Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Botan::PKCS10_Request Class Referencefinal

#include <pkcs10.h>

Inheritance diagram for Botan::PKCS10_Request:
Botan::X509_Object Botan::ASN1_Object

Public Member Functions

std::vector< uint8_t > BER_encode () const
 
std::string challenge_password () const
 
bool check_signature (const Public_Key &key) const
 
bool check_signature (const Public_Key *key) const
 
Key_Constraints constraints () const
 
void decode_from (class BER_Decoder &from) override
 
void encode_into (class DER_Encoder &to) const override
 
std::vector< OIDex_constraints () const
 
Extensions extensions () const
 
std::string hash_used_for_signature () const
 
bool is_CA () const
 
size_t path_limit () const
 
std::string PEM_encode () const
 
 PKCS10_Request (DataSource &source)
 
 PKCS10_Request (const std::vector< uint8_t > &vec)
 
std::vector< uint8_t > raw_public_key () const
 
std::vector< uint8_t > signature () const
 
AlgorithmIdentifier signature_algorithm () const
 
AlternativeName subject_alt_name () const
 
X509_DN subject_dn () const
 
Public_Keysubject_public_key () const
 
std::vector< uint8_t > tbs_data () const
 

Static Public Member Functions

static std::vector< uint8_t > make_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
 

Protected Member Functions

void do_decode ()
 

Protected Attributes

std::vector< uint8_t > m_sig
 
AlgorithmIdentifier m_sig_algo
 
std::vector< uint8_t > m_tbs_bits
 

Detailed Description

PKCS #10 Certificate Request.

Definition at line 26 of file pkcs10.h.

Constructor & Destructor Documentation

Botan::PKCS10_Request::PKCS10_Request ( DataSource source)
explicit

Create a PKCS#10 Request from a data source.

Parameters
sourcethe data source providing the DER encoded request

Definition at line 22 of file pkcs10.cpp.

References Botan::X509_Object::do_decode().

22  :
23  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
24  {
25  do_decode();
26  }
X509_Object()=default
Botan::PKCS10_Request::PKCS10_Request ( const std::vector< uint8_t > &  vec)
explicit

Create a PKCS#10 Request from binary data.

Parameters
veca std::vector containing the DER value

Definition at line 42 of file pkcs10.cpp.

References Botan::X509_Object::do_decode().

42  :
43  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
44  {
45  do_decode();
46  }
X509_Object()=default

Member Function Documentation

std::vector< uint8_t > Botan::X509_Object::BER_encode ( ) const
inherited
Returns
BER encoding of this

Definition at line 114 of file x509_obj.cpp.

References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().

Referenced by Botan::X509_Certificate::fingerprint(), and Botan::X509_Object::PEM_encode().

115  {
116  DER_Encoder der;
117  encode_into(der);
118  return der.get_contents_unlocked();
119  }
void encode_into(class DER_Encoder &to) const override
Definition: x509_obj.cpp:86
std::string Botan::PKCS10_Request::challenge_password ( ) const

Get the challenge password for this request

Returns
challenge password for this request

Definition at line 130 of file pkcs10.cpp.

References Botan::Data_Store::get1().

131  {
132  return m_info.get1("PKCS9.ChallengePassword");
133  }
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
bool Botan::X509_Object::check_signature ( const Public_Key key) const
inherited

Check the signature on this data

Parameters
keythe public key purportedly used to sign this data
Returns
true if the signature is valid, otherwise false

Definition at line 188 of file x509_obj.cpp.

References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::X509_Object::m_sig_algo, Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().

Referenced by Botan::X509_Object::check_signature().

189  {
190  try {
191  std::vector<std::string> sig_info =
193 
194  if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
195  return false;
196 
197  std::string padding = sig_info[1];
198  Signature_Format format =
199  (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
200 
201  PK_Verifier verifier(pub_key, padding, format);
202 
203  return verifier.verify_message(tbs_data(), signature());
204  }
205  catch(std::exception&)
206  {
207  return false;
208  }
209  }
AlgorithmIdentifier m_sig_algo
Definition: x509_obj.h:109
Signature_Format
Definition: pubkey.h:29
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
std::string lookup(const OID &oid)
Definition: oids.cpp:18
std::vector< uint8_t > signature() const
Definition: x509_obj.cpp:140
std::vector< uint8_t > tbs_data() const
Definition: x509_obj.cpp:132
bool Botan::X509_Object::check_signature ( const Public_Key key) const
inherited

Check the signature on this data

Parameters
keythe public key purportedly used to sign this data the pointer will be deleted after use
Returns
true if the signature is valid, otherwise false

Definition at line 177 of file x509_obj.cpp.

