diff options
Diffstat (limited to 'src/cert/x509')
| -rw-r--r-- | src/cert/x509/certstor.h | 2 | ||||
| -rw-r--r-- | src/cert/x509/crl_ent.h | 9 | ||||
| -rw-r--r-- | src/cert/x509/pkcs10.h | 16 | ||||
| -rw-r--r-- | src/cert/x509/x509_ca.h | 8 | ||||
| -rw-r--r-- | src/cert/x509/x509_crl.h | 16 | ||||
| -rw-r--r-- | src/cert/x509/x509_ext.h | 50 | ||||
| -rw-r--r-- | src/cert/x509/x509_obj.h | 2 | ||||
| -rw-r--r-- | src/cert/x509/x509cert.h | 30 | ||||
| -rw-r--r-- | src/cert/x509/x509self.cpp | 24 | ||||
| -rw-r--r-- | src/cert/x509/x509self.h | 4 | ||||
| -rw-r--r-- | src/cert/x509/x509stor.h | 30 |
11 files changed, 103 insertions, 88 deletions
diff --git a/src/cert/x509/certstor.h b/src/cert/x509/certstor.h index d5004e366..2e39a7178 100644 --- a/src/cert/x509/certstor.h +++ b/src/cert/x509/certstor.h @@ -13,7 +13,7 @@ namespace Botan { -/* +/** * Certificate Store Interface */ class BOTAN_DLL Certificate_Store diff --git a/src/cert/x509/crl_ent.h b/src/cert/x509/crl_ent.h index 050356c84..ec90750db 100644 --- a/src/cert/x509/crl_ent.h +++ b/src/cert/x509/crl_ent.h @@ -23,19 +23,19 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object /** * Get the serial number of the certificate associated with this entry. - * @return the certificate's serial number + * @return certificate's serial number */ MemoryVector<byte> serial_number() const { return serial; } /** * Get the revocation date of the certificate associated with this entry - * @return the certificate's revocation date + * @return certificate's revocation date */ X509_Time expire_time() const { return time; } /** * Get the entries reason code - * @return the reason code + * @return reason code */ CRL_Code reason_code() const { return reason; } @@ -49,7 +49,8 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object * @param cert the certificate to revoke * @param reason the reason code to set in the entry */ - CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED); + CRL_Entry(const X509_Certificate& cert, + CRL_Code reason = UNSPECIFIED); private: bool throw_on_unknown_critical; diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h index 9b435de52..d1be9e0d3 100644 --- a/src/cert/x509/pkcs10.h +++ b/src/cert/x509/pkcs10.h @@ -23,38 +23,38 @@ class BOTAN_DLL PKCS10_Request : public X509_Object public: /** * Get the subject public key. - * @return the subject public key + * @return subject public key */ Public_Key* subject_public_key() const; /** * Get the raw DER encoded public key. - * @return the raw DER encoded public key + * @return raw DER encoded public key */ MemoryVector<byte> raw_public_key() const; /** * Get the subject DN. - * @return the subject DN + * @return subject DN */ X509_DN subject_dn() const; /** * Get the subject alternative name. - * @return the subject alternative name. + * @return subject alternative name. */ AlternativeName subject_alt_name() const; /** * Get the key constraints for the key associated with this * PKCS#10 object. - * @return the key constraints + * @return key constraints */ Key_Constraints constraints() const; /** * Get the extendend key constraints (if any). - * @return the extended key constraints + * @return extended key constraints */ std::vector<OID> ex_constraints() const; @@ -67,13 +67,13 @@ class BOTAN_DLL PKCS10_Request : public X509_Object /** * Return the constraint on the path length defined * in the BasicConstraints extension. - * @return the path limit + * @return path limit */ u32bit path_limit() const; /** * Get the challenge password for this request - * @return the challenge password for this request + * @return challenge password for this request */ std::string challenge_password() const; diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h index b680bd0e4..7aca26d03 100644 --- a/src/cert/x509/x509_ca.h +++ b/src/cert/x509/x509_ca.h @@ -30,7 +30,7 @@ class BOTAN_DLL X509_CA * @param rng the rng to use * @param not_before the starting time for the certificate * @param not_after the expiration time for the certificate - * @return the resulting certificate + * @return resulting certificate */ X509_Certificate sign_request(const PKCS10_Request& req, RandomNumberGenerator& rng, @@ -39,7 +39,7 @@ class BOTAN_DLL X509_CA /** * Get the certificate of this CA. - * @return the CA certificate + * @return CA certificate */ X509_Certificate ca_certificate() const; @@ -48,7 +48,7 @@ class BOTAN_DLL X509_CA * @param rng the random number generator to use * @param next_update the time to set in next update in seconds * as the offset