8 #ifndef BOTAN_X509_CERT_PATH_VALIDATION_H__
9 #define BOTAN_X509_CERT_PATH_VALIDATION_H__
11 #include <botan/cert_status.h>
12 #include <botan/x509cert.h>
13 #include <botan/certstor.h>
14 #include <botan/ocsp.h>
19 #if defined(BOTAN_TARGET_OS_HAS_THREADS) && defined(BOTAN_HAS_HTTP_UTIL)
20 #define BOTAN_HAS_ONLINE_REVOCATION_CHECKS
52 size_t minimum_key_strength = 110,
53 bool ocsp_all_intermediates =
false);
67 size_t minimum_key_strength,
68 bool ocsp_all_intermediates,
69 const std::set<std::string>& trusted_hashes) :
70 m_require_revocation_information(require_rev),
71 m_ocsp_all_intermediates(ocsp_all_intermediates),
72 m_trusted_hashes(trusted_hashes),
73 m_minimum_key_strength(minimum_key_strength) {}
79 {
return m_require_revocation_information; }
86 {
return m_ocsp_all_intermediates; }
92 {
return m_trusted_hashes; }
98 {
return m_minimum_key_strength; }
101 bool m_require_revocation_information;
102 bool m_ocsp_all_intermediates;
103 std::set<std::string> m_trusted_hashes;
104 size_t m_minimum_key_strength;
119 std::set<std::string> trusted_hashes()
const;
131 const std::vector<std::shared_ptr<const X509_Certificate>>&
cert_path()
const {
return m_cert_path; }
136 bool successful_validation()
const;
147 {
return m_all_status; }
152 std::string result_string()
const;
166 std::vector<std::shared_ptr<const X509_Certificate>>&& cert_chain);
175 CertificatePathStatusCodes m_all_status;
176 std::vector<std::shared_ptr<const X509_Certificate>> m_cert_path;
193 const std::vector<X509_Certificate>& end_certs,
194 const Path_Validation_Restrictions& restrictions,
195 const std::vector<Certificate_Store*>& trusted_roots,
196 const std::string& hostname =
"",
198 std::chrono::system_clock::time_point validation_time = std::chrono::system_clock::now(),
199 std::chrono::milliseconds ocsp_timeout = std::chrono::milliseconds(0),
200 const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_resp = {});
215 const X509_Certificate& end_cert,
216 const Path_Validation_Restrictions& restrictions,
217 const std::vector<Certificate_Store*>& trusted_roots,
218 const std::string& hostname =
"",
220 std::chrono::system_clock::time_point validation_time = std::chrono::system_clock::now(),
221 std::chrono::milliseconds ocsp_timeout = std::chrono::milliseconds(0),
222 const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_resp = {});
237 const X509_Certificate& end_cert,
238 const Path_Validation_Restrictions& restrictions,
239 const Certificate_Store& store,
240 const std::string& hostname =
"",
242 std::chrono::system_clock::time_point validation_time = std::chrono::system_clock::now(),
243 std::chrono::milliseconds ocsp_timeout = std::chrono::milliseconds(0),
244 const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_resp = {});
259 const std::vector<X509_Certificate>& end_certs,
260 const Path_Validation_Restrictions& restrictions,
261 const Certificate_Store& store,
262 const std::string& hostname =
"",
264 std::chrono::system_clock::time_point validation_time = std::chrono::system_clock::now(),
265 std::chrono::milliseconds ocsp_timeout = std::chrono::milliseconds(0),
266 const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_resp = {});
287 const std::vector<Certificate_Store*>& trusted_certstores,
288 const std::shared_ptr<const X509_Certificate>& end_entity,
289 const std::vector<std::shared_ptr<const X509_Certificate>>& end_entity_extra);
308 CertificatePathStatusCodes
309 BOTAN_DLL
check_chain(
const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
310 std::chrono::system_clock::time_point ref_time,
311 const std::string& hostname,
313 size_t min_signature_algo_strength,
314 const std::set<std::string>& trusted_hashes);
325 CertificatePathStatusCodes
326 BOTAN_DLL
check_ocsp(
const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
327 const std::vector<std::shared_ptr<const OCSP::Response>>& ocsp_responses,
