Botan  1.11.4
pkcs10.cpp
Go to the documentation of this file.
1 /*
2 * PKCS #10
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/pkcs10.h>
9 #include <botan/x509_ext.h>
10 #include <botan/x509cert.h>
11 #include <botan/der_enc.h>
12 #include <botan/ber_dec.h>
13 #include <botan/parsing.h>
14 #include <botan/oids.h>
15 #include <botan/pem.h>
16 
17 namespace Botan {
18 
19 /*
20 * PKCS10_Request Constructor
21 */
22 PKCS10_Request::PKCS10_Request(DataSource& in) :
23  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
24  {
25  do_decode();
26  }
27 
28 /*
29 * PKCS10_Request Constructor
30 */
31 PKCS10_Request::PKCS10_Request(const std::string& in) :
32  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
33  {
34  do_decode();
35  }
36 
37 /*
38 * PKCS10_Request Constructor
39 */
40 PKCS10_Request::PKCS10_Request(const std::vector<byte>& in) :
41  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
42  {
43  do_decode();
44  }
45 
46 /*
47 * Deocde the CertificateRequestInfo
48 */
49 void PKCS10_Request::force_decode()
50  {
51  BER_Decoder cert_req_info(tbs_bits);
52 
53  size_t version;
54  cert_req_info.decode(version);
55  if(version != 0)
56  throw Decoding_Error("Unknown version code in PKCS #10 request: " +
57  std::to_string(version));
58 
59  X509_DN dn_subject;
60  cert_req_info.decode(dn_subject);
61 
62  info.add(dn_subject.contents());
63 
64  BER_Object public_key = cert_req_info.get_next_object();
65  if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
66  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
67  public_key.type_tag, public_key.class_tag);
68 
69  info.add("X509.Certificate.public_key",
70  PEM_Code::encode(
71  ASN1::put_in_sequence(unlock(public_key.value)),
72  "PUBLIC KEY"
73  )
74  );
75 
76  BER_Object attr_bits = cert_req_info.get_next_object();
77 
78  if(attr_bits.type_tag == 0 &&
79  attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
80  {
81  BER_Decoder attributes(attr_bits.value);
82  while(attributes.more_items())
83  {
84  Attribute attr;
85  attributes.decode(attr);
86  handle_attribute(attr);
87  }
88  attributes.verify_end();
89  }
90  else if(attr_bits.type_tag != NO_OBJECT)
91  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
92  attr_bits.type_tag, attr_bits.class_tag);
93 
94  cert_req_info.verify_end();
95 
96  if(!this->check_signature(subject_public_key()))
97  throw Decoding_Error("PKCS #10 request: Bad signature detected");
98  }
99 
100 /*
101 * Handle attributes in a PKCS #10 request
102 */
103 void PKCS10_Request::handle_attribute(const Attribute& attr)
104  {
105  BER_Decoder value(attr.parameters);
106 
107  if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
108  {
109  ASN1_String email;
110  value.decode(email);
111  info.add("RFC822", email.value());
112  }
113  else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
114  {
115  ASN1_String challenge_password;
116  value.decode(challenge_password);
117  info.add("PKCS9.ChallengePassword", challenge_password.value());
118  }
119  else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
120  {
121  Extensions extensions;
122  value.decode(extensions).verify_end();
123 
124  Data_Store issuer_info;
125  extensions.contents_to(info, issuer_info);
126  }
127  }
128 
129 /*
130 * Return the challenge password (if any)
131 */
132 std::string PKCS10_Request::challenge_password() const
133  {
134  return info.get1("PKCS9.ChallengePassword");
135  }
136 
137 /*
138 * Return the name of the requestor
139 */
140 X509_DN PKCS10_Request::subject_dn() const
141  {
142  return create_dn(info);
143  }
144 
145 /*
146 * Return the public key of the requestor
147 */
148 std::vector<byte> PKCS10_Request::raw_public_key() const
149  {
150  DataSource_Memory source(info.get1("X509.Certificate.public_key"));
151  return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
152  }
153 
154 /*
155 * Return the public key of the requestor
156 */
157 Public_Key* PKCS10_Request::subject_public_key() const
158  {
159  DataSource_Memory source(info.get1("X509.Certificate.public_key"));
160  return X509::load_key(source);
161  }
162 
163 /*
164 * Return the alternative names of the requestor
165 */
166 AlternativeName PKCS10_Request::subject_alt_name() const
167  {
168  return create_alt_name(info);
169  }
170 
171 /*
172 * Return the key constraints (if any)
173 */
174 Key_Constraints PKCS10_Request::constraints() const
175  {
176  return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS));
177  }
178 
179 /*
180 * Return the extendend key constraints (if any)
181 */
182 std::vector<OID> PKCS10_Request::ex_constraints() const
183  {
184  std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage");
185 
186  std::vector<OID> result;
187  for(size_t i = 0; i != oids.size(); ++i)
188  result.push_back(OID(oids[i]));
189  return result;
190  }
191 
192 /*
193 * Return is a CA certificate is requested
194 */
195 bool PKCS10_Request::is_CA() const
196  {
197  return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0);
198  }
199 
200 /*
201 * Return the desired path limit (if any)
202 */
203 u32bit PKCS10_Request::path_limit() const
204  {
205  return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
206  }
207 
208 }
Generated on Wed May 1 2013 08:42:15 for Botan by   doxygen 1.8.3.1