8 #include <botan/x509_ca.h>
9 #include <botan/pubkey.h>
10 #include <botan/der_enc.h>
11 #include <botan/ber_dec.h>
12 #include <botan/bigint.h>
13 #include <botan/parsing.h>
14 #include <botan/oids.h>
15 #include <botan/hash.h>
16 #include <botan/key_constraint.h>
29 const std::string& hash_fn,
86 return make_cert(m_signer, rng, m_ca_sig_algo,
88 not_before, not_after,
99 const std::vector<uint8_t>& pub_key,
106 const size_t X509_CERT_VERSION = 3;
107 const size_t SERIAL_BITS = 128;
109 BigInt serial_no(rng, SERIAL_BITS);
113 signer, rng, sig_algo,
116 .
encode(X509_CERT_VERSION-1)
147 uint32_t next_update)
const
149 std::vector<CRL_Entry> empty;
150 return make_crl(empty, 1, next_update, rng);
157 const std::vector<CRL_Entry>& new_revoked,
159 uint32_t next_update)
const
161 std::vector<CRL_Entry> revoked = crl.
get_revoked();
163 std::copy(new_revoked.begin(), new_revoked.end(),
164 std::back_inserter(revoked));
166 return make_crl(revoked, crl.
crl_number() + 1, next_update, rng);
172 X509_CRL X509_CA::make_crl(
const std::vector<CRL_Entry>& revoked,
173 uint32_t crl_number, uint32_t next_update,
176 const size_t X509_CRL_VERSION = 2;
182 auto current_time = std::chrono::system_clock::now();
183 auto expire_time = current_time + std::chrono::seconds(next_update);
192 m_signer, rng, m_ca_sig_algo,
194 .
encode(X509_CRL_VERSION-1)
199 .encode_if(revoked.size() > 0,
230 const std::string& hash_fn,
233 const std::string algo_name = key.
algo_name();
238 if(algo_name ==
"RSA")
242 else if(algo_name ==
"DSA" ||
243 algo_name ==
"ECDSA" ||
244 algo_name ==
"ECGDSA" ||
245 algo_name ==
"ECKCDSA" ||
246 algo_name ==
"GOST-34.10")
257 padding = padding +
"(" + hash->name() +
")";
262 return new PK_Signer(key, rng, padding, format);
DER_Encoder & encode_list(const std::vector< T > &values)
static X509_Certificate make_cert(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const std::vector< uint8_t > &pub_key, const X509_Time ¬_before, const X509_Time ¬_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
Extensions extensions() const
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
size_t path_limit() const
std::vector< OID > ex_constraints() const
std::vector< uint8_t > parameters
Public_Key * subject_public_key() const
virtual AlgorithmIdentifier algorithm_identifier() const =0
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
X509_CRL new_crl(RandomNumberGenerator &rng, uint32_t next_update=0) const
static std::vector< uint8_t > make_signed(class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
void replace(Certificate_Extension *extn, bool critical=false)
virtual std::string algo_name() const =0
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
void add(Certificate_Extension *extn, bool critical=false)
X509_CA(const X509_Certificate &ca_certificate, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
AlternativeName subject_alt_name() const
std::string lookup(const OID &oid)
virtual size_t message_parts() const
X509_Certificate ca_certificate() const
X509_CRL update_crl(const X509_CRL &last_crl, const std::vector< CRL_Entry > &new_entries, RandomNumberGenerator &rng, uint32_t next_update=0) const
X509_DN subject_dn() const
Key_Constraints constraints() const
std::vector< uint8_t > raw_public_key() const
std::vector< CRL_Entry > get_revoked() const
X509_Certificate sign_request(const PKCS10_Request &req, RandomNumberGenerator &rng, const X509_Time ¬_before, const X509_Time ¬_after) const
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
X509_DN issuer_dn() const
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
std::vector< uint8_t > subject_key_id() const
uint32_t timespec_to_u32bit(const std::string ×pec)
X509_DN subject_dn() const
uint32_t crl_number() const