Botan  2.11.0
Crypto and TLS for C++11
x509self.h
Go to the documentation of this file.
1 /*
2 * X.509 Self-Signed Certificate
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_SELF_H_
9 #define BOTAN_X509_SELF_H_
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_ext.h>
13 #include <botan/pkcs10.h>
14 #include <botan/asn1_time.h>
15 
16 namespace Botan {
17 
18 class RandomNumberGenerator;
19 class Private_Key;
20 
21 /**
22 * Options for X.509 certificates.
23 */
25  {
26  public:
27  /**
28  * the subject common name
29  */
30  std::string common_name;
31 
32  /**
33  * the subject counry
34  */
35  std::string country;
36 
37  /**
38  * the subject organization
39  */
40  std::string organization;
41 
42  /**
43  * the subject organizational unit
44  */
45  std::string org_unit;
46 
47  /**
48  * additional subject organizational units.
49  */
50  std::vector<std::string> more_org_units;
51 
52  /**
53  * the subject locality
54  */
55  std::string locality;
56 
57  /**
58  * the subject state
59  */
60  std::string state;
61 
62  /**
63  * the subject serial number
64  */
65  std::string serial_number;
66 
67  /**
68  * the subject email adress
69  */
70  std::string email;
71 
72  /**
73  * the subject URI
74  */
75  std::string uri;
76 
77  /**
78  * the subject IPv4 address
79  */
80  std::string ip;
81 
82  /**
83  * the subject DNS
84  */
85  std::string dns;
86 
87  /**
88  * additional subject DNS entries.
89  */
90  std::vector<std::string> more_dns;
91 
92  /**
93  * the subject XMPP
94  */
95  std::string xmpp;
96 
97  /**
98  * the subject challenge password
99  */
100  std::string challenge;
101 
102  /**
103  * the subject notBefore
104  */
106  /**
107  * the subject notAfter
108  */
110 
111  /**
112  * Indicates whether the certificate request
113  */
114  bool is_CA;
115 
116  /**
117  * Indicates the BasicConstraints path limit
118  */
119  size_t path_limit;
120 
121  std::string padding_scheme;
122 
123  /**
124  * The key constraints for the subject public key
125  */
127 
128  /**
129  * The key extended constraints for the subject public key
130  */
131  std::vector<OID> ex_constraints;
132 
133  /**
134  * Additional X.509 extensions
135  */
137 
138  /**
139  * Mark the certificate as a CA certificate and set the path limit.
140  * @param limit the path limit to be set in the BasicConstraints extension.
141  */
142  void CA_key(size_t limit = 1);
143 
144  /**
145  * Choose a padding scheme different from the default for the key used.
146  */
147  void set_padding_scheme(const std::string& scheme);
148 
149  /**
150  * Set the notBefore of the certificate.
151  * @param time the notBefore value of the certificate
152  */
153  void not_before(const std::string& time);
154 
155  /**
156  * Set the notAfter of the certificate.
157  * @param time the notAfter value of the certificate
158  */
159  void not_after(const std::string& time);
160 
161  /**
162  * Add the key constraints of the KeyUsage extension.
163  * @param constr the constraints to set
164  */
165  void add_constraints(Key_Constraints constr);
166 
167  /**
168  * Add constraints to the ExtendedKeyUsage extension.
169  * @param oid the oid to add
170  */
171  void add_ex_constraint(const OID& oid);
172 
173  /**
174  * Add constraints to the ExtendedKeyUsage extension.
175  * @param name the name to look up the oid to add
176  */
177  void add_ex_constraint(const std::string& name);
178 
179  /**
180  * Construct a new options object
181  * @param opts define the common name of this object. An example for this
182  * parameter would be "common_name/country/organization/organizational_unit".
183  * @param expire_time the expiration time (from the current clock in seconds)
184  */
185  X509_Cert_Options(const std::string& opts = "",
186  uint32_t expire_time = 365 * 24 * 60 * 60);
187  };
188 
189 namespace X509 {
190 
191 /**
192 * Create a self-signed X.509 certificate.
193 * @param opts the options defining the certificate to create
194 * @param key the private key used for signing, i.e. the key
195 * associated with this self-signed certificate
196 * @param hash_fn the hash function to use
197 * @param rng the rng to use
198 * @return newly created self-signed certificate
199 */
202  const Private_Key& key,
203  const std::string& hash_fn,
204  RandomNumberGenerator& rng);
205 
206 /**
207 * Create a PKCS#10 certificate request.
208 * @param opts the options defining the request to create
209 * @param key the key used to sign this request
210 * @param rng the rng to use
211 * @param hash_fn the hash function to use
212 * @return newly created PKCS#10 request
213 */
215  const Private_Key& key,
216  const std::string& hash_fn,
217  RandomNumberGenerator& rng);
218 
219 }
220 
221 }
222 
223 #endif
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:109
std::string org_unit
Definition: x509self.h:45
std::vector< std::string > more_dns
Definition: x509self.h:90
std::string country
Definition: x509self.h:35
std::string locality
Definition: x509self.h:55
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: bigint.h:1136
std::string common_name
Definition: x509self.h:30
std::string name
Key_Constraints constraints
Definition: x509self.h:126
std::string padding_scheme
Definition: x509self.h:121
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:51
Definition: alg_id.cpp:13
std::string serial_number
Definition: x509self.h:65
std::vector< OID > ex_constraints
Definition: x509self.h:131
std::vector< std::string > more_org_units
Definition: x509self.h:50
std::string challenge
Definition: x509self.h:100
std::string organization
Definition: x509self.h:40