References Botan::X509_Object::check_signature().

178  {
179  if(!pub_key)
180  throw Exception("No key provided for " + m_PEM_label_pref + " signature check");
181  std::unique_ptr<const Public_Key> key(pub_key);
182  return check_signature(*key);
183 }
bool check_signature(const Public_Key &key) const
Definition: x509_obj.cpp:188
Key_Constraints Botan::PKCS10_Request::constraints ( ) const

Get the key constraints for the key associated with this PKCS#10 object.

Returns
key constraints

Definition at line 172 of file pkcs10.cpp.

References Botan::Extensions::get(), Botan::Cert_Extension::Key_Usage::get_constraints(), Botan::OIDS::lookup(), and Botan::NO_CONSTRAINTS.

Referenced by Botan::X509_CA::sign_request().

173  {
174  if(auto ext = m_extensions.get(OIDS::lookup("X509v3.KeyUsage")))
175  {
176  return dynamic_cast<Cert_Extension::Key_Usage&>(*ext).get_constraints();
177  }
178 
179  return NO_CONSTRAINTS;
180  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
std::unique_ptr< Certificate_Extension > get(const OID &oid) const
Definition: x509_ext.cpp:126
void Botan::X509_Object::decode_from ( class BER_Decoder from)
overridevirtualinherited

Decode a BER encoded X509_Object See ASN1_Object::decode_from()

Implements Botan::ASN1_Object.

Definition at line 100 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::X509_Object::m_sig, Botan::X509_Object::m_sig_algo, Botan::X509_Object::m_tbs_bits, Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, and Botan::BER_Decoder::start_cons().

101  {
102  from.start_cons(SEQUENCE)
103  .start_cons(SEQUENCE)
104  .raw_bytes(m_tbs_bits)
105  .end_cons()
106  .decode(m_sig_algo)
107  .decode(m_sig, BIT_STRING)
108  .end_cons();
109  }
AlgorithmIdentifier m_sig_algo
Definition: x509_obj.h:109
std::vector< uint8_t > m_tbs_bits
Definition: x509_obj.h:110
std::vector< uint8_t > m_sig
Definition: x509_obj.h:110
void Botan::X509_Object::do_decode ( )
protectedinherited

Definition at line 231 of file x509_obj.cpp.

References Botan::Exception::what().

Referenced by PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), and Botan::X509_CRL::X509_CRL().

232  {
233  try {
234  force_decode();
235  }
236  catch(Decoding_Error& e)
237  {
238  throw Decoding_Error(m_PEM_label_pref + " decoding failed (" +
239  e.what() + ")");
240  }
241  catch(Invalid_Argument& e)
242  {
243  throw Decoding_Error(m_PEM_label_pref + " decoding failed (" +
244  e.what() + ")");
245  }
246  }
void Botan::X509_Object::encode_into ( class DER_Encoder to) const
overridevirtualinherited

DER encode an X509_Object See ASN1_Object::encode_into()

Implements Botan::ASN1_Object.

Definition at line 86 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::X509_Object::m_sig, Botan::X509_Object::m_sig_algo, Botan::X509_Object::m_tbs_bits, Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509_Object::BER_encode(), and Botan::Certificate_Store_In_SQL::insert_cert().

87  {
88  to.start_cons(SEQUENCE)
89  .start_cons(SEQUENCE)
90  .raw_bytes(m_tbs_bits)
91  .end_cons()
92  .encode(m_sig_algo)
93  .encode(m_sig, BIT_STRING)
94  .end_cons();
95  }
AlgorithmIdentifier m_sig_algo
Definition: x509_obj.h:109
std::vector< uint8_t > m_tbs_bits
Definition: x509_obj.h:110
std::vector< uint8_t > m_sig
Definition: x509_obj.h:110
std::vector< OID > Botan::PKCS10_Request::ex_constraints ( ) const

Get the extendend key constraints (if any).

