Botan 3.5.0
Crypto and TLS for C&
x509self.h
Go to the documentation of this file.
1/*
2* X.509 Self-Signed Certificate
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_SELF_H_
9#define BOTAN_X509_SELF_H_
10
11#include <botan/pkcs10.h>
12#include <botan/pkix_types.h>
13#include <botan/x509cert.h>
14
15namespace Botan {
16
17class RandomNumberGenerator;
18class Private_Key;
19
20/**
21* Options for X.509 certificates.
22*/
24 public:
25 /**
26 * the subject common name
27 */
28 std::string common_name;
29
30 /**
31 * the subject counry
32 */
33 std::string country;
34
35 /**
36 * the subject organization
37 */
38 std::string organization;
39
40 /**
41 * the subject organizational unit
42 */
43 std::string org_unit;
44
45 /**
46 * additional subject organizational units.
47 */
48 std::vector<std::string> more_org_units;
49
50 /**
51 * the subject locality
52 */
53 std::string locality;
54
55 /**
56 * the subject state
57 */
58 std::string state;
59
60 /**
61 * the subject serial number
62 */
63 std::string serial_number;
64
65 /**
66 * the subject email adress
67 */
68 std::string email;
69
70 /**
71 * the subject URI
72 */
73 std::string uri;
74
75 /**
76 * the subject IPv4 address
77 */
78 std::string ip;
79
80 /**
81 * the subject DNS
82 */
83 std::string dns;
84
85 /**
86 * additional subject DNS entries.
87 */
88 std::vector<std::string> more_dns;
89
90 /**
91 * the subject XMPP
92 */
93 std::string xmpp;
94
95 /**
96 * the subject challenge password
97 */
98 std::string challenge;
99
100 /**
101 * the subject notBefore
102 */
104 /**
105 * the subject notAfter
106 */
108
109 /**
110 * Indicates whether the certificate request
111 */
112 bool is_CA;
113
114 /**
115 * Indicates the BasicConstraints path limit
116 */
118
119 std::string padding_scheme;
120
121 /**
122 * The key constraints for the subject public key
123 */
125
126 /**
127 * The key extended constraints for the subject public key
128 */
129 std::vector<OID> ex_constraints;
130
131 /**
132 * Additional X.509 extensions
133 */
135
136 /**
137 * Mark the certificate as a CA certificate and set the path limit.
138 * @param limit the path limit to be set in the BasicConstraints extension.
139 */
140 void CA_key(size_t limit = 1);
141
142 /**
143 * Choose a padding scheme different from the default for the key used.
144 */
145 void set_padding_scheme(std::string_view scheme);
146
147 /**
148 * Set the notBefore of the certificate.
149 * @param time the notBefore value of the certificate
150 */
151 void not_before(std::string_view time);
152
153 /**
154 * Set the notAfter of the certificate.
155 * @param time the notAfter value of the certificate
156 */
157 void not_after(std::string_view time);
158
159 /**
160 * Add the key constraints of the KeyUsage extension.
161 * @param constr the constraints to set
162 */
163 void add_constraints(Key_Constraints constr);
164
165 /**
166 * Add constraints to the ExtendedKeyUsage extension.
167 * @param oid the oid to add
168 */
169 void add_ex_constraint(const OID& oid);
170
171 /**
172 * Add constraints to the ExtendedKeyUsage extension.
173 * @param name the name to look up the oid to add
174 */
175 void add_ex_constraint(std::string_view name);
176
177 /**
178 * Construct a new options object
179 * @param opts define the common name of this object. An example for this
180 * parameter would be "common_name/country/organization/organizational_unit".
181 * @param expire_time the expiration time (from the current clock in seconds)
182 */
183 X509_Cert_Options(std::string_view opts = "", uint32_t expire_time = 365 * 24 * 60 * 60);
184};
185
186namespace X509 {
187
188/**
189* Create a self-signed X.509 certificate.
190* @param opts the options defining the certificate to create
191* @param key the private key used for signing, i.e. the key
192* associated with this self-signed certificate
193* @param hash_fn the hash function to use
194* @param rng the rng to use
195* @return newly created self-signed certificate
196*/
199 const Private_Key& key,
200 std::string_view hash_fn,
202
203/**
204* Create a PKCS#10 certificate request.
205* @param opts the options defining the request to create
206* @param key the key used to sign this request
207* @param rng the rng to use
208* @param hash_fn the hash function to use
209* @return newly created PKCS#10 request
210*/
213 const Private_Key& key,
214 std::string_view hash_fn,
216
217} // namespace X509
218
219} // namespace Botan
220
221#endif
std::string common_name
Definition x509self.h:28
std::vector< OID > ex_constraints
Definition x509self.h:129
Key_Constraints constraints
Definition x509self.h:124
std::vector< std::string > more_org_units
Definition x509self.h:48
std::string organization
Definition x509self.h:38
std::string serial_number
Definition x509self.h:63
std::vector< std::string > more_dns
Definition x509self.h:88
std::string challenge
Definition x509self.h:98
std::string padding_scheme
Definition x509self.h:119
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:123
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:83