WvStreams
|
00001 /* -*- Mode: C++ -*- 00002 * 00003 * X.509 certificate class: This class abstracts some of the common operations 00004 * performed on basic X.509 certificates (signature verification, public 00005 * key identification, etc.). If you want to perform operations with 00006 * a certificate and its corresponding private key, consider using WvX509Mgr 00007 * instead. 00008 */ 00009 #ifndef __WVX509_H 00010 #define __WVX509_H 00011 00012 #include "wvlog.h" 00013 #include "wverror.h" 00014 #include "wvrsa.h" 00015 #include "wvstringlist.h" 00016 00017 // Structures to make the compiler happy so we don't have to include x509v3.h ;) 00018 struct x509_st; 00019 typedef struct x509_st X509; 00020 struct ssl_ctx_st; 00021 typedef struct ssl_ctx_st SSL_CTX; 00022 00023 struct X509_name_st; 00024 typedef struct X509_name_st X509_NAME; 00025 00026 struct asn1_string_st; 00027 typedef struct asn1_string_st ASN1_TIME; 00028 00029 00030 // workaround for the fact that OpenSSL initialization stuff must be called 00031 // only once. 00032 void wvssl_init(); 00033 void wvssl_free(); 00034 WvString wvssl_errstr(); 00035 00036 00041 class WvX509 : public IObject 00042 { 00043 IMPLEMENT_IOBJECT(WvX509); 00044 public: 00056 enum DumpMode { CertPEM = 0, CertDER, CertHex, CertFilePEM, CertFileDER }; 00057 00058 enum FprintMode { FingerMD5 = 0, FingerSHA1 }; 00064 WvX509(); 00065 00074 WvX509(X509 *_cert); 00075 00079 WvX509(const WvX509 &x509); 00080 00081 public: 00083 virtual ~WvX509(); 00084 00089 X509 *get_cert() { return cert; } 00090 00094 void set_pubkey(WvRSAKey &rsa_pubkey); 00095 00104 static WvString certreq(WvStringParm subject, const WvRSAKey &rsa); 00105 00112 bool validate(WvX509 *cacert = NULL) const; 00113 00118 bool signedbyca(WvX509 &cacert) const; 00119 00127 bool issuedbyca(WvX509 &cacert) const; 00128 00135 bool verify(WvBuf &original, WvStringParm signature) const; 00136 bool verify(WvStringParm original, WvStringParm signature) const; 00137 00141 WvString encode(const DumpMode mode) const; 00142 void encode(const DumpMode mode, WvBuf &buf) const; 00143 00148 virtual void decode(const DumpMode mode, WvStringParm str); 00149 virtual void decode(const DumpMode mode, WvBuf &encoded); 00150 00155 WvString get_issuer() const; 00156 void set_issuer(WvStringParm name); 00157 void set_issuer(const WvX509 &cacert); 00158 00162 WvString get_subject() const; 00163 void set_subject(WvStringParm name); 00164 void set_subject(X509_NAME *name); 00165 00169 WvString get_serial(bool hex = false) const; 00170 void set_serial(long serial_no); 00171 00175 WvString get_nscomment() const; 00176 void set_nscomment(WvStringParm comment); 00177 00181 WvString get_nsserver() const; 00182 void set_nsserver(WvStringParm server_fqdn); 00183 00188 WvString get_crl_dp() const; 00189 00194 bool get_policies(WvStringList &policy_oids) const; 00195 00200 void set_policies(WvStringList &policy_oids); 00201 00206 void set_version(); 00207 00211 WvString get_key_usage() const; 00212 void set_key_usage(WvStringParm values); 00213 00217 WvString get_ext_key_usage() const; 00218 void set_ext_key_usage(WvStringParm values); 00219 00224 WvString get_altsubject() const; 00225 00229 void set_altsubject(WvStringParm name); 00230 00235 bool get_basic_constraints(bool &ca, int &pathlen) const; 00236 00240 void set_basic_constraints(bool ca, int pathlen); 00241 00246 bool get_policy_constraints(int &require_explicit_policy, 00247 int &inhibit_policy_mapping) const; 00251 void set_policy_constraints(int require_explicit_policy, 00252 int inhibit_policy_mapping); 00253 00254 struct PolicyMap { 00255 PolicyMap(WvStringParm _issuer_domain, WvStringParm _subject_domain) 00256 { 00257 issuer_domain = _issuer_domain; 00258 subject_domain = _subject_domain; 00259 } 00260 WvString issuer_domain; 00261 WvString subject_domain; 00262 }; 00263 DeclareWvList(PolicyMap); 00264 00269 bool get_policy_mapping(PolicyMapList &list) const; 00270 00274 void set_policy_mapping(PolicyMapList &list); 00275 00279 time_t get_notvalid_before() const; 00280 time_t get_notvalid_after() const; 00281 00286 void set_lifetime(long seconds); 00287 00295 WvString get_aia() const; 00296 00302 void set_aia(WvStringList &ca_urls, WvStringList &responders); 00303 00307 void get_ocsp(WvStringList &responders) const; 00308 00313 void get_ca_urls(WvStringList &urls) const; 00314 00319 void get_crl_urls(WvStringList &urls) const; 00320 00325 void set_crl_urls(WvStringList &urls); 00326 00330 WvString get_ski() const; 00331 00335 WvString get_aki() const; 00336 00340 WvString get_fingerprint(const FprintMode mode = FingerSHA1) const; 00341 00345 virtual bool isok() const; 00346 00350 virtual WvString errstr() const; 00351 00355 bool operator! () const; 00356 00357 00358 private: 00359 friend class WvCRL; 00360 friend class WvX509Mgr; 00361 friend class WvOCSPReq; 00362 friend class WvOCSPResp; 00363 00365 X509 *cert; 00366 00367 mutable WvLog debug; 00368 00373 WvString get_extension(int nid) const; 00374 void set_extension(int nid, WvStringParm values); 00375 00379 void set_ski(); 00380 00385 void set_aki(const WvX509 &cacert); 00386 00391 void warningset(WvStringParm var); 00392 00397 WvRSAKey *get_rsa_pub() const; 00398 }; 00399 00400 #endif // __WVX509_H