monotone

monotone Mtn Source Tree

Root/botan/x509stor.h

1/*************************************************
2* X.509 Certificate Store Header File *
3* (C) 1999-2005 The Botan Project *
4*************************************************/
5
6#ifndef BOTAN_X509_CERT_STORE_H__
7#define BOTAN_X509_CERT_STORE_H__
8
9#include <botan/x509cert.h>
10#include <botan/x509_crl.h>
11#include <botan/certstor.h>
12
13namespace Botan {
14
15/*************************************************
16* X.509 Certificate Store *
17*************************************************/
18class X509_Store
19 {
20 public:
21 class Search_Func
22 {
23 public:
24 virtual bool match(const X509_Certificate&) const = 0;
25 virtual ~Search_Func() {}
26 };
27
28 enum Cert_Usage {
29 ANY = 0x00,
30 TLS_SERVER = 0x01,
31 TLS_CLIENT = 0x02,
32 CODE_SIGNING = 0x04,
33 EMAIL_PROTECTION = 0x08,
34 TIME_STAMPING = 0x10,
35 CRL_SIGNING = 0x20
36 };
37
38 X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY);
39
40 std::vector<X509_Certificate> get_certs(const Search_Func&) const;
41 std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&);
42 std::string PEM_encode() const;
43
44 X509_Code add_crl(const X509_CRL&);
45 void add_cert(const X509_Certificate&, bool = false);
46 void add_certs(DataSource&);
47 void add_trusted_certs(DataSource&);
48
49 void add_new_certstore(Certificate_Store*);
50
51 static X509_Code check_sig(const X509_Object&, X509_PublicKey*);
52
53 X509_Store();
54 X509_Store(const X509_Store&);
55 ~X509_Store();
56 private:
57 X509_Store& operator=(const X509_Store&) { return (*this); }
58
59 class Cert_Info
60 {
61 public:
62 bool is_verified() const;
63 bool is_trusted() const;
64 X509_Code verify_result() const;
65 void set_result(X509_Code) const;
66 Cert_Info(const X509_Certificate&, bool = false);
67
68 X509_Certificate cert;
69 bool trusted;
70 private:
71 mutable bool checked;
72 mutable X509_Code result;
73 mutable u64bit last_checked;
74 };
75
76 class CRL_Data
77 {
78 public:
79 X509_DN issuer;
80 MemoryVector<byte> serial, auth_key_id;
81 bool operator==(const CRL_Data&) const;
82 bool operator!=(const CRL_Data&) const;
83 bool operator<(const CRL_Data&) const;
84 };
85
86 u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const;
87 X509_Code check_sig(const Cert_Info&, const Cert_Info&) const;
88 void recompute_revoked_info() const;
89
90 void do_add_certs(DataSource&, bool);
91 X509_Code construct_cert_chain(const X509_Certificate&,
92 std::vector<u32bit>&, bool = false);
93
94 u32bit find_parent_of(const X509_Certificate&);
95 bool is_revoked(const X509_Certificate&) const;
96
97 static const u32bit NO_CERT_FOUND = 0xFFFFFFFF;
98 std::vector<Cert_Info> certs;
99 std::vector<CRL_Data> revoked;
100 std::vector<Certificate_Store*> stores;
101 mutable bool revoked_info_valid;
102 };
103
104namespace X509_Store_Search {
105
106/*************************************************
107* Methods to search through a X509_Store *
108*************************************************/
109std::vector<X509_Certificate> by_email(const X509_Store&, const std::string&);
110std::vector<X509_Certificate> by_name(const X509_Store&, const std::string&);
111std::vector<X509_Certificate> by_dns(const X509_Store&, const std::string&);
112std::vector<X509_Certificate> by_keyid(const X509_Store&, u64bit);
113std::vector<X509_Certificate> by_iands(const X509_Store&, const X509_DN&,
114 const MemoryRegion<byte>&);
115std::vector<X509_Certificate> by_SKID(const X509_Store&,
116 const MemoryRegion<byte>&);
117
118}
119
120}
121
122#endif

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status