WvStreams
include/wvcrl.h
1/* -*- Mode: C++ -*-
2 * Worldvisions Weaver Software:
3 * Copyright (C) 1997-2007 Net Integration Technologies, Inc. and others.
4 *
5 * X.509v3 CRL management class.
6 */
7#ifndef __WVCRL_H
8#define __WVCRL_H
9
10#include "wverror.h"
11#include "wvlog.h"
12#include "wvx509.h"
13
14// Structures to make the compiler happy so we don't have to include x509v3.h ;)
15struct X509_crl_st;
16typedef struct X509_crl_st X509_CRL;
17struct ssl_ctx_st;
18typedef struct ssl_ctx_st SSL_CTX;
19struct asn1_string_st;
20typedef struct asn1_string_st ASN1_INTEGER;
21
22class WvX509Mgr;
23
28class WvCRL
29{
30public:
38 enum DumpMode { CRLPEM = 0, CRLDER, CRLFilePEM, CRLFileDER };
39
44
49 WvCRL(const WvX509Mgr &ca);
50
52 virtual ~WvCRL();
53
55 X509_CRL *getcrl()
56 { return crl; }
57
62 bool signedbyca(const WvX509 &cacert) const;
63
68 bool issuedbyca(const WvX509 &cacert) const;
69
75 bool expired() const;
76
77 /*
78 * Checks to see if the CRL has any critical extensions in it.
79 * - returns true if the CRL has any critical extensions.
80 */
81 bool has_critical_extensions() const;
82
91 enum Valid { CRLERROR = -1, VALID, NOT_THIS_CA, NO_VALID_SIGNATURE,
92 EXPIRED, UNHANDLED_CRITICAL_EXTENSIONS };
93
100 Valid validate(const WvX509 &cacert) const;
101
106
111
115 bool isok() const;
116
120 WvString encode(const DumpMode mode) const;
121 void encode(const DumpMode mode, WvBuf &buf) const;
122
127 void decode(const DumpMode mode, WvStringParm encoded);
128 void decode(const DumpMode mode, WvBuf &encoded);
129
133 bool isrevoked(const WvX509 &cert) const;
134 bool isrevoked(WvStringParm serial_number) const;
135
139 void addcert(const WvX509 &cert);
140
146 int numcerts() const;
147
148private:
149 mutable WvLog debug;
150 X509_CRL *crl;
151};
152
153#endif // __WVCRL_H
CRL Class to handle certificate revocation lists and their related functions.
WvCRL(const WvX509Mgr &ca)
Initialize a CRL object, signed and created by the certificate 'ca'.
void decode(const DumpMode mode, WvStringParm encoded)
Load the information from the format requested by mode into the class - this overwrites the CRL.
WvCRL()
Initialize a blank (null) CRL object.
bool expired() const
Checks to see if the CRL is expired (i.e.: the present time is past the nextUpdate extension).
bool signedbyca(const WvX509 &cacert) const
Check the CRL in crl against the CA certificate in cert.
bool isok() const
Do we have any errors... convenience function.
void addcert(const WvX509 &cert)
Add the certificate specified by cert to the CRL.
X509_CRL * getcrl()
Accessor for CRL.
bool issuedbyca(const WvX509 &cacert) const
Check the issuer name of the CRL in crl against the CA certificate in cert.
WvString encode(const DumpMode mode) const
Return the information requested by mode as a WvString.
Valid
Type for validate() method: ERROR = there was an error that happened.
int numcerts() const
Counts the number of certificates in this CRL.
bool isrevoked(const WvX509 &cert) const
Is the certificate in cert revoked?
WvString get_issuer() const
Get the CRL Issuer.
Valid validate(const WvX509 &cacert) const
Checks to see that a CRL is signed and issued by a CA certificate, and that it has not expired.
DumpMode
Type for the encode() and decode() methods: CRLPEM = PEM Encoded X.509 CRL CRLDER = DER Encoded X....
virtual ~WvCRL()
Destructor.
WvString get_aki() const
Get the Authority key Info.
A WvFastString acts exactly like a WvString, but can take (const char *) strings without needing to a...
A WvLog stream accepts log messages from applications and forwards them to all registered WvLogRcv's.
WvString is an implementation of a simple and efficient printable-string class.
X509 Class to handle certificates and their related functions.