Botan  2.6.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::Path_Validation_Restrictions Class Referencefinal

#include <x509path.h>

Public Member Functions

size_t minimum_key_strength () const
 
bool ocsp_all_intermediates () const
 
 Path_Validation_Restrictions (bool require_rev=false, size_t minimum_key_strength=110, bool ocsp_all_intermediates=false)
 
 Path_Validation_Restrictions (bool require_rev, size_t minimum_key_strength, bool ocsp_all_intermediates, const std::set< std::string > &trusted_hashes)
 
bool require_revocation_information () const
 
const std::set< std::string > & trusted_hashes () const
 

Detailed Description

Specifies restrictions on the PKIX path validation

Definition at line 34 of file x509path.h.

Constructor & Destructor Documentation

◆ Path_Validation_Restrictions() [1/2]

Botan::Path_Validation_Restrictions::Path_Validation_Restrictions ( bool  require_rev = false,
size_t  minimum_key_strength = 110,
bool  ocsp_all_intermediates = false 
)
Parameters
require_revif true, revocation information is required
minimum_key_strengthis the minimum strength (in terms of operations, eg 80 means 2^80) of a signature. Signatures weaker than this are rejected. If more than 80, SHA-1 signatures are also rejected. If possible use at least setting 110.
80 bit strength requires 1024 bit RSA
110 bit strength requires 2k bit RSA
128 bit strength requires ~3k bit RSA or P-256
ocsp_all_intermediatesMake OCSP requests for all CAs as well as end entity (if OCSP enabled in path validation request)

Definition at line 959 of file x509path.cpp.

961  :
962  m_require_revocation_information(require_rev),
963  m_ocsp_all_intermediates(ocsp_intermediates),
964  m_minimum_key_strength(key_strength)
965  {
966  if(key_strength <= 80)
967  m_trusted_hashes.insert("SHA-160");
968 
969  m_trusted_hashes.insert("SHA-224");
970  m_trusted_hashes.insert("SHA-256");
971  m_trusted_hashes.insert("SHA-384");
972  m_trusted_hashes.insert("SHA-512");
973  }

◆ Path_Validation_Restrictions() [2/2]

Botan::Path_Validation_Restrictions::Path_Validation_Restrictions ( bool  require_rev,
size_t  minimum_key_strength,
bool  ocsp_all_intermediates,
const std::set< std::string > &  trusted_hashes 
)
inline
Parameters
require_revif true, revocation information is required
minimum_key_strengthis the minimum strength (in terms of operations, eg 80 means 2^80) of a signature. Signatures weaker than this are rejected.
ocsp_all_intermediatesMake OCSP requests for all CAs as well as end entity (if OCSP enabled in path validation request)
trusted_hashesa set of trusted hashes. Any signatures created using a hash other than one of these will be rejected.

Definition at line 66 of file x509path.h.

69  :
70  m_require_revocation_information(require_rev),
71  m_ocsp_all_intermediates(ocsp_all_intermediates),
72  m_trusted_hashes(trusted_hashes),
73  m_minimum_key_strength(minimum_key_strength) {}
size_t minimum_key_strength() const
Definition: x509path.h:97
const std::set< std::string > & trusted_hashes() const
Definition: x509path.h:91

Member Function Documentation

◆ minimum_key_strength()

size_t Botan::Path_Validation_Restrictions::minimum_key_strength ( ) const
inline
Returns
minimum required key strength

Definition at line 97 of file x509path.h.

Referenced by Botan::x509_path_validate().

98  { return m_minimum_key_strength; }

◆ ocsp_all_intermediates()

bool Botan::Path_Validation_Restrictions::ocsp_all_intermediates ( ) const
inline
Returns
whether all intermediate CAs should also be OCSPed. If false then only end entity OCSP is required/requested.

Definition at line 85 of file x509path.h.

Referenced by Botan::x509_path_validate().

86  { return m_ocsp_all_intermediates; }

◆ require_revocation_information()

bool Botan::Path_Validation_Restrictions::require_revocation_information ( ) const
inline
Returns
whether revocation information is required

Definition at line 78 of file x509path.h.

Referenced by Botan::x509_path_validate().

79  { return m_require_revocation_information; }

◆ trusted_hashes()

const std::set<std::string>& Botan::Path_Validation_Restrictions::trusted_hashes ( ) const
inline
Returns
trusted signature hash functions

Definition at line 91 of file x509path.h.

Referenced by Botan::x509_path_validate().

92  { return m_trusted_hashes; }

The documentation for this class was generated from the following files: