Botan  2.1.0
Crypto and TLS for C++11
x509self.h
Go to the documentation of this file.
1 /*
2 * X.509 Self-Signed Certificate
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_X509_SELF_H__
9 #define BOTAN_X509_SELF_H__
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_ext.h>
13 #include <botan/pkcs10.h>
14 #include <botan/asn1_time.h>
15 
16 namespace Botan {
17 
18 /**
19 * Options for X.509 certificates.
20 */
21 class BOTAN_DLL X509_Cert_Options
22  {
23  public:
24  /**
25  * the subject common name
26  */
27  std::string common_name;
28 
29  /**
30  * the subject counry
31  */
32  std::string country;
33 
34  /**
35  * the subject organization
36  */
37  std::string organization;
38 
39  /**
40  * the subject organizational unit
41  */
42  std::string org_unit;
43 
44  /**
45  * the subject locality
46  */
47  std::string locality;
48 
49  /**
50  * the subject state
51  */
52  std::string state;
53 
54  /**
55  * the subject serial number
56  */
57  std::string serial_number;
58 
59  /**
60  * the subject email adress
61  */
62  std::string email;
63 
64  /**
65  * the subject URI
66  */
67  std::string uri;
68 
69  /**
70  * the subject IPv4 address
71  */
72  std::string ip;
73 
74  /**
75  * the subject DNS
76  */
77  std::string dns;
78 
79  /**
80  * the subject XMPP
81  */
82  std::string xmpp;
83 
84  /**
85  * the subject challenge password
86  */
87  std::string challenge;
88 
89  /**
90  * the subject notBefore
91  */
93  /**
94  * the subject notAfter
95  */
97 
98  /**
99  * Indicates whether the certificate request
100  */
101  bool is_CA;
102 
103  /**
104  * Indicates the BasicConstraints path limit
105  */
106  size_t path_limit;
107 
108  /**
109  * The key constraints for the subject public key
110  */
112 
113  /**
114  * The key extended constraints for the subject public key
115  */
116  std::vector<OID> ex_constraints;
117 
118  /**
119  * Additional X.509 extensions
120  */
122 
123  /**
124  * Mark the certificate as a CA certificate and set the path limit.
125  * @param limit the path limit to be set in the BasicConstraints extension.
126  */
127  void CA_key(size_t limit = 1);
128 
129  /**
130  * Set the notBefore of the certificate.
131  * @param time the notBefore value of the certificate
132  */
133  void not_before(const std::string& time);
134 
135  /**
136  * Set the notAfter of the certificate.
137  * @param time the notAfter value of the certificate
138  */
139  void not_after(const std::string& time);
140 
141  /**
142  * Add the key constraints of the KeyUsage extension.
143  * @param constr the constraints to set
144  */
145  void add_constraints(Key_Constraints constr);
146 
147  /**
148  * Add constraints to the ExtendedKeyUsage extension.
149  * @param oid the oid to add
150  */
151  void add_ex_constraint(const OID& oid);
152 
153  /**
154  * Add constraints to the ExtendedKeyUsage extension.
155  * @param name the name to look up the oid to add
156  */
157  void add_ex_constraint(const std::string& name);
158 
159  /**
160  * Construct a new options object
161  * @param opts define the common name of this object. An example for this
162  * parameter would be "common_name/country/organization/organizational_unit".
163  * @param expire_time the expiration time (from the current clock in seconds)
164  */
165  X509_Cert_Options(const std::string& opts = "",
166  uint32_t expire_time = 365 * 24 * 60 * 60);
167  };
168 
169 namespace X509 {
170 
171 /**
172 * Create a self-signed X.509 certificate.
173 * @param opts the options defining the certificate to create
174 * @param key the private key used for signing, i.e. the key
175 * associated with this self-signed certificate
176 * @param hash_fn the hash function to use
177 * @param rng the rng to use
178 * @return newly created self-signed certificate
179 */
180 BOTAN_DLL X509_Certificate
182  const Private_Key& key,
183  const std::string& hash_fn,
184  RandomNumberGenerator& rng);
185 
186 /**
187 * Create a PKCS#10 certificate request.
188 * @param opts the options defining the request to create
189 * @param key the key used to sign this request
190 * @param rng the rng to use
191 * @param hash_fn the hash function to use
192 * @return newly created PKCS#10 request
193 */
194 BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
195  const Private_Key& key,
196  const std::string& hash_fn,
197  RandomNumberGenerator& rng);
198 
199 }
200 
201 }
202 
203 #endif
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:96
std::string org_unit
Definition: x509self.h:42
std::string country
Definition: x509self.h:32
std::string locality
Definition: x509self.h:47
std::string common_name
Definition: x509self.h:27
Key_Constraints constraints
Definition: x509self.h:111
Definition: alg_id.cpp:13
std::string serial_number
Definition: x509self.h:57
std::vector< OID > ex_constraints
Definition: x509self.h:116
std::string challenge
Definition: x509self.h:87
std::string organization
Definition: x509self.h:37
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:44