Botan
1.11.15
|
#include <pkcs10.h>
Public Member Functions | |
std::vector< byte > | BER_encode () const |
std::string | challenge_password () const |
bool | check_signature (const Public_Key &key) const |
bool | check_signature (const Public_Key *key) const |
Key_Constraints | constraints () const |
void | decode_from (class BER_Decoder &from) override |
void | encode_into (class DER_Encoder &to) const override |
std::vector< OID > | ex_constraints () const |
std::string | hash_used_for_signature () const |
bool | is_CA () const |
u32bit | path_limit () const |
std::string | PEM_encode () const |
PKCS10_Request (DataSource &source) | |
PKCS10_Request (const std::string &filename) | |
PKCS10_Request (const std::vector< byte > &vec) | |
std::vector< byte > | raw_public_key () const |
std::vector< byte > | signature () const |
AlgorithmIdentifier | signature_algorithm () const |
AlternativeName | subject_alt_name () const |
X509_DN | subject_dn () const |
Public_Key * | subject_public_key () const |
std::vector< byte > | tbs_data () const |
Static Public Member Functions | |
static std::vector< byte > | make_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< byte > &tbs) |
Protected Member Functions | |
void | do_decode () |
Protected Attributes | |
std::vector< byte > | sig |
AlgorithmIdentifier | sig_algo |
std::vector< byte > | tbs_bits |
Botan::PKCS10_Request::PKCS10_Request | ( | DataSource & | source | ) |
Create a PKCS#10 Request from a data source.
source | the data source providing the DER encoded request |
Definition at line 22 of file pkcs10.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { do_decode(); }
Botan::PKCS10_Request::PKCS10_Request | ( | const std::string & | filename | ) |
Create a PKCS#10 Request from a file.
filename | the name of the file containing the DER or PEM encoded request file |
Definition at line 31 of file pkcs10.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { do_decode(); }
Botan::PKCS10_Request::PKCS10_Request | ( | const std::vector< byte > & | vec | ) |
Create a PKCS#10 Request from binary data.
vec | a std::vector containing the DER value |
Definition at line 40 of file pkcs10.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { do_decode(); }
std::vector< byte > Botan::X509_Object::BER_encode | ( | ) | const [inherited] |
Definition at line 113 of file x509_obj.cpp.
References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().
Referenced by Botan::X509_Certificate::fingerprint(), and Botan::X509_Object::PEM_encode().
{ DER_Encoder der; encode_into(der); return der.get_contents_unlocked(); }
std::string Botan::PKCS10_Request::challenge_password | ( | ) | const |
Get the challenge password for this request
Definition at line 132 of file pkcs10.cpp.
References Botan::Data_Store::get1().
{ return info.get1("PKCS9.ChallengePassword"); }
bool Botan::X509_Object::check_signature | ( | const Public_Key & | key | ) | const [inherited] |
Check the signature on this data
key | the public key purportedly used to sign this data |
Definition at line 187 of file x509_obj.cpp.
References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::sig_algo, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().
Referenced by Botan::X509_Object::check_signature().
{ try { std::vector<std::string> sig_info = split_on(OIDS::lookup(sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) return false; std::string padding = sig_info[1]; Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(tbs_data(), signature()); } catch(std::exception& e) { return false; } }
bool Botan::X509_Object::check_signature | ( | const Public_Key * | key | ) | const [inherited] |
Check the signature on this data
key | the public key purportedly used to sign this data the pointer will be deleted after use |
Definition at line 176 of file x509_obj.cpp.
References Botan::X509_Object::check_signature().
{ if(!pub_key) throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); }
Get the key constraints for the key associated with this PKCS#10 object.
Definition at line 174 of file pkcs10.cpp.
References Botan::Data_Store::get1_u32bit(), and Botan::NO_CONSTRAINTS.
Referenced by Botan::X509_CA::sign_request().
{ return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); }
void Botan::X509_Object::decode_from | ( | class BER_Decoder & | from | ) | [override, virtual, inherited] |
Decode whatever this object is from from
from | the BER_Decoder that will be read from |
Implements Botan::ASN1_Object.
Definition at line 98 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::BER_Decoder::start_cons(), Botan::X509_Object::tbs_bits, and Botan::BER_Decoder::verify_end().
void Botan::X509_Object::do_decode | ( | ) | [protected, inherited] |
Definition at line 230 of file x509_obj.cpp.
Referenced by PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), and Botan::X509_CRL::X509_CRL().
{ try { force_decode(); } catch(Decoding_Error& e) { throw Decoding_Error(PEM_label_pref + " decoding failed (" + e.what() + ")"); } catch(Invalid_Argument& e) { throw Decoding_Error(PEM_label_pref + " decoding failed (" + e.what() + ")"); } }
void Botan::X509_Object::encode_into | ( | class DER_Encoder & | to | ) | const [override, virtual, inherited] |
Encode whatever this object is into to
to | the DER_Encoder that will be written to |
Implements Botan::ASN1_Object.
Definition at line 84 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::DER_Encoder::start_cons(), and Botan::X509_Object::tbs_bits.
Referenced by Botan::X509_Object::BER_encode().
std::vector< OID > Botan::PKCS10_Request::ex_constraints | ( | ) | const |
Get the extendend key constraints (if any).