Returns
extended key constraints

Definition at line 185 of file pkcs10.cpp.

References Botan::Extensions::get(), Botan::Cert_Extension::Extended_Key_Usage::get_oids(), and Botan::OIDS::lookup().

Referenced by Botan::X509_CA::sign_request().

186  {
187  if(auto ext = m_extensions.get(OIDS::lookup("X509v3.ExtendedKeyUsage")))
188  {
189  return dynamic_cast<Cert_Extension::Extended_Key_Usage&>(*ext).get_oids();
190  }
191 
192  return {};
193  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
std::unique_ptr< Certificate_Extension > get(const OID &oid) const
Definition: x509_ext.cpp:126
Extensions Botan::PKCS10_Request::extensions ( ) const

Get the X509v3 extensions.

Returns
X509v3 extensions

Definition at line 228 of file pkcs10.cpp.

Referenced by Botan::X509_CA::sign_request().

229  {
230  return m_extensions;
231  }
std::string Botan::X509_Object::hash_used_for_signature ( ) const
inherited
Returns
hash algorithm that was used to generate signature

Definition at line 156 of file x509_obj.cpp.

References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::X509_Object::m_sig_algo, Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), and Botan::split_on().

157  {
158  std::vector<std::string> sig_info =
160 
161  if(sig_info.size() != 2)
162  throw Internal_Error("Invalid name format found for " +
164 
165  std::vector<std::string> pad_and_hash =
166  parse_algorithm_name(sig_info[1]);
167 
168  if(pad_and_hash.size() != 2)
169  throw Internal_Error("Invalid name format " + sig_info[1]);
170 
171  return pad_and_hash[1];
172  }
std::vector< std::string > parse_algorithm_name(const std::string &namex)
Definition: parsing.cpp:85
AlgorithmIdentifier m_sig_algo
Definition: x509_obj.h:109
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:138
std::string lookup(const OID &oid)
Definition: oids.cpp:18
std::string as_string() const
Definition: asn1_oid.cpp:50
bool Botan::PKCS10_Request::is_CA ( ) const

Find out whether this is a CA request.

Returns
true if it is a CA request, false otherwise.

Definition at line 198 of file pkcs10.cpp.

References Botan::Extensions::get(), Botan::Cert_Extension::Basic_Constraints::get_is_ca(), and Botan::OIDS::lookup().

Referenced by Botan::X509_CA::sign_request().

199  {
200  if(auto ext = m_extensions.get(OIDS::lookup("X509v3.BasicConstraints")))
201  {
202  return dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext).get_is_ca();
203  }
204 
205  return false;
206  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
std::unique_ptr< Certificate_Extension > get(const OID &oid) const
Definition: x509_ext.cpp:126
std::vector< uint8_t > Botan::X509_Object::make_signed ( class PK_Signer signer,
RandomNumberGenerator rng,
const AlgorithmIdentifier alg_id,
const secure_vector< uint8_t > &  tbs 
)
staticinherited

Create a signed X509 object.

Parameters
signerthe signer used to sign the object
rngthe random number generator to use
alg_idthe algorithm identifier of the signature scheme
tbsthe tbs bits to be signed
Returns
signed X509 object

Definition at line 214 of file x509_obj.cpp.

References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().

Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().

218  {
219  return DER_Encoder()
220  .start_cons(SEQUENCE)
221  .raw_bytes(tbs_bits)
222  .encode(algo)
223  .encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
224  .end_cons()
225  .get_contents_unlocked();
226  }
size_t Botan::PKCS10_Request::path_limit ( ) const

Return the constraint on the path length defined in the BasicConstraints extension.

Returns
path limit

Definition at line 211 of file pkcs10.cpp.

References Botan::Extensions::get(), Botan::Cert_Extension::Basic_Constraints::get_is_ca(), Botan::Cert_Extension::Basic_Constraints::get_path_limit(), and Botan::OIDS::lookup().

Referenced by Botan::X509_CA::sign_request().

