/* * X.509 Self-Signed Certificate * (C) 1999-2007 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #ifndef BOTAN_X509_SELF_H_ #define BOTAN_X509_SELF_H_ #include #include #include #include namespace Botan { class RandomNumberGenerator; class Private_Key; /** * Options for X.509 certificates. */ class BOTAN_PUBLIC_API(2,0) X509_Cert_Options final { public: /** * the subject common name */ std::string common_name; /** * the subject counry */ std::string country; /** * the subject organization */ std::string organization; /** * the subject organizational unit */ std::string org_unit; /** * the subject locality */ std::string locality; /** * the subject state */ std::string state; /** * the subject serial number */ std::string serial_number; /** * the subject email adress */ std::string email; /** * the subject URI */ std::string uri; /** * the subject IPv4 address */ std::string ip; /** * the subject DNS */ std::string dns; std::vector more_dns; /** * the subject XMPP */ std::string xmpp; /** * the subject challenge password */ std::string challenge; /** * the subject notBefore */ X509_Time start; /** * the subject notAfter */ X509_Time end; /** * Indicates whether the certificate request */ bool is_CA; /** * Indicates the BasicConstraints path limit */ size_t path_limit; std::string padding_scheme; /** * The key constraints for the subject public key */ Key_Constraints constraints; /** * The key extended constraints for the subject public key */ std::vector ex_constraints; /** * Additional X.509 extensions */ Extensions extensions; /** * Mark the certificate as a CA certificate and set the path limit. * @param limit the path limit to be set in the BasicConstraints extension. */ void CA_key(size_t limit = 1); /** * Choose a padding scheme different from the default for the key used. */ void set_padding_scheme(const std::string& scheme); /** * Set the notBefore of the certificate. * @param time the notBefore value of the certificate */ void not_before(const std::string& time); /** * Set the notAfter of the certificate. * @param time the notAfter value of the certificate */ void not_after(const std::string& time); /** * Add the key constraints of the KeyUsage extension. * @param constr the constraints to set */ void add_constraints(Key_Constraints constr); /** * Add constraints to the ExtendedKeyUsage extension. * @param oid the oid to add */ void add_ex_constraint(const OID& oid); /** * Add constraints to the ExtendedKeyUsage extension. * @param name the name to look up the oid to add */ void add_ex_constraint(const std::string& name); /** * Construct a new options object * @param opts define the common name of this object. An example for this * parameter would be "common_name/country/organization/organizational_unit". * @param expire_time the expiration time (from the current clock in seconds) */ X509_Cert_Options(const std::string& opts = "", uint32_t expire_time = 365 * 24 * 60 * 60); }; namespace X509 { /** * Create a self-signed X.509 certificate. * @param opts the options defining the certificate to create * @param key the private key used for signing, i.e. the key * associated with this self-signed certificate * @param hash_fn the hash function to use * @param rng the rng to use * @return newly created self-signed certificate */ BOTAN_PUBLIC_API(2,0) X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, const Private_Key& key, const std::string& hash_fn, RandomNumberGenerator& rng); /** * Create a PKCS#10 certificate request. * @param opts the options defining the request to create * @param key the key used to sign this request * @param rng the rng to use * @param hash_fn the hash function to use * @return newly created PKCS#10 request */ BOTAN_PUBLIC_API(2,0) PKCS10_Request create_cert_req(const X509_Cert_Options& opts, const Private_Key& key, const std::string& hash_fn, RandomNumberGenerator& rng); } } #endif