Botan 3.9.0
Crypto and TLS for C&
x509self.h
Go to the documentation of this file.
1/*
2* X.509 Self-Signed Certificate
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_SELF_H_
9#define BOTAN_X509_SELF_H_
10
11#include <botan/pkcs10.h>
12#include <botan/pkix_types.h>
13#include <botan/x509cert.h>
14
15namespace Botan {
16
17class RandomNumberGenerator;
18class Private_Key;
19
20/**
21* Options for X.509 certificates.
22*/
23class BOTAN_PUBLIC_API(2, 0) X509_Cert_Options final {
24 public:
25 /**
26 * the subject common name
27 */
28 std::string common_name; // NOLINT(*non-private-member-variable*)
29
30 /**
31 * the subject counry
32 */
33 std::string country; // NOLINT(*non-private-member-variable*)
34
35 /**
36 * the subject organization
37 */
38 std::string organization; // NOLINT(*non-private-member-variable*)
39
40 /**
41 * the subject organizational unit
42 */
43 std::string org_unit; // NOLINT(*non-private-member-variable*)
44
45 /**
46 * additional subject organizational units.
47 */
48 std::vector<std::string> more_org_units; // NOLINT(*non-private-member-variable*)
49
50 /**
51 * the subject locality
52 */
53 std::string locality; // NOLINT(*non-private-member-variable*)
54
55 /**
56 * the subject state
57 */
58 std::string state; // NOLINT(*non-private-member-variable*)
59
60 /**
61 * the subject serial number
62 */
63 std::string serial_number; // NOLINT(*non-private-member-variable*)
64
65 /**
66 * the subject email adress
67 */
68 std::string email; // NOLINT(*non-private-member-variable*)
69
70 /**
71 * the subject URI
72 */
73 std::string uri; // NOLINT(*non-private-member-variable*)
74
75 /**
76 * the subject IPv4 address
77 */
78 std::string ip; // NOLINT(*non-private-member-variable*)
79
80 /**
81 * the subject DNS
82 */
83 std::string dns; // NOLINT(*non-private-member-variable*)
84
85 /**
86 * additional subject DNS entries.
87 */
88 std::vector<std::string> more_dns; // NOLINT(*non-private-member-variable*)
89
90 /**
91 * the subject XMPP
92 */
93 std::string xmpp; // NOLINT(*non-private-member-variable*)
94
95 /**
96 * the subject challenge password
97 */
98 std::string challenge; // NOLINT(*non-private-member-variable*)
99
100 /**
101 * the subject notBefore
102 */
103 X509_Time start; // NOLINT(*non-private-member-variable*)
104 /**
105 * the subject notAfter
106 */
107 X509_Time end; // NOLINT(*non-private-member-variable*)
108
109 /**
110 * Indicates whether the certificate request
111 */
112 bool is_CA = false; // NOLINT(*non-private-member-variable*)
113
114 /**
115 * Indicates the BasicConstraints path limit
116 */
117 size_t path_limit = 0; // NOLINT(*non-private-member-variable*)
118
119 /**
120 * Padding scheme to use. If empty uses a default
121 */
122 std::string padding_scheme; // NOLINT(*non-private-member-variable*)
123
124 /**
125 * The key constraints for the subject public key
126 */
127 Key_Constraints constraints; // NOLINT(*non-private-member-variable*)
128
129 /**
130 * The key extended constraints for the subject public key
131 */
132 std::vector<OID> ex_constraints; // NOLINT(*non-private-member-variable*)
133
134 /**
135 * Additional X.509 extensions
136 */
137 Extensions extensions; // NOLINT(*non-private-member-variable*)
138
139 /**
140 * Mark the certificate as a CA certificate and set the path limit.
141 * @param limit the path limit to be set in the BasicConstraints extension.
142 */
143 void CA_key(size_t limit = 1);
144
145 /**
146 * Choose a padding scheme different from the default for the key used.
147 */
148 void set_padding_scheme(std::string_view scheme);
149
150 /**
151 * Set the notBefore of the certificate.
152 * @param time the notBefore value of the certificate
153 */
154 void not_before(std::string_view time);
155
156 /**
157 * Set the notAfter of the certificate.
158 * @param time the notAfter value of the certificate
159 */
160 void not_after(std::string_view time);
161
162 /**
163 * Add the key constraints of the KeyUsage extension.
164 * @param constr the constraints to set
165 */
166 void add_constraints(Key_Constraints constr);
167
168 /**
169 * Add constraints to the ExtendedKeyUsage extension.
170 * @param oid the oid to add
171 */
172 void add_ex_constraint(const OID& oid);
173
174 /**
175 * Add constraints to the ExtendedKeyUsage extension.
176 * @param name the name to look up the oid to add
177 */
178 void add_ex_constraint(std::string_view name);
179
180 /**
181 * Construct a new options object
182 * @param opts define the common name of this object. An example for this
183 * parameter would be "common_name/country/organization/organizational_unit".
