Botan
1.11.15
|
#include <x509_ca.h>
Public Member Functions | |
X509_Certificate | ca_certificate () const |
X509_CRL | new_crl (RandomNumberGenerator &rng, u32bit next_update=0) const |
X509_CA & | operator= (const X509_CA &) |
X509_Certificate | sign_request (const PKCS10_Request &req, RandomNumberGenerator &rng, const X509_Time ¬_before, const X509_Time ¬_after) |
X509_CRL | update_crl (const X509_CRL &last_crl, const std::vector< CRL_Entry > &new_entries, RandomNumberGenerator &rng, u32bit next_update=0) const |
X509_CA (const X509_Certificate &ca_certificate, const Private_Key &key, const std::string &hash_fn) | |
X509_CA (const X509_CA &) | |
~X509_CA () | |
Static Public Member Functions | |
static X509_Certificate | make_cert (PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const std::vector< byte > &pub_key, const X509_Time ¬_before, const X509_Time ¬_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions) |
Botan::X509_CA::X509_CA | ( | const X509_Certificate & | ca_certificate, |
const Private_Key & | key, | ||
const std::string & | hash_fn | ||
) |
Create a new CA object.
ca_certificate | the certificate of the CA |
key | the private key of the CA |
hash_fn | name of a hash function to use for signing |
Definition at line 28 of file x509_ca.cpp.
References Botan::choose_sig_format(), and Botan::X509_Certificate::is_CA_cert().
: cert(c) { if(!cert.is_CA_cert()) throw Invalid_Argument("X509_CA: This certificate is not for a CA"); signer = choose_sig_format(key, hash_fn, ca_sig_algo); }
Botan::X509_CA::X509_CA | ( | const X509_CA & | ) |
Definition at line 41 of file x509_ca.cpp.
{
delete signer;
}
Get the certificate of this CA.
Definition at line 210 of file x509_ca.cpp.
{
return cert;
}
X509_Certificate Botan::X509_CA::make_cert | ( | PK_Signer * | signer, |
RandomNumberGenerator & | rng, | ||
const AlgorithmIdentifier & | sig_algo, | ||
const std::vector< byte > & | pub_key, | ||
const X509_Time & | not_before, | ||
const X509_Time & | not_after, | ||
const X509_DN & | issuer_dn, | ||
const X509_DN & | subject_dn, | ||
const Extensions & | extensions | ||
) | [static] |
Interface for creating new certificates
signer | a signing object |
rng | a random number generator |
sig_algo | the signature algorithm identifier |
pub_key | the serialized public key |
not_before | the start time of the certificate |
not_after | the end time of the certificate |
issuer_dn | the DN of the issuer |
subject_dn | the DN of the subject |
extensions | an optional list of certificate extensions |
Definition at line 90 of file x509_ca.cpp.
References Botan::PEM_Code::encode(), Botan::X509_Object::make_signed(), and Botan::SEQUENCE.
Referenced by sign_request().
{ const size_t X509_CERT_VERSION = 3; const size_t SERIAL_BITS = 128; BigInt serial_no(rng, SERIAL_BITS); return X509_Certificate(X509_Object::make_signed( signer, rng, sig_algo, DER_Encoder().start_cons(SEQUENCE) .start_explicit(0) .encode(X509_CERT_VERSION-1) .end_explicit() .encode(serial_no) .encode(sig_algo) .encode(issuer_dn) .start_cons(SEQUENCE) .encode(not_before) .encode(not_after) .end_cons() .encode(subject_dn) .raw_bytes(pub_key) .start_explicit(3) .start_cons(SEQUENCE) .encode(extensions) .end_cons() .end_explicit() .end_cons() .get_contents() ));; }
X509_CRL Botan::X509_CA::new_crl | ( | RandomNumberGenerator & | rng, |
u32bit | next_update = 0 |
||
) | const |
Create a new and empty CRL for this CA.
rng | the random number generator to use |
next_update | the time to set in next update in seconds as the offset from the current time |
Definition at line 138 of file x509_ca.cpp.
{
std::vector<CRL_Entry> empty;
return make_crl(empty, 1, next_update, rng);
}
X509_Certificate Botan::X509_CA::sign_request | ( | const PKCS10_Request & | req, |
RandomNumberGenerator & | rng, | ||
const X509_Time & | not_before, | ||
const X509_Time & | not_after | ||
) |
Sign a PKCS#10 Request.
req | the request to sign |
rng | the rng to use |
not_before | the starting time for the certificate |
not_after | the expiration time for the certificate |
Definition at line 49 of file x509_ca.cpp.
References Botan::Extensions::add(), Botan::PKCS10_Request::constraints(), Botan::CRL_SIGN, Botan::PKCS10_Request::ex_constraints(), Botan::find_constraints(), Botan::PKCS10_Request::is_CA(), Botan::KEY_CERT_SIGN, make_cert(), Botan::PKCS10_Request::path_limit(), Botan::PKCS10_Request::raw_public_key(), Botan::PKCS10_Request::subject_alt_name(), Botan::PKCS10_Request::subject_dn(), Botan::X509_Certificate::subject_dn(), Botan::X509_Certificate::subject_key_id(), and Botan::PKCS10_Request::subject_public_key().
{ Key_Constraints constraints; if(req.is_CA()) constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN); else { std::unique_ptr<Public_Key> key(req.subject_public_key()); constraints = find_constraints(*key, req.constraints()); } Extensions extensions; extensions.add( new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()), true); extensions.add(new Cert_Extension::Key_Usage(constraints), true); extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.add( new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); extensions.add( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); return make_cert(signer, rng, ca_sig_algo, req.raw_public_key(), not_before, not_after, cert.subject_dn(), req.subject_dn(), extensions); }
X509_CRL Botan::X509_CA::update_crl | ( | const X509_CRL & | last_crl, |
const std::vector< CRL_Entry > & | new_entries, | ||
RandomNumberGenerator & | rng, | ||
u32bit | next_update = 0 |
||
) | const |
Create a new CRL by with additional entries.
last_crl | the last CRL of this CA to add the new entries to |
new_entries | contains the new CRL entries to be added to the CRL |
rng | the random number generator to use |
next_update | the time to set in next update in seconds as the offset from the current time |
Definition at line 148 of file x509_ca.cpp.
References Botan::X509_CRL::crl_number(), and Botan::X509_CRL::get_revoked().
{
std::vector<CRL_Entry> revoked = crl.get_revoked();
std::copy(new_revoked.begin(), new_revoked.end(),
std::back_inserter(revoked));
return make_crl(revoked, crl.crl_number() + 1, next_update, rng);
}