Botan 3.9.0
Crypto and TLS for C&
x509self.h
Go to the documentation of this file.
1/*
2* X.509 Self-Signed Certificate
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_SELF_H_
9#define BOTAN_X509_SELF_H_
10
11#include <botan/pkcs10.h>
12#include <botan/pkix_types.h>
13#include <botan/x509cert.h>
14
15namespace Botan {
16
18class Private_Key;
19
20/**
21* Options for X.509 certificates.
22*/
24 public:
25 /**
26 * the subject common name
27 */
28 std::string common_name; // NOLINT(*non-private-member-variable*)
29
30 /**
31 * the subject counry
32 */
33 std::string country; // NOLINT(*non-private-member-variable*)
34
35 /**
36 * the subject organization
37 */
38 std::string organization; // NOLINT(*non-private-member-variable*)
39
40 /**
41 * the subject organizational unit
42 */
43 std::string org_unit; // NOLINT(*non-private-member-variable*)
44
45 /**
46 * additional subject organizational units.
47 */
48 std::vector<std::string> more_org_units; // NOLINT(*non-private-member-variable*)
49
50 /**
51 * the subject locality
52 */
53 std::string locality; // NOLINT(*non-private-member-variable*)
54
55 /**
56 * the subject state
57 */
58 std::string state; // NOLINT(*non-private-member-variable*)
59
60 /**
61 * the subject serial number
62 */
63 std::string serial_number; // NOLINT(*non-private-member-variable*)
64
65 /**
66 * the subject email adress
67 */
68 std::string email; // NOLINT(*non-private-member-variable*)
69
70 /**
71 * the subject URI
72 */
73 std::string uri; // NOLINT(*non-private-member-variable*)
74
75 /**
76 * the subject IPv4 address
77 */
78 std::string ip; // NOLINT(*non-private-member-variable*)
79
80 /**
81 * the subject DNS
82 */
83 std::string dns; // NOLINT(*non-private-member-variable*)
84
85 /**
86 * additional subject DNS entries.
87 */
88 std::vector<std::string> more_dns; // NOLINT(*non-private-member-variable*)
89
90 /**
91 * the subject XMPP
92 */
93 std::string xmpp; // NOLINT(*non-private-member-variable*)
94
95 /**
96 * the subject challenge password
97 */
98 std::string challenge; // NOLINT(*non-private-member-variable*)
99
100 /**
101 * the subject notBefore
102 */
103 X509_Time start; // NOLINT(*non-private-member-variable*)
104 /**
105 * the subject notAfter
106 */
107 X509_Time end; // NOLINT(*non-private-member-variable*)
108
109 /**
110 * Indicates whether the certificate request
111 */
112 bool is_CA = false; // NOLINT(*non-private-member-variable*)
113
114 /**
115 * Indicates the BasicConstraints path limit
116 */
117 size_t path_limit = 0; // NOLINT(*non-private-member-variable*)
118
119 /**
120 * Padding scheme to use. If empty uses a default
121 */
122 std::string padding_scheme; // NOLINT(*non-private-member-variable*)
123
124 /**
125 * The key constraints for the subject public key
126 */
127 Key_Constraints constraints; // NOLINT(*non-private-member-variable*)
128
129 /**
130 * The key extended constraints for the subject public key
131 */
132 std::vector<OID> ex_constraints; // NOLINT(*non-private-member-variable*)
133
134 /**
135 * Additional X.509 extensions
136 */
137 Extensions extensions; // NOLINT(*non-private-member-variable*)
138
139 /**
140 * Mark the certificate as a CA certificate and set the path limit.
141 * @param limit the path limit to be set in the BasicConstraints extension.
142 */
143 void CA_key(size_t limit = 1);
144
145 /**
146 * Choose a padding scheme different from the default for the key used.
147 */
148 void set_padding_scheme(std::string_view scheme);
149
150 /**
151 * Set the notBefore of the certificate.
152 * @param time the notBefore value of the certificate
153 */
154 void not_before(std::string_view time);
155
156 /**
157 * Set the notAfter of the certificate.
158 * @param time the notAfter value of the certificate
159 */
160 void not_after(std::string_view time);
161
162 /**
163 * Add the key constraints of the KeyUsage extension.
164 * @param constr the constraints to set
165 */
166 void add_constraints(Key_Constraints constr);
167
168 /**
169 * Add constraints to the ExtendedKeyUsage extension.
170 * @param oid the oid to add
171 */
172 void add_ex_constraint(const OID& oid);
173
174 /**
175 * Add constraints to the ExtendedKeyUsage extension.
176 * @param name the name to look up the oid to add
177 */
178 void add_ex_constraint(std::string_view name);
179
180 /**
181 * Construct a new options object
182 * @param opts define the common name of this object. An example for this
183 * parameter would be "common_name/country/organization/organizational_unit".
184 * @param expire_time the expiration time (from the current clock in seconds)
185 */
186 BOTAN_FUTURE_EXPLICIT X509_Cert_Options(std::string_view opts = "", uint32_t expire_time = 365 * 24 * 60 * 60);
187};
188
189namespace X509 {
190
191/**
192* Create a self-signed X.509 certificate.
193* @param opts the options defining the certificate to create
194* @param key the private key used for signing, i.e. the key
195* associated with this self-signed certificate
196* @param hash_fn the hash function to use
197* @param rng the rng to use
198* @return newly created self-signed certificate
199*/
202 const Private_Key& key,
203 std::string_view hash_fn,
205
206/**
207* Create a PKCS#10 certificate request.
208* @param opts the options defining the request to create
209* @param key the key used to sign this request
210* @param rng the rng to use
211* @param hash_fn the hash function to use
212* @return newly created PKCS#10 request
213*/
216 const Private_Key& key,
217 std::string_view hash_fn,
219
220} // namespace X509
221
222} // namespace Botan
223
224#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
#define BOTAN_FUTURE_EXPLICIT
Definition api.h:52
std::string common_name
Definition x509self.h:28
std::vector< OID > ex_constraints
Definition x509self.h:132
Key_Constraints constraints
Definition x509self.h:127
void add_constraints(Key_Constraints constr)
Definition x509opt.cpp:32
void not_before(std::string_view time)
Definition x509opt.cpp:18
std::vector< std::string > more_org_units
Definition x509self.h:48
std::string organization
Definition x509self.h:38
void not_after(std::string_view time)
Definition x509opt.cpp:25
std::string serial_number
Definition x509self.h:63
std::vector< std::string > more_dns
Definition x509self.h:88
void add_ex_constraint(const OID &oid)
Definition x509opt.cpp:39
void set_padding_scheme(std::string_view scheme)
Definition x509opt.cpp:58
std::string challenge
Definition x509self.h:98
void CA_key(size_t limit=1)
Definition x509opt.cpp:53
BOTAN_FUTURE_EXPLICIT X509_Cert_Options(std::string_view opts="", uint32_t expire_time=365 *24 *60 *60)
Definition x509opt.cpp:65
std::string padding_scheme
Definition x509self.h:122
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:124
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:84
ASN1_Time X509_Time
Definition asn1_obj.h:424