Botan  2.8.0
Crypto and TLS for C++11
x509self.h
Go to the documentation of this file.
1 /*
2 * X.509 Self-Signed Certificate
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_SELF_H_
9 #define BOTAN_X509_SELF_H_
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_ext.h>
13 #include <botan/pkcs10.h>
14 #include <botan/asn1_time.h>
15 
16 namespace Botan {
17 
18 class RandomNumberGenerator;
19 class Private_Key;
20 
21 /**
22 * Options for X.509 certificates.
23 */
25  {
26  public:
27  /**
28  * the subject common name
29  */
30  std::string common_name;
31 
32  /**
33  * the subject counry
34  */
35  std::string country;
36 
37  /**
38  * the subject organization
39  */
40  std::string organization;
41 
42  /**
43  * the subject organizational unit
44  */
45  std::string org_unit;
46 
47  /**
48  * the subject locality
49  */
50  std::string locality;
51 
52  /**
53  * the subject state
54  */
55  std::string state;
56 
57  /**
58  * the subject serial number
59  */
60  std::string serial_number;
61 
62  /**
63  * the subject email adress
64  */
65  std::string email;
66 
67  /**
68  * the subject URI
69  */
70  std::string uri;
71 
72  /**
73  * the subject IPv4 address
74  */
75  std::string ip;
76 
77  /**
78  * the subject DNS
79  */
80  std::string dns;
81 
82  std::vector<std::string> more_dns;
83 
84  /**
85  * the subject XMPP
86  */
87  std::string xmpp;
88 
89  /**
90  * the subject challenge password
91  */
92  std::string challenge;
93 
94  /**
95  * the subject notBefore
96  */
98  /**
99  * the subject notAfter
100  */
102 
103  /**
104  * Indicates whether the certificate request
105  */
106  bool is_CA;
107 
108  /**
109  * Indicates the BasicConstraints path limit
110  */
111  size_t path_limit;
112 
113  std::string padding_scheme;
114 
115  /**
116  * The key constraints for the subject public key
117  */
119 
120  /**
121  * The key extended constraints for the subject public key
122  */
123  std::vector<OID> ex_constraints;
124 
125  /**
126  * Additional X.509 extensions
127  */
129 
130  /**
131  * Mark the certificate as a CA certificate and set the path limit.
132  * @param limit the path limit to be set in the BasicConstraints extension.
133  */
134  void CA_key(size_t limit = 1);
135 
136  /**
137  * Choose a padding scheme different from the default for the key used.
138  */
139  void set_padding_scheme(const std::string& scheme);
140 
141  /**
142  * Set the notBefore of the certificate.
143  * @param time the notBefore value of the certificate
144  */
145  void not_before(const std::string& time);
146 
147  /**
148  * Set the notAfter of the certificate.
149  * @param time the notAfter value of the certificate
150  */
151  void not_after(const std::string& time);
152 
153  /**
154  * Add the key constraints of the KeyUsage extension.
155  * @param constr the constraints to set
156  */
157  void add_constraints(Key_Constraints constr);
158 
159  /**
160  * Add constraints to the ExtendedKeyUsage extension.
161  * @param oid the oid to add
162  */
163  void add_ex_constraint(const OID& oid);
164 
165  /**
166  * Add constraints to the ExtendedKeyUsage extension.
167  * @param name the name to look up the oid to add
168  */
169  void add_ex_constraint(const std::string& name);
170 
171  /**
172  * Construct a new options object
173  * @param opts define the common name of this object. An example for this
174  * parameter would be "common_name/country/organization/organizational_unit".
175  * @param expire_time the expiration time (from the current clock in seconds)
176  */
177  X509_Cert_Options(const std::string& opts = "",
178  uint32_t expire_time = 365 * 24 * 60 * 60);
179  };
180 
181 namespace X509 {
182 
183 /**
184 * Create a self-signed X.509 certificate.
185 * @param opts the options defining the certificate to create
186 * @param key the private key used for signing, i.e. the key
187 * associated with this self-signed certificate
188 * @param hash_fn the hash function to use
189 * @param rng the rng to use
190 * @return newly created self-signed certificate
191 */
194  const Private_Key& key,
195  const std::string& hash_fn,
196  RandomNumberGenerator& rng);
197 
198 /**
199 * Create a PKCS#10 certificate request.
200 * @param opts the options defining the request to create
201 * @param key the key used to sign this request
202 * @param rng the rng to use
203 * @param hash_fn the hash function to use
204 * @return newly created PKCS#10 request
205 */
207  const Private_Key& key,
208  const std::string& hash_fn,
209  RandomNumberGenerator& rng);
210 
211 }
212 
213 }
214 
215 #endif
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:105
std::string org_unit
Definition: x509self.h:45
std::vector< std::string > more_dns
Definition: x509self.h:82
std::string country
Definition: x509self.h:35
std::string locality
Definition: x509self.h:50
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:891
std::string common_name
Definition: x509self.h:30
std::string name
Key_Constraints constraints
Definition: x509self.h:118
std::string padding_scheme
Definition: x509self.h:113
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:47
Definition: alg_id.cpp:13
std::string serial_number
Definition: x509self.h:60
std::vector< OID > ex_constraints
Definition: x509self.h:123
std::string challenge
Definition: x509self.h:92
std::string organization
Definition: x509self.h:40