_CA
* @param rng the random number generator to use
* @param next_update the time to set in next update in seconds
* as the offset from the current time
- * @return the new CRL
+ * @return new CRL
*/
X509_CRL new_crl(RandomNumberGenerator& rng,
u32bit next_update = 0) const;
@@ -71,6 +71,7 @@ class BOTAN_DLL X509_CA
* @param signer a signing object
* @param rng a random number generator
* @param sig_algo the signature algorithm identifier
+ * @param pub_key the serialized public key
* @param not_before the start time of the certificate
* @param not_after the end time of the certificate
* @param issuer_dn the DN of the issuer
@@ -92,6 +93,7 @@ class BOTAN_DLL X509_CA
* Create a new CA object.
* @param ca_certificate the certificate of the CA
* @param key the private key of the CA
+ * @param hash_fn name of a hash function to use for signing
*/
X509_CA(const X509_Certificate& ca_certificate,
const Private_Key& key,
diff --git a/src/cert/x509/x509_crl.h b/src/cert/x509/x509_crl.h
index a7903e7e6..c2b3c4f5c 100644
--- a/src/cert/x509/x509_crl.h
+++ b/src/cert/x509/x509_crl.h
@@ -31,13 +31,13 @@ class BOTAN_DLL X509_CRL : public X509_Object
/**
* Get the entries of this CRL in the form of a vector.
- * @return a vector containing the entries of this CRL.
+ * @return vector containing the entries of this CRL.
*/
std::vector<CRL_Entry> get_revoked() const;
/**
* Get the issuer DN of this CRL.
- * @return the CRLs issuer DN
+ * @return CRLs issuer DN
*/
X509_DN issuer_dn() const;
@@ -49,31 +49,35 @@ class BOTAN_DLL X509_CRL : public X509_Object
/**
* Get the serial number of this CRL.
- * @return the CRLs serial number
+ * @return CRLs serial number
*/
u32bit crl_number() const;
/**
* Get the CRL's thisUpdate value.
- * @return the CRLs thisUpdate
+ * @return CRLs thisUpdate
*/
X509_Time this_update() const;
/**
* Get the CRL's nextUpdate value.
- * @return the CRLs nextdUpdate
+ * @return CRLs nextdUpdate
*/
X509_Time next_update() const;
/**
* Construct a CRL from a data source.
* @param source the data source providing the DER or PEM encoded CRL.
+ * @param throw_on_unknown_critical should we throw an exception
+ * if an unknown CRL extension marked as critical is encountered.
*/
- X509_CRL(DataSource&, bool throw_on_unknown_critical = false);
+ X509_CRL(DataSource& source, bool throw_on_unknown_critical = false);
/**
* Construct a CRL from a file containing the DER or PEM encoded CRL.
* @param filename the name of the CRL file
+ * @param throw_on_unknown_critical should we throw an exception
+ * if an unknown CRL extension marked as critical is encountered.
*/
X509_CRL(const std::string& filename,
bool throw_on_unknown_critical = false);
diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h
index a5bfd357f..213a077a2 100644
--- a/src/cert/x509/x509_ext.h
+++ b/src/cert/x509/x509_ext.h
@@ -16,18 +16,40 @@
namespace Botan {
-/*
+/**
* X.509 Certificate Extension
*/
class BOTAN_DLL Certificate_Extension
{
public:
+ /**
+ * @return OID representing this extension
+ */
OID oid_of() const;
+ /**
+ * Make a copy of this extension
+ * @return copy of this
+ */
virtual Certificate_Extension* copy() const = 0;
- virtual void contents_to(Data_Store&, Data_Store&) const = 0;
+ /*
+ * Add the contents of this extension into the information
+ * for the subject and/or issuer, as necessary.
