diff options
Diffstat (limited to 'src/cert')
-rw-r--r-- | src/cert/x509/crl_ent.h | 43 | ||||
-rw-r--r-- | src/cert/x509/x509_crl.h | 48 | ||||
-rw-r--r-- | src/cert/x509/x509_obj.h | 23 |
3 files changed, 97 insertions, 17 deletions
diff --git a/src/cert/x509/crl_ent.h b/src/cert/x509/crl_ent.h index 8aa567a2a..40d82a8d7 100644 --- a/src/cert/x509/crl_ent.h +++ b/src/cert/x509/crl_ent.h @@ -10,20 +10,43 @@ namespace Botan { -/************************************************* -* CRL Entry * -*************************************************/ +/** +* This class represents CRL entries +*/ class BOTAN_DLL CRL_Entry : public ASN1_Object { public: void encode_into(class DER_Encoder&) const; void decode_from(class BER_Decoder&); + /** + * Get the serial number of the certificate associated with this entry. + * @return the certificate's serial number + */ MemoryVector<byte> serial_number() const { return serial; } + + /** + * Get the revocation date of the certificate associated with this entry + * @return the certificate's revocation date + */ X509_Time expire_time() const { return time; } + + /** + * Get the entries reason code + * @return the reason code + */ CRL_Code reason_code() const { return reason; } + /** + * Construct an empty CRL entry. + */ CRL_Entry(bool throw_on_unknown_critical_extension = false); + + /** + * Construct an CRL entry. + * @param cert the certificate to revoke + * @param reason the reason code to set in the entry + */ CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED); private: @@ -33,11 +56,19 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object CRL_Code reason; }; -/************************************************* -* Comparison Operations * -*************************************************/ +/** +* Test two CRL entries for equality in all fields. +*/ BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&); + +/** +* Test two CRL entries for inequality in at least one field. +*/ BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&); + +/** +* Order two entries based on the revocation date. +*/ BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&); } diff --git a/src/cert/x509/x509_crl.h b/src/cert/x509/x509_crl.h index ec73e9fdf..dd1ea372e 100644 --- a/src/cert/x509/x509_crl.h +++ b/src/cert/x509/x509_crl.h @@ -12,29 +12,69 @@ namespace Botan { -/************************************************* -* X.509 CRL * -*************************************************/ +/** +* This class represents X.509 Certificate Revocation Lists (CRLs). +*/ class BOTAN_DLL X509_CRL : public X509_Object { public: + /** + * This class represents CRL related errors. + */ struct X509_CRL_Error : public Exception { X509_CRL_Error(const std::string& error) : Exception("X509_CRL: " + error) {} }; + /** + * Get the entries of this CRL in the form of a vector. + * @return a vector containing the entries of this CRL. + */ std::vector<CRL_Entry> get_revoked() const; + /** + * Get the issuer DN of this CRL. + * @return the CRLs issuer DN + */ X509_DN issuer_dn() const; + + /** + * Get the AuthorityKeyIdentifier of this CRL. + * @return this CRLs AuthorityKeyIdentifier + */ MemoryVector<byte> authority_key_id() const; + /** + * Get the serial number of this CRL. + * @return the CRLs serial number + */ u32bit crl_number() const; + + /** + * Get the CRL's thisUpdate value. + * @return the CRLs thisUpdate + */ X509_Time this_update() const; + + /** + * Get the CRL's nextUpdate value. + * @return the CRLs nextdUpdate + */ X509_Time next_update() const; + /** + * Construct a CRL from a data source. + * @param source the data source providing the DER or PEM encoded CRL. + */ X509_CRL(DataSource&, bool throw_on_unknown_critical = false); - X509_CRL(const std::string&, bool throw_on_unknown_critical = false); + + /** + * Construct a CRL from a file containing the DER or PEM encoded CRL. + * @param filename the name of the CRL file + */ + X509_CRL(const std::string& filename, + bool throw_on_unknown_critical = false); private: void force_decode(); diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h index 8808fd686..baaf5a8a4 100644 --- a/src/cert/x509/x509_obj.h +++ b/src/cert/x509/x509_obj.h @@ -14,9 +14,10 @@ namespace Botan { -/************************************************* -* Generic X.509 SIGNED Object * -*************************************************/ +/** +* This class represents abstract X.509 signed objects as +* in the X.500 SIGNED macro +*/ class BOTAN_DLL X509_Object { public: @@ -24,10 +25,18 @@ class BOTAN_DLL X509_Object SecureVector<byte> signature() const; AlgorithmIdentifier signature_algorithm() const; - static MemoryVector<byte> make_signed(class PK_Signer*, - RandomNumberGenerator&, - const AlgorithmIdentifier&, - const MemoryRegion<byte>&); + /** + * Create a signed X509 object. + * @param signer the signer used to sign the object + * @param rng the random number generator to use + * @param alg_id the algorithm identifier of the signature scheme + * @param tbs the tbs bits to be signed + * @return the signed X509 object + */ + static MemoryVector<byte> make_signed(class PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const MemoryRegion<byte>& tbs); bool check_signature(class Public_Key&) const; |