from the current time - * @return the new CRL + * @return new CRL */ X509_CRL new_crl(RandomNumberGenerator& rng, u32bit next_update = 0) const; @@ -71,6 +71,7 @@ class BOTAN_DLL X509_CA * @param signer a signing object * @param rng a random number generator * @param sig_algo the signature algorithm identifier + * @param pub_key the serialized public key * @param not_before the start time of the certificate * @param not_after the end time of the certificate * @param issuer_dn the DN of the issuer @@ -92,6 +93,7 @@ class BOTAN_DLL X509_CA * Create a new CA object. * @param ca_certificate the certificate of the CA * @param key the private key of the CA + * @param hash_fn name of a hash function to use for signing */ X509_CA(const X509_Certificate& ca_certificate, const Private_Key& key, diff --git a/src/cert/x509/x509_crl.h b/src/cert/x509/x509_crl.h index a7903e7e6..c2b3c4f5c 100644 --- a/src/cert/x509/x509_crl.h +++ b/src/cert/x509/x509_crl.h @@ -31,13 +31,13 @@ class BOTAN_DLL X509_CRL : public X509_Object /** * Get the entries of this CRL in the form of a vector. - * @return a vector containing the entries of this CRL. + * @return vector containing the entries of this CRL. */ std::vector<CRL_Entry> get_revoked() const; /** * Get the issuer DN of this CRL. - * @return the CRLs issuer DN + * @return CRLs issuer DN */ X509_DN issuer_dn() const; @@ -49,31 +49,35 @@ class BOTAN_DLL X509_CRL : public X509_Object /** * Get the serial number of this CRL. - * @return the CRLs serial number + * @return CRLs serial number */ u32bit crl_number() const; /** * Get the CRL's thisUpdate value. - * @return the CRLs thisUpdate + * @return CRLs thisUpdate */ X509_Time this_update() const; /** * Get the CRL's nextUpdate value. - * @return the CRLs nextdUpdate + * @return CRLs nextdUpdate */ X509_Time next_update() const; /** * Construct a CRL from a data source. * @param source the data source providing the DER or PEM encoded CRL. + * @param throw_on_unknown_critical should we throw an exception + * if an unknown CRL extension marked as critical is encountered. */ - X509_CRL(DataSource&, bool throw_on_unknown_critical = false); + X509_CRL(DataSource& source, bool throw_on_unknown_critical = false); /** * Construct a CRL from a file containing the DER or PEM encoded CRL. * @param filename the name of the CRL file + * @param throw_on_unknown_critical should we throw an exception + * if an unknown CRL extension marked as critical is encountered. */ X509_CRL(const std::string& filename, bool throw_on_unknown_critical = false); diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h index a5bfd357f..213a077a2 100644 --- a/src/cert/x509/x509_ext.h +++ b/src/cert/x509/x509_ext.h @@ -16,18 +16,40 @@ namespace Botan { -/* +/** * X.509 Certificate Extension */ class BOTAN_DLL Certificate_Extension { public: + /** + * @return OID representing this extension + */ OID oid_of() const; + /** + * Make a copy of this extension + * @return copy of this + */ virtual Certificate_Extension* copy() const = 0; - virtual void contents_to(Data_Store&, Data_Store&) const = 0; + /* + * Add the contents of this extension into the information + * for the subject and/or issuer, as necessary. + * @param subject the subject info + * @param issuer the issuer info + */ + virtual void contents_to(Data_Store& subject, + Data_Store& issuer) const = 0; + + /* + * @return short readable name + */ virtual std::string config_id() const = 0; + + /* + * @return specific OID name + */ virtual std::string oid_name() const = 0; virtual ~Certificate_Extension() {} @@ -38,7 +60,7 @@ class BOTAN_DLL Certificate_Extension virtual void decode_inner(const MemoryRegion<byte>&) = 0; }; -/* +/** * X.509 Certificate Extension List */ class BOTAN_DLL Extensions : public ASN1_Object @@ -65,7 +87,7 @@ class BOTAN_DLL Extensions : public ASN1_Object namespace Cert_Extension { -/* +/** * Basic Constraints Extension */ class BOTAN_DLL Basic_Constraints : public Certificate_Extension @@ -91,7 +113,7 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension u32bit path_limit; }; -/* +/** * Key Usage Constraints Extension */ class BOTAN_DLL Key_Usage : public Certificate_Extension @@ -114,7 +136,7 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension Key_Constraints constraints; }; -/* +/** * Subject Key Identifier Extension */ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension @@ -138,7 +160,7 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension MemoryVector<byte> key_id; }; -/* +/** * Authority Key Identifier