Botan  2.11.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::Path_Validation_Restrictions Class Referencefinal

#include <x509path.h>

Public Member Functions

std::chrono::seconds max_ocsp_age () const
 
size_t minimum_key_strength () const
 
bool ocsp_all_intermediates () const
 
 Path_Validation_Restrictions (bool require_rev=false, size_t minimum_key_strength=110, bool ocsp_all_intermediates=false, std::chrono::seconds max_ocsp_age=std::chrono::seconds::zero())
 
 Path_Validation_Restrictions (bool require_rev, size_t minimum_key_strength, bool ocsp_all_intermediates, const std::set< std::string > &trusted_hashes, std::chrono::seconds max_ocsp_age=std::chrono::seconds::zero())
 
bool require_revocation_information () const
 
const std::set< std::string > & trusted_hashes () const
 

Detailed Description

Specifies restrictions on the PKIX path validation

Definition at line 34 of file x509path.h.

Constructor & Destructor Documentation

◆ Path_Validation_Restrictions() [1/2]

Botan::Path_Validation_Restrictions::Path_Validation_Restrictions ( bool  require_rev = false,
size_t  minimum_key_strength = 110,
bool  ocsp_all_intermediates = false,
std::chrono::seconds  max_ocsp_age = std::chrono::seconds::zero() 
)
Parameters
require_revif true, revocation information is required
minimum_key_strengthis the minimum strength (in terms of operations, eg 80 means 2^80) of a signature. Signatures weaker than this are rejected. If more than 80, SHA-1 signatures are also rejected. If possible use at least setting 110.
80 bit strength requires 1024 bit RSA
110 bit strength requires 2k bit RSA
128 bit strength requires ~3k bit RSA or P-256
ocsp_all_intermediatesMake OCSP requests for all CAs as well as end entity (if OCSP enabled in path validation request)
max_ocsp_agemaximum age of OCSP responses w/o next_update. If zero, there is no maximum age

Definition at line 961 of file x509path.cpp.

964  :
965  m_require_revocation_information(require_rev),
966  m_ocsp_all_intermediates(ocsp_intermediates),
967  m_minimum_key_strength(key_strength),
968  m_max_ocsp_age(max_ocsp_age)
969  {
970  if(key_strength <= 80)
971  { m_trusted_hashes.insert("SHA-160"); }
972 
973  m_trusted_hashes.insert("SHA-224");
974  m_trusted_hashes.insert("SHA-256");
975  m_trusted_hashes.insert("SHA-384");
976  m_trusted_hashes.insert("SHA-512");
977  }
std::chrono::seconds max_ocsp_age() const
Definition: x509path.h:111

◆ Path_Validation_Restrictions() [2/2]

Botan::Path_Validation_Restrictions::Path_Validation_Restrictions ( bool  require_rev,
size_t  minimum_key_strength,
bool  ocsp_all_intermediates,
const std::set< std::string > &  trusted_hashes,
std::chrono::seconds  max_ocsp_age = std::chrono::seconds::zero() 
)
inline
Parameters
require_revif true, revocation information is required
minimum_key_strengthis the minimum strength (in terms of operations, eg 80 means 2^80) of a signature. Signatures weaker than this are rejected.
ocsp_all_intermediatesMake OCSP requests for all CAs as well as end entity (if OCSP enabled in path validation request)
trusted_hashesa set of trusted hashes. Any signatures created using a hash other than one of these will be rejected.
max_ocsp_agemaximum age of OCSP responses w/o next_update. If zero, there is no maximum age

Definition at line 71 of file x509path.h.

75  :
76  m_require_revocation_information(require_rev),
77  m_ocsp_all_intermediates(ocsp_all_intermediates),
78  m_trusted_hashes(trusted_hashes),
79  m_minimum_key_strength(minimum_key_strength),
80  m_max_ocsp_age(max_ocsp_age) {}
std::chrono::seconds max_ocsp_age() const
Definition: x509path.h:111
const std::set< std::string > & trusted_hashes() const
Definition: x509path.h:98

Member Function Documentation

◆ max_ocsp_age()

std::chrono::seconds Botan::Path_Validation_Restrictions::max_ocsp_age ( ) const
inline
Returns
maximum age of OCSP responses w/o next_update. If zero, there is no maximum age

Definition at line 111 of file x509path.h.

Referenced by Botan::x509_path_validate().

112  { return m_max_ocsp_age; }

◆ minimum_key_strength()

size_t Botan::Path_Validation_Restrictions::minimum_key_strength ( ) const
inline
Returns
minimum required key strength

Definition at line 104 of file x509path.h.

Referenced by Botan::x509_path_validate().

105  { return m_minimum_key_strength; }

◆ ocsp_all_intermediates()

bool Botan::Path_Validation_Restrictions::ocsp_all_intermediates ( ) const
inline
Returns
whether all intermediate CAs should also be OCSPed. If false then only end entity OCSP is required/requested.

Definition at line 92 of file x509path.h.

Referenced by Botan::x509_path_validate().

93  { return m_ocsp_all_intermediates; }

◆ require_revocation_information()

bool Botan::Path_Validation_Restrictions::require_revocation_information ( ) const
inline
Returns
whether revocation information is required

Definition at line 85 of file x509path.h.

Referenced by Botan::x509_path_validate().

86  { return m_require_revocation_information; }

◆ trusted_hashes()

const std::set<std::string>& Botan::Path_Validation_Restrictions::trusted_hashes ( ) const
inline
Returns
trusted signature hash functions

Definition at line 98 of file x509path.h.

Referenced by Botan::x509_path_validate().

99  { return m_trusted_hashes; }

The documentation for this class was generated from the following files: