Botan  1.10.9
x509stor.h
Go to the documentation of this file.
1 /*
2 * X.509 Certificate Store
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #ifndef BOTAN_X509_CERT_STORE_H__
9 #define BOTAN_X509_CERT_STORE_H__
10 
11 #include <botan/x509cert.h>
12 #include <botan/x509_crl.h>
13 #include <botan/certstor.h>
14 
15 namespace Botan {
16 
17 /**
18 * X.509 Certificate Validation Result
19 */
20 enum X509_Code {
28 
34 
39 
43 };
44 
45 /**
46 * X.509 Certificate Store
47 */
48 class BOTAN_DLL X509_Store
49  {
50  public:
51  enum Cert_Usage {
52  ANY = 0x00,
53  TLS_SERVER = 0x01,
54  TLS_CLIENT = 0x02,
55  CODE_SIGNING = 0x04,
56  EMAIL_PROTECTION = 0x08,
57  TIME_STAMPING = 0x10,
58  CRL_SIGNING = 0x20
59  };
60 
61  X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY);
62 
63  std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&);
64  std::string PEM_encode() const;
65 
66  X509_Code add_crl(const X509_CRL&);
67  void add_cert(const X509_Certificate&, bool = false);
68  void add_certs(DataSource&);
69  void add_trusted_certs(DataSource&);
70 
71  void add_new_certstore(Certificate_Store*);
72 
73  X509_Store(u32bit time_slack = 24*60*60,
74  u32bit cache_results = 30*60);
75 
76  X509_Store(const X509_Store&);
77  ~X509_Store();
78  private:
79  X509_Store& operator=(const X509_Store&) { return (*this); }
80 
81  class BOTAN_DLL CRL_Data
82  {
83  public:
84  X509_DN issuer;
85  MemoryVector<byte> serial, auth_key_id;
86  bool operator==(const CRL_Data&) const;
87  bool operator!=(const CRL_Data&) const;
88  bool operator<(const CRL_Data&) const;
89  };
90 
91  class BOTAN_DLL Cert_Info
92  {
93  public:
94  bool is_verified(u32bit timeout) const;
95  bool is_trusted() const;
96  X509_Code verify_result() const;
97  void set_result(X509_Code) const;
98  Cert_Info(const X509_Certificate&, bool = false);
99 
100  X509_Certificate cert;
101  bool trusted;
102  private:
103  mutable bool checked;
104  mutable X509_Code result;
105  mutable u64bit last_checked;
106  };
107 
108  static X509_Code check_sig(const X509_Object&, Public_Key*);
109 
110  size_t find_cert(const X509_DN&, const MemoryRegion<byte>&) const;
111  X509_Code check_sig(const Cert_Info&, const Cert_Info&) const;
112  void recompute_revoked_info() const;
113 
114  void do_add_certs(DataSource&, bool);
115  X509_Code construct_cert_chain(const X509_Certificate&,
116  std::vector<size_t>&, bool = false);
117 
118  size_t find_parent_of(const X509_Certificate&);
119  bool is_revoked(const X509_Certificate&) const;
120 
121  static const size_t NO_CERT_FOUND = 0xFFFFFFFF;
122  std::vector<Cert_Info> certs;
123  std::vector<CRL_Data> revoked;
124  std::vector<Certificate_Store*> stores;
125  u32bit time_slack, validation_cache_timeout;
126  mutable bool revoked_info_valid;
127  };
128 
129 }
130 
131 #endif
bool operator!=(const OctetString &s1, const OctetString &s2)
Definition: symkey.cpp:106
bool operator==(const OctetString &s1, const OctetString &s2)
Definition: symkey.cpp:98
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:150
unsigned long long u64bit
Definition: types.h:49
bool BOTAN_DLL operator<(const X509_Time &, const X509_Time &)
Definition: asn1_tm.cpp:286
X509_Code
Definition: x509stor.h:20
unsigned int u32bit
Definition: types.h:32