#include <x509_ca.h>
This class represents X.509 Certificate Authorities (CAs).
Definition at line 23 of file x509_ca.h.
◆ X509_CA()
Create a new CA object.
- Parameters
-
ca_certificate | the certificate of the CA |
key | the private key of the CA |
hash_fn | name of a hash function to use for signing |
Definition at line 28 of file x509_ca.cpp.
References Botan::choose_sig_format(), and Botan::X509_Certificate::is_CA_cert().
std::invalid_argument Invalid_Argument
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
◆ ~X509_CA()
Botan::X509_CA::~X509_CA |
( |
| ) |
|
◆ ca_certificate()
Get the certificate of this CA.
- Returns
- CA certificate
Definition at line 210 of file x509_ca.cpp.
◆ make_cert()
Interface for creating new certificates
- Parameters
-
signer | a signing object |
rng | a random number generator |
sig_algo | the signature algorithm identifier |
pub_key | the serialized public key |
not_before | the start time of the certificate |
not_after | the end time of the certificate |
issuer_dn | the DN of the issuer |
subject_dn | the DN of the subject |
extensions | an optional list of certificate extensions |
- Returns
- newly minted certificate
Definition at line 90 of file x509_ca.cpp.
100 const size_t X509_CERT_VERSION = 3;
101 const size_t SERIAL_BITS = 128;
103 BigInt serial_no(rng, SERIAL_BITS);
108 .
encode(X509_CERT_VERSION-1)
133 return X509_Certificate(source);
static MemoryVector< byte > make_signed(class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &tbs)
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
◆ new_crl()
Create a new and empty CRL for this CA.
- Parameters
-
rng | the random number generator to use |
next_update | the time to set in next update in seconds as the offset from the current time |
- Returns
- new CRL
Definition at line 139 of file x509_ca.cpp.
142 std::vector<CRL_Entry> empty;
143 return make_crl(empty, 1, next_update, rng);
◆ sign_request()
Sign a PKCS#10 Request.
- Parameters
-
req | the request to sign |
rng | the rng to use |
not_before | the starting time for the certificate |
not_after | the expiration time for the certificate |
- Returns
- resulting certificate
Definition at line 49 of file x509_ca.cpp.
59 std::auto_ptr<Public_Key> key(req.subject_public_key());
63 Extensions extensions;
66 new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()),
69 extensions.add(
new Cert_Extension::Key_Usage(constraints),
true);
71 extensions.add(
new Cert_Extension::Authority_Key_ID(cert.
subject_key_id()));
72 extensions.add(
new Cert_Extension::Subject_Key_ID(req.raw_public_key()));
75 new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
78 new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));
80 return make_cert(signer, rng, ca_sig_algo,
82 not_before, not_after,
X509_DN subject_dn() const
MemoryVector< byte > subject_key_id() const
static X509_Certificate make_cert(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const MemoryRegion< byte > &pub_key, const X509_Time ¬_before, const X509_Time ¬_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
◆ update_crl()
Create a new CRL by with additional entries.
- Parameters
-
last_crl | the last CRL of this CA to add the new entries to |
new_entries | contains the new CRL entries to be added to the CRL |
rng | the random number generator to use |
next_update | the time to set in next update in seconds as the offset from the current time |
Definition at line 149 of file x509_ca.cpp.
154 std::vector<CRL_Entry> revoked = crl.get_revoked();
156 std::copy(new_revoked.begin(), new_revoked.end(),
157 std::back_inserter(revoked));
159 return make_crl(revoked, crl.crl_number() + 1, next_update, rng);
The documentation for this class was generated from the following files: