diff options
| author | lloyd <[email protected]> | 2012-02-03 20:02:03 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-02-03 20:02:03 +0000 |
| commit | 03bc906a6a94d236f192fa3b1bb370c013fc753a (patch) | |
| tree | 38b46703c4aae2e8ca78bc3b9b257f22685c23c9 /src/cert/x509path/x509path.h | |
| parent | dd2011140c06661e1cc554aae560a2ef9162faff (diff) | |
| parent | 696489bec89950051aedc53c7d162cdbe9d1125b (diff) | |
propagate from branch 'net.randombit.botan' (head 78a772f3855abc89c3eed2fe8735e8438463399c)
to branch 'net.randombit.botan.x509-path-validation' (head 9e678a8bc141087439a1238783006e9892a98450)
Diffstat (limited to 'src/cert/x509path/x509path.h')
| -rw-r--r-- | src/cert/x509path/x509path.h | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/src/cert/x509path/x509path.h b/src/cert/x509path/x509path.h new file mode 100644 index 000000000..57e4764cc --- /dev/null +++ b/src/cert/x509path/x509path.h @@ -0,0 +1,82 @@ +/* +* X.509 Cert Path Validation +* (C) 2010-2011 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_X509_CERT_PATH_VALIDATION_H__ +#define BOTAN_X509_CERT_PATH_VALIDATION_H__ + +#include <botan/x509cert.h> +#include <botan/certstor.h> +#include <set> + +namespace Botan { + +/** +* X.509 Certificate Validation Result +*/ +enum X509_Path_Validation_Code { + VERIFIED, + UNKNOWN_X509_ERROR, + CANNOT_ESTABLISH_TRUST, + CERT_CHAIN_TOO_LONG, + SIGNATURE_ERROR, + POLICY_ERROR, + INVALID_USAGE, + + CERT_MULTIPLE_ISSUERS_FOUND, + + CERT_FORMAT_ERROR, + CERT_ISSUER_NOT_FOUND, + CERT_NOT_YET_VALID, + CERT_HAS_EXPIRED, + CERT_IS_REVOKED, + + CRL_FORMAT_ERROR, + CRL_ISSUER_NOT_FOUND, + CRL_NOT_YET_VALID, + CRL_HAS_EXPIRED, + + CA_CERT_CANNOT_SIGN, + CA_CERT_NOT_FOR_CERT_ISSUER, + CA_CERT_NOT_FOR_CRL_ISSUER +}; + +enum X509_Cert_Usage { + NO_RESTRICTIONS = 0x00, + TLS_SERVER = 0x01, + TLS_CLIENT = 0x02, + CODE_SIGNING = 0x04, + EMAIL_PROTECTION = 0x08, + TIME_STAMPING = 0x10, + CRL_SIGNING = 0x20 +}; + +class Path_Validation_Result + { + public: + X509_Path_Validation_Code validation_result; + X509_Cert_Usage allowed_usages; + std::vector<X509_Certificate> cert_path; + + std::set<std::string> trusted_hashes() const; + }; + +Path_Validation_Result BOTAN_DLL x509_path_validate( + const X509_Certificate& end_cert, + const std::vector<Certificate_Store*>& certstores); + +inline Path_Validation_Result x509_path_validate( + const X509_Certificate& end_cert, + Certificate_Store& store) + { + std::vector<Certificate_Store*> store_vec; + store_vec.push_back(&store); + return x509_path_validate(end_cert, store_vec); + } + +} + +#endif |