Botan 2.19.2
Crypto and TLS for C&
x509self.h
Go to the documentation of this file.
1/*
2* X.509 Self-Signed Certificate
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_X509_SELF_H_
9#define BOTAN_X509_SELF_H_
10
11#include <botan/x509cert.h>
12#include <botan/pkcs10.h>
13#include <botan/pkix_types.h>
14
15namespace Botan {
16
17class RandomNumberGenerator;
18class Private_Key;
19
20/**
21* Options for X.509 certificates.
22*/
24 {
25 public:
26 /**
27 * the subject common name
28 */
29 std::string common_name;
30
31 /**
32 * the subject counry
33 */
34 std::string country;
35
36 /**
37 * the subject organization
38 */
39 std::string organization;
40
41 /**
42 * the subject organizational unit
43 */
44 std::string org_unit;
45
46 /**
47 * additional subject organizational units.
48 */
49 std::vector<std::string> more_org_units;
50
51 /**
52 * the subject locality
53 */
54 std::string locality;
55
56 /**
57 * the subject state
58 */
59 std::string state;
60
61 /**
62 * the subject serial number
63 */
64 std::string serial_number;
65
66 /**
67 * the subject email adress
68 */
69 std::string email;
70
71 /**
72 * the subject URI
73 */
74 std::string uri;
75
76 /**
77 * the subject IPv4 address
78 */
79 std::string ip;
80
81 /**
82 * the subject DNS
83 */
84 std::string dns;
85
86 /**
87 * additional subject DNS entries.
88 */
89 std::vector<std::string> more_dns;
90
91 /**
92 * the subject XMPP
93 */
94 std::string xmpp;
95
96 /**
97 * the subject challenge password
98 */
99 std::string challenge;
100
101 /**
102 * the subject notBefore
103 */
105 /**
106 * the subject notAfter
107 */
109
110 /**
111 * Indicates whether the certificate request
112 */
113 bool is_CA;
114
115 /**
116 * Indicates the BasicConstraints path limit
117 */
119
120 std::string padding_scheme;
121
122 /**
123 * The key constraints for the subject public key
124 */
126
127 /**
128 * The key extended constraints for the subject public key
129 */
130 std::vector<OID> ex_constraints;
131
132 /**
133 * Additional X.509 extensions
134 */
136
137 /**
138 * Mark the certificate as a CA certificate and set the path limit.
139 * @param limit the path limit to be set in the BasicConstraints extension.
140 */
141 void CA_key(size_t limit = 1);
142
143 /**
144 * Choose a padding scheme different from the default for the key used.
145 */
146 void set_padding_scheme(const std::string& scheme);
147
148 /**
149 * Set the notBefore of the certificate.
150 * @param time the notBefore value of the certificate
151 */
152 void not_before(const std::string& time);
153
154 /**
155 * Set the notAfter of the certificate.
156 * @param time the notAfter value of the certificate
157 */
158 void not_after(const std::string& time);
159
160 /**
161 * Add the key constraints of the KeyUsage extension.
162 * @param constr the constraints to set
163 */
164 void add_constraints(Key_Constraints constr);
165
166 /**
167 * Add constraints to the ExtendedKeyUsage extension.
168 * @param oid the oid to add
169 */
170 void add_ex_constraint(const OID& oid);
171
172 /**
173 * Add constraints to the ExtendedKeyUsage extension.
174 * @param name the name to look up the oid to add
175 */
176 void add_ex_constraint(const std::string& name);
177
178 /**
179 * Construct a new options object
180 * @param opts define the common name of this object. An example for this
181 * parameter would be "common_name/country/organization/organizational_unit".
182 * @param expire_time the expiration time (from the current clock in seconds)
183 */
184 X509_Cert_Options(const std::string& opts = "",
185 uint32_t expire_time = 365 * 24 * 60 * 60);
186 };
187
188namespace X509 {
189
190/**
191* Create a self-signed X.509 certificate.
192* @param opts the options defining the certificate to create
193* @param key the private key used for signing, i.e. the key
194* associated with this self-signed certificate
195* @param hash_fn the hash function to use
196* @param rng the rng to use
197* @return newly created self-signed certificate
198*/
201 const Private_Key& key,
202 const std::string& hash_fn,
204
205/**
206* Create a PKCS#10 certificate request.
207* @param opts the options defining the request to create
208* @param key the key used to sign this request
209* @param rng the rng to use
210* @param hash_fn the hash function to use
211* @return newly created PKCS#10 request
212*/
214 const Private_Key& key,
215 const std::string& hash_fn,
217
218}
219
220}
221
222#endif
std::string common_name
Definition: x509self.h:29
std::string org_unit
Definition: x509self.h:44
std::vector< OID > ex_constraints
Definition: x509self.h:130
Key_Constraints constraints
Definition: x509self.h:125
std::string country
Definition: x509self.h:34
std::vector< std::string > more_org_units
Definition: x509self.h:49
std::string organization
Definition: x509self.h:39
std::string locality
Definition: x509self.h:54
std::string serial_number
Definition: x509self.h:64
std::vector< std::string > more_dns
Definition: x509self.h:89
std::string challenge
Definition: x509self.h:99
std::string padding_scheme
Definition: x509self.h:120
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:110
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:51
Definition: alg_id.cpp:13
Key_Constraints
Definition: pkix_enums.h:106
Definition: bigint.h:1143