Botan  1.10.9
x509cert.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificates
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #ifndef BOTAN_X509_CERTS_H__
9 #define BOTAN_X509_CERTS_H__
10 
11 #include <botan/x509_obj.h>
12 #include <botan/x509_dn.h>
13 #include <botan/x509_key.h>
14 #include <botan/datastor.h>
15 #include <botan/pubkey_enums.h>
16 #include <map>
17 
18 namespace Botan {
19 
20 /**
21 * This class represents X.509 Certificate
22 */
23 class BOTAN_DLL X509_Certificate : public X509_Object
24  {
25  public:
26  /**
27  * Get the public key associated with this certificate.
28  * @return subject public key of this certificate
29  */
30  Public_Key* subject_public_key() const;
31 
32  /**
33  * Get the issuer certificate DN.
34  * @return issuer DN of this certificate
35  */
36  X509_DN issuer_dn() const;
37 
38  /**
39  * Get the subject certificate DN.
40  * @return subject DN of this certificate
41  */
42  X509_DN subject_dn() const;
43 
44  /**
45  * Get a value for a specific subject_info parameter name.
46  * @param name the name of the paramter to look up. Possible names are
47  * "X509.Certificate.version", "X509.Certificate.serial",
48  * "X509.Certificate.start", "X509.Certificate.end",
49  * "X509.Certificate.v2.key_id", "X509.Certificate.public_key",
50  * "X509v3.BasicConstraints.path_constraint",
51  * "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage",
52  * "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or
53  * "X509.Certificate.serial".
54  * @return value(s) of the specified parameter
55  */
56  std::vector<std::string> subject_info(const std::string& name) const;
57 
58  /**
59  * Get a value for a specific subject_info parameter name.
60  * @param name the name of the paramter to look up. Possible names are
61  * "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier".
62  * @return value(s) of the specified parameter
63  */
64  std::vector<std::string> issuer_info(const std::string& name) const;
65 
66  /**
67  * Get the notBefore of the certificate.
68  * @return notBefore of the certificate
69  */
70  std::string start_time() const;
71 
72  /**
73  * Get the notAfter of the certificate.
74  * @return notAfter of the certificate
75  */
76  std::string end_time() const;
77 
78  /**
79  * Get the X509 version of this certificate object.
80  * @return X509 version
81  */
82  u32bit x509_version() const;
83 
84  /**
85  * Get the serial number of this certificate.
86  * @return certificates serial number
87  */
88  MemoryVector<byte> serial_number() const;
89 
90  /**
91  * Get the DER encoded AuthorityKeyIdentifier of this certificate.
92  * @return DER encoded AuthorityKeyIdentifier
93  */
94  MemoryVector<byte> authority_key_id() const;
95 
96  /**
97  * Get the DER encoded SubjectKeyIdentifier of this certificate.
98  * @return DER encoded SubjectKeyIdentifier
99  */
100  MemoryVector<byte> subject_key_id() const;
101 
102  /**
103  * Check whether this certificate is self signed.
104  * @return true if this certificate is self signed
105  */
106  bool is_self_signed() const { return self_signed; }
107 
108  /**
109  * Check whether this certificate is a CA certificate.
110  * @return true if this certificate is a CA certificate
111  */
112  bool is_CA_cert() const;
113 
114  /**
115  * Get the path limit as defined in the BasicConstraints extension of
116  * this certificate.
117  * @return path limit
118  */
119  u32bit path_limit() const;
120 
121  /**
122  * Get the key constraints as defined in the KeyUsage extension of this
123  * certificate.
124  * @return key constraints
125  */
126  Key_Constraints constraints() const;
127 
128  /**
129  * Get the key constraints as defined in the ExtendedKeyUsage
130  * extension of this
131  * certificate.
132  * @return key constraints
133  */
134  std::vector<std::string> ex_constraints() const;
135 
136  /**
137  * Get the policies as defined in the CertificatePolicies extension
138  * of this certificate.
139  * @return certificate policies
140  */
141  std::vector<std::string> policies() const;
142 
143  /**
144  * @return a string describing the certificate
145  */
146  std::string to_string() const;
147 
148  /**
149  * Check to certificates for equality.
150  * @return true both certificates are (binary) equal
151  */
152  bool operator==(const X509_Certificate& other) const;
153 
154  /**
155  * Create a certificate from a data source providing the DER or
156  * PEM encoded certificate.
157  * @param source the data source
158  */
159  X509_Certificate(DataSource& source);
160 
161  /**
162  * Create a certificate from a file containing the DER or PEM
163  * encoded certificate.
164  * @param filename the name of the certificate file
165  */
166  X509_Certificate(const std::string& filename);
167  private:
168  void force_decode();
169  friend class X509_CA;
170  X509_Certificate() {}
171 
172  Data_Store subject, issuer;
173  bool self_signed;
174  };
175 
176 /**
177 * Check two certificates for inequality
178 * @return true if the arguments represent different certificates,
179 * false if they are binary identical
180 */
181 BOTAN_DLL bool operator!=(const X509_Certificate&, const X509_Certificate&);
182 
183 /*
184 * Data Store Extraction Operations
185 */
186 BOTAN_DLL X509_DN create_dn(const Data_Store&);
187 BOTAN_DLL AlternativeName create_alt_name(const Data_Store&);
188 
189 }
190 
191 #endif
bool operator!=(const OctetString &s1, const OctetString &s2)
Definition: symkey.cpp:106
bool operator==(const OctetString &s1, const OctetString &s2)
Definition: symkey.cpp:98
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:414
AlternativeName create_alt_name(const Data_Store &info)
Definition: x509cert.cpp:442
bool is_self_signed() const
Definition: x509cert.h:106
std::string to_string(u64bit n, size_t min_len)
Definition: parsing.cpp:42
Key_Constraints
Definition: pubkey_enums.h:18
unsigned int u32bit
Definition: types.h:32