Botan 3.11.0
Crypto and TLS for C&
x509self.h
Go to the documentation of this file.
1/*
2* X.509 Self-Signed Certificate
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_SELF_H_
9#define BOTAN_X509_SELF_H_
10
11#include <botan/asn1_obj.h>
12#include <botan/asn1_time.h>
13#include <botan/pkcs10.h>
14#include <botan/pkix_types.h>
15#include <botan/x509cert.h>
16
17namespace Botan {
18
19class RandomNumberGenerator;
20class Private_Key;
21
22/**
23* Options for X.509 certificates.
24*/
25class BOTAN_PUBLIC_API(2, 0) X509_Cert_Options final {
26 public:
27 /**
28 * the subject common name
29 */
30 std::string common_name; // NOLINT(*non-private-member-variable*)
31
32 /**
33 * the subject country
34 */
35 std::string country; // NOLINT(*non-private-member-variable*)
36
37 /**
38 * the subject organization
39 */
40 std::string organization; // NOLINT(*non-private-member-variable*)
41
42 /**
43 * the subject organizational unit
44 */
45 std::string org_unit; // NOLINT(*non-private-member-variable*)
46
47 /**
48 * additional subject organizational units.
49 */
50 std::vector<std::string> more_org_units; // NOLINT(*non-private-member-variable*)
51
52 /**
53 * the subject locality
54 */
55 std::string locality; // NOLINT(*non-private-member-variable*)
56
57 /**
58 * the subject state
59 */
60 std::string state; // NOLINT(*non-private-member-variable*)
61
62 /**
63 * the subject serial number
64 */
65 std::string serial_number; // NOLINT(*non-private-member-variable*)
66
67 /**
68 * the subject email address
69 */
70 std::string email; // NOLINT(*non-private-member-variable*)
71
72 /**
73 * the subject URI
74 */
75 std::string uri; // NOLINT(*non-private-member-variable*)
76
77 /**
78 * the subject IPv4 address
79 */
80 std::string ip; // NOLINT(*non-private-member-variable*)
81
82 /**
83 * the subject DNS
84 */
85 std::string dns; // NOLINT(*non-private-member-variable*)
86
87 /**
88 * additional subject DNS entries.
89 */
90 std::vector<std::string> more_dns; // NOLINT(*non-private-member-variable*)
91
92 /**
93 * the subject XMPP
94 */
95 std::string xmpp; // NOLINT(*non-private-member-variable*)
96
97 /**
98 * the subject challenge password
99 */
100 std::string challenge; // NOLINT(*non-private-member-variable*)
101
102 /**
103 * the subject notBefore
104 */
105 X509_Time start; // NOLINT(*non-private-member-variable*)
106 /**
107 * the subject notAfter
108 */
109 X509_Time end; // NOLINT(*non-private-member-variable*)
110
111 /**
112 * Indicates whether the certificate request
113 */
114 bool is_CA = false; // NOLINT(*non-private-member-variable*)
115
116 /**
117 * Indicates the BasicConstraints path limit
118 */
119 size_t path_limit = 0; // NOLINT(*non-private-member-variable*)
120
121 /**
122 * Padding scheme to use. If empty uses a default
123 */
124 std::string padding_scheme; // NOLINT(*non-private-member-variable*)
125
126 /**
127 * The key constraints for the subject public key
128 */
129 Key_Constraints constraints; // NOLINT(*non-private-member-variable*)
130
131 /**
132 * The key extended constraints for the subject public key
133 */
134 std::vector<OID> ex_constraints; // NOLINT(*non-private-member-variable*)
135
136 /**
137 * Additional X.509 extensions
138 */
139 Extensions extensions; // NOLINT(*non-private-member-variable*)
140
141 /**
142 * Mark the certificate as a CA certificate and set the path limit.
143 * @param limit the path limit to be set in the BasicConstraints extension.
144 */
145 void CA_key(size_t limit = 1);
146
147 /**
148 * Choose a padding scheme different from the default for the key used.
149 */
150 void set_padding_scheme(std::string_view scheme);
151
152 /**
153 * Set the notBefore of the certificate.
154 * @param time the notBefore value of the certificate
155 */
156 void not_before(std::string_view time);
157
158 /**
159 * Set the notAfter of the certificate.
160 * @param time the notAfter value of the certificate
161 */
162 void not_after(std::string_view time);
163
164 /**
165 * Add the key constraints of the KeyUsage extension.
166 * @param constr the constraints to set
167 */
168 void add_constraints(Key_Constraints constr);
169
170 /**
171 * Add constraints to the ExtendedKeyUsage extension.
172 * @param oid the oid to add
173 */
174 void add_ex_constraint(const OID& oid);
175
176 /**
177 * Add constraints to the ExtendedKeyUsage extension.
178 * @param name the name to look up the oid to add
179 */
180 void add_ex_constraint(std::string_view name);
181
182 /**
183 * Construct a new options object
184 * @param opts define the common name of this object. An example for this
185 * parameter would be "common_name/country/organization/organizational_unit".
