include/wvcrl.h

   1 /* -*- Mode: C++ -*-
   2  * Worldvisions Weaver Software:
   3  *   Copyright (C) 1997-2007 Net Integration Technologies, Inc. and others.
   4  *
   5  * X.509v3 CRL management class.
   6  */
   7 #ifndef __WVCRL_H
   8 #define __WVCRL_H
   9
  10 #include "wverror.h"
  11 #include "wvlog.h"
  12 #include "wvx509.h"
  13
  14 // Structures to make the compiler happy so we don't have to include x509v3.h ;)
  15 struct X509_crl_st;
  16 typedef struct X509_crl_st X509_CRL;
  17 struct ssl_ctx_st;
  18 typedef struct ssl_ctx_st SSL_CTX;
  19 struct asn1_string_st;
  20 typedef struct asn1_string_st ASN1_INTEGER;
  21
  22 class WvX509Mgr;
  23
  24 /**
  25  * CRL Class to handle certificate revocation lists and their related
  26  * functions
  27  */
  28 class WvCRL
  29 {
  30 public:
  31     /**
  32      * Type for the @ref encode() and @ref decode() methods:
  33      * CRLPEM   = PEM Encoded X.509 CRL
  34      * CRLDER   = DER Encoded X.509 CRL
  35      * CRLFilePEM   = PEM Encoded X.509 CRL
  36      * CRLFileDER   = DER Encoded X.509 CRL
  37      */
  38     enum DumpMode { CRLPEM = 0, CRLDER, CRLFilePEM, CRLFileDER };
  39
  40     /**
  41      * Initialize a blank (null) CRL object.
  42      */
  43     WvCRL();
  44
  45     /**
  46      * Initialize a CRL object, signed and created by the certificate
  47      * 'cacert'.
  48      */
  49     WvCRL(const WvX509Mgr &cacert);
  50
  51     /** Destructor */
  52     virtual ~WvCRL();
  53
  54     /** Accessor for CRL */
  55     X509_CRL *getcrl()
  56     { return crl; }
  57
  58     /**
  59      * Check the CRL in crl against the CA certificate in cert
  60      * - returns true if CRL was signed by that CA certificate.
  61      */
  62     bool signedbyca(const WvX509 &cacert) const;
  63
  64     /**
  65      * Check the issuer name of the CRL in crl against the CA certificate in cert
  66      * - returns true if the names match.
  67      */
  68     bool issuedbyca(const WvX509 &cacert) const;
  69
  70     /**
  71      * Checks to see if the CRL is expired (i.e.: the present time is past the
  72      * nextUpdate extension).
  73      * - returns true if CRL has expired.
  74      */
  75     bool expired() const;
  76
  77     /*
  78      * Checks to see if the CRL has any critical extensions in it.
  79      * - returns true if the CRL has any critical extensions.
  80      */
  81     bool has_critical_extensions() const;
  82
  83     /**
  84      * Type for @ref validate() method:
  85      * ERROR = there was an error that happened..
  86      * VALID = the certificate is valid
  87      * NOT_THIS_CA = the certificate is not signed by this CA
  88      * NO_VALID_SIGNATURE = the certificate claims to be signed by this CA (Issuer is the same),
  89      *                      but the signature is invalid.
  90      */
  91     enum Valid { CRLERROR = -1, VALID, NOT_THIS_CA, NO_VALID_SIGNATURE,
  92                  EXPIRED, UNHANDLED_CRITICAL_EXTENSIONS };
  93
  94     /**
  95      * Checks to see that a CRL is signed and issued by a CA certificate, and
  96      * that it has not expired.
  97      * - returns a validity status.
  98      * Get the Authority key Info
  99      */
 100     Valid validate(const WvX509 &cacert) const;
 101
 102     /**
 103      * Get the Authority key Info
 104      */
 105     WvString get_aki() const;
 106
 107     /**
 108      * Get the CRL Issuer.
 109      */
 110     WvString get_issuer() const;
 111
 112     /**
 113      * Do we have any errors... convenience function..
 114      */
 115     bool isok() const;
 116
 117     /**
 118      * Return the information requested by mode as a WvString.
 119      */
 120     WvString encode(const DumpMode mode) const;
 121     void encode(const DumpMode mode, WvBuf &buf) const;
 122
 123     /**
 124      * Load the information from the format requested by mode into
 125      * the class - this overwrites the CRL.
 126      */
 127     void decode(const DumpMode mode, WvStringParm encoded);
 128     void decode(const DumpMode mode, WvBuf &encoded);
 129
 130     /**
 131      * Is the certificate in cert revoked?
 132      */
 133     bool isrevoked(const WvX509 &cert) const;
 134     bool isrevoked(WvStringParm serial_number) const;
 135
 136     /**
 137      * Add the certificate specified by cert to the CRL.
 138      */
 139     void addcert(const WvX509 &cert);
 140
 141     /**
 142      * Counts the number of certificates in this CRL.
 143      * WARNING: this method will be very slow and will consume a lot
 144      * of memory for large CRLs.
 145      */
 146     int numcerts() const;
 147
 148 private:
 149     mutable WvLog debug;
 150     X509_CRL *crl;
 151 };
 152
 153 #endif // __WVCRL_H