8 #include <botan/x509_ca.h>
9 #include <botan/pubkey.h>
10 #include <botan/der_enc.h>
11 #include <botan/ber_dec.h>
12 #include <botan/bigint.h>
13 #include <botan/parsing.h>
14 #include <botan/lookup.h>
15 #include <botan/oids.h>
16 #include <botan/time.h>
30 const std::string& hash_fn) : cert(c)
80 return make_cert(signer, rng, ca_sig_algo,
82 not_before, not_after,
100 const size_t X509_CERT_VERSION = 3;
101 const size_t SERIAL_BITS = 128;
103 BigInt serial_no(rng, SERIAL_BITS);
108 .
encode(X509_CERT_VERSION-1)
142 std::vector<CRL_Entry> empty;
143 return make_crl(empty, 1, next_update, rng);
150 const std::vector<CRL_Entry>& new_revoked,
154 std::vector<CRL_Entry> revoked = crl.
get_revoked();
156 std::copy(new_revoked.begin(), new_revoked.end(),
157 std::back_inserter(revoked));
159 return make_crl(revoked, crl.
crl_number() + 1, next_update,
rng);
165 X509_CRL X509_CA::make_crl(
const std::vector<CRL_Entry>& revoked,
169 const size_t X509_CRL_VERSION = 2;
184 .
encode(X509_CRL_VERSION-1)
189 .encode_if(revoked.size() > 0,
219 const std::string& hash_fn,
233 if(algo_name ==
"RSA")
235 else if(algo_name ==
"DSA")
237 else if(algo_name ==
"ECDSA")
238 padding =
"EMSA1_BSI";
245 padding = padding +
'(' + proto_hash->
name() +
')';
250 return new PK_Signer(key, padding, format);
u32bit crl_number() const
DER_Encoder & encode_list(const std::vector< T > &values)
X509_CRL new_crl(RandomNumberGenerator &rng, u32bit next_update=0) const
static X509_Certificate make_cert(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const MemoryRegion< byte > &pub_key, const X509_Time ¬_before, const X509_Time ¬_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
X509_CA(const X509_Certificate &ca_certificate, const Private_Key &key, const std::string &hash_fn)
std::vector< OID > ex_constraints() const
Public_Key * subject_public_key() const
virtual AlgorithmIdentifier algorithm_identifier() const =0
MemoryVector< byte > raw_public_key() const
virtual std::string algo_name() const =0
std::invalid_argument Invalid_Argument
SecureVector< byte > parameters
X509_CRL update_crl(const X509_CRL &last_crl, const std::vector< CRL_Entry > &new_entries, RandomNumberGenerator &rng, u32bit next_update=0) const
void add(Certificate_Extension *extn, bool critical=false)
unsigned long long u64bit
RandomNumberGenerator * rng
AlternativeName subject_alt_name() const
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
std::string lookup(const OID &oid)
virtual size_t message_parts() const
X509_Certificate ca_certificate() const
X509_DN subject_dn() const
virtual std::string name() const =0
static MemoryVector< byte > make_signed(class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &tbs)
Key_Constraints constraints() const
MemoryVector< byte > subject_key_id() const
std::vector< CRL_Entry > get_revoked() const
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
X509_DN issuer_dn() const
u32bit timespec_to_u32bit(const std::string ×pec)
DER_Encoder & start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
const HashFunction * retrieve_hash(const std::string &algo_spec)
virtual size_t max_input_bits() const =0
u32bit path_limit() const
X509_Certificate sign_request(const PKCS10_Request &req, RandomNumberGenerator &rng, const X509_Time ¬_before, const X509_Time ¬_after)
X509_DN subject_dn() const
virtual size_t output_length() const =0
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)