WvStreams
wvx509.h
1 /* -*- Mode: C++ -*-
2  *
3  * X.509 certificate class: This class abstracts some of the common operations
4  * performed on basic X.509 certificates (signature verification, public
5  * key identification, etc.). If you want to perform operations with
6  * a certificate and its corresponding private key, consider using WvX509Mgr
7  * instead.
8  */
9 #ifndef __WVX509_H
10 #define __WVX509_H
11 
12 #include "wvlog.h"
13 #include "wverror.h"
14 #include "wvrsa.h"
15 #include "wvstringlist.h"
16 
17 // Structures to make the compiler happy so we don't have to include x509v3.h ;)
18 struct x509_st;
19 typedef struct x509_st X509;
20 struct ssl_ctx_st;
21 typedef struct ssl_ctx_st SSL_CTX;
22 
23 struct X509_name_st;
24 typedef struct X509_name_st X509_NAME;
25 
26 struct asn1_string_st;
27 typedef struct asn1_string_st ASN1_TIME;
28 
29 
30 // workaround for the fact that OpenSSL initialization stuff must be called
31 // only once.
32 void wvssl_init();
33 void wvssl_free();
34 WvString wvssl_errstr();
35 
36 
41 class WvX509 : public IObject
42 {
43  IMPLEMENT_IOBJECT(WvX509);
44 public:
56  enum DumpMode { CertPEM = 0, CertDER, CertHex, CertFilePEM, CertFileDER };
57 
58  enum FprintMode { FingerMD5 = 0, FingerSHA1 };
64  WvX509();
65 
74  WvX509(X509 *_cert);
75 
79  WvX509(const WvX509 &x509);
80 
81 public:
83  virtual ~WvX509();
84 
89  X509 *get_cert() { return cert; }
90 
94  void set_pubkey(WvRSAKey &rsa_pubkey);
95 
104  static WvString certreq(WvStringParm subject, const WvRSAKey &rsa);
105 
112  bool validate(WvX509 *cacert = NULL) const;
113 
118  bool signedbyca(WvX509 &cacert) const;
119 
127  bool issuedbyca(WvX509 &cacert) const;
128 
135  bool verify(WvBuf &original, WvStringParm signature) const;
136  bool verify(WvStringParm original, WvStringParm signature) const;
137 
141  WvString encode(const DumpMode mode) const;
142  void encode(const DumpMode mode, WvBuf &buf) const;
143 
148  virtual void decode(const DumpMode mode, WvStringParm str);
149  virtual void decode(const DumpMode mode, WvBuf &encoded);
150 
155  WvString get_issuer() const;
156  void set_issuer(WvStringParm name);
157  void set_issuer(const WvX509 &cacert);
158 
162  WvString get_subject() const;
163  void set_subject(WvStringParm name);
164  void set_subject(X509_NAME *name);
165 
169  WvString get_serial(bool hex = false) const;
170  void set_serial(long serial_no);
171 
175  WvString get_nscomment() const;
176  void set_nscomment(WvStringParm comment);
177 
181  WvString get_nsserver() const;
182  void set_nsserver(WvStringParm server_fqdn);
183 
188  WvString get_crl_dp() const;
189 
194  bool get_policies(WvStringList &policy_oids) const;
195 
200  void set_policies(WvStringList &policy_oids);
201 
206  void set_version();
207 
211  WvString get_key_usage() const;
212  void set_key_usage(WvStringParm values);
213 
217  WvString get_ext_key_usage() const;
218  void set_ext_key_usage(WvStringParm values);
219 
224  WvString get_altsubject() const;
225 
229  void set_altsubject(WvStringParm name);
230 
235  bool get_basic_constraints(bool &ca, int &pathlen) const;
236 
240  void set_basic_constraints(bool ca, int pathlen);
241 
246  bool get_policy_constraints(int &require_explicit_policy,
247  int &inhibit_policy_mapping) const;
251  void set_policy_constraints(int require_explicit_policy,
252  int inhibit_policy_mapping);
253 
254  struct PolicyMap {
255  PolicyMap(WvStringParm _issuer_domain, WvStringParm _subject_domain)
256  {
257  issuer_domain = _issuer_domain;
258  subject_domain = _subject_domain;
259  }
260  WvString issuer_domain;
261  WvString subject_domain;
262  };
263  DeclareWvList(PolicyMap);
264 
269  bool get_policy_mapping(PolicyMapList &list) const;
270 
274  void set_policy_mapping(PolicyMapList &list);
275 
279  time_t get_notvalid_before() const;
280  time_t get_notvalid_after() const;
281 
286  void set_lifetime(long seconds);
287 
295  WvString get_aia() const;
296 
302  void set_aia(WvStringList &ca_urls, WvStringList &responders);
303 
307  void get_ocsp(WvStringList &responders) const;
308 
313  void get_ca_urls(WvStringList &urls) const;
314 
319  void get_crl_urls(WvStringList &urls) const;
320 
325  void set_crl_urls(WvStringList &urls);
326 
330  WvString get_ski() const;
331 
335  WvString get_aki() const;
336 
340  WvString get_fingerprint(const FprintMode mode = FingerSHA1) const;
341 
345  virtual bool isok() const;
346 
350  virtual WvString errstr() const;
351 
355  bool operator! () const;
356 
357 
358 private:
359  friend class WvCRL;
360  friend class WvX509Mgr;
361  friend class WvOCSPReq;
362  friend class WvOCSPResp;
363 
365  X509 *cert;
366 
367  mutable WvLog debug;
368 
373  WvString get_extension(int nid) const;
374  void set_extension(int nid, WvStringParm values);
375 
379  void set_ski();
380 
385  void set_aki(const WvX509 &cacert);
386 
391  void warningset(WvStringParm var);
392 
397  WvRSAKey *get_rsa_pub() const;
398 };
399 
400 #endif // __WVX509_H