Botan  1.11.34
Crypto and TLS for C++11
x509_ca.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Authority
3 * (C) 1999-2008 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_CA_H__
9 #define BOTAN_X509_CA_H__
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_crl.h>
13 #include <botan/x509_ext.h>
14 #include <botan/pkcs10.h>
15 
16 #if defined(BOTAN_HAS_SYSTEM_RNG)
17  #include <botan/system_rng.h>
18 #endif
19 
20 namespace Botan {
21 
22 class PK_Signer;
23 
24 /**
25 * This class represents X.509 Certificate Authorities (CAs).
26 */
27 class BOTAN_DLL X509_CA
28  {
29  public:
30  /**
31  * Sign a PKCS#10 Request.
32  * @param req the request to sign
33  * @param rng the rng to use
34  * @param not_before the starting time for the certificate
35  * @param not_after the expiration time for the certificate
36  * @return resulting certificate
37  */
38  X509_Certificate sign_request(const PKCS10_Request& req,
40  const X509_Time& not_before,
41  const X509_Time& not_after);
42 
43  /**
44  * Get the certificate of this CA.
45  * @return CA certificate
46  */
47  X509_Certificate ca_certificate() const;
48 
49  /**
50  * Create a new and empty CRL for this CA.
51  * @param rng the random number generator to use
52  * @param next_update the time to set in next update in seconds
53  * as the offset from the current time
54  * @return new CRL
55  */
56  X509_CRL new_crl(RandomNumberGenerator& rng,
57  u32bit next_update = 0) const;
58 
59  /**
60  * Create a new CRL by with additional entries.
61  * @param last_crl the last CRL of this CA to add the new entries to
62  * @param new_entries contains the new CRL entries to be added to the CRL
63  * @param rng the random number generator to use
64  * @param next_update the time to set in next update in seconds
65  * as the offset from the current time
66  */
67  X509_CRL update_crl(const X509_CRL& last_crl,
68  const std::vector<CRL_Entry>& new_entries,
70  u32bit next_update = 0) const;
71 
72  /**
73  * Interface for creating new certificates
74  * @param signer a signing object
75  * @param rng a random number generator
76  * @param sig_algo the signature algorithm identifier
77  * @param pub_key the serialized public key
78  * @param not_before the start time of the certificate
79  * @param not_after the end time of the certificate
80  * @param issuer_dn the DN of the issuer
81  * @param subject_dn the DN of the subject
82  * @param extensions an optional list of certificate extensions
83  * @returns newly minted certificate
84  */
85  static X509_Certificate make_cert(PK_Signer* signer,
87  const AlgorithmIdentifier& sig_algo,
88  const std::vector<byte>& pub_key,
89  const X509_Time& not_before,
90  const X509_Time& not_after,
91  const X509_DN& issuer_dn,
92  const X509_DN& subject_dn,
93  const Extensions& extensions);
94 
95  /**
96  * Create a new CA object.
97  * @param ca_certificate the certificate of the CA
98  * @param key the private key of the CA
99  * @param hash_fn name of a hash function to use for signing
100  * @param rng the random generator to use
101  */
102  X509_CA(const X509_Certificate& ca_certificate,
103  const Private_Key& key,
104  const std::string& hash_fn,
105  RandomNumberGenerator& rng);
106 
107 #if defined(BOTAN_HAS_SYSTEM_RNG)
108  BOTAN_DEPRECATED("Use version taking RNG object")
109  X509_CA(const X509_Certificate& ca_certificate,
110  const Private_Key& key,
111  const std::string& hash_fn) :
112  X509_CA(ca_certificate, key, hash_fn, system_rng())
113  {}
114 #endif
115 
116  X509_CA(const X509_CA&) = delete;
117  X509_CA& operator=(const X509_CA&) = delete;
118 
119  ~X509_CA();
120  private:
121  X509_CRL make_crl(const std::vector<CRL_Entry>& entries,
122  u32bit crl_number, u32bit next_update,
123  RandomNumberGenerator& rng) const;
124 
125  AlgorithmIdentifier m_ca_sig_algo;
126  X509_Certificate m_cert;
127  PK_Signer* m_signer;
128  };
129 
130 /**
131 * Choose the default signature format for a certain public key signature
132 * scheme.
133 * @param key will be the key to choose a padding scheme for
134 * @param rng the random generator to use
135 * @param hash_fn is the desired hash function
136 * @param alg_id will be set to the chosen scheme
137 * @return A PK_Signer object for generating signatures
138 */
139 BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key& key,
141  const std::string& hash_fn,
142  AlgorithmIdentifier& alg_id);
143 
144 }
145 
146 #endif
std::uint32_t u32bit
Definition: types.h:33
class BOTAN_DLL BOTAN_DEPRECATED("LibraryInitializer is no longer required") LibraryInitializer
Definition: init.h:22
Definition: alg_id.cpp:13
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:228
RandomNumberGenerator & system_rng()
Definition: system_rng.cpp:178