Definition at line 182 of file pkcs10.cpp.
References Botan::Data_Store::get().
Referenced by Botan::X509_CA::sign_request().
{ std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage"); std::vector<OID> result; for(size_t i = 0; i != oids.size(); ++i) result.push_back(OID(oids[i])); return result; }
std::string Botan::X509_Object::hash_used_for_signature | ( | ) | const [inherited] |
Definition at line 155 of file x509_obj.cpp.
References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), Botan::X509_Object::sig_algo, and Botan::split_on().
{ std::vector<std::string> sig_info = split_on(OIDS::lookup(sig_algo.oid), '/'); if(sig_info.size() != 2) throw Internal_Error("Invalid name format found for " + sig_algo.oid.as_string()); std::vector<std::string> pad_and_hash = parse_algorithm_name(sig_info[1]); if(pad_and_hash.size() != 2) throw Internal_Error("Invalid name format " + sig_info[1]); return pad_and_hash[1]; }
bool Botan::PKCS10_Request::is_CA | ( | ) | const |
Find out whether this is a CA request.
Definition at line 195 of file pkcs10.cpp.
References Botan::Data_Store::get1_u32bit().
Referenced by Botan::X509_CA::sign_request().
{ return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0); }
std::vector< byte > Botan::X509_Object::make_signed | ( | class PK_Signer * | signer, |
RandomNumberGenerator & | rng, | ||
const AlgorithmIdentifier & | alg_id, | ||
const secure_vector< byte > & | tbs | ||
) | [static, inherited] |
Create a signed X509 object.
signer | the signer used to sign the object |
rng | the random number generator to use |
alg_id | the algorithm identifier of the signature scheme |
tbs | the tbs bits to be signed |
Definition at line 213 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().
Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().
{ return DER_Encoder() .start_cons(SEQUENCE) .raw_bytes(tbs_bits) .encode(algo) .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() .get_contents_unlocked(); }
u32bit Botan::PKCS10_Request::path_limit | ( | ) | const |
Return the constraint on the path length defined in the BasicConstraints extension.
Definition at line 203 of file pkcs10.cpp.
References Botan::Data_Store::get1_u32bit().
Referenced by Botan::X509_CA::sign_request().
{ return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); }
std::string Botan::X509_Object::PEM_encode | ( | ) | const [inherited] |
Definition at line 123 of file x509_obj.cpp.
References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().
Referenced by Botan::X509_Certificate::to_string().
{ return PEM_Code::encode(BER_encode(), PEM_label_pref); }
std::vector< byte > Botan::PKCS10_Request::raw_public_key | ( | ) | const |
Get the raw DER encoded public key.
Definition at line 148 of file pkcs10.cpp.
References Botan::PEM_Code::decode_check_label(), Botan::Data_Store::get1(), and Botan::unlock().
Referenced by Botan::X509_CA::sign_request().
{ DataSource_Memory source(info.get1("X509.Certificate.public_key")); return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY")); }
std::vector< byte > Botan::X509_Object::signature | ( | ) | const [inherited] |
Definition at line 139 of file x509_obj.cpp.
References Botan::X509_Object::sig.
Referenced by Botan::X509_Object::check_signature().
{ return sig; }
AlgorithmIdentifier Botan::X509_Object::signature_algorithm | ( | ) | const [inherited] |
Definition at line 147 of file x509_obj.cpp.
References Botan::X509_Object::sig_algo.
Referenced by Botan::X509_Certificate::to_string().
{ return sig_algo; }
Get the subject alternative name.
Definition at line 166 of file pkcs10.cpp.
References Botan::create_alt_name().
Referenced by Botan::X509_CA::sign_request().
{ return create_alt_name(info); }
X509_DN Botan::PKCS10_Request::subject_dn | ( | ) | const |
Get the subject DN.
Definition at line 140 of file pkcs10.cpp.
References Botan::create_dn().
Referenced by Botan::X509_CA::sign_request().
{ return create_dn(info); }
Public_Key * Botan::PKCS10_Request::subject_public_key | ( | ) | const |
Get the subject public key.
Definition at line 157 of file pkcs10.cpp.
References Botan::Data_Store::get1(), and Botan::PKCS8::load_key().
Referenced by Botan::X509_CA::sign_request().
{ DataSource_Memory source(info.get1("X509.Certificate.public_key")); return X509::load_key(source); }
std::vector< byte > Botan::X509_Object::tbs_data | ( | ) | const [inherited] |
The underlying data that is to be or was signed
Definition at line 131 of file x509_obj.cpp.
References Botan::ASN1::put_in_sequence(), and Botan::X509_Object::tbs_bits.
Referenced by Botan::X509_Object::check_signature().
{ return ASN1::put_in_sequence(tbs_bits); }
std::vector<byte> Botan::X509_Object::sig [protected, inherited] |
Definition at line 97 of file x509_obj.h.
Referenced by Botan::X509_Object::decode_from(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and Botan::X509_Object::signature().
AlgorithmIdentifier Botan::X509_Object::sig_algo [protected, inherited] |
std::vector<byte> Botan::X509_Object::tbs_bits [protected, inherited] |
Definition at line 97 of file x509_obj.h.
Referenced by Botan::X509_Object::decode_from(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Object::tbs_data().