+ * @param subject the subject info
+ * @param issuer the issuer info
+ */
+ virtual void contents_to(Data_Store& subject,
+ Data_Store& issuer) const = 0;
+
+ /*
+ * @return short readable name
+ */
virtual std::string config_id() const = 0;
+
+ /*
+ * @return specific OID name
+ */
virtual std::string oid_name() const = 0;
virtual ~Certificate_Extension() {}
@@ -38,7 +60,7 @@ class BOTAN_DLL Certificate_Extension
virtual void decode_inner(const MemoryRegion<byte>&) = 0;
};
-/*
+/**
* X.509 Certificate Extension List
*/
class BOTAN_DLL Extensions : public ASN1_Object
@@ -65,7 +87,7 @@ class BOTAN_DLL Extensions : public ASN1_Object
namespace Cert_Extension {
-/*
+/**
* Basic Constraints Extension
*/
class BOTAN_DLL Basic_Constraints : public Certificate_Extension
@@ -91,7 +113,7 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension
u32bit path_limit;
};
-/*
+/**
* Key Usage Constraints Extension
*/
class BOTAN_DLL Key_Usage : public Certificate_Extension
@@ -114,7 +136,7 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension
Key_Constraints constraints;
};
-/*
+/**
* Subject Key Identifier Extension
*/
class BOTAN_DLL Subject_Key_ID : public Certificate_Extension
@@ -138,7 +160,7 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension
MemoryVector<byte> key_id;
};
-/*
+/**
* Authority Key Identifier Extension
*/
class BOTAN_DLL Authority_Key_ID : public Certificate_Extension
@@ -162,7 +184,7 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension
MemoryVector<byte> key_id;
};
-/*
+/**
* Alternative Name Extension Base Class
*/
class BOTAN_DLL Alternative_Name : public Certificate_Extension
@@ -188,7 +210,7 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension
AlternativeName alt_name;
};
-/*
+/**
* Subject Alternative Name Extension
*/
class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name
@@ -200,7 +222,7 @@ class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name
Subject_Alternative_Name(const AlternativeName& = AlternativeName());
};
-/*
+/**
* Issuer Alternative Name Extension
*/
class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name
@@ -212,7 +234,7 @@ class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name
Issuer_Alternative_Name(const AlternativeName& = AlternativeName());
};
-/*
+/**
* Extended Key Usage Extension
*/
class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension
@@ -236,7 +258,7 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension
std::vector<OID> oids;
};
-/*
+/**
* Certificate Policies Extension
*/
class BOTAN_DLL Certificate_Policies : public Certificate_Extension
@@ -261,7 +283,7 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension
std::vector<OID> oids;
};
-/*
+/**
* CRL Number Extension
*/
class BOTAN_DLL CRL_Number : public Certificate_Extension
@@ -286,7 +308,7 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension
u32bit crl_number;
};
-/*
+/**
* CRL Entry Reason Code Extension
*/
class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension
diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h
index c7f92fa9d..52b76d218 100644
--- a/src/cert/x509/x509_obj.h
+++ b/src/cert/x509/x509_obj.h
@@ -33,7 +33,7 @@ class BOTAN_DLL X509_Object
* @param rng the random number generator to use
* @param alg_id the algorithm identifier of the signature scheme
* @param tbs the tbs bits to be signed
- * @return the signed X509 object
+ * @return signed X509 object
*/
static MemoryVector<byte> make_signed(class PK_Signer* signer,
RandomNumberGenerator& rng,
diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h
index 4a9d11f7f..dc7ef4dbb 100644
--- a/src/cert/x509/x509cert.h
+++ b/src/cert/x509/x509cert.h
@@ -24,19 +24,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object
public:
/**
* Get the public key associated with this certificate.
- * @return the subject public key of this certificate
+ * @return subject public key of this certificate
*/
Public_Key* subject_public_key() const;
/**
* Get the issuer certificate DN.
- * @return the issuer DN of this certificate
+ * @return issuer DN of this certificate
*/
X509_DN issuer_dn() const;
/**
* Get the subject certificate DN.
- * @return the subject DN of this certificate
+ * @return subject DN of this certificate
*/
X509_DN subject_dn() const;
@@ -50,7 +50,7 @@ class BOTAN_DLL X509_Certificate : public X509_Object
* "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage",
* "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or
* "X509.Certificate.serial".
- * @return the value(s) of the specified parameter
+ * @return value(s) of the specified parameter
*/
std::vector<std::string> subject_info(const std::string& name) const;
@@ -58,43 +58,43 @@ class BOTAN_DLL X509_Certificate : public X509_Object
* Get a value for a specific subject_info parameter name.
* @param name the name of the paramter to look up. Possible names are
* "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier".
- * @return the value(s) of the specified parameter
+ * @return value(s) of the specified parameter
*/
std::vector<std::string> issuer_info(const std::string& name) const;
/**
* Get the notBefore of the certificate.
- * @return the notBefore of the certificate
+ * @return notBefore of the certificate
*/
std::string start_time() const;
/**
* Get the notAfter of the certificate.
- * @return the notAfter of the certificate
+ * @return notAfter of the certificate
*/
std::string end_time() const;
/**
* Get the X509 version of this certificate object.
- * @return the X509 version
+ * @return X509 version
*/
u32bit x509_version() const;
/**
* Get the serial number of this certificate.
- * @return the certificates serial number
+ * @return certificates serial number
*/
MemoryVector<byte> serial_number() const;
/**
* Get the DER encoded AuthorityKeyIdentifier of this certificate.
- * @return the DER encoded AuthorityKeyIdentifier
+ * @return DER encoded AuthorityKeyIdentifier
*/
MemoryVector<byte> authority_key_id() const;
/**
* Get the DER encoded SubjectKeyIdentifier of this certificate.
- * @return the DER encoded SubjectKeyIdentifier
+ * @return DER encoded SubjectKeyIdentifier
*/
MemoryVector<byte> subject_key_id() const;
@@ -113,14 +113,14 @@ class BOTAN_DLL X509_Certificate : public X509_Object
/**
* Get the path limit as defined in the BasicConstraints extension of
* this certificate.
