#include <x509_ca.h>
This class represents X.509 Certificate Authorities (CAs). 
Definition at line 23 of file x509_ca.h.
◆ X509_CA()
Create a new CA object. 
- Parameters
- 
  
    | ca_certificate | the certificate of the CA |  | key | the private key of the CA |  | hash_fn | name of a hash function to use for signing |  
 
Definition at line 28 of file x509_ca.cpp.
References Botan::choose_sig_format(), and Botan::X509_Certificate::is_CA_cert().
std::invalid_argument Invalid_Argument
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
 
 
◆ ~X509_CA()
      
        
          | Botan::X509_CA::~X509_CA | ( |  | ) |  | 
      
 
 
◆ ca_certificate()
Get the certificate of this CA. 
- Returns
- CA certificate 
Definition at line 210 of file x509_ca.cpp.
 
 
◆ make_cert()
Interface for creating new certificates 
- Parameters
- 
  
    | signer | a signing object |  | rng | a random number generator |  | sig_algo | the signature algorithm identifier |  | pub_key | the serialized public key |  | not_before | the start time of the certificate |  | not_after | the end time of the certificate |  | issuer_dn | the DN of the issuer |  | subject_dn | the DN of the subject |  | extensions | an optional list of certificate extensions |  
 
- Returns
- newly minted certificate 
Definition at line 90 of file x509_ca.cpp.
  100    const size_t X509_CERT_VERSION = 3;
   101    const size_t SERIAL_BITS = 128;
   103    BigInt serial_no(rng, SERIAL_BITS);
   108                .
encode(X509_CERT_VERSION-1)
   133    return X509_Certificate(source);
 
static MemoryVector< byte > make_signed(class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &tbs)
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
 
 
◆ new_crl()
Create a new and empty CRL for this CA. 
- Parameters
- 
  
    | rng | the random number generator to use |  | next_update | the time to set in next update in seconds as the offset from the current time |  
 
- Returns
- new CRL 
Definition at line 139 of file x509_ca.cpp.
  142    std::vector<CRL_Entry> empty;
   143    return make_crl(empty, 1, next_update, rng);
  
 
◆ sign_request()
Sign a PKCS#10 Request. 
- Parameters
- 
  
    | req | the request to sign |  | rng | the rng to use |  | not_before | the starting time for the certificate |  | not_after | the expiration time for the certificate |  
 
- Returns
- resulting certificate 
Definition at line 49 of file x509_ca.cpp.
   59       std::auto_ptr<Public_Key> key(req.subject_public_key());
    63    Extensions extensions;
    66       new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()),
    69    extensions.add(
new Cert_Extension::Key_Usage(constraints), 
true);
    71    extensions.add(
new Cert_Extension::Authority_Key_ID(cert.
subject_key_id()));
    72    extensions.add(
new Cert_Extension::Subject_Key_ID(req.raw_public_key()));
    75       new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
    78       new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));
    80    return make_cert(signer, rng, ca_sig_algo,
    82                     not_before, not_after,
 X509_DN subject_dn() const
MemoryVector< byte > subject_key_id() const
static X509_Certificate make_cert(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const MemoryRegion< byte > &pub_key, const X509_Time ¬_before, const X509_Time ¬_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
 
 
◆ update_crl()
Create a new CRL by with additional entries. 
- Parameters
- 
  
    | last_crl | the last CRL of this CA to add the new entries to |  | new_entries | contains the new CRL entries to be added to the CRL |  | rng | the random number generator to use |  | next_update | the time to set in next update in seconds as the offset from the current time |  
 
Definition at line 149 of file x509_ca.cpp.
  154    std::vector<CRL_Entry> revoked = crl.get_revoked();
   156    std::copy(new_revoked.begin(), new_revoked.end(),
   157              std::back_inserter(revoked));
   159    return make_crl(revoked, crl.crl_number() + 1, next_update, rng);
  
 
The documentation for this class was generated from the following files: