Botan
1.11.15
|
00001 /* 00002 * X.509 Self-Signed Certificate 00003 * (C) 1999-2007 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_X509_SELF_H__ 00009 #define BOTAN_X509_SELF_H__ 00010 00011 #include <botan/x509cert.h> 00012 #include <botan/pkcs8.h> 00013 #include <botan/pkcs10.h> 00014 #include <botan/asn1_time.h> 00015 00016 namespace Botan { 00017 00018 /** 00019 * Options for X.509 certificates. 00020 */ 00021 class BOTAN_DLL X509_Cert_Options 00022 { 00023 public: 00024 /** 00025 * the subject common name 00026 */ 00027 std::string common_name; 00028 00029 /** 00030 * the subject counry 00031 */ 00032 std::string country; 00033 00034 /** 00035 * the subject organization 00036 */ 00037 std::string organization; 00038 00039 /** 00040 * the subject organizational unit 00041 */ 00042 std::string org_unit; 00043 00044 /** 00045 * the subject locality 00046 */ 00047 std::string locality; 00048 00049 /** 00050 * the subject state 00051 */ 00052 std::string state; 00053 00054 /** 00055 * the subject serial number 00056 */ 00057 std::string serial_number; 00058 00059 /** 00060 * the subject email adress 00061 */ 00062 std::string email; 00063 00064 /** 00065 * the subject URI 00066 */ 00067 std::string uri; 00068 00069 /** 00070 * the subject IPv4 address 00071 */ 00072 std::string ip; 00073 00074 /** 00075 * the subject DNS 00076 */ 00077 std::string dns; 00078 00079 /** 00080 * the subject XMPP 00081 */ 00082 std::string xmpp; 00083 00084 /** 00085 * the subject challenge password 00086 */ 00087 std::string challenge; 00088 00089 /** 00090 * the subject notBefore 00091 */ 00092 X509_Time start; 00093 /** 00094 * the subject notAfter 00095 */ 00096 X509_Time end; 00097 00098 /** 00099 * Indicates whether the certificate request 00100 */ 00101 bool is_CA; 00102 00103 /** 00104 * Indicates the BasicConstraints path limit 00105 */ 00106 size_t path_limit; 00107 00108 /** 00109 * The key constraints for the subject public key 00110 */ 00111 Key_Constraints constraints; 00112 00113 /** 00114 * The key extended constraints for the subject public key 00115 */ 00116 std::vector<OID> ex_constraints; 00117 00118 /** 00119 * Check the options set in this object for validity. 00120 */ 00121 void sanity_check() const; 00122 00123 /** 00124 * Mark the certificate as a CA certificate and set the path limit. 00125 * @param limit the path limit to be set in the BasicConstraints extension. 00126 */ 00127 void CA_key(size_t limit = 1); 00128 00129 /** 00130 * Set the notBefore of the certificate. 00131 * @param time the notBefore value of the certificate 00132 */ 00133 void not_before(const std::string& time); 00134 00135 /** 00136 * Set the notAfter of the certificate. 00137 * @param time the notAfter value of the certificate 00138 */ 00139 void not_after(const std::string& time); 00140 00141 /** 00142 * Add the key constraints of the KeyUsage extension. 00143 * @param constr the constraints to set 00144 */ 00145 void add_constraints(Key_Constraints constr); 00146 00147 /** 00148 * Add constraints to the ExtendedKeyUsage extension. 00149 * @param oid the oid to add 00150 */ 00151 void add_ex_constraint(const OID& oid); 00152 00153 /** 00154 * Add constraints to the ExtendedKeyUsage extension. 00155 * @param name the name to look up the oid to add 00156 */ 00157 void add_ex_constraint(const std::string& name); 00158 00159 /** 00160 * Construct a new options object 00161 * @param opts define the common name of this object. An example for this 00162 * parameter would be "common_name/country/organization/organizational_unit". 00163 * @param expire_time the expiration time (from the current clock in seconds) 00164 */ 00165 X509_Cert_Options(const std::string& opts = "", 00166 u32bit expire_time = 365 * 24 * 60 * 60); 00167 }; 00168 00169 namespace X509 { 00170 00171 /** 00172 * Create a self-signed X.509 certificate. 00173 * @param opts the options defining the certificate to create 00174 * @param key the private key used for signing, i.e. the key 00175 * associated with this self-signed certificate 00176 * @param hash_fn the hash function to use 00177 * @param rng the rng to use 00178 * @return newly created self-signed certificate 00179 */ 00180 BOTAN_DLL X509_Certificate 00181 create_self_signed_cert(const X509_Cert_Options& opts, 00182 const Private_Key& key, 00183 const std::string& hash_fn, 00184 RandomNumberGenerator& rng); 00185 00186 /** 00187 * Create a PKCS#10 certificate request. 00188 * @param opts the options defining the request to create 00189 * @param key the key used to sign this request 00190 * @param rng the rng to use 00191 * @param hash_fn the hash function to use 00192 * @return newly created PKCS#10 request 00193 */ 00194 BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts, 00195 const Private_Key& key, 00196 const std::string& hash_fn, 00197 RandomNumberGenerator& rng); 00198 00199 } 00200 00201 } 00202 00203 #endif