- * @return the path limit
+ * @return path limit
*/
u32bit path_limit() const;
/**
* Get the key constraints as defined in the KeyUsage extension of this
* certificate.
- * @return the key constraints
+ * @return key constraints
*/
Key_Constraints constraints() const;
@@ -128,14 +128,14 @@ class BOTAN_DLL X509_Certificate : public X509_Object
* Get the key constraints as defined in the ExtendedKeyUsage
* extension of this
* certificate.
- * @return the key constraints
+ * @return key constraints
*/
std::vector<std::string> ex_constraints() const;
/**
* Get the policies as defined in the CertificatePolicies extension
* of this certificate.
- * @return the certificate policies
+ * @return certificate policies
*/
std::vector<std::string> policies() const;
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index d87c5e060..6e570d3b6 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -18,22 +18,6 @@ namespace Botan {
namespace {
/*
-* Shared setup for self-signed items
-*/
-MemoryVector<byte> shared_setup(const X509_Cert_Options& opts,
- const Private_Key& key)
- {
- opts.sanity_check();
-
- Pipe key_encoder;
- key_encoder.start_msg();
- X509::encode(key, key_encoder, RAW_BER);
- key_encoder.end_msg();
-
- return key_encoder.read_all();
- }
-
-/*
* Load information from the X509_Cert_Options
*/
void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn,
@@ -67,7 +51,9 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
X509_DN subject_dn;
AlternativeName subject_alt;
- MemoryVector<byte> pub_key = shared_setup(opts, key);
+ opts.sanity_check();
+
+ MemoryVector<byte> pub_key = X509::BER_encode(key);
std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
@@ -111,7 +97,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
X509_DN subject_dn;
AlternativeName subject_alt;
- MemoryVector<byte> pub_key = shared_setup(opts, key);
+ opts.sanity_check();
+
+ MemoryVector<byte> pub_key = X509::BER_encode(key);
std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
load_info(opts, subject_dn, subject_alt);
diff --git a/src/cert/x509/x509self.h b/src/cert/x509/x509self.h
index 741350067..df5731050 100644
--- a/src/cert/x509/x509self.h
+++ b/src/cert/x509/x509self.h
@@ -174,7 +174,7 @@ namespace X509 {
* associated with this self-signed certificate
* @param hash_fn the hash function to use
* @param rng the rng to use
-* @return the newly created self-signed certificate
+* @return newly created self-signed certificate
*/
BOTAN_DLL X509_Certificate
create_self_signed_cert(const X509_Cert_Options& opts,
@@ -188,7 +188,7 @@ create_self_signed_cert(const X509_Cert_Options& opts,
* @param key the key used to sign this request
* @param rng the rng to use
* @param hash_fn the hash function to use
-* @return the newly created PKCS#10 request
+* @return newly created PKCS#10 request
*/
BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
const Private_Key& key,
diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h
index 1911c6b6a..c375c19cb 100644
--- a/src/cert/x509/x509stor.h
+++ b/src/cert/x509/x509stor.h
@@ -15,7 +15,7 @@
namespace Botan {
-/*
+/**
* X.509 Certificate Validation Result
*/
enum X509_Code {
@@ -43,7 +43,7 @@ enum X509_Code {
CA_CERT_NOT_FOR_CRL_ISSUER
};
-/*
+/**
* X.509 Certificate Store
*/
class BOTAN_DLL X509_Store
@@ -71,20 +71,6 @@ class BOTAN_DLL X509_Store
std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&);
std::string PEM_encode() const;
- /*
- * Made CRL_Data public for XLC for Cell 0.9, otherwise cannot
- * instantiate member variable std::vector<CRL_Data> revoked
- */
- class BOTAN_DLL CRL_Data
- {
- public:
- X509_DN issuer;
- MemoryVector<byte> serial, auth_key_id;
- bool operator==(const CRL_Data&) const;
- bool operator!=(const CRL_Data&) const;
- bool operator<(const CRL_Data&) const;
- };
-
X509_Code add_crl(const X509_CRL&);
void add_cert(const X509_Certificate&, bool = false);
void add_certs(DataSource&);
@@ -106,6 +92,18 @@ class BOTAN_DLL X509_Store
X509_Store(const X509_Store&);
~X509_Store();
private:
+ X509_Store& operator=(const X509_Store&) { return (*this); }
+
+ class BOTAN_DLL CRL_Data
+ {
+ public:
+ X509_DN issuer;
+ MemoryVector<byte> serial, auth_key_id;
+ bool operator==(const CRL_Data&) const;
+ bool operator!=(const CRL_Data&) const;
+ bool operator<(const CRL_Data&) const;
+ };
+
class BOTAN_DLL Cert_Info
{
public: