Botan
1.11.15
|
00001 /* 00002 * X.509 Certificate Options 00003 * (C) 1999-2007 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/x509self.h> 00009 #include <botan/oids.h> 00010 #include <botan/parsing.h> 00011 #include <chrono> 00012 00013 namespace Botan { 00014 00015 /* 00016 * Set when the certificate should become valid 00017 */ 00018 void X509_Cert_Options::not_before(const std::string& time_string) 00019 { 00020 start = X509_Time(time_string); 00021 } 00022 00023 /* 00024 * Set when the certificate should expire 00025 */ 00026 void X509_Cert_Options::not_after(const std::string& time_string) 00027 { 00028 end = X509_Time(time_string); 00029 } 00030 00031 /* 00032 * Set key constraint information 00033 */ 00034 void X509_Cert_Options::add_constraints(Key_Constraints usage) 00035 { 00036 constraints = usage; 00037 } 00038 00039 /* 00040 * Set key constraint information 00041 */ 00042 void X509_Cert_Options::add_ex_constraint(const OID& oid) 00043 { 00044 ex_constraints.push_back(oid); 00045 } 00046 00047 /* 00048 * Set key constraint information 00049 */ 00050 void X509_Cert_Options::add_ex_constraint(const std::string& oid_str) 00051 { 00052 ex_constraints.push_back(OIDS::lookup(oid_str)); 00053 } 00054 00055 /* 00056 * Mark this certificate for CA usage 00057 */ 00058 void X509_Cert_Options::CA_key(size_t limit) 00059 { 00060 is_CA = true; 00061 path_limit = limit; 00062 } 00063 00064 /* 00065 * Do basic sanity checks 00066 */ 00067 void X509_Cert_Options::sanity_check() const 00068 { 00069 if(common_name == "" || country == "") 00070 throw Encoding_Error("X.509 certificate: name and country MUST be set"); 00071 if(country.size() != 2) 00072 throw Encoding_Error("Invalid ISO country code: " + country); 00073 if(start >= end) 00074 throw Encoding_Error("X509_Cert_Options: invalid time constraints"); 00075 } 00076 00077 /* 00078 * Initialize the certificate options 00079 */ 00080 X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, 00081 u32bit expiration_time) 00082 { 00083 is_CA = false; 00084 path_limit = 0; 00085 constraints = NO_CONSTRAINTS; 00086 00087 auto now = std::chrono::system_clock::now(); 00088 00089 start = X509_Time(now); 00090 end = X509_Time(now + std::chrono::seconds(expiration_time)); 00091 00092 if(initial_opts == "") 00093 return; 00094 00095 std::vector<std::string> parsed = split_on(initial_opts, '/'); 00096 00097 if(parsed.size() > 4) 00098 throw Invalid_Argument("X.509 cert options: Too many names: " 00099 + initial_opts); 00100 00101 if(parsed.size() >= 1) common_name = parsed[0]; 00102 if(parsed.size() >= 2) country = parsed[1]; 00103 if(parsed.size() >= 3) organization = parsed[2]; 00104 if(parsed.size() == 4) org_unit = parsed[3]; 00105 } 00106 00107 }