Botan
1.11.15
|
00001 /* 00002 * X.509 Certificate Authority 00003 * (C) 1999-2008 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_X509_CA_H__ 00009 #define BOTAN_X509_CA_H__ 00010 00011 #include <botan/x509cert.h> 00012 #include <botan/x509_crl.h> 00013 #include <botan/x509_ext.h> 00014 #include <botan/pkcs8.h> 00015 #include <botan/pkcs10.h> 00016 #include <botan/pubkey.h> 00017 00018 namespace Botan { 00019 00020 /** 00021 * This class represents X.509 Certificate Authorities (CAs). 00022 */ 00023 class BOTAN_DLL X509_CA 00024 { 00025 public: 00026 00027 /** 00028 * Sign a PKCS#10 Request. 00029 * @param req the request to sign 00030 * @param rng the rng to use 00031 * @param not_before the starting time for the certificate 00032 * @param not_after the expiration time for the certificate 00033 * @return resulting certificate 00034 */ 00035 X509_Certificate sign_request(const PKCS10_Request& req, 00036 RandomNumberGenerator& rng, 00037 const X509_Time& not_before, 00038 const X509_Time& not_after); 00039 00040 /** 00041 * Get the certificate of this CA. 00042 * @return CA certificate 00043 */ 00044 X509_Certificate ca_certificate() const; 00045 00046 /** 00047 * Create a new and empty CRL for this CA. 00048 * @param rng the random number generator to use 00049 * @param next_update the time to set in next update in seconds 00050 * as the offset from the current time 00051 * @return new CRL 00052 */ 00053 X509_CRL new_crl(RandomNumberGenerator& rng, 00054 u32bit next_update = 0) const; 00055 00056 /** 00057 * Create a new CRL by with additional entries. 00058 * @param last_crl the last CRL of this CA to add the new entries to 00059 * @param new_entries contains the new CRL entries to be added to the CRL 00060 * @param rng the random number generator to use 00061 * @param next_update the time to set in next update in seconds 00062 * as the offset from the current time 00063 */ 00064 X509_CRL update_crl(const X509_CRL& last_crl, 00065 const std::vector<CRL_Entry>& new_entries, 00066 RandomNumberGenerator& rng, 00067 u32bit next_update = 0) const; 00068 00069 /** 00070 * Interface for creating new certificates 00071 * @param signer a signing object 00072 * @param rng a random number generator 00073 * @param sig_algo the signature algorithm identifier 00074 * @param pub_key the serialized public key 00075 * @param not_before the start time of the certificate 00076 * @param not_after the end time of the certificate 00077 * @param issuer_dn the DN of the issuer 00078 * @param subject_dn the DN of the subject 00079 * @param extensions an optional list of certificate extensions 00080 * @returns newly minted certificate 00081 */ 00082 static X509_Certificate make_cert(PK_Signer* signer, 00083 RandomNumberGenerator& rng, 00084 const AlgorithmIdentifier& sig_algo, 00085 const std::vector<byte>& pub_key, 00086 const X509_Time& not_before, 00087 const X509_Time& not_after, 00088 const X509_DN& issuer_dn, 00089 const X509_DN& subject_dn, 00090 const Extensions& extensions); 00091 00092 /** 00093 * Create a new CA object. 00094 * @param ca_certificate the certificate of the CA 00095 * @param key the private key of the CA 00096 * @param hash_fn name of a hash function to use for signing 00097 */ 00098 X509_CA(const X509_Certificate& ca_certificate, 00099 const Private_Key& key, 00100 const std::string& hash_fn); 00101 00102 X509_CA(const X509_CA&) = delete; 00103 X509_CA& operator=(const X509_CA&) = delete; 00104 00105 ~X509_CA(); 00106 private: 00107 X509_CRL make_crl(const std::vector<CRL_Entry>& entries, 00108 u32bit crl_number, u32bit next_update, 00109 RandomNumberGenerator& rng) const; 00110 00111 AlgorithmIdentifier ca_sig_algo; 00112 X509_Certificate cert; 00113 PK_Signer* signer; 00114 }; 00115 00116 /** 00117 * Choose the default signature format for a certain public key signature 00118 * scheme. 00119 * @param key will be the key to choose a padding scheme for 00120 * @param hash_fn is the desired hash function 00121 * @param alg_id will be set to the chosen scheme 00122 * @return A PK_Signer object for generating signatures 00123 */ 00124 BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key& key, 00125 const std::string& hash_fn, 00126 AlgorithmIdentifier& alg_id); 00127 00128 } 00129 00130 #endif