monotone

monotone Mtn Source Tree

Root/botan/x509stor.h

1/*************************************************
2* X.509 Certificate Store Header File *
3* (C) 1999-2006 The Botan Project *
4*************************************************/
5
6#ifndef BOTAN_X509_CERT_STORE_H__
7#define BOTAN_X509_CERT_STORE_H__
8
9#include <botan/x509cert.h>
10#include <botan/x509_crl.h>
11#include <botan/certstor.h>
12
13namespace Botan {
14
15/*************************************************
16* X.509 Certificate Validation Result *
17*************************************************/
18enum X509_Code {
19 VERIFIED,
20 UNKNOWN_X509_ERROR,
21 CANNOT_ESTABLISH_TRUST,
22 CERT_CHAIN_TOO_LONG,
23 SIGNATURE_ERROR,
24 POLICY_ERROR,
25 INVALID_USAGE,
26
27 CERT_FORMAT_ERROR,
28 CERT_ISSUER_NOT_FOUND,
29 CERT_NOT_YET_VALID,
30 CERT_HAS_EXPIRED,
31 CERT_IS_REVOKED,
32
33 CRL_FORMAT_ERROR,
34 CRL_ISSUER_NOT_FOUND,
35 CRL_NOT_YET_VALID,
36 CRL_HAS_EXPIRED,
37
38 CA_CERT_CANNOT_SIGN,
39 CA_CERT_NOT_FOR_CERT_ISSUER,
40 CA_CERT_NOT_FOR_CRL_ISSUER
41};
42
43/*************************************************
44* X.509 Certificate Store *
45*************************************************/
46class X509_Store
47 {
48 public:
49 class Search_Func
50 {
51 public:
52 virtual bool match(const X509_Certificate&) const = 0;
53 virtual ~Search_Func() {}
54 };
55
56 enum Cert_Usage {
57 ANY = 0x00,
58 TLS_SERVER = 0x01,
59 TLS_CLIENT = 0x02,
60 CODE_SIGNING = 0x04,
61 EMAIL_PROTECTION = 0x08,
62 TIME_STAMPING = 0x10,
63 CRL_SIGNING = 0x20
64 };
65
66 X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY);
67
68 std::vector<X509_Certificate> get_certs(const Search_Func&) const;
69 std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&);
70 std::string PEM_encode() const;
71
72 X509_Code add_crl(const X509_CRL&);
73 void add_cert(const X509_Certificate&, bool = false);
74 void add_certs(DataSource&);
75 void add_trusted_certs(DataSource&);
76
77 void add_new_certstore(Certificate_Store*);
78
79 static X509_Code check_sig(const X509_Object&, Public_Key*);
80
81 X509_Store();
82 X509_Store(const X509_Store&);
83 ~X509_Store();
84 private:
85 X509_Store& operator=(const X509_Store&) { return (*this); }
86
87 class Cert_Info
88 {
89 public:
90 bool is_verified() const;
91 bool is_trusted() const;
92 X509_Code verify_result() const;
93 void set_result(X509_Code) const;
94 Cert_Info(const X509_Certificate&, bool = false);
95
96 X509_Certificate cert;
97 bool trusted;
98 private:
99 mutable bool checked;
100 mutable X509_Code result;
101 mutable u64bit last_checked;
102 };
103
104 class CRL_Data
105 {
106 public:
107 X509_DN issuer;
108 MemoryVector<byte> serial, auth_key_id;
109 bool operator==(const CRL_Data&) const;
110 bool operator!=(const CRL_Data&) const;
111 bool operator<(const CRL_Data&) const;
112 };
113
114 u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const;
115 X509_Code check_sig(const Cert_Info&, const Cert_Info&) const;
116 void recompute_revoked_info() const;
117
118 void do_add_certs(DataSource&, bool);
119 X509_Code construct_cert_chain(const X509_Certificate&,
120 std::vector<u32bit>&, bool = false);
121
122 u32bit find_parent_of(const X509_Certificate&);
123 bool is_revoked(const X509_Certificate&) const;
124
125 static const u32bit NO_CERT_FOUND = 0xFFFFFFFF;
126 std::vector<Cert_Info> certs;
127 std::vector<CRL_Data> revoked;
128 std::vector<Certificate_Store*> stores;
129 mutable bool revoked_info_valid;
130 };
131
132}
133
134#endif

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status