blob: b2e6027b63f9ea4c7e81ab9459257a6cd3a43344 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/*************************************************
* X.509 Certificate Options Source File *
* (C) 1999-2006 The Botan Project *
*************************************************/
#include <botan/x509self.h>
#include <botan/util.h>
#include <botan/parsing.h>
#include <botan/oids.h>
#include <botan/conf.h>
#include <ctime>
namespace Botan {
/*************************************************
* Set when the certificate should become valid *
*************************************************/
void X509_Cert_Options::not_before(const std::string& time_string)
{
start = X509_Time(time_string);
}
/*************************************************
* Set when the certificate should expire *
*************************************************/
void X509_Cert_Options::not_after(const std::string& time_string)
{
end = X509_Time(time_string);
}
/*************************************************
* Set key constraint information *
*************************************************/
void X509_Cert_Options::add_constraints(Key_Constraints usage)
{
constraints = usage;
}
/*************************************************
* Set key constraint information *
*************************************************/
void X509_Cert_Options::add_ex_constraint(const OID& oid)
{
ex_constraints.push_back(oid);
}
/*************************************************
* Set key constraint information *
*************************************************/
void X509_Cert_Options::add_ex_constraint(const std::string& oid_str)
{
ex_constraints.push_back(OIDS::lookup(oid_str));
}
/*************************************************
* Mark this certificate for CA usage *
*************************************************/
void X509_Cert_Options::CA_key(u32bit limit)
{
is_CA = true;
path_limit = limit;
}
/*************************************************
* Do basic sanity checks *
*************************************************/
void X509_Cert_Options::sanity_check() const
{
if(common_name == "" || country == "")
throw Encoding_Error("X.509 certificate: name and country MUST be set");
if(country.size() != 2)
throw Encoding_Error("Invalid ISO country code: " + country);
if(start >= end)
throw Encoding_Error("X509_Cert_Options: invalid time constraints");
}
/*************************************************
* Initialize the certificate options *
*************************************************/
X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts)
{
const u32bit DEFAULT_EXPIRE = Config::get_time("x509/ca/default_expire");
const u32bit OFFSET_FROM_NOW = Config::get_time("x509/ca/signing_offset");
is_CA = false;
path_limit = 0;
constraints = NO_CONSTRAINTS;
const u64bit current_time = system_time();
start = X509_Time(current_time - OFFSET_FROM_NOW);
end = X509_Time(current_time - OFFSET_FROM_NOW + DEFAULT_EXPIRE);
if(initial_opts == "")
return;
std::vector<std::string> parsed = split_on(initial_opts, '/');
if(parsed.size() > 4)
throw Invalid_Argument("X.509 cert options: Too many names: "
+ initial_opts);
if(parsed.size() >= 1) common_name = parsed[0];
if(parsed.size() >= 2) country = parsed[1];
if(parsed.size() >= 3) organization = parsed[2];
if(parsed.size() == 4) org_unit = parsed[3];
}
}
|