Extension */ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension @@ -162,7 +184,7 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension MemoryVector<byte> key_id; }; -/* +/** * Alternative Name Extension Base Class */ class BOTAN_DLL Alternative_Name : public Certificate_Extension @@ -188,7 +210,7 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension AlternativeName alt_name; }; -/* +/** * Subject Alternative Name Extension */ class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name @@ -200,7 +222,7 @@ class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name Subject_Alternative_Name(const AlternativeName& = AlternativeName()); }; -/* +/** * Issuer Alternative Name Extension */ class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name @@ -212,7 +234,7 @@ class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); }; -/* +/** * Extended Key Usage Extension */ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension @@ -236,7 +258,7 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension std::vector<OID> oids; }; -/* +/** * Certificate Policies Extension */ class BOTAN_DLL Certificate_Policies : public Certificate_Extension @@ -261,7 +283,7 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension std::vector<OID> oids; }; -/* +/** * CRL Number Extension */ class BOTAN_DLL CRL_Number : public Certificate_Extension @@ -286,7 +308,7 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension u32bit crl_number; }; -/* +/** * CRL Entry Reason Code Extension */ class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h index c7f92fa9d..52b76d218 100644 --- a/src/cert/x509/x509_obj.h +++ b/src/cert/x509/x509_obj.h @@ -33,7 +33,7 @@ class BOTAN_DLL X509_Object * @param rng the random number generator to use * @param alg_id the algorithm identifier of the signature scheme * @param tbs the tbs bits to be signed - * @return the signed X509 object + * @return signed X509 object */ static MemoryVector<byte> make_signed(class PK_Signer* signer, RandomNumberGenerator& rng, diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h index 4a9d11f7f..dc7ef4dbb 100644 --- a/src/cert/x509/x509cert.h +++ b/src/cert/x509/x509cert.h @@ -24,19 +24,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object public: /** * Get the public key associated with this certificate. - * @return the subject public key of this certificate + * @return subject public key of this certificate */ Public_Key* subject_public_key() const; /** * Get the issuer certificate DN. - * @return the issuer DN of this certificate + * @return issuer DN of this certificate */ X509_DN issuer_dn() const; /** * Get the subject certificate DN. - * @return the subject DN of this certificate + * @return subject DN of this certificate */ X509_DN subject_dn() const; @@ -50,7 +50,7 @@ class BOTAN_DLL X509_Certificate : public X509_Object * "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage", * "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or * "X509.Certificate.serial". - * @return the value(s) of the specified parameter + * @return value(s) of the specified parameter */ std::vector<std::string> subject_info(const std::string& name) const; @@ -58,43 +58,43 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Get a value for a specific subject_info parameter name. * @param name the name of the paramter to look up. Possible names are * "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier". - * @return the value(s) of the specified parameter + * @return value(s) of the specified parameter */ std::vector<std::string> issuer_info(const std::string& name) const; /** * Get the notBefore of the certificate. - * @return the notBefore of the certificate + * @return notBefore of the certificate */ std::string start_time() const; /** * Get the notAfter of the certificate. - * @return the notAfter of the certificate + * @return notAfter of the certificate */ std::string end_time() const; /** * Get the X509 version of this certificate object. - * @return the X509 version + * @return X509 version */ u32bit x509_version() const; /** * Get the serial number of this certificate. - * @return the certificates serial number + * @return certificates serial number */ MemoryVector<byte> serial_number() const; /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. - * @return the DER encoded AuthorityKeyIdentifier + * @return DER encoded AuthorityKeyIdentifier */ MemoryVector<byte> authority_key_id() const; /** * Get the DER encoded SubjectKeyIdentifier of this certificate. - * @return