Botan
1.11.15
|
00001 /* 00002 * X.509 Certificates 00003 * (C) 1999-2007 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_X509_CERTS_H__ 00009 #define BOTAN_X509_CERTS_H__ 00010 00011 #include <botan/x509_obj.h> 00012 #include <botan/x509_dn.h> 00013 #include <botan/x509_key.h> 00014 #include <botan/asn1_alt_name.h> 00015 #include <botan/datastor.h> 00016 #include <botan/key_constraint.h> 00017 #include <map> 00018 00019 namespace Botan { 00020 00021 /** 00022 * This class represents X.509 Certificate 00023 */ 00024 class BOTAN_DLL X509_Certificate : public X509_Object 00025 { 00026 public: 00027 /** 00028 * Get the public key associated with this certificate. 00029 * @return subject public key of this certificate 00030 */ 00031 Public_Key* subject_public_key() const; 00032 00033 /** 00034 * Get the public key associated with this certificate. 00035 * @return subject public key of this certificate 00036 */ 00037 std::vector<byte> subject_public_key_bits() const; 00038 00039 /** 00040 * Get the issuer certificate DN. 00041 * @return issuer DN of this certificate 00042 */ 00043 X509_DN issuer_dn() const; 00044 00045 /** 00046 * Get the subject certificate DN. 00047 * @return subject DN of this certificate 00048 */ 00049 X509_DN subject_dn() const; 00050 00051 /** 00052 * Get a value for a specific subject_info parameter name. 00053 * @param name the name of the paramter to look up. Possible names are 00054 * "X509.Certificate.version", "X509.Certificate.serial", 00055 * "X509.Certificate.start", "X509.Certificate.end", 00056 * "X509.Certificate.v2.key_id", "X509.Certificate.public_key", 00057 * "X509v3.BasicConstraints.path_constraint", 00058 * "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage", 00059 * "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or 00060 * "X509.Certificate.serial". 00061 * @return value(s) of the specified parameter 00062 */ 00063 std::vector<std::string> subject_info(const std::string& name) const; 00064 00065 /** 00066 * Get a value for a specific subject_info parameter name. 00067 * @param name the name of the paramter to look up. Possible names are 00068 * "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier". 00069 * @return value(s) of the specified parameter 00070 */ 00071 std::vector<std::string> issuer_info(const std::string& name) const; 00072 00073 /** 00074 * Raw subject DN 00075 */ 00076 std::vector<byte> raw_issuer_dn() const; 00077 00078 /** 00079 * Raw issuer DN 00080 */ 00081 std::vector<byte> raw_subject_dn() const; 00082 00083 /** 00084 * Get the notBefore of the certificate. 00085 * @return notBefore of the certificate 00086 */ 00087 std::string start_time() const; 00088 00089 /** 00090 * Get the notAfter of the certificate. 00091 * @return notAfter of the certificate 00092 */ 00093 std::string end_time() const; 00094 00095 /** 00096 * Get the X509 version of this certificate object. 00097 * @return X509 version 00098 */ 00099 u32bit x509_version() const; 00100 00101 /** 00102 * Get the serial number of this certificate. 00103 * @return certificates serial number 00104 */ 00105 std::vector<byte> serial_number() const; 00106 00107 /** 00108 * Get the DER encoded AuthorityKeyIdentifier of this certificate. 00109 * @return DER encoded AuthorityKeyIdentifier 00110 */ 00111 std::vector<byte> authority_key_id() const; 00112 00113 /** 00114 * Get the DER encoded SubjectKeyIdentifier of this certificate. 00115 * @return DER encoded SubjectKeyIdentifier 00116 */ 00117 std::vector<byte> subject_key_id() const; 00118 00119 /** 00120 * Check whether this certificate is self signed. 00121 * @return true if this certificate is self signed 00122 */ 00123 bool is_self_signed() const { return self_signed; } 00124 00125 /** 00126 * Check whether this certificate is a CA certificate. 00127 * @return true if this certificate is a CA certificate 00128 */ 00129 bool is_CA_cert() const; 00130 00131 bool allowed_usage(Key_Constraints usage) const; 00132 00133 /** 00134 * Returns true if and only if name (referring to an extended key 00135 * constraint, eg "PKIX.ServerAuth") is included in the extended 00136 * key extension. 00137 */ 00138 bool allowed_usage(const std::string& usage) const; 00139 00140 /** 00141 * Get the path limit as defined in the BasicConstraints extension of 00142 * this certificate. 00143 * @return path limit 00144 */ 00145 u32bit path_limit() const; 00146 00147 /** 00148 * Get the key constraints as defined in the KeyUsage extension of this 00149 * certificate. 00150 * @return key constraints 00151 */ 00152 Key_Constraints constraints() const; 00153 00154 /** 00155 * Get the key constraints as defined in the ExtendedKeyUsage 00156 * extension of this 00157 * certificate. 00158 * @return key constraints 00159 */ 00160 std::vector<std::string> ex_constraints() const; 00161 00162 /** 00163 * Get the policies as defined in the CertificatePolicies extension 00164 * of this certificate. 00165 * @return certificate policies 00166 */ 00167 std::vector<std::string> policies() const; 00168 00169 /** 00170 * Return the listed address of an OCSP responder, or empty if not set 00171 */ 00172 std::string ocsp_responder() const; 00173 00174 /** 00175 * Return the CRL distribution point, or empty if not set 00176 */ 00177 std::string crl_distribution_point() const; 00178 00179 /** 00180 * @return a string describing the certificate 00181 */ 00182 std::string to_string() const; 00183 00184 /** 00185 * Return a fingerprint of the certificate 00186 */ 00187 std::string fingerprint(const std::string& = "SHA-1") const; 00188 00189 /** 00190 * Check if a certain DNS name matches up with the information in 00191 * the cert 00192 */ 00193 bool matches_dns_name(const std::string& name) const; 00194 00195 /** 00196 * Check to certificates for equality. 00197 * @return true both certificates are (binary) equal 00198 */ 00199 bool operator==(const X509_Certificate& other) const; 00200 00201 /** 00202 * Impose an arbitrary (but consistent) ordering 00203 * @return true if this is less than other by some unspecified criteria 00204 */ 00205 bool operator<(const X509_Certificate& other) const; 00206 00207 /** 00208 * Create a certificate from a data source providing the DER or 00209 * PEM encoded certificate. 00210 * @param source the data source 00211 */ 00212 X509_Certificate(DataSource& source); 00213 00214 /** 00215 * Create a certificate from a file containing the DER or PEM 00216 * encoded certificate. 00217 * @param filename the name of the certificate file 00218 */ 00219 X509_Certificate(const std::string& filename); 00220 00221 X509_Certificate(const std::vector<byte>& in); 00222 00223 private: 00224 void force_decode(); 00225 friend class X509_CA; 00226 friend class BER_Decoder; 00227 00228 X509_Certificate() {} 00229 00230 Data_Store subject, issuer; 00231 bool self_signed; 00232 }; 00233 00234 /** 00235 * Check two certificates for inequality 00236 * @return true if the arguments represent different certificates, 00237 * false if they are binary identical 00238 */ 00239 BOTAN_DLL bool operator!=(const X509_Certificate&, const X509_Certificate&); 00240 00241 /* 00242 * Data Store Extraction Operations 00243 */ 00244 BOTAN_DLL X509_DN create_dn(const Data_Store&); 00245 BOTAN_DLL AlternativeName create_alt_name(const Data_Store&); 00246 00247 } 00248 00249 #endif