Botan  1.11.15
src/lib/cert/x509/x509self.h
Go to the documentation of this file.
00001 /*
00002 * X.509 Self-Signed Certificate
00003 * (C) 1999-2007 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_X509_SELF_H__
00009 #define BOTAN_X509_SELF_H__
00010 
00011 #include <botan/x509cert.h>
00012 #include <botan/pkcs8.h>
00013 #include <botan/pkcs10.h>
00014 #include <botan/asn1_time.h>
00015 
00016 namespace Botan {
00017 
00018 /**
00019 * Options for X.509 certificates.
00020 */
00021 class BOTAN_DLL X509_Cert_Options
00022    {
00023    public:
00024       /**
00025       * the subject common name
00026       */
00027       std::string common_name;
00028 
00029       /**
00030       * the subject counry
00031       */
00032       std::string country;
00033 
00034       /**
00035       * the subject organization
00036       */
00037       std::string organization;
00038 
00039       /**
00040       * the subject organizational unit
00041       */
00042       std::string org_unit;
00043 
00044       /**
00045       * the subject locality
00046       */
00047       std::string locality;
00048 
00049       /**
00050       * the subject state
00051       */
00052       std::string state;
00053 
00054       /**
00055       * the subject serial number
00056       */
00057       std::string serial_number;
00058 
00059       /**
00060       * the subject email adress
00061       */
00062       std::string email;
00063 
00064       /**
00065       * the subject URI
00066       */
00067       std::string uri;
00068 
00069       /**
00070       * the subject IPv4 address
00071       */
00072       std::string ip;
00073 
00074       /**
00075       * the subject DNS
00076       */
00077       std::string dns;
00078 
00079       /**
00080       * the subject XMPP
00081       */
00082       std::string xmpp;
00083 
00084       /**
00085       * the subject challenge password
00086       */
00087       std::string challenge;
00088 
00089       /**
00090       * the subject notBefore
00091       */
00092       X509_Time start;
00093       /**
00094       * the subject notAfter
00095       */
00096       X509_Time end;
00097 
00098       /**
00099       * Indicates whether the certificate request
00100       */
00101       bool is_CA;
00102 
00103       /**
00104       * Indicates the BasicConstraints path limit
00105       */
00106       size_t path_limit;
00107 
00108       /**
00109       * The key constraints for the subject public key
00110       */
00111       Key_Constraints constraints;
00112 
00113       /**
00114       * The key extended constraints for the subject public key
00115       */
00116       std::vector<OID> ex_constraints;
00117 
00118       /**
00119       * Check the options set in this object for validity.
00120       */
00121       void sanity_check() const;
00122 
00123       /**
00124       * Mark the certificate as a CA certificate and set the path limit.
00125       * @param limit the path limit to be set in the BasicConstraints extension.
00126       */
00127       void CA_key(size_t limit = 1);
00128 
00129       /**
00130       * Set the notBefore of the certificate.
00131       * @param time the notBefore value of the certificate
00132       */
00133       void not_before(const std::string& time);
00134 
00135       /**
00136       * Set the notAfter of the certificate.
00137       * @param time the notAfter value of the certificate
00138       */
00139       void not_after(const std::string& time);
00140 
00141       /**
00142       * Add the key constraints of the KeyUsage extension.
00143       * @param constr the constraints to set
00144       */
00145       void add_constraints(Key_Constraints constr);
00146 
00147       /**
00148       * Add constraints to the ExtendedKeyUsage extension.
00149       * @param oid the oid to add
00150       */
00151       void add_ex_constraint(const OID& oid);
00152 
00153       /**
00154       * Add constraints to the ExtendedKeyUsage extension.
00155       * @param name the name to look up the oid to add
00156       */
00157       void add_ex_constraint(const std::string& name);
00158 
00159       /**
00160       * Construct a new options object
00161       * @param opts define the common name of this object. An example for this
00162       * parameter would be "common_name/country/organization/organizational_unit".
00163       * @param expire_time the expiration time (from the current clock in seconds)
00164       */
00165       X509_Cert_Options(const std::string& opts = "",
00166                         u32bit expire_time = 365 * 24 * 60 * 60);
00167    };
00168 
00169 namespace X509 {
00170 
00171 /**
00172 * Create a self-signed X.509 certificate.
00173 * @param opts the options defining the certificate to create
00174 * @param key the private key used for signing, i.e. the key
00175 * associated with this self-signed certificate
00176 * @param hash_fn the hash function to use
00177 * @param rng the rng to use
00178 * @return newly created self-signed certificate
00179 */
00180 BOTAN_DLL X509_Certificate
00181 create_self_signed_cert(const X509_Cert_Options& opts,
00182                         const Private_Key& key,
00183                         const std::string& hash_fn,
00184                         RandomNumberGenerator& rng);
00185 
00186 /**
00187 * Create a PKCS#10 certificate request.
00188 * @param opts the options defining the request to create
00189 * @param key the key used to sign this request
00190 * @param rng the rng to use
00191 * @param hash_fn the hash function to use
00192 * @return newly created PKCS#10 request
00193 */
00194 BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
00195                                          const Private_Key& key,
00196                                          const std::string& hash_fn,
00197                                          RandomNumberGenerator& rng);
00198 
00199 }
00200 
00201 }
00202 
00203 #endif