Move cert/x509 to top level and pem and pbes2 to pubkey.

The `cert` dir was just an artifact of having previously supported
CVC (smartcard cert format), removed a long time ago.

The pem and pbes2 code is directly related to the pubkey code,
in fact the only caller of pbes2 (likely anywhere, not just
in the library) is in pkcs8.cpp

1 files changed, 46 insertions, 0 deletions

diff --git a/src/lib/x509/key_constraint.h b/src/lib/x509/key_constraint.h
new file mode 100644
index 000000000..02c65acec
--- /dev/null
+++ b/src/lib/x509/key_constraint.h
@@ -0,0 +1,46 @@
+/*
+* Enumerations
+* (C) 1999-2007 Jack Lloyd
+* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_ENUMS_H__
+#define BOTAN_ENUMS_H__
+
+#include <botan/build.h>
+
+namespace Botan {
+
+/**
+* X.509v3 Key Constraints.
+* If updating update copy in ffi.h
+*/
+enum Key_Constraints {
+   NO_CONSTRAINTS     = 0,
+   DIGITAL_SIGNATURE  = 1 << 15,
+   NON_REPUDIATION    = 1 << 14,
+   KEY_ENCIPHERMENT   = 1 << 13,
+   DATA_ENCIPHERMENT  = 1 << 12,
+   KEY_AGREEMENT      = 1 << 11,
+   KEY_CERT_SIGN      = 1 << 10,
+   CRL_SIGN           = 1 << 9,
+   ENCIPHER_ONLY      = 1 << 8,
+   DECIPHER_ONLY      = 1 << 7
+};
+
+class Public_Key;
+
+/**
+* Check that key constraints are permitted for a specific public key.
+* @param pub_key the public key on which the constraints shall be enforced on
+* @param constraints the constraints that shall be enforced on the key
+* @throw Exception if the given constraints are not permitted for this key
+*/
+BOTAN_DLL void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
+                                                                Key_Constraints constraints);
+
+}
+
+#endif