aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509/x509path.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/cert/x509/x509path.h')
-rw-r--r--src/lib/cert/x509/x509path.h53
1 files changed, 52 insertions, 1 deletions
diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h
index 60b7fa1a2..cfcf44511 100644
--- a/src/lib/cert/x509/x509path.h
+++ b/src/lib/cert/x509/x509path.h
@@ -27,6 +27,7 @@ class BOTAN_DLL Path_Validation_Restrictions
* operations, eg 80 means 2^80) of a signature. Signatures
* weaker than this are rejected. If more than 80, SHA-1
* signatures are also rejected.
+ * @param ocsp_all_intermediates
*/
Path_Validation_Restrictions(bool require_rev = false,
size_t minimum_key_strength = 80,
@@ -37,6 +38,7 @@ class BOTAN_DLL Path_Validation_Restrictions
* @param minimum_key_strength is the minimum strength (in terms of
* operations, eg 80 means 2^80) of a signature. Signatures
* weaker than this are rejected.
+ * @param ocsp_all_intermediates
* @param trusted_hashes a set of trusted hashes. Any signatures
* created using a hash other than one of these will be
* rejected.
@@ -50,15 +52,27 @@ class BOTAN_DLL Path_Validation_Restrictions
m_trusted_hashes(trusted_hashes),
m_minimum_key_strength(minimum_key_strength) {}
+ /**
+ * @return whether revocation information is required
+ */
bool require_revocation_information() const
{ return m_require_revocation_information; }
+ /**
+ * FIXME add doc
+ */
bool ocsp_all_intermediates() const
{ return m_ocsp_all_intermediates; }
+ /**
+ * @return trusted signature hash functions
+ */
const std::set<std::string>& trusted_hashes() const
{ return m_trusted_hashes; }
+ /**
+ * @return minimum required key strength
+ */
size_t minimum_key_strength() const
{ return m_minimum_key_strength; }
@@ -105,7 +119,7 @@ class BOTAN_DLL Path_Validation_Result
Certificate_Status_Code result() const { return m_overall; }
/**
- * Return a set of status codes for each certificate in the chain
+ * @return a set of status codes for each certificate in the chain
*/
const std::vector<std::set<Certificate_Status_Code>>& all_statuses() const
{ return m_all_status; }
@@ -115,11 +129,24 @@ class BOTAN_DLL Path_Validation_Result
*/
std::string result_string() const;
+ /**
+ * @param validation status code
+ * @return corresponding validation status message
+ */
static const char* status_string(Certificate_Status_Code code);
+ /**
+ * Create a Path_Validation_Result
+ * @param status list of validation status codes
+ * @param cert_chain the certificate chain that was validated
+ */
Path_Validation_Result(std::vector<std::set<Certificate_Status_Code>> status,
std::vector<std::shared_ptr<const X509_Certificate>>&& cert_chain);
+ /**
+ * Create a Path_Validation_Result
+ * @status status validation status code
+ */
explicit Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {}
private:
@@ -136,6 +163,12 @@ class BOTAN_DLL Path_Validation_Result
/**
* PKIX Path Validation
+* @param end_certs certificate chain to validate
+* @param restrictions path validation restrictions
+* @param certstores list of certificate stores that contain trusted certificates
+* @param hostname if not empty, compared against the DNS name in end_certs[0]
+* @param usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0]
+* @return result of the path validation
*/
Path_Validation_Result BOTAN_DLL x509_path_validate(
const std::vector<X509_Certificate>& end_certs,
@@ -146,6 +179,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate(
/**
* PKIX Path Validation
+* @param end_cert certificate to validate
+* @param restrictions path validation restrictions
+* @param certstores list of stores that contain trusted certificates
+* @param hostname if not empty, compared against the DNS name in end_cert
+* @param usage if not set to UNSPECIFIED, compared against the key usage in end_cert
+* @return result of the path validation
*/
Path_Validation_Result BOTAN_DLL x509_path_validate(
const X509_Certificate& end_cert,
@@ -156,6 +195,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate(
/**
* PKIX Path Validation
+* @param end_cert certificate to validate
+* @param restrictions path validation restrictions
+* @param store store that contains trusted certificates
+* @param hostname if not empty, compared against the DNS name in end_cert
+* @param usage if not set to UNSPECIFIED, compared against the key usage in end_cert
+* @return result of the path validation
*/
Path_Validation_Result BOTAN_DLL x509_path_validate(
const X509_Certificate& end_cert,
@@ -166,6 +211,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate(
/**
* PKIX Path Validation
+* @param end_certs certificate chain to validate
+* @param restrictions path validation restrictions
+* @param store store that contains trusted certificates
+* @param hostname if not empty, compared against the DNS name in end_certs[0]
+* @param usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0]
+* @return result of the path validation
*/
Path_Validation_Result BOTAN_DLL x509_path_validate(
const std::vector<X509_Certificate>& end_certs,