Botan  1.11.10
Functions
Botan::X509 Namespace Reference

Functions

std::vector< byteBER_encode (const Public_Key &key)
 
Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
Public_Keyload_key (DataSource &source)
 
Public_Keyload_key (const std::string &fsname)
 
Public_Keyload_key (const std::vector< byte > &mem)
 
std::string PEM_encode (const Public_Key &key)
 

Detailed Description

This namespace contains functions for handling X.509 public keys

Function Documentation

BOTAN_DLL std::vector< byte > Botan::X509::BER_encode ( const Public_Key &  key)

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 19 of file x509_key.cpp.

References Botan::Public_Key::algorithm_identifier(), Botan::BIT_STRING, Botan::PEM_Code::encode(), Botan::DER_Encoder::encode(), Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::Public_Key::x509_subject_public_key().

Referenced by create_cert_req(), create_self_signed_cert(), and PEM_encode().

20  {
21  return DER_Encoder()
22  .start_cons(SEQUENCE)
23  .encode(key.algorithm_identifier())
24  .encode(key.x509_subject_public_key(), BIT_STRING)
25  .end_cons()
26  .get_contents_unlocked();
27  }
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
BOTAN_DLL Public_Key * Botan::X509::copy_key ( const Public_Key &  key)

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 102 of file x509_key.cpp.

References load_key(), and PEM_encode().

103  {
104  DataSource_Memory source(PEM_encode(key));
105  return X509::load_key(source);
106  }
std::string PEM_encode(const Public_Key &key)
Definition: x509_key.cpp:32
Public_Key * load_key(const std::vector< byte > &mem)
Definition: x509_key.cpp:93
BOTAN_DLL PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options &  opts,
const Private_Key &  key,
const std::string &  hash_fn,
RandomNumberGenerator &  rng 
)

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 90 of file x509self.cpp.

References Botan::Extensions::add(), BER_encode(), Botan::X509_Cert_Options::challenge, Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::DIRECTORY_STRING, Botan::PEM_Code::encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::end_explicit(), Botan::X509_Cert_Options::ex_constraints, Botan::find_constraints(), Botan::DER_Encoder::get_contents(), Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_Object::make_signed(), Botan::X509_Cert_Options::path_limit, Botan::DER_Encoder::raw_bytes(), Botan::X509_Cert_Options::sanity_check(), Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), and Botan::DER_Encoder::start_explicit().

94  {
95  AlgorithmIdentifier sig_algo;
96  X509_DN subject_dn;
97  AlternativeName subject_alt;
98 
99  opts.sanity_check();
100 
101  std::vector<byte> pub_key = X509::BER_encode(key);
102  std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
103  load_info(opts, subject_dn, subject_alt);
104 
105  const size_t PKCS10_VERSION = 0;
106 
107  Extensions extensions;
108 
109  extensions.add(
110  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
111  extensions.add(
112  new Cert_Extension::Key_Usage(
113  opts.is_CA ? Key_Constraints(KEY_CERT_SIGN | CRL_SIGN) :
114  find_constraints(key, opts.constraints)
115  )
116  );
117  extensions.add(
118  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
119  extensions.add(
120  new Cert_Extension::Subject_Alternative_Name(subject_alt));
121 
122  DER_Encoder tbs_req;
123 
124  tbs_req.start_cons(SEQUENCE)
125  .encode(PKCS10_VERSION)
126  .encode(subject_dn)
127  .raw_bytes(pub_key)
128  .start_explicit(0);
129 
130  if(opts.challenge != "")
131  {
132  ASN1_String challenge(opts.challenge, DIRECTORY_STRING);
133 
134  tbs_req.encode(
135  Attribute("PKCS9.ChallengePassword",
136  DER_Encoder().encode(challenge).get_contents_unlocked()
137  )
138  );
139  }
140 
141  tbs_req.encode(
142  Attribute("PKCS9.ExtensionRequest",
143  DER_Encoder()
144  .start_cons(SEQUENCE)
145  .encode(extensions)
146  .end_cons()
147  .get_contents_unlocked()
148  )
149  )
150  .end_explicit()
151  .end_cons();
152 
153  const std::vector<byte> req =
154  X509_Object::make_signed(signer.get(), rng, sig_algo,
155  tbs_req.get_contents());
156 
157  return PKCS10_Request(req);
158  }
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
secure_vector< byte > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:129
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:218
BOTAN_DLL X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options &  opts,
const Private_Key &  key,
const std::string &  hash_fn,
RandomNumberGenerator &  rng 
)

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 44 of file x509self.cpp.