186 * @param expire_time the expiration time (from the current clock in seconds)
187 */
188 BOTAN_FUTURE_EXPLICIT X509_Cert_Options(std::string_view opts = "", uint32_t expire_time = 365 * 24 * 60 * 60);
189};
190
191namespace X509 {
192
193/**
194* Create a self-signed X.509 certificate.
195* @param opts the options defining the certificate to create
196* @param key the private key used for signing, i.e. the key
197* associated with this self-signed certificate
198* @param hash_fn the hash function to use
199* @param rng the rng to use
200* @return newly created self-signed certificate
201*/
202BOTAN_PUBLIC_API(2, 0)
203X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
204 const Private_Key& key,
205 std::string_view hash_fn,
206 RandomNumberGenerator& rng);
207
208/**
209* Create a PKCS#10 certificate request.
210* @param opts the options defining the request to create
211* @param key the key used to sign this request
212* @param rng the rng to use
213* @param hash_fn the hash function to use
214* @return newly created PKCS#10 request
215*/
216BOTAN_PUBLIC_API(2, 0)
217PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
218 const Private_Key& key,
219 std::string_view hash_fn,
220 RandomNumberGenerator& rng);
221
222} // namespace X509
223
224} // namespace Botan
225
226#endif
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
BOTAN_FUTURE_EXPLICIT
#define BOTAN_FUTURE_EXPLICIT
Definition api.h:52
Botan::Key_Constraints
Definition pkix_enums.h:112
Botan::PKCS10_Request
Definition pkcs10.h:28
Botan::Private_Key
Definition pk_keys.h:294
Botan::X509_Cert_Options
Definition x509self.h:25
Botan::X509_Cert_Options::common_name
std::string common_name
Definition x509self.h:30
Botan::X509_Cert_Options::org_unit
std::string org_unit
Definition x509self.h:45
Botan::X509_Cert_Options::uri
std::string uri
Definition x509self.h:75
Botan::X509_Cert_Options::ex_constraints
std::vector< OID > ex_constraints
Definition x509self.h:134
Botan::X509_Cert_Options::constraints
Key_Constraints constraints
Definition x509self.h:129
Botan::X509_Cert_Options::add_constraints
void add_constraints(Key_Constraints constr)
Definition x509opt.cpp:32
Botan::X509_Cert_Options::is_CA
bool is_CA
Definition x509self.h:114
Botan::X509_Cert_Options::not_before
void not_before(std::string_view time)
Definition x509opt.cpp:18
Botan::X509_Cert_Options::extensions
Extensions extensions
Definition x509self.h:139
Botan::X509_Cert_Options::state
std::string state
Definition x509self.h:60
Botan::X509_Cert_Options::country
std::string country
Definition x509self.h:35
Botan::X509_Cert_Options::email
std::string email
Definition x509self.h:70
Botan::X509_Cert_Options::dns
std::string dns
Definition x509self.h:85
Botan::X509_Cert_Options::more_org_units
std::vector< std::string > more_org_units
Definition x509self.h:50
Botan::X509_Cert_Options::end
X509_Time end
Definition x509self.h:109
Botan::X509_Cert_Options::organization
std::string organization
Definition x509self.h:40
Botan::X509_Cert_Options::start
X509_Time start
Definition x509self.h:105
Botan::X509_Cert_Options::not_after
void not_after(std::string_view time)
Definition x509opt.cpp:25
Botan::X509_Cert_Options::path_limit
size_t path_limit
Definition x509self.h:119
Botan::X509_Cert_Options::locality
std::string locality
Definition x509self.h:55
Botan::X509_Cert_Options::serial_number
std::string serial_number
Definition x509self.h:65
Botan::X509_Cert_Options::xmpp
std::string xmpp
Definition x509self.h:95
Botan::X509_Cert_Options::ip
std::string ip
Definition x509self.h:80
Botan::X509_Cert_Options::more_dns
std::vector< std::string > more_dns
Definition x509self.h:90
Botan::X509_Cert_Options::add_ex_constraint
void add_ex_constraint(const OID &oid)
Definition x509opt.cpp:39
Botan::X509_Cert_Options::set_padding_scheme
void set_padding_scheme(std::string_view scheme)
Definition x509opt.cpp:58
Botan::X509_Cert_Options::challenge
std::string challenge
Definition x509self.h:100
Botan::X509_Cert_Options::CA_key
void CA_key(size_t limit=1)
Definition x509opt.cpp:53
Botan::X509_Cert_Options::X509_Cert_Options
BOTAN_FUTURE_EXPLICIT X509_Cert_Options(std::string_view opts="", uint32_t expire_time=365 *24 *60 *60)
Definition x509opt.cpp:65
Botan::X509_Cert_Options::padding_scheme
std::string padding_scheme
Definition x509self.h:124
Botan::X509_Certificate
Definition x509cert.h:27
Botan::X509::create_cert_req
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:122
Botan::X509::create_self_signed_cert
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
Definition x509self.cpp:82
Botan::X509_Time
ASN1_Time X509_Time
Definition asn1_obj.h:23
Generated by doxygen 1.15.0