Botan  1.11.32
x509_ca.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Authority
3 * (C) 1999-2008 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_CA_H__
9 #define BOTAN_X509_CA_H__
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_crl.h>
13 #include <botan/x509_ext.h>
14 #include <botan/pkcs10.h>
15 #include <botan/pubkey.h>
16 
17 namespace Botan {
18 
19 /**
20 * This class represents X.509 Certificate Authorities (CAs).
21 */
22 class BOTAN_DLL X509_CA
23  {
24  public:
25  /**
26  * Sign a PKCS#10 Request.
27  * @param req the request to sign
28  * @param rng the rng to use
29  * @param not_before the starting time for the certificate
30  * @param not_after the expiration time for the certificate
31  * @return resulting certificate
32  */
33  X509_Certificate sign_request(const PKCS10_Request& req,
35  const X509_Time& not_before,
36  const X509_Time& not_after);
37 
38  /**
39  * Get the certificate of this CA.
40  * @return CA certificate
41  */
42  X509_Certificate ca_certificate() const;
43 
44  /**
45  * Create a new and empty CRL for this CA.
46  * @param rng the random number generator to use
47  * @param next_update the time to set in next update in seconds
48  * as the offset from the current time
49  * @return new CRL
50  */
51  X509_CRL new_crl(RandomNumberGenerator& rng,
52  u32bit next_update = 0) const;
53 
54  /**
55  * Create a new CRL by with additional entries.
56  * @param last_crl the last CRL of this CA to add the new entries to
57  * @param new_entries contains the new CRL entries to be added to the CRL
58  * @param rng the random number generator to use
59  * @param next_update the time to set in next update in seconds
60  * as the offset from the current time
61  */
62  X509_CRL update_crl(const X509_CRL& last_crl,
63  const std::vector<CRL_Entry>& new_entries,
65  u32bit next_update = 0) const;
66 
67  /**
68  * Interface for creating new certificates
69  * @param signer a signing object
70  * @param rng a random number generator
71  * @param sig_algo the signature algorithm identifier
72  * @param pub_key the serialized public key
73  * @param not_before the start time of the certificate
74  * @param not_after the end time of the certificate
75  * @param issuer_dn the DN of the issuer
76  * @param subject_dn the DN of the subject
77  * @param extensions an optional list of certificate extensions
78  * @returns newly minted certificate
79  */
80  static X509_Certificate make_cert(PK_Signer* signer,
82  const AlgorithmIdentifier& sig_algo,
83  const std::vector<byte>& pub_key,
84  const X509_Time& not_before,
85  const X509_Time& not_after,
86  const X509_DN& issuer_dn,
87  const X509_DN& subject_dn,
88  const Extensions& extensions);
89 
90  /**
91  * Create a new CA object.
92  * @param ca_certificate the certificate of the CA
93  * @param key the private key of the CA
94  * @param hash_fn name of a hash function to use for signing
95  */
96  X509_CA(const X509_Certificate& ca_certificate,
97  const Private_Key& key,
98  const std::string& hash_fn);
99 
100  X509_CA(const X509_CA&) = delete;
101  X509_CA& operator=(const X509_CA&) = delete;
102 
103  ~X509_CA();
104  private:
105  X509_CRL make_crl(const std::vector<CRL_Entry>& entries,
106  u32bit crl_number, u32bit next_update,
107  RandomNumberGenerator& rng) const;
108 
109  AlgorithmIdentifier m_ca_sig_algo;
110  X509_Certificate m_cert;
111  PK_Signer* m_signer;
112  };
113 
114 /**
115 * Choose the default signature format for a certain public key signature
116 * scheme.
117 * @param key will be the key to choose a padding scheme for
118 * @param hash_fn is the desired hash function
119 * @param alg_id will be set to the chosen scheme
120 * @return A PK_Signer object for generating signatures
121 */
122 BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key& key,
123  const std::string& hash_fn,
124  AlgorithmIdentifier& alg_id);
125 
126 }
127 
128 #endif
std::uint32_t u32bit
Definition: types.h:33
Definition: alg_id.cpp:13
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:227