WvStreams
wvx509.h
00001 /* -*- Mode: C++ -*-
00002  *
00003  * X.509 certificate class: This class abstracts some of the common operations
00004  * performed on basic X.509 certificates (signature verification, public
00005  * key identification, etc.). If you want to perform operations with
00006  * a certificate and its corresponding private key, consider using WvX509Mgr
00007  * instead.
00008  */ 
00009 #ifndef __WVX509_H
00010 #define __WVX509_H
00011 
00012 #include "wvlog.h"
00013 #include "wverror.h"
00014 #include "wvrsa.h"
00015 #include "wvstringlist.h"
00016 
00017 // Structures to make the compiler happy so we don't have to include x509v3.h ;)
00018 struct x509_st;
00019 typedef struct x509_st X509;
00020 struct ssl_ctx_st;
00021 typedef struct ssl_ctx_st SSL_CTX;
00022 
00023 struct X509_name_st;
00024 typedef struct X509_name_st X509_NAME;
00025 
00026 struct asn1_string_st;
00027 typedef struct asn1_string_st ASN1_TIME;
00028 
00029 
00030 // workaround for the fact that OpenSSL initialization stuff must be called
00031 // only once.
00032 void wvssl_init();
00033 void wvssl_free();
00034 WvString wvssl_errstr();
00035 
00036 
00041 class WvX509 : public IObject
00042 {
00043     IMPLEMENT_IOBJECT(WvX509);
00044 public:
00056     enum DumpMode { CertPEM = 0, CertDER, CertHex, CertFilePEM, CertFileDER };
00057 
00058     enum FprintMode { FingerMD5 = 0, FingerSHA1 };
00064     WvX509();
00065     
00074     WvX509(X509 *_cert);
00075 
00079     WvX509(const WvX509 &x509);
00080 
00081 public:
00083     virtual ~WvX509();
00084     
00089     X509 *get_cert() { return cert; }
00090 
00094     void set_pubkey(WvRSAKey &rsa_pubkey);
00095     
00104     static WvString certreq(WvStringParm subject, const WvRSAKey &rsa);
00105         
00112     bool validate(WvX509 *cacert = NULL) const;
00113 
00118     bool signedbyca(WvX509 &cacert) const;
00119 
00127     bool issuedbyca(WvX509 &cacert) const;
00128 
00135     bool verify(WvBuf &original, WvStringParm signature) const;
00136     bool verify(WvStringParm original, WvStringParm signature) const;
00137 
00141     WvString encode(const DumpMode mode) const;
00142     void encode(const DumpMode mode, WvBuf &buf) const;
00143 
00148     virtual void decode(const DumpMode mode, WvStringParm str);
00149     virtual void decode(const DumpMode mode, WvBuf &encoded);
00150 
00155     WvString get_issuer() const;
00156     void set_issuer(WvStringParm name);
00157     void set_issuer(const WvX509 &cacert);
00158     
00162     WvString get_subject() const;
00163     void set_subject(WvStringParm name);
00164     void set_subject(X509_NAME *name);
00165 
00169     WvString get_serial(bool hex = false) const;
00170     void set_serial(long serial_no);
00171 
00175     WvString get_nscomment() const;
00176     void set_nscomment(WvStringParm comment);
00177     
00181     WvString get_nsserver() const;
00182     void set_nsserver(WvStringParm server_fqdn);
00183     
00188     WvString get_crl_dp() const;
00189 
00194     bool get_policies(WvStringList &policy_oids) const;
00195     
00200     void set_policies(WvStringList &policy_oids);
00201 
00206     void set_version();
00207 
00211     WvString get_key_usage() const;
00212     void set_key_usage(WvStringParm values);
00213 
00217     WvString get_ext_key_usage() const;
00218     void set_ext_key_usage(WvStringParm values);
00219     
00224     WvString get_altsubject() const;
00225 
00229     void set_altsubject(WvStringParm name);
00230     
00235     bool get_basic_constraints(bool &ca, int &pathlen) const;
00236 
00240     void set_basic_constraints(bool ca, int pathlen);
00241 
00246     bool get_policy_constraints(int &require_explicit_policy, 
00247                                 int &inhibit_policy_mapping) const;
00251     void set_policy_constraints(int require_explicit_policy, 
00252                                 int inhibit_policy_mapping);
00253     
00254     struct PolicyMap {
00255         PolicyMap(WvStringParm _issuer_domain, WvStringParm _subject_domain)
00256         {
00257             issuer_domain = _issuer_domain;
00258             subject_domain = _subject_domain;
00259         }
00260         WvString issuer_domain;
00261         WvString subject_domain;
00262     };
00263     DeclareWvList(PolicyMap);
00264 
00269     bool get_policy_mapping(PolicyMapList &list) const;
00270 
00274     void set_policy_mapping(PolicyMapList &list);
00275 
00279     time_t get_notvalid_before() const;
00280     time_t get_notvalid_after() const;
00281     
00286     void set_lifetime(long seconds);
00287     
00295     WvString get_aia() const;
00296 
00302     void set_aia(WvStringList &ca_urls, WvStringList &responders);
00303 
00307     void get_ocsp(WvStringList &responders) const;
00308     
00313     void get_ca_urls(WvStringList &urls) const;
00314     
00319     void get_crl_urls(WvStringList &urls) const;
00320 
00325     void set_crl_urls(WvStringList &urls);
00326 
00330     WvString get_ski() const;
00331     
00335     WvString get_aki() const;
00336 
00340     WvString get_fingerprint(const FprintMode mode = FingerSHA1) const;
00341 
00345     virtual bool isok() const;
00346 
00350     virtual WvString errstr() const;
00351 
00355     bool operator! () const;
00356 
00357 
00358 private:
00359     friend class WvCRL;
00360     friend class WvX509Mgr;
00361     friend class WvOCSPReq;
00362     friend class WvOCSPResp;
00363 
00365     X509     *cert;
00366 
00367     mutable WvLog debug;
00368 
00373     WvString get_extension(int nid) const;
00374     void set_extension(int nid, WvStringParm values);
00375     
00379     void set_ski();
00380 
00385     void set_aki(const WvX509 &cacert);
00386 
00391     void warningset(WvStringParm var);
00392 
00397     WvRSAKey *get_rsa_pub() const;
00398 };
00399 
00400 #endif // __WVX509_H