18
19
struct asn1_string_st;
19
20
typedef struct asn1_string_st ASN1_INTEGER;
25
* CRL Class to handle certificates and their related
25
* CRL Class to handle certificate revocation lists and their related
32
* Where errors go when they happen
37
32
* Type for the @ref encode() and @ref decode() methods:
38
33
* CRLPEM = PEM Encoded X.509 CRL
39
* CRLDER = DER Encoded X.509 CRL returned in Base64
40
* TEXT = Decoded Human readable format.
42
enum DumpMode { PEM = 0, DER, TEXT };
34
* CRLDER = DER Encoded X.509 CRL
35
* CRLFilePEM = PEM Encoded X.509 CRL
36
* CRLFileDER = DER Encoded X.509 CRL
38
enum DumpMode { CRLPEM = 0, CRLDER, CRLFilePEM, CRLFileDER };
41
* Initialize a blank (null) CRL object.
46
* Initialize a CRL object, signed and created by the certificate
49
WvCRL(const WvX509Mgr &cacert);
54
/** Accessor for CRL */
59
* Check the CRL in crl against the CA certificate in cert
60
* - returns true if CRL was signed by that CA certificate.
62
bool signedbyca(const WvX509 &cacert) const;
65
* Check the issuer name of the CRL in crl against the CA certificate in cert
66
* - returns true if the names match.
68
bool issuedbyca(const WvX509 &cacert) const;
71
* Checks to see if the CRL is expired (i.e.: the present time is past the
72
* nextUpdate extension).
73
* - returns true if CRL has expired.
78
* Checks to see if the CRL has any critical extensions in it.
79
* - returns true if the CRL has any critical extensions.
81
bool has_critical_extensions() const;
45
84
* Type for @ref validate() method:
48
87
* NOT_THIS_CA = the certificate is not signed by this CA
49
88
* NO_VALID_SIGNATURE = the certificate claims to be signed by this CA (Issuer is the same),
50
89
* but the signature is invalid.
51
* BEFORE_VALID = the certificate has not become valid yet
52
* AFTER_VALID = the certificate is past it's validity period
53
* REVOKED = the certificate has been revoked (it's serial number is in this CRL)
56
enum Valid { CRLERROR = -1, VALID, NOT_THIS_CA, NO_VALID_SIGNATURE, BEFORE_VALID, AFTER_VALID, REVOKED };
59
* Initialize a blank CRL Object
61
* This either initializes a completely empty object, or takes
62
* a pre-allocated _crl - takes ownership.
64
WvCRLMgr(X509_CRL *_crl = NULL);
91
enum Valid { CRLERROR = -1, VALID, NOT_THIS_CA, NO_VALID_SIGNATURE,
92
EXPIRED, UNHANDLED_CRITICAL_EXTENSIONS };
95
* Checks to see that a CRL is signed and issued by a CA certificate, and
96
* that it has not expired.
97
* - returns a validity status.
98
* Get the Authority key Info
100
Valid validate(const WvX509 &cacert) const;
103
* Get the Authority key Info
105
WvString get_aki() const;
68
* Placeholder for Copy Constructor: this doesn't exist yet, but it keeps
69
* us out of trouble :)
71
WvCRLMgr(const WvCRLMgr &mgr);
78
/** Accessor for CRL */
84
* Given the CRL object crl, return a hexified string
85
* useful in a WvConf or UniConf file.
91
* Function to verify the validity of a certificate given by
92
* cert. This function checks three things:
93
* 1: That the certificate has been issued by the same CA that
94
* has signed this CRL.
95
* 2: That the certificate is within it's validity range
96
* 3: That the certificate isn't in the CRL.
98
Valid validate(WvX509Mgr *cert);
101
* Check the CRL in crl against the CA certificates in
102
* certdir - returns true if crl was signed by one of the CA
105
bool signedbyCAindir(WvStringParm certdir);
109
* Check the CRL in crl against the CA certificate in certfile
110
* - returns true if crl was signed by that CA certificate.
112
bool signedbyCAinfile(WvStringParm certfile);
116
* Check the CRL in crl against the CA certificate in cacert
117
* - returns true if CRL was signed by that CA certificate.
119
bool signedbyCA(WvX509Mgr *cert);
108
* Get the CRL Issuer.
110
WvString get_issuer() const;
122
113
* Do we have any errors... convenience function..
125
{ return err.isok(); }
129
* Set the CA for this CRL...
131
void setca(WvX509Mgr *cacert);
135
118
* Return the information requested by mode as a WvString.
137
WvString encode(const DumpMode mode);
120
WvString encode(const DumpMode mode) const;
121
void encode(const DumpMode mode, WvBuf &buf) const;
141
124
* Load the information from the format requested by mode into
142
* the class - this overwrites the certificate, and possibly the
143
* key - and to enable two stage loading (the certificate first, then the
144
* key), it DOES NOT call test() - that will be up to the programmer
146
void decode(const DumpMode mode, WvStringParm PemEncoded);
150
* Return the CRL Issuer (usually the CA who signed
153
WvString get_issuer();
125
* the class - this overwrites the CRL.
127
void decode(const DumpMode mode, WvStringParm encoded);
128
void decode(const DumpMode mode, WvBuf &encoded);
157
131
* Is the certificate in cert revoked?
159
bool isrevoked(WvX509Mgr *cert);
160
bool isrevoked(WvStringParm serial_number);
164
* How many certificates in the CRL?
170
* Add the certificate in cert to the CRL
172
void addcert(WvX509Mgr *cert);
133
bool isrevoked(const WvX509 &cert) const;
134
bool isrevoked(WvStringParm serial_number) const;
137
* Add the certificate specified by cert to the CRL.
139
void addcert(const WvX509 &cert);
142
* Counts the number of certificates in this CRL.
143
* WARNING: this method will be very slow and will consume a lot
144
* of memory for large CRLs.
146
int numcerts() const;
176
/** X.509v3 CRL - this is why this class exists */
184
ASN1_INTEGER *serial_to_int(WvStringParm serial);
189
153
#endif // __WVCRL_H