Botan  2.4.0
Crypto and TLS for C++11
x509self.h
Go to the documentation of this file.
1 /*
2 * X.509 Self-Signed Certificate
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_SELF_H_
9 #define BOTAN_X509_SELF_H_
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_ext.h>
13 #include <botan/pkcs10.h>
14 #include <botan/asn1_time.h>
15 
16 namespace Botan {
17 
18 class RandomNumberGenerator;
19 class Private_Key;
20 
21 /**
22 * Options for X.509 certificates.
23 */
25  {
26  public:
27  /**
28  * the subject common name
29  */
30  std::string common_name;
31 
32  /**
33  * the subject counry
34  */
35  std::string country;
36 
37  /**
38  * the subject organization
39  */
40  std::string organization;
41 
42  /**
43  * the subject organizational unit
44  */
45  std::string org_unit;
46 
47  /**
48  * the subject locality
49  */
50  std::string locality;
51 
52  /**
53  * the subject state
54  */
55  std::string state;
56 
57  /**
58  * the subject serial number
59  */
60  std::string serial_number;
61 
62  /**
63  * the subject email adress
64  */
65  std::string email;
66 
67  /**
68  * the subject URI
69  */
70  std::string uri;
71 
72  /**
73  * the subject IPv4 address
74  */
75  std::string ip;
76 
77  /**
78  * the subject DNS
79  */
80  std::string dns;
81 
82  /**
83  * the subject XMPP
84  */
85  std::string xmpp;
86 
87  /**
88  * the subject challenge password
89  */
90  std::string challenge;
91 
92  /**
93  * the subject notBefore
94  */
96  /**
97  * the subject notAfter
98  */
100 
101  /**
102  * Indicates whether the certificate request
103  */
104  bool is_CA;
105 
106  /**
107  * Indicates the BasicConstraints path limit
108  */
109  size_t path_limit;
110 
111  std::string padding_scheme;
112 
113  /**
114  * The key constraints for the subject public key
115  */
117 
118  /**
119  * The key extended constraints for the subject public key
120  */
121  std::vector<OID> ex_constraints;
122 
123  /**
124  * Additional X.509 extensions
125  */
127 
128  /**
129  * Mark the certificate as a CA certificate and set the path limit.
130  * @param limit the path limit to be set in the BasicConstraints extension.
131  */
132  void CA_key(size_t limit = 1);
133 
134  /**
135  * Choose a padding scheme different from the default for the key used.
136  */
137  void set_padding_scheme(const std::string& scheme);
138 
139  /**
140  * Set the notBefore of the certificate.
141  * @param time the notBefore value of the certificate
142  */
143  void not_before(const std::string& time);
144 
145  /**
146  * Set the notAfter of the certificate.
147  * @param time the notAfter value of the certificate
148  */
149  void not_after(const std::string& time);
150 
151  /**
152  * Add the key constraints of the KeyUsage extension.
153  * @param constr the constraints to set
154  */
155  void add_constraints(Key_Constraints constr);
156 
157  /**
158  * Add constraints to the ExtendedKeyUsage extension.
159  * @param oid the oid to add
160  */
161  void add_ex_constraint(const OID& oid);
162 
163  /**
164  * Add constraints to the ExtendedKeyUsage extension.
165  * @param name the name to look up the oid to add
166  */
167  void add_ex_constraint(const std::string& name);
168 
169  /**
170  * Construct a new options object
171  * @param opts define the common name of this object. An example for this
172  * parameter would be "common_name/country/organization/organizational_unit".
173  * @param expire_time the expiration time (from the current clock in seconds)
174  */
175  X509_Cert_Options(const std::string& opts = "",
176  uint32_t expire_time = 365 * 24 * 60 * 60);
177  };
178 
179 namespace X509 {
180 
181 /**
182 * Create a self-signed X.509 certificate.
183 * @param opts the options defining the certificate to create
184 * @param key the private key used for signing, i.e. the key
185 * associated with this self-signed certificate
186 * @param hash_fn the hash function to use
187 * @param rng the rng to use
188 * @return newly created self-signed certificate
189 */
192  const Private_Key& key,
193  const std::string& hash_fn,
194  RandomNumberGenerator& rng);
195 
196 /**
197 * Create a PKCS#10 certificate request.
198 * @param opts the options defining the request to create
199 * @param key the key used to sign this request
200 * @param rng the rng to use
201 * @param hash_fn the hash function to use
202 * @return newly created PKCS#10 request
203 */
205  const Private_Key& key,
206  const std::string& hash_fn,
207  RandomNumberGenerator& rng);
208 
209 }
210 
211 }
212 
213 #endif
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:98
std::string org_unit
Definition: x509self.h:45
std::string country
Definition: x509self.h:35
std::string locality
Definition: x509self.h:50
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:635
std::string common_name
Definition: x509self.h:30
Key_Constraints constraints
Definition: x509self.h:116
std::string padding_scheme
Definition: x509self.h:111
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:43
Definition: alg_id.cpp:13
std::string serial_number
Definition: x509self.h:60
std::vector< OID > ex_constraints
Definition: x509self.h:121
std::string challenge
Definition: x509self.h:90
std::string organization
Definition: x509self.h:40