00001
00002
00003
00004
00005
00006
00007
00008
00009 #ifndef __WVX509_H
00010 #define __WVX509_H
00011
00012 #include "wvlog.h"
00013 #include "wverror.h"
00014 #include "wvrsa.h"
00015 #include "wvstringlist.h"
00016
00017
00018 struct x509_st;
00019 typedef struct x509_st X509;
00020 struct ssl_ctx_st;
00021 typedef struct ssl_ctx_st SSL_CTX;
00022
00023 struct X509_name_st;
00024 typedef struct X509_name_st X509_NAME;
00025
00026 struct asn1_string_st;
00027 typedef struct asn1_string_st ASN1_TIME;
00028
00029
00030
00031
00032 void wvssl_init();
00033 void wvssl_free();
00034 WvString wvssl_errstr();
00035
00036
00041 class WvX509 : public IObject
00042 {
00043 IMPLEMENT_IOBJECT(WvX509);
00044 public:
00056 enum DumpMode { CertPEM = 0, CertDER, CertHex, CertFilePEM, CertFileDER };
00057
00058 enum FprintMode { FingerMD5 = 0, FingerSHA1 };
00064 WvX509();
00065
00074 WvX509(X509 *_cert);
00075
00079 WvX509(const WvX509 &x509);
00080
00081 public:
00083 virtual ~WvX509();
00084
00089 X509 *get_cert() { return cert; }
00090
00094 void set_pubkey(WvRSAKey &rsa_pubkey);
00095
00104 static WvString certreq(WvStringParm subject, const WvRSAKey &rsa);
00105
00112 bool validate(WvX509 *cacert = NULL) const;
00113
00118 bool signedbyca(WvX509 &cacert) const;
00119
00127 bool issuedbyca(WvX509 &cacert) const;
00128
00135 bool verify(WvBuf &original, WvStringParm signature) const;
00136 bool verify(WvStringParm original, WvStringParm signature) const;
00137
00141 WvString encode(const DumpMode mode) const;
00142 void encode(const DumpMode mode, WvBuf &buf) const;
00143
00148 virtual void decode(const DumpMode mode, WvStringParm str);
00149 virtual void decode(const DumpMode mode, WvBuf &encoded);
00150
00155 WvString get_issuer() const;
00156 void set_issuer(WvStringParm name);
00157 void set_issuer(const WvX509 &cacert);
00158
00162 WvString get_subject() const;
00163 void set_subject(WvStringParm name);
00164 void set_subject(X509_NAME *name);
00165
00169 WvString get_serial(bool hex = false) const;
00170 void set_serial(long serial_no);
00171
00175 WvString get_nscomment() const;
00176 void set_nscomment(WvStringParm comment);
00177
00181 WvString get_nsserver() const;
00182 void set_nsserver(WvStringParm server_fqdn);
00183
00188 WvString get_crl_dp() const;
00189
00194 bool get_policies(WvStringList &policy_oids) const;
00195
00200 void set_policies(WvStringList &policy_oids);
00201
00206 void set_version();
00207
00211 WvString get_key_usage() const;
00212 void set_key_usage(WvStringParm values);
00213
00217 WvString get_ext_key_usage() const;
00218 void set_ext_key_usage(WvStringParm values);
00219
00224 WvString get_altsubject() const;
00225
00229 void set_altsubject(WvStringParm name);
00230
00235 bool get_basic_constraints(bool &ca, int &pathlen) const;
00236
00240 void set_basic_constraints(bool ca, int pathlen);
00241
00246 bool get_policy_constraints(int &require_explicit_policy,
00247 int &inhibit_policy_mapping) const;
00251 void set_policy_constraints(int require_explicit_policy,
00252 int inhibit_policy_mapping);
00253
00254 struct PolicyMap {
00255 PolicyMap(WvStringParm _issuer_domain, WvStringParm _subject_domain)
00256 {
00257 issuer_domain = _issuer_domain;
00258 subject_domain = _subject_domain;
00259 }
00260 WvString issuer_domain;
00261 WvString subject_domain;
00262 };
00263 DeclareWvList(PolicyMap);
00264
00269 bool get_policy_mapping(PolicyMapList &list) const;
00270
00274 void set_policy_mapping(PolicyMapList &list);
00275
00279 time_t get_notvalid_before() const;
00280 time_t get_notvalid_after() const;
00281
00286 void set_lifetime(long seconds);
00287
00295 WvString get_aia() const;
00296
00302 void set_aia(WvStringList &ca_urls, WvStringList &responders);
00303
00307 void get_ocsp(WvStringList &responders) const;
00308
00313 void get_ca_urls(WvStringList &urls) const;
00314
00319 void get_crl_urls(WvStringList &urls) const;
00320
00325 void set_crl_urls(WvStringList &urls);
00326
00330 WvString get_ski() const;
00331
00335 WvString get_aki() const;
00336
00340 WvString get_fingerprint(const FprintMode mode = FingerSHA1) const;
00341
00345 virtual bool isok() const;
00346
00350 virtual WvString errstr() const;
00351
00355 bool operator! () const;
00356
00357
00358 private:
00359 friend class WvCRL;
00360 friend class WvX509Mgr;
00361 friend class WvOCSPReq;
00362 friend class WvOCSPResp;
00363
00365 X509 *cert;
00366
00367 mutable WvLog debug;
00368
00373 WvString get_extension(int nid) const;
00374 void set_extension(int nid, WvStringParm values);
00375
00379 void set_ski();
00380
00385 void set_aki(const WvX509 &cacert);
00386
00391 void warningset(WvStringParm var);
00392
00397 WvRSAKey *get_rsa_pub() const;
00398 };
00399
00400 #endif // __WVX509_H