Botan  1.11.10
pkcs10.cpp
Go to the documentation of this file.
1 /*
2 * PKCS #10
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/pkcs10.h>
9 #include <botan/x509_ext.h>
10 #include <botan/x509cert.h>
11 #include <botan/der_enc.h>
12 #include <botan/ber_dec.h>
13 #include <botan/parsing.h>
14 #include <botan/oids.h>
15 #include <botan/pem.h>
16 
17 namespace Botan {
18 
19 /*
20 * PKCS10_Request Constructor
21 */
23  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
24  {
25  do_decode();
26  }
27 
28 /*
29 * PKCS10_Request Constructor
30 */
31 PKCS10_Request::PKCS10_Request(const std::string& in) :
32  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
33  {
34  do_decode();
35  }
36 
37 /*
38 * PKCS10_Request Constructor
39 */
40 PKCS10_Request::PKCS10_Request(const std::vector<byte>& in) :
41  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
42  {
43  do_decode();
44  }
45 
46 /*
47 * Deocde the CertificateRequestInfo
48 */
49 void PKCS10_Request::force_decode()
50  {
51  BER_Decoder cert_req_info(tbs_bits);
52 
53  size_t version;
54  cert_req_info.decode(version);
55  if(version != 0)
56  throw Decoding_Error("Unknown version code in PKCS #10 request: " +
57  std::to_string(version));
58 
59  X509_DN dn_subject;
60  cert_req_info.decode(dn_subject);
61 
62  info.add(dn_subject.contents());
63 
64  BER_Object public_key = cert_req_info.get_next_object();
65  if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
66  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
67  public_key.type_tag, public_key.class_tag);
68 
69  info.add("X509.Certificate.public_key",
71  ASN1::put_in_sequence(unlock(public_key.value)),
72  "PUBLIC KEY"
73  )
74  );
75 
76  BER_Object attr_bits = cert_req_info.get_next_object();
77 
78  if(attr_bits.type_tag == 0 &&
80  {
81  BER_Decoder attributes(attr_bits.value);
82  while(attributes.more_items())
83  {
84  Attribute attr;
85  attributes.decode(attr);
86  handle_attribute(attr);
87  }
88  attributes.verify_end();
89  }
90  else if(attr_bits.type_tag != NO_OBJECT)
91  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
92  attr_bits.type_tag, attr_bits.class_tag);
93 
94  cert_req_info.verify_end();
95 
97  throw Decoding_Error("PKCS #10 request: Bad signature detected");
98  }
99 
100 /*
101 * Handle attributes in a PKCS #10 request
102 */
103 void PKCS10_Request::handle_attribute(const Attribute& attr)
104  {
105  BER_Decoder value(attr.parameters);
106 
107  if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
108  {
109  ASN1_String email;
110  value.decode(email);
111  info.add("RFC822", email.value());
112  }
113  else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
114  {
115  ASN1_String challenge_password;
116  value.decode(challenge_password);
117  info.add("PKCS9.ChallengePassword", challenge_password.value());
118  }
119  else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
120  {
121  Extensions extensions;
122  value.decode(extensions).verify_end();
123 
124  Data_Store issuer_info;
125  extensions.contents_to(info, issuer_info);
126  }
127  }
128 
129 /*
130 * Return the challenge password (if any)
131 */
133  {
134  return info.get1("PKCS9.ChallengePassword");
135  }
136 
137 /*
138 * Return the name of the requestor
139 */
141  {
142  return create_dn(info);
143  }
144 
145 /*
146 * Return the public key of the requestor
147 */
148 std::vector<byte> PKCS10_Request::raw_public_key() const
149  {
150  DataSource_Memory source(info.get1("X509.Certificate.public_key"));
151  return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
152  }
153 
154 /*
155 * Return the public key of the requestor
156 */
158  {
159  DataSource_Memory source(info.get1("X509.Certificate.public_key"));
160  return X509::load_key(source);
161  }
162 
163 /*
164 * Return the alternative names of the requestor
165 */
167  {
168  return create_alt_name(info);
169  }
170 
171 /*
172 * Return the key constraints (if any)
173 */
175  {
176  return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS));
177  }
178 
179 /*
180 * Return the extendend key constraints (if any)
181 */
182 std::vector<OID> PKCS10_Request::ex_constraints() const
183  {
184  std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage");
185 
186  std::vector<OID> result;
187  for(size_t i = 0; i != oids.size(); ++i)
188  result.push_back(OID(oids[i]));
189  return result;
190  }
191 
192 /*
193 * Return is a CA certificate is requested
194 */
196  {
197  return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0);
198  }
199 
200 /*
201 * Return the desired path limit (if any)
202 */
204  {
205  return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
206  }
207 
208 }
std::vector< OID > ex_constraints() const
Definition: pkcs10.cpp:182
Public_Key * subject_public_key() const
Definition: pkcs10.cpp:157
bool is_CA() const
Definition: pkcs10.cpp:195
std::vector< byte > raw_public_key() const
Definition: pkcs10.cpp:148
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:41
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:46
secure_vector< byte > value
Definition: asn1_obj.h:84
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:548
AlternativeName subject_alt_name() const
Definition: pkcs10.cpp:166
AlternativeName create_alt_name(const Data_Store &info)
Definition: x509cert.cpp:567
std::string lookup(const OID &oid)
Definition: oids.cpp:111
uint32_t u32bit
Definition: types.h:32
ASN1_Tag
Definition: asn1_obj.h:19
X509_DN subject_dn() const
Definition: pkcs10.cpp:140
Definition: buf_comp.h:15
Key_Constraints constraints() const
Definition: pkcs10.cpp:174
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:95
ASN1_Tag class_tag
Definition: asn1_obj.h:83
std::string challenge_password() const
Definition: pkcs10.cpp:132
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
bool check_signature(const Public_Key &key) const
Definition: x509_obj.cpp:185
u32bit get1_u32bit(const std::string &, u32bit=0) const
Definition: datastor.cpp:109
ASN1_Tag type_tag
Definition: asn1_obj.h:83
PKCS10_Request(DataSource &source)
Definition: pkcs10.cpp:22
std::multimap< std::string, std::string > contents() const
Definition: x509_dn.cpp:84
u32bit path_limit() const
Definition: pkcs10.cpp:203
std::vector< byte > put_in_sequence(const std::vector< byte > &contents)
Definition: asn1_obj.cpp:34
std::vector< std::string > get(const std::string &) const
Definition: datastor.cpp:50
void add(const std::multimap< std::string, std::string > &)
Definition: datastor.cpp:155
std::vector< byte > tbs_bits
Definition: x509_obj.h:98
secure_vector< byte > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:33