Botan  2.18.2
Crypto and TLS for C++11
x509self.h
Go to the documentation of this file.
1 /*
2 * X.509 Self-Signed Certificate
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_SELF_H_
9 #define BOTAN_X509_SELF_H_
10 
11 #include <botan/x509cert.h>
12 #include <botan/pkcs10.h>
13 #include <botan/pkix_types.h>
14 
15 namespace Botan {
16 
17 class RandomNumberGenerator;
18 class Private_Key;
19 
20 /**
21 * Options for X.509 certificates.
22 */
24  {
25  public:
26  /**
27  * the subject common name
28  */
29  std::string common_name;
30 
31  /**
32  * the subject counry
33  */
34  std::string country;
35 
36  /**
37  * the subject organization
38  */
39  std::string organization;
40 
41  /**
42  * the subject organizational unit
43  */
44  std::string org_unit;
45 
46  /**
47  * additional subject organizational units.
48  */
49  std::vector<std::string> more_org_units;
50 
51  /**
52  * the subject locality
53  */
54  std::string locality;
55 
56  /**
57  * the subject state
58  */
59  std::string state;
60 
61  /**
62  * the subject serial number
63  */
64  std::string serial_number;
65 
66  /**
67  * the subject email adress
68  */
69  std::string email;
70 
71  /**
72  * the subject URI
73  */
74  std::string uri;
75 
76  /**
77  * the subject IPv4 address
78  */
79  std::string ip;
80 
81  /**
82  * the subject DNS
83  */
84  std::string dns;
85 
86  /**
87  * additional subject DNS entries.
88  */
89  std::vector<std::string> more_dns;
90 
91  /**
92  * the subject XMPP
93  */
94  std::string xmpp;
95 
96  /**
97  * the subject challenge password
98  */
99  std::string challenge;
100 
101  /**
102  * the subject notBefore
103  */
105  /**
106  * the subject notAfter
107  */
109 
110  /**
111  * Indicates whether the certificate request
112  */
113  bool is_CA;
114 
115  /**
116  * Indicates the BasicConstraints path limit
117  */
118  size_t path_limit;
119 
120  std::string padding_scheme;
121 
122  /**
123  * The key constraints for the subject public key
124  */
126 
127  /**
128  * The key extended constraints for the subject public key
129  */
130  std::vector<OID> ex_constraints;
131 
132  /**
133  * Additional X.509 extensions
134  */
136 
137  /**
138  * Mark the certificate as a CA certificate and set the path limit.
139  * @param limit the path limit to be set in the BasicConstraints extension.
140  */
141  void CA_key(size_t limit = 1);
142 
143  /**
144  * Choose a padding scheme different from the default for the key used.
145  */
146  void set_padding_scheme(const std::string& scheme);
147 
148  /**
149  * Set the notBefore of the certificate.
150  * @param time the notBefore value of the certificate
151  */
152  void not_before(const std::string& time);
153 
154  /**
155  * Set the notAfter of the certificate.
156  * @param time the notAfter value of the certificate
157  */
158  void not_after(const std::string& time);
159 
160  /**
161  * Add the key constraints of the KeyUsage extension.
162  * @param constr the constraints to set
163  */
164  void add_constraints(Key_Constraints constr);
165 
166  /**
167  * Add constraints to the ExtendedKeyUsage extension.
168  * @param oid the oid to add
169  */
170  void add_ex_constraint(const OID& oid);
171 
172  /**
173  * Add constraints to the ExtendedKeyUsage extension.
174  * @param name the name to look up the oid to add
175  */
176  void add_ex_constraint(const std::string& name);
177 
178  /**
179  * Construct a new options object
180  * @param opts define the common name of this object. An example for this
181  * parameter would be "common_name/country/organization/organizational_unit".
182  * @param expire_time the expiration time (from the current clock in seconds)
183  */
184  X509_Cert_Options(const std::string& opts = "",
185  uint32_t expire_time = 365 * 24 * 60 * 60);
186  };
187 
188 namespace X509 {
189 
190 /**
191 * Create a self-signed X.509 certificate.
192 * @param opts the options defining the certificate to create
193 * @param key the private key used for signing, i.e. the key
194 * associated with this self-signed certificate
195 * @param hash_fn the hash function to use
196 * @param rng the rng to use
197 * @return newly created self-signed certificate
198 */
201  const Private_Key& key,
202  const std::string& hash_fn,
203  RandomNumberGenerator& rng);
204 
205 /**
206 * Create a PKCS#10 certificate request.
207 * @param opts the options defining the request to create
208 * @param key the key used to sign this request
209 * @param rng the rng to use
210 * @param hash_fn the hash function to use
211 * @return newly created PKCS#10 request
212 */
214  const Private_Key& key,
215  const std::string& hash_fn,
216  RandomNumberGenerator& rng);
217 
218 }
219 
220 }
221 
222 #endif
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:110
std::string org_unit
Definition: x509self.h:44
std::vector< std::string > more_dns
Definition: x509self.h:89
std::string country
Definition: x509self.h:34
std::string locality
Definition: x509self.h:54
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: bigint.h:1143
std::string common_name
Definition: x509self.h:29
std::string name
Key_Constraints constraints
Definition: x509self.h:125
std::string padding_scheme
Definition: x509self.h:120
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:51
Definition: alg_id.cpp:13
std::string serial_number
Definition: x509self.h:64
Key_Constraints
Definition: pkix_enums.h:106
std::vector< OID > ex_constraints
Definition: x509self.h:130
std::vector< std::string > more_org_units
Definition: x509self.h:49
std::string challenge
Definition: x509self.h:99
std::string organization
Definition: x509self.h:39