212  {
213  if(auto ext = m_extensions.get(OIDS::lookup("X509v3.BasicConstraints")))
214  {
215  Cert_Extension::Basic_Constraints& basic_constraints = dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext);
216  if(basic_constraints.get_is_ca())
217  {
218  return basic_constraints.get_path_limit();
219  }
220  }
221 
222  return 0;
223  }
std::string lookup(const OID &oid)
Definition: oids.cpp:18
std::unique_ptr< Certificate_Extension > get(const OID &oid) const
Definition: x509_ext.cpp:126
std::string Botan::X509_Object::PEM_encode ( ) const
inherited
Returns
PEM encoding of this

Definition at line 124 of file x509_obj.cpp.

References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().

125  {
126  return PEM_Code::encode(BER_encode(), m_PEM_label_pref);
127  }
std::vector< uint8_t > BER_encode() const
Definition: x509_obj.cpp:114
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43
std::vector< uint8_t > Botan::PKCS10_Request::raw_public_key ( ) const

Get the raw DER encoded public key.

Returns
raw DER encoded public key

Definition at line 146 of file pkcs10.cpp.

References Botan::PEM_Code::decode_check_label(), Botan::Data_Store::get1(), and Botan::unlock().

Referenced by Botan::X509_CA::sign_request().

147  {
148  DataSource_Memory source(m_info.get1("X509.Certificate.public_key"));
149  return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
150  }
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:125
secure_vector< uint8_t > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:54
std::vector< uint8_t > Botan::X509_Object::signature ( ) const
inherited
Returns
signature on tbs_data()

Definition at line 140 of file x509_obj.cpp.

References Botan::X509_Object::m_sig.

Referenced by Botan::X509_Object::check_signature().

141  {
142  return m_sig;
143  }
std::vector< uint8_t > m_sig
Definition: x509_obj.h:110
AlgorithmIdentifier Botan::X509_Object::signature_algorithm ( ) const
inherited
Returns
signature algorithm that was used to generate signature

Definition at line 148 of file x509_obj.cpp.

References Botan::X509_Object::m_sig_algo.

Referenced by Botan::X509_Certificate::to_string().

149  {
150  return m_sig_algo;
151  }
AlgorithmIdentifier m_sig_algo
Definition: x509_obj.h:109
AlternativeName Botan::PKCS10_Request::subject_alt_name ( ) const

Get the subject alternative name.

Returns
subject alternative name.

Definition at line 164 of file pkcs10.cpp.

References Botan::create_alt_name().

Referenced by Botan::X509_CA::sign_request().

165  {
166  return create_alt_name(m_info);
167  }
AlternativeName create_alt_name(const Data_Store &info)
Definition: x509cert.cpp:692
X509_DN Botan::PKCS10_Request::subject_dn ( ) const

Get the subject DN.

Returns
subject DN

Definition at line 138 of file pkcs10.cpp.

References Botan::create_dn().

Referenced by Botan::X509_CA::sign_request().

139  {
140  return create_dn(m_info);
141  }
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:673
Public_Key * Botan::PKCS10_Request::subject_public_key ( ) const

Get the subject public key.

Returns
subject public key

Definition at line 155 of file pkcs10.cpp.

References Botan::Data_Store::get1(), and Botan::X509::load_key().

Referenced by Botan::X509_CA::sign_request().

156  {
157  DataSource_Memory source(m_info.get1("X509.Certificate.public_key"));
158  return X509::load_key(source);
159  }
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:37
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
std::vector< uint8_t > Botan::X509_Object::tbs_data ( ) const
inherited

The underlying data that is to be or was signed

Returns
data that is or was signed

Definition at line 132 of file x509_obj.cpp.

References Botan::X509_Object::m_tbs_bits, and Botan::ASN1::put_in_sequence().

Referenced by Botan::X509_Object::check_signature().

133  {
135  }
std::vector< uint8_t > m_tbs_bits
Definition: x509_obj.h:110
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition: asn1_obj.cpp:35

Member Data Documentation

std::vector<uint8_t> Botan::X509_Object::m_sig
protectedinherited
AlgorithmIdentifier Botan::X509_Object::m_sig_algo
protectedinherited
std::vector<uint8_t> Botan::X509_Object::m_tbs_bits
protectedinherited

The documentation for this class was generated from the following files: