Botan  1.11.15
src/lib/cert/x509/x509cert.h
Go to the documentation of this file.
00001 /*
00002 * X.509 Certificates
00003 * (C) 1999-2007 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_X509_CERTS_H__
00009 #define BOTAN_X509_CERTS_H__
00010 
00011 #include <botan/x509_obj.h>
00012 #include <botan/x509_dn.h>
00013 #include <botan/x509_key.h>
00014 #include <botan/asn1_alt_name.h>
00015 #include <botan/datastor.h>
00016 #include <botan/key_constraint.h>
00017 #include <map>
00018 
00019 namespace Botan {
00020 
00021 /**
00022 * This class represents X.509 Certificate
00023 */
00024 class BOTAN_DLL X509_Certificate : public X509_Object
00025    {
00026    public:
00027       /**
00028       * Get the public key associated with this certificate.
00029       * @return subject public key of this certificate
00030       */
00031       Public_Key* subject_public_key() const;
00032 
00033       /**
00034       * Get the public key associated with this certificate.
00035       * @return subject public key of this certificate
00036       */
00037       std::vector<byte> subject_public_key_bits() const;
00038 
00039       /**
00040       * Get the issuer certificate DN.
00041       * @return issuer DN of this certificate
00042       */
00043       X509_DN issuer_dn() const;
00044 
00045       /**
00046       * Get the subject certificate DN.
00047       * @return subject DN of this certificate
00048       */
00049       X509_DN subject_dn() const;
00050 
00051       /**
00052       * Get a value for a specific subject_info parameter name.
00053       * @param name the name of the paramter to look up. Possible names are
00054       * "X509.Certificate.version", "X509.Certificate.serial",
00055       * "X509.Certificate.start", "X509.Certificate.end",
00056       * "X509.Certificate.v2.key_id", "X509.Certificate.public_key",
00057       * "X509v3.BasicConstraints.path_constraint",
00058       * "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage",
00059       * "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or
00060       * "X509.Certificate.serial".
00061       * @return value(s) of the specified parameter
00062       */
00063       std::vector<std::string> subject_info(const std::string& name) const;
00064 
00065       /**
00066       * Get a value for a specific subject_info parameter name.
00067       * @param name the name of the paramter to look up. Possible names are
00068       * "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier".
00069       * @return value(s) of the specified parameter
00070       */
00071       std::vector<std::string> issuer_info(const std::string& name) const;
00072 
00073       /**
00074       * Raw subject DN
00075       */
00076       std::vector<byte> raw_issuer_dn() const;
00077 
00078       /**
00079       * Raw issuer DN
00080       */
00081       std::vector<byte> raw_subject_dn() const;
00082 
00083       /**
00084       * Get the notBefore of the certificate.
00085       * @return notBefore of the certificate
00086       */
00087       std::string start_time() const;
00088 
00089       /**
00090       * Get the notAfter of the certificate.
00091       * @return notAfter of the certificate
00092       */
00093       std::string end_time() const;
00094 
00095       /**
00096       * Get the X509 version of this certificate object.
00097       * @return X509 version
00098       */
00099       u32bit x509_version() const;
00100 
00101       /**
00102       * Get the serial number of this certificate.
00103       * @return certificates serial number
00104       */
00105       std::vector<byte> serial_number() const;
00106 
00107       /**
00108       * Get the DER encoded AuthorityKeyIdentifier of this certificate.
00109       * @return DER encoded AuthorityKeyIdentifier
00110       */
00111       std::vector<byte> authority_key_id() const;
00112 
00113       /**
00114       * Get the DER encoded SubjectKeyIdentifier of this certificate.
00115       * @return DER encoded SubjectKeyIdentifier
00116       */
00117       std::vector<byte> subject_key_id() const;
00118 
00119       /**
00120       * Check whether this certificate is self signed.
00121       * @return true if this certificate is self signed
00122       */
00123       bool is_self_signed() const { return self_signed; }
00124 
00125       /**
00126       * Check whether this certificate is a CA certificate.
00127       * @return true if this certificate is a CA certificate
00128       */
00129       bool is_CA_cert() const;
00130 
00131       bool allowed_usage(Key_Constraints usage) const;
00132 
00133       /**
00134       * Returns true if and only if name (referring to an extended key
00135       * constraint, eg "PKIX.ServerAuth") is included in the extended
00136       * key extension.
00137       */
00138       bool allowed_usage(const std::string& usage) const;
00139 
00140       /**
00141       * Get the path limit as defined in the BasicConstraints extension of
00142       * this certificate.
00143       * @return path limit
00144       */
00145       u32bit path_limit() const;
00146 
00147       /**
00148       * Get the key constraints as defined in the KeyUsage extension of this
00149       * certificate.
00150       * @return key constraints
00151       */
00152       Key_Constraints constraints() const;
00153 
00154       /**
00155       * Get the key constraints as defined in the ExtendedKeyUsage
00156       * extension of this
00157       * certificate.
00158       * @return key constraints
00159       */
00160       std::vector<std::string> ex_constraints() const;
00161 
00162       /**
00163       * Get the policies as defined in the CertificatePolicies extension
00164       * of this certificate.
00165       * @return certificate policies
00166       */
00167       std::vector<std::string> policies() const;
00168 
00169       /**
00170       * Return the listed address of an OCSP responder, or empty if not set
00171       */
00172       std::string ocsp_responder() const;
00173 
00174       /**
00175       * Return the CRL distribution point, or empty if not set
00176       */
00177       std::string crl_distribution_point() const;
00178 
00179       /**
00180       * @return a string describing the certificate
00181       */
00182       std::string to_string() const;
00183 
00184       /**
00185       * Return a fingerprint of the certificate
00186       */
00187       std::string fingerprint(const std::string& = "SHA-1") const;
00188 
00189       /**
00190       * Check if a certain DNS name matches up with the information in
00191       * the cert
00192       */
00193       bool matches_dns_name(const std::string& name) const;
00194 
00195       /**
00196       * Check to certificates for equality.
00197       * @return true both certificates are (binary) equal
00198       */
00199       bool operator==(const X509_Certificate& other) const;
00200 
00201       /**
00202       * Impose an arbitrary (but consistent) ordering
00203       * @return true if this is less than other by some unspecified criteria
00204       */
00205       bool operator<(const X509_Certificate& other) const;
00206 
00207       /**
00208       * Create a certificate from a data source providing the DER or
00209       * PEM encoded certificate.
00210       * @param source the data source
00211       */
00212       X509_Certificate(DataSource& source);
00213 
00214       /**
00215       * Create a certificate from a file containing the DER or PEM
00216       * encoded certificate.
00217       * @param filename the name of the certificate file
00218       */
00219       X509_Certificate(const std::string& filename);
00220 
00221       X509_Certificate(const std::vector<byte>& in);
00222 
00223    private:
00224       void force_decode();
00225       friend class X509_CA;
00226       friend class BER_Decoder;
00227 
00228       X509_Certificate() {}
00229 
00230       Data_Store subject, issuer;
00231       bool self_signed;
00232    };
00233 
00234 /**
00235 * Check two certificates for inequality
00236 * @return true if the arguments represent different certificates,
00237 * false if they are binary identical
00238 */
00239 BOTAN_DLL bool operator!=(const X509_Certificate&, const X509_Certificate&);
00240 
00241 /*
00242 * Data Store Extraction Operations
00243 */
00244 BOTAN_DLL X509_DN create_dn(const Data_Store&);
00245 BOTAN_DLL AlternativeName create_alt_name(const Data_Store&);
00246 
00247 }
00248 
00249 #endif