Botan  1.11.15
src/lib/cert/x509/x509_ca.h
Go to the documentation of this file.
00001 /*
00002 * X.509 Certificate Authority
00003 * (C) 1999-2008 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_X509_CA_H__
00009 #define BOTAN_X509_CA_H__
00010 
00011 #include <botan/x509cert.h>
00012 #include <botan/x509_crl.h>
00013 #include <botan/x509_ext.h>
00014 #include <botan/pkcs8.h>
00015 #include <botan/pkcs10.h>
00016 #include <botan/pubkey.h>
00017 
00018 namespace Botan {
00019 
00020 /**
00021 * This class represents X.509 Certificate Authorities (CAs).
00022 */
00023 class BOTAN_DLL X509_CA
00024    {
00025    public:
00026 
00027       /**
00028       * Sign a PKCS#10 Request.
00029       * @param req the request to sign
00030       * @param rng the rng to use
00031       * @param not_before the starting time for the certificate
00032       * @param not_after the expiration time for the certificate
00033       * @return resulting certificate
00034       */
00035       X509_Certificate sign_request(const PKCS10_Request& req,
00036                                     RandomNumberGenerator& rng,
00037                                     const X509_Time& not_before,
00038                                     const X509_Time& not_after);
00039 
00040       /**
00041       * Get the certificate of this CA.
00042       * @return CA certificate
00043       */
00044       X509_Certificate ca_certificate() const;
00045 
00046       /**
00047       * Create a new and empty CRL for this CA.
00048       * @param rng the random number generator to use
00049       * @param next_update the time to set in next update in seconds
00050       * as the offset from the current time
00051       * @return new CRL
00052       */
00053       X509_CRL new_crl(RandomNumberGenerator& rng,
00054                        u32bit next_update = 0) const;
00055 
00056       /**
00057       * Create a new CRL by with additional entries.
00058       * @param last_crl the last CRL of this CA to add the new entries to
00059       * @param new_entries contains the new CRL entries to be added to the CRL
00060       * @param rng the random number generator to use
00061       * @param next_update the time to set in next update in seconds
00062       * as the offset from the current time
00063       */
00064       X509_CRL update_crl(const X509_CRL& last_crl,
00065                           const std::vector<CRL_Entry>& new_entries,
00066                           RandomNumberGenerator& rng,
00067                           u32bit next_update = 0) const;
00068 
00069       /**
00070       * Interface for creating new certificates
00071       * @param signer a signing object
00072       * @param rng a random number generator
00073       * @param sig_algo the signature algorithm identifier
00074       * @param pub_key the serialized public key
00075       * @param not_before the start time of the certificate
00076       * @param not_after the end time of the certificate
00077       * @param issuer_dn the DN of the issuer
00078       * @param subject_dn the DN of the subject
00079       * @param extensions an optional list of certificate extensions
00080       * @returns newly minted certificate
00081       */
00082       static X509_Certificate make_cert(PK_Signer* signer,
00083                                         RandomNumberGenerator& rng,
00084                                         const AlgorithmIdentifier& sig_algo,
00085                                         const std::vector<byte>& pub_key,
00086                                         const X509_Time& not_before,
00087                                         const X509_Time& not_after,
00088                                         const X509_DN& issuer_dn,
00089                                         const X509_DN& subject_dn,
00090                                         const Extensions& extensions);
00091 
00092       /**
00093       * Create a new CA object.
00094       * @param ca_certificate the certificate of the CA
00095       * @param key the private key of the CA
00096       * @param hash_fn name of a hash function to use for signing
00097       */
00098       X509_CA(const X509_Certificate& ca_certificate,
00099               const Private_Key& key,
00100               const std::string& hash_fn);
00101 
00102       X509_CA(const X509_CA&) = delete;
00103       X509_CA& operator=(const X509_CA&) = delete;
00104 
00105       ~X509_CA();
00106    private:
00107       X509_CRL make_crl(const std::vector<CRL_Entry>& entries,
00108                         u32bit crl_number, u32bit next_update,
00109                         RandomNumberGenerator& rng) const;
00110 
00111       AlgorithmIdentifier ca_sig_algo;
00112       X509_Certificate cert;
00113       PK_Signer* signer;
00114    };
00115 
00116 /**
00117 * Choose the default signature format for a certain public key signature
00118 * scheme.
00119 * @param key will be the key to choose a padding scheme for
00120 * @param hash_fn is the desired hash function
00121 * @param alg_id will be set to the chosen scheme
00122 * @return A PK_Signer object for generating signatures
00123 */
00124 BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key& key,
00125                                        const std::string& hash_fn,
00126                                        AlgorithmIdentifier& alg_id);
00127 
00128 }
00129 
00130 #endif