328 const std::vector<Certificate_Store*>& certstores,
329 std::chrono::system_clock::time_point ref_time);
340 CertificatePathStatusCodes
341 BOTAN_DLL
check_crl(
const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
342 const std::vector<std::shared_ptr<const X509_CRL>>& crls,
343 std::chrono::system_clock::time_point ref_time);
353 CertificatePathStatusCodes
354 BOTAN_DLL
check_crl(
const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
355 const std::vector<Certificate_Store*>& certstores,
356 std::chrono::system_clock::time_point ref_time);
358 #if defined(BOTAN_HAS_ONLINE_REVOCATION_CHECKS)
374 CertificatePathStatusCodes
375 BOTAN_DLL check_ocsp_online(
const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
376 const std::vector<Certificate_Store*>& trusted_certstores,
377 std::chrono::system_clock::time_point ref_time,
378 std::chrono::milliseconds timeout,
379 bool ocsp_check_intermediate_CAs);
395 CertificatePathStatusCodes
396 BOTAN_DLL check_crl_online(
const std::vector<std::shared_ptr<const X509_Certificate>>& cert_path,
397 const std::vector<Certificate_Store*>& trusted_certstores,
399 std::chrono::system_clock::time_point ref_time,
400 std::chrono::milliseconds timeout);
419 const CertificatePathStatusCodes& crl_status,
420 const CertificatePathStatusCodes& ocsp_status,
421 bool require_rev_on_end_entity,
422 bool require_rev_on_intermediates);
CertificatePathStatusCodes BOTAN_DLL check_chain(const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path, std::chrono::system_clock::time_point ref_time, const std::string &hostname, Usage_Type usage, size_t min_signature_algo_strength, const std::set< std::string > &trusted_hashes)
CertificatePathStatusCodes BOTAN_DLL check_ocsp(const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store * > &certstores, std::chrono::system_clock::time_point ref_time)
Certificate_Status_Code BOTAN_DLL overall_status(const CertificatePathStatusCodes &cert_status)
const std::vector< std::shared_ptr< const X509_Certificate > > & cert_path() const
void BOTAN_DLL merge_revocation_status(CertificatePathStatusCodes &chain_status, const CertificatePathStatusCodes &crl_status, const CertificatePathStatusCodes &ocsp_status, bool require_rev_on_end_entity, bool require_rev_on_intermediates)
Certificate_Status_Code Code
bool require_revocation_information() const
Certificate_Status_Code result() const
CertificatePathStatusCodes BOTAN_DLL check_crl(const std::vector< std::shared_ptr< const X509_Certificate >> &cert_path, const std::vector< std::shared_ptr< const X509_CRL >> &crls, std::chrono::system_clock::time_point ref_time)
bool ocsp_all_intermediates() const
Path_Validation_Result(Certificate_Status_Code status)
const CertificatePathStatusCodes & all_statuses() const
Path_Validation_Result x509_path_validate(const std::vector< X509_Certificate > &end_certs, const Path_Validation_Restrictions &restrictions, const std::vector< Certificate_Store * > &trusted_roots, const std::string &hostname, Usage_Type usage, std::chrono::system_clock::time_point ref_time, std::chrono::milliseconds ocsp_timeout, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_resp)
Path_Validation_Restrictions(bool require_rev, size_t minimum_key_strength, bool ocsp_all_intermediates, const std::set< std::string > &trusted_hashes)
const std::set< std::string > & trusted_hashes() const
Certificate_Status_Code BOTAN_DLL build_certificate_path(std::vector< std::shared_ptr< const X509_Certificate >> &cert_path_out, const std::vector< Certificate_Store * > &trusted_certstores, const std::shared_ptr< const X509_Certificate > &end_entity, const std::vector< std::shared_ptr< const X509_Certificate >> &end_entity_extra)
std::vector< std::set< Certificate_Status_Code > > CertificatePathStatusCodes
size_t minimum_key_strength() const