aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/crl_ent.h43
-rw-r--r--src/cert/x509/x509_crl.h48
-rw-r--r--src/cert/x509/x509_obj.h23
3 files changed, 97 insertions, 17 deletions
diff --git a/src/cert/x509/crl_ent.h b/src/cert/x509/crl_ent.h
index 8aa567a2a..40d82a8d7 100644
--- a/src/cert/x509/crl_ent.h
+++ b/src/cert/x509/crl_ent.h
@@ -10,20 +10,43 @@
namespace Botan {
-/*************************************************
-* CRL Entry *
-*************************************************/
+/**
+* This class represents CRL entries
+*/
class BOTAN_DLL CRL_Entry : public ASN1_Object
{
public:
void encode_into(class DER_Encoder&) const;
void decode_from(class BER_Decoder&);
+ /**
+ * Get the serial number of the certificate associated with this entry.
+ * @return the certificate's serial number
+ */
MemoryVector<byte> serial_number() const { return serial; }
+
+ /**
+ * Get the revocation date of the certificate associated with this entry
+ * @return the certificate's revocation date
+ */
X509_Time expire_time() const { return time; }
+
+ /**
+ * Get the entries reason code
+ * @return the reason code
+ */
CRL_Code reason_code() const { return reason; }
+ /**
+ * Construct an empty CRL entry.
+ */
CRL_Entry(bool throw_on_unknown_critical_extension = false);
+
+ /**
+ * Construct an CRL entry.
+ * @param cert the certificate to revoke
+ * @param reason the reason code to set in the entry
+ */
CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED);
private:
@@ -33,11 +56,19 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
CRL_Code reason;
};
-/*************************************************
-* Comparison Operations *
-*************************************************/
+/**
+* Test two CRL entries for equality in all fields.
+*/
BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&);
+
+/**
+* Test two CRL entries for inequality in at least one field.
+*/
BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&);
+
+/**
+* Order two entries based on the revocation date.
+*/
BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&);
}
diff --git a/src/cert/x509/x509_crl.h b/src/cert/x509/x509_crl.h
index ec73e9fdf..dd1ea372e 100644
--- a/src/cert/x509/x509_crl.h
+++ b/src/cert/x509/x509_crl.h
@@ -12,29 +12,69 @@
namespace Botan {
-/*************************************************
-* X.509 CRL *
-*************************************************/
+/**
+* This class represents X.509 Certificate Revocation Lists (CRLs).
+*/
class BOTAN_DLL X509_CRL : public X509_Object
{
public:
+ /**
+ * This class represents CRL related errors.
+ */
struct X509_CRL_Error : public Exception
{
X509_CRL_Error(const std::string& error) :
Exception("X509_CRL: " + error) {}
};
+ /**
+ * Get the entries of this CRL in the form of a vector.
+ * @return a vector containing the entries of this CRL.
+ */
std::vector<CRL_Entry> get_revoked() const;
+ /**
+ * Get the issuer DN of this CRL.
+ * @return the CRLs issuer DN
+ */
X509_DN issuer_dn() const;
+
+ /**
+ * Get the AuthorityKeyIdentifier of this CRL.
+ * @return this CRLs AuthorityKeyIdentifier
+ */
MemoryVector<byte> authority_key_id() const;
+ /**
+ * Get the serial number of this CRL.
+ * @return the CRLs serial number
+ */
u32bit crl_number() const;
+
+ /**
+ * Get the CRL's thisUpdate value.
+ * @return the CRLs thisUpdate
+ */
X509_Time this_update() const;
+
+ /**
+ * Get the CRL's nextUpdate value.
+ * @return the CRLs nextdUpdate
+ */
X509_Time next_update() const;
+ /**
+ * Construct a CRL from a data source.
+ * @param source the data source providing the DER or PEM encoded CRL.
+ */
X509_CRL(DataSource&, bool throw_on_unknown_critical = false);
- X509_CRL(const std::string&, bool throw_on_unknown_critical = false);
+
+ /**
+ * Construct a CRL from a file containing the DER or PEM encoded CRL.
+ * @param filename the name of the CRL file
+ */
+ X509_CRL(const std::string& filename,
+ bool throw_on_unknown_critical = false);
private:
void force_decode();
diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h
index 8808fd686..baaf5a8a4 100644
--- a/src/cert/x509/x509_obj.h
+++ b/src/cert/x509/x509_obj.h
@@ -14,9 +14,10 @@
namespace Botan {
-/*************************************************
-* Generic X.509 SIGNED Object *
-*************************************************/
+/**
+* This class represents abstract X.509 signed objects as
+* in the X.500 SIGNED macro
+*/
class BOTAN_DLL X509_Object
{
public:
@@ -24,10 +25,18 @@ class BOTAN_DLL X509_Object
SecureVector<byte> signature() const;
AlgorithmIdentifier signature_algorithm() const;
- static MemoryVector<byte> make_signed(class PK_Signer*,
- RandomNumberGenerator&,
- const AlgorithmIdentifier&,
- const MemoryRegion<byte>&);
+ /**
+ * Create a signed X509 object.
+ * @param signer the signer used to sign the object
+ * @param rng the random number generator to use
+ * @param alg_id the algorithm identifier of the signature scheme
+ * @param tbs the tbs bits to be signed
+ * @return the signed X509 object
+ */
+ static MemoryVector<byte> make_signed(class PK_Signer* signer,
+ RandomNumberGenerator& rng,
+ const AlgorithmIdentifier& alg_id,
+ const MemoryRegion<byte>& tbs);
bool check_signature(class Public_Key&) const;