184 * @param expire_time the expiration time (from the current clock in seconds)
185 */
186 BOTAN_FUTURE_EXPLICIT X509_Cert_Options(std::string_view opts = "", uint32_t expire_time = 365 * 24 * 60 * 60);
187};
188
189namespace X509 {
190
191/**
192* Create a self-signed X.509 certificate.
193* @param opts the options defining the certificate to create
194* @param key the private key used for signing, i.e. the key
195* associated with this self-signed certificate
196* @param hash_fn the hash function to use
197* @param rng the rng to use
198* @return newly created self-signed certificate
199*/
200BOTAN_PUBLIC_API(2, 0)
201X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
202 const Private_Key& key,
203 std::string_view hash_fn,
204 RandomNumberGenerator& rng);
205
206/**
207* Create a PKCS#10 certificate request.
208* @param opts the options defining the request to create
209* @param key the key used to sign this request
210* @param rng the rng to use
211* @param hash_fn the hash function to use
212* @return newly created PKCS#10 request
213*/
214BOTAN_PUBLIC_API(2, 0)
215PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
216 const Private_Key& key,
217 std::string_view hash_fn,
218 RandomNumberGenerator& rng);
219
220} // namespace X509
221
222} // namespace Botan
223
224#endif
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
BOTAN_FUTURE_EXPLICIT
#define BOTAN_FUTURE_EXPLICIT
Definition api.h:52
Botan::Key_Constraints
Definition pkix_enums.h:112
Botan::PKCS10_Request
Definition pkcs10.h:28
Botan::Private_Key
Definition pk_keys.h:291
Botan::X509_Cert_Options
Definition x509self.h:23
Botan::X509_Cert_Options::common_name
std::string common_name
Definition x509self.h:28
Botan::X509_Cert_Options::org_unit
std::string org_unit
Definition x509self.h:43
Botan::X509_Cert_Options::uri
std::string uri
Definition x509self.h:73
Botan::X509_Cert_Options::ex_constraints
std::vector< OID > ex_constraints
Definition x509self.h:132
Botan::X509_Cert_Options::constraints
Key_Constraints constraints
Definition x509self.h:127
Botan::X509_Cert_Options::add_constraints
void add_constraints(Key_Constraints constr)
Definition x509opt.cpp:32
Botan::X509_Cert_Options::is_CA
bool is_CA
Definition x509self.h:112
Botan::X509_Cert_Options::not_before
void not_before(std::string_view time)
Definition x509opt.cpp:18
Botan::X509_Cert_Options::extensions
Extensions extensions
Definition x509self.h:137
Botan::X509_Cert_Options::state
std::string state
Definition x509self.h:58
Botan::X509_Cert_Options::country
std::string country
Definition x509self.h:33
Botan::X509_Cert_Options::email
std::string email
Definition x509self.h:68
Botan::X509_Cert_Options::dns
std::string dns
Definition x509self.h:83
Botan::X509_Cert_Options::more_org_units
std::vector< std::string > more_org_units
Definition x509self.h:48
Botan::X509_Cert_Options::end
X509_Time end
Definition x509self.h:107
Botan::X509_Cert_Options::organization
std::string organization
Definition x509self.h:38
Botan::X509_Cert_Options::start
X509_Time start
Definition x509self.h:103
Botan::X509_Cert_Options::not_after
void not_after(std::string_view time)
Definition x509opt.cpp:25
Botan::X509_Cert_Options::path_limit
size_t path_limit
Definition x509self.h:117
Botan::X509_Cert_Options::locality
std::string locality
Definition x509self.h:53
Botan::X509_Cert_Options::serial_number
std::string serial_number
Definition x509self.h:63
Botan::X509_Cert_Options::xmpp
std::string xmpp
Definition x509self.h:93
Botan::X509_Cert_Options::ip
std::string ip
Definition x509self.h:78
Botan::X509_Cert_Options::more_dns
std::vector< std::string > more_dns
Definition x509self.h:88
Botan::X509_Cert_Options::add_ex_constraint
void add_ex_constraint(const OID &oid)
Definition x509opt.cpp:39
Botan::X509_Cert_Options::set_padding_scheme
void set_padding_scheme(std::string_view scheme)
Definition x509opt.cpp:58
Botan::X509_Cert_Options::challenge
std::string challenge
Definition x509self.h:98
Botan::X509_Cert_Options::CA_key
void CA_key(size_t limit=1)
Definition x509opt.cpp:53
Botan::X509_Cert_Options::X509_Cert_Options
BOTAN_FUTURE_EXPLICIT X509_Cert_Options(std::string_view opts="", uint32_t expire_time=365 *24 *60 *60)
Definition x509opt.cpp:65
Botan::X509_Cert_Options::padding_scheme
std::string padding_scheme
Definition x509self.h:122
Botan::X509_Certificate
Definition x509cert.h:36
Botan::X509::create_cert_req
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:124
Botan::X509::create_self_signed_cert
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:84
Botan::X509_Time
ASN1_Time X509_Time
Definition asn1_obj.h:424
Generated by doxygen 1.14.0