References Botan::Extensions::add(), BER_encode(), Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::find_constraints(), Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_CA::make_cert(), Botan::X509_Cert_Options::path_limit, Botan::X509_Cert_Options::sanity_check(), and Botan::X509_Cert_Options::start.

48  {
49  AlgorithmIdentifier sig_algo;
50  X509_DN subject_dn;
51  AlternativeName subject_alt;
52 
53  opts.sanity_check();
54 
55  std::vector<byte> pub_key = X509::BER_encode(key);
56  std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
57  load_info(opts, subject_dn, subject_alt);
58 
59  Key_Constraints constraints;
60  if(opts.is_CA)
61  constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
62  else
63  constraints = find_constraints(key, opts.constraints);
64 
65  Extensions extensions;
66 
67  extensions.add(
68  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
69  true);
70 
71  extensions.add(new Cert_Extension::Key_Usage(constraints), true);
72 
73  extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
74 
75  extensions.add(
76  new Cert_Extension::Subject_Alternative_Name(subject_alt));
77 
78  extensions.add(
79  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
80 
81  return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
82  opts.start, opts.end,
83  subject_dn, subject_dn,
84  extensions);
85  }
Key_Constraints find_constraints(const Public_Key &pub_key, Key_Constraints limits)
secure_vector< byte > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:129
PK_Signer * choose_sig_format(const Private_Key &key, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:218
BOTAN_DLL Public_Key * Botan::X509::load_key ( DataSource &  source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 41 of file x509_key.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::make_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), Botan::SEQUENCE, Botan::BER_Decoder::start_cons(), and Botan::BER_Decoder::verify_end().

Referenced by copy_key(), load_key(), Botan::X509_Certificate::subject_public_key(), and Botan::PKCS10_Request::subject_public_key().

42  {
43  try {
44  AlgorithmIdentifier alg_id;
45  secure_vector<byte> key_bits;
46 
47  if(ASN1::maybe_BER(source) && !PEM_Code::matches(source))
48  {
49  BER_Decoder(source)
50  .start_cons(SEQUENCE)
51  .decode(alg_id)
52  .decode(key_bits, BIT_STRING)
53  .verify_end()
54  .end_cons();
55  }
56  else
57  {
58  DataSource_Memory ber(
59  PEM_Code::decode_check_label(source, "PUBLIC KEY")
60  );
61 
62  BER_Decoder(ber)
63  .start_cons(SEQUENCE)
64  .decode(alg_id)
65  .decode(key_bits, BIT_STRING)
66  .verify_end()
67  .end_cons();
68  }
69 
70  if(key_bits.empty())
71  throw Decoding_Error("X.509 public key decoding failed");
72 
73  return make_public_key(alg_id, key_bits);
74  }
75  catch(Decoding_Error)
76  {
77  throw Decoding_Error("X.509 public key decoding failed");
78  }
79  }
bool maybe_BER(DataSource &source)
Definition: asn1_obj.cpp:55
Public_Key * make_public_key(const AlgorithmIdentifier &alg_id, const secure_vector< byte > &key_bits)
Definition: pk_algs.cpp:49
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:120
secure_vector< byte > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:33
BOTAN_DLL Public_Key * Botan::X509::load_key ( const std::string &  filename)

Create a public key from a file

Parameters
filenamepathname to the file to load
Returns
new public key object

Definition at line 84 of file x509_key.cpp.

References load_key().

85  {
86  DataSource_Stream source(fsname, true);
87  return X509::load_key(source);
88  }
Public_Key * load_key(const std::vector< byte > &mem)
Definition: x509_key.cpp:93
BOTAN_DLL Public_Key * Botan::X509::load_key ( const std::vector< byte > &  enc)

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 93 of file x509_key.cpp.

References load_key().

94  {
95  DataSource_Memory source(mem);
96  return X509::load_key(source);
97  }
Public_Key * load_key(const std::vector< byte > &mem)
Definition: x509_key.cpp:93
BOTAN_DLL std::string Botan::X509::PEM_encode ( const Public_Key &  key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 32 of file x509_key.cpp.

References BER_encode(), and Botan::PEM_Code::encode().

Referenced by copy_key(), and Botan::X509_Certificate::to_string().

33  {
35  "PUBLIC KEY");
36  }
std::vector< byte > BER_encode(const Public_Key &key)
Definition: x509_key.cpp:19
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19