the DER encoded SubjectKeyIdentifier + * @return DER encoded SubjectKeyIdentifier */ MemoryVector<byte> subject_key_id() const; @@ -113,14 +113,14 @@ class BOTAN_DLL X509_Certificate : public X509_Object /** * Get the path limit as defined in the BasicConstraints extension of * this certificate. - * @return the path limit + * @return path limit */ u32bit path_limit() const; /** * Get the key constraints as defined in the KeyUsage extension of this * certificate. - * @return the key constraints + * @return key constraints */ Key_Constraints constraints() const; @@ -128,14 +128,14 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Get the key constraints as defined in the ExtendedKeyUsage * extension of this * certificate. - * @return the key constraints + * @return key constraints */ std::vector<std::string> ex_constraints() const; /** * Get the policies as defined in the CertificatePolicies extension * of this certificate. - * @return the certificate policies + * @return certificate policies */ std::vector<std::string> policies() const; diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp index d87c5e060..6e570d3b6 100644 --- a/src/cert/x509/x509self.cpp +++ b/src/cert/x509/x509self.cpp @@ -18,22 +18,6 @@ namespace Botan { namespace { /* -* Shared setup for self-signed items -*/ -MemoryVector<byte> shared_setup(const X509_Cert_Options& opts, - const Private_Key& key) - { - opts.sanity_check(); - - Pipe key_encoder; - key_encoder.start_msg(); - X509::encode(key, key_encoder, RAW_BER); - key_encoder.end_msg(); - - return key_encoder.read_all(); - } - -/* * Load information from the X509_Cert_Options */ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, @@ -67,7 +51,9 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, X509_DN subject_dn; AlternativeName subject_alt; - MemoryVector<byte> pub_key = shared_setup(opts, key); + opts.sanity_check(); + + MemoryVector<byte> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -111,7 +97,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, X509_DN subject_dn; AlternativeName subject_alt; - MemoryVector<byte> pub_key = shared_setup(opts, key); + opts.sanity_check(); + + MemoryVector<byte> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); diff --git a/src/cert/x509/x509self.h b/src/cert/x509/x509self.h index 741350067..df5731050 100644 --- a/src/cert/x509/x509self.h +++ b/src/cert/x509/x509self.h @@ -174,7 +174,7 @@ namespace X509 { * associated with this self-signed certificate * @param hash_fn the hash function to use * @param rng the rng to use -* @return the newly created self-signed certificate +* @return newly created self-signed certificate */ BOTAN_DLL X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, @@ -188,7 +188,7 @@ create_self_signed_cert(const X509_Cert_Options& opts, * @param key the key used to sign this request * @param rng the rng to use * @param hash_fn the hash function to use -* @return the newly created PKCS#10 request +* @return newly created PKCS#10 request */ BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts, const Private_Key& key, diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h index 1911c6b6a..c375c19cb 100644 --- a/src/cert/x509/x509stor.h +++ b/src/cert/x509/x509stor.h @@ -15,7 +15,7 @@ namespace Botan { -/* +/** * X.509 Certificate Validation Result */ enum X509_Code { @@ -43,7 +43,7 @@ enum X509_Code { CA_CERT_NOT_FOR_CRL_ISSUER }; -/* +/** * X.509 Certificate Store */ class BOTAN_DLL X509_Store @@ -71,20 +71,6 @@ class BOTAN_DLL X509_Store std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&); std::string PEM_encode() const; - /* - * Made CRL_Data public for XLC for Cell 0.9, otherwise cannot - * instantiate member variable std::vector<CRL_Data> revoked - */ - class BOTAN_DLL CRL_Data - { - public: - X509_DN issuer; - MemoryVector<byte> serial, auth_key_id; - bool operator==(const CRL_Data&) const; - bool operator!=(const CRL_Data&) const; - bool operator<(const CRL_Data&) const; - }; - X509_Code add_crl(const X509_CRL&); void add_cert(const X509_Certificate&, bool = false); void add_certs(DataSource&); @@ -106,6 +92,18 @@ class BOTAN_DLL X509_Store X509_Store(const X509_Store&); ~X509_Store(); private: + X509_Store& operator=(const X509_Store&) { return (*this); } + + class BOTAN_DLL CRL_Data + { + public: + X509_DN issuer; + MemoryVector<byte> serial, auth_key_id; + bool operator==(const CRL_Data&) const; + bool operator!=(const CRL_Data&) const; + bool operator<(const CRL_Data&) const; + }; + class BOTAN_DLL Cert_Info { public: |