diff options
Diffstat (limited to 'src/lib/cert/x509/x509path.h')
-rw-r--r-- | src/lib/cert/x509/x509path.h | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h index 60b7fa1a2..cfcf44511 100644 --- a/src/lib/cert/x509/x509path.h +++ b/src/lib/cert/x509/x509path.h @@ -27,6 +27,7 @@ class BOTAN_DLL Path_Validation_Restrictions * operations, eg 80 means 2^80) of a signature. Signatures * weaker than this are rejected. If more than 80, SHA-1 * signatures are also rejected. + * @param ocsp_all_intermediates */ Path_Validation_Restrictions(bool require_rev = false, size_t minimum_key_strength = 80, @@ -37,6 +38,7 @@ class BOTAN_DLL Path_Validation_Restrictions * @param minimum_key_strength is the minimum strength (in terms of * operations, eg 80 means 2^80) of a signature. Signatures * weaker than this are rejected. + * @param ocsp_all_intermediates * @param trusted_hashes a set of trusted hashes. Any signatures * created using a hash other than one of these will be * rejected. @@ -50,15 +52,27 @@ class BOTAN_DLL Path_Validation_Restrictions m_trusted_hashes(trusted_hashes), m_minimum_key_strength(minimum_key_strength) {} + /** + * @return whether revocation information is required + */ bool require_revocation_information() const { return m_require_revocation_information; } + /** + * FIXME add doc + */ bool ocsp_all_intermediates() const { return m_ocsp_all_intermediates; } + /** + * @return trusted signature hash functions + */ const std::set<std::string>& trusted_hashes() const { return m_trusted_hashes; } + /** + * @return minimum required key strength + */ size_t minimum_key_strength() const { return m_minimum_key_strength; } @@ -105,7 +119,7 @@ class BOTAN_DLL Path_Validation_Result Certificate_Status_Code result() const { return m_overall; } /** - * Return a set of status codes for each certificate in the chain + * @return a set of status codes for each certificate in the chain */ const std::vector<std::set<Certificate_Status_Code>>& all_statuses() const { return m_all_status; } @@ -115,11 +129,24 @@ class BOTAN_DLL Path_Validation_Result */ std::string result_string() const; + /** + * @param validation status code + * @return corresponding validation status message + */ static const char* status_string(Certificate_Status_Code code); + /** + * Create a Path_Validation_Result + * @param status list of validation status codes + * @param cert_chain the certificate chain that was validated + */ Path_Validation_Result(std::vector<std::set<Certificate_Status_Code>> status, std::vector<std::shared_ptr<const X509_Certificate>>&& cert_chain); + /** + * Create a Path_Validation_Result + * @status status validation status code + */ explicit Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {} private: @@ -136,6 +163,12 @@ class BOTAN_DLL Path_Validation_Result /** * PKIX Path Validation +* @param end_certs certificate chain to validate +* @param restrictions path validation restrictions +* @param certstores list of certificate stores that contain trusted certificates +* @param hostname if not empty, compared against the DNS name in end_certs[0] +* @param usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0] +* @return result of the path validation */ Path_Validation_Result BOTAN_DLL x509_path_validate( const std::vector<X509_Certificate>& end_certs, @@ -146,6 +179,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate( /** * PKIX Path Validation +* @param end_cert certificate to validate +* @param restrictions path validation restrictions +* @param certstores list of stores that contain trusted certificates +* @param hostname if not empty, compared against the DNS name in end_cert +* @param usage if not set to UNSPECIFIED, compared against the key usage in end_cert +* @return result of the path validation */ Path_Validation_Result BOTAN_DLL x509_path_validate( const X509_Certificate& end_cert, @@ -156,6 +195,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate( /** * PKIX Path Validation +* @param end_cert certificate to validate +* @param restrictions path validation restrictions +* @param store store that contains trusted certificates +* @param hostname if not empty, compared against the DNS name in end_cert +* @param usage if not set to UNSPECIFIED, compared against the key usage in end_cert +* @return result of the path validation */ Path_Validation_Result BOTAN_DLL x509_path_validate( const X509_Certificate& end_cert, @@ -166,6 +211,12 @@ Path_Validation_Result BOTAN_DLL x509_path_validate( /** * PKIX Path Validation +* @param end_certs certificate chain to validate +* @param restrictions path validation restrictions +* @param store store that contains trusted certificates +* @param hostname if not empty, compared against the DNS name in end_certs[0] +* @param usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0] +* @return result of the path validation */ Path_Validation_Result BOTAN_DLL x509_path_validate( const std::vector<X509_Certificate>& end_certs, |