Botan  2.10.0
Crypto and TLS for C++11
Functions | Variables
Botan::X509 Namespace Reference

Functions

std::vector< uint8_t > BER_encode (const Public_Key &key)
 
BOTAN_PUBLIC_API(2, 0) std BOTAN_PUBLIC_API(2, 0) std BOTAN_PUBLIC_API (2, 0) Public_Key *load_key(DataSource &source)
 
Public_Key * copy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
Public_Key * load_key (DataSource &source)
 
Public_Key * load_key (const std::vector< uint8_t > &mem)
 
std::string PEM_encode (const Public_Key &key)
 

Variables

const Private_Key const std::string & hash_fn
 
const Private_Key & key
 
const Private_Key const std::string RandomNumberGenerator & rng
 

Detailed Description

This namespace contains functions for handling X.509 public keys

Function Documentation

◆ BER_encode()

std::vector<uint8_t> Botan::X509::BER_encode ( const Public_Key &  key)

Definition at line 19 of file x509_key.cpp.

20  {
21  // keeping it around for compat
22  return key.subject_public_key();
23  }
const uint8_t * key
Definition: ffi.h:359

References key.

Referenced by botan_privkey_export_pubkey(), botan_pubkey_export(), and create_self_signed_cert().

◆ BOTAN_PUBLIC_API()

Botan::X509::BOTAN_PUBLIC_API ( ,
 
) &

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this keyPEM encode a public key into a string.
Parameters
keythe key to encode
Returns
PEM encoded keyCreate a public key from a data source.
Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key objectCopy a key.
Parameters
keythe public key to copy
Returns
new public key object

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

◆ copy_key()

Public_Key* Botan::X509::copy_key ( const Public_Key &  key)

Definition at line 98 of file x509_key.cpp.

99  {
100  DataSource_Memory source(PEM_encode(key));
101  return X509::load_key(source);
102  }
std::string PEM_encode(const Public_Key &key)
Definition: x509_key.cpp:28
Public_Key * load_key(const std::vector< uint8_t > &mem)
Definition: x509_key.cpp:89
const uint8_t * key
Definition: ffi.h:359
const botan_hash_t source
Definition: ffi.h:269

References key, load_key(), PEM_encode(), and source.

◆ create_cert_req()

PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options &  opts,
const Private_Key &  key,
const std::string &  hash_fn,
RandomNumberGenerator &  rng 
)

Definition at line 105 of file x509self.cpp.

109  {
110  X509_DN subject_dn;
111  AlternativeName subject_alt;
112  load_info(opts, subject_dn, subject_alt);
113 
115  if(opts.is_CA)
116  {
118  }
119  else
120  {
122  constraints = opts.constraints;
123  }
124 
125  Extensions extensions = opts.extensions;
126 
127  extensions.add_new(new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
128 
130  {
131  extensions.add_new(new Cert_Extension::Key_Usage(constraints));
132  }
133  extensions.add_new(new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
134  extensions.add_new(new Cert_Extension::Subject_Alternative_Name(subject_alt));
135 
136  return PKCS10_Request::create(key,
137  subject_dn,
138  extensions,
139  hash_fn,
140  rng,
141  opts.padding_scheme,
142  opts.challenge);
143  }
Definition: ffi.h:1489
botan_rng_t rng
Definition: ffi.h:856
RandomNumberGenerator const std::string & hash_fn
Definition: x509_ca.h:230
Key_Constraints constraints
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
const uint8_t * key
Definition: ffi.h:359

References Botan::constraints, Botan::CRL_SIGN, hash_fn, key, Botan::KEY_CERT_SIGN, Botan::NO_CONSTRAINTS, rng, and Botan::verify_cert_constraints_valid_for_key_type().

◆ create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options &  opts,
const Private_Key &  key,
const std::string &  hash_fn,
RandomNumberGenerator &  rng 
)

Definition at line 47 of file x509self.cpp.

51  {
52  AlgorithmIdentifier sig_algo;
53  X509_DN subject_dn;
54  AlternativeName subject_alt;
55 
56  // for now, only the padding option is used
57  std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };
58 
59  const std::vector<uint8_t> pub_key = X509::BER_encode(key);
60  std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));
61  load_info(opts, subject_dn, subject_alt);
62 
63  Extensions extensions = opts.extensions;
64 
66  if(opts.is_CA)
67  {
69  }
70  else
71  {
73  constraints = opts.constraints;
74  }
75 
76  extensions.add_new(
77  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
78  true);
79 
81  {
82  extensions.add_new(new Cert_Extension::Key_Usage(constraints), true);
83  }
84 
85  std::unique_ptr<Cert_Extension::Subject_Key_ID> skid(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn));
86 
87  extensions.add_new(new Cert_Extension::Authority_Key_ID(skid->get_key_id()));
88  extensions.add_new(skid.release());
89 
90  extensions.add_new(
91  new Cert_Extension::Subject_Alternative_Name(subject_alt));
92 
93  extensions.add_new(
94  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
95 
96  return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
97  opts.start, opts.end,
98  subject_dn, subject_dn,
99  extensions);
100  }
Definition: ffi.h:1489
botan_rng_t rng
Definition: ffi.h:856
RandomNumberGenerator const std::string & hash_fn
Definition: x509_ca.h:230
secure_vector< uint8_t > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:139
Key_Constraints constraints
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:318
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
const uint8_t * key
Definition: ffi.h:359

References BER_encode(), Botan::choose_sig_format(), Botan::constraints, Botan::CRL_SIGN, hash_fn, key, Botan::KEY_CERT_SIGN, Botan::NO_CONSTRAINTS, rng, and Botan::verify_cert_constraints_valid_for_key_type().

◆ load_key() [1/2]

Public_Key* Botan::X509::load_key ( DataSource &  source)

Definition at line 37 of file x509_key.cpp.

38  {
39  try {
40  AlgorithmIdentifier alg_id;
41  std::vector<uint8_t> key_bits;
42 
44  {
45  BER_Decoder(source)
46  .start_cons(SEQUENCE)
47  .decode(alg_id)
48  .decode(key_bits, BIT_STRING)
49  .end_cons();
50  }
51  else
52  {
53  DataSource_Memory ber(
55  );
56 
57  BER_Decoder(ber)
58  .start_cons(SEQUENCE)
59  .decode(alg_id)
60  .decode(key_bits, BIT_STRING)
61  .end_cons();
62  }
63 
64  if(key_bits.empty())
65  throw Decoding_Error("X.509 public key decoding");
66 
67  return load_public_key(alg_id, key_bits).release();
68  }
69  catch(Decoding_Error& e)
70  {
71  throw Decoding_Error("X.509 public key decoding", e);
72  }
73  }
bool maybe_BER(DataSource &source)
Definition: asn1_obj.cpp:219
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:142
std::unique_ptr< Public_Key > load_public_key(const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
Definition: pk_algs.cpp:83
botan_mp_t botan_mp_t botan_mp_t e
Definition: ffi.h:1098
const botan_hash_t source
Definition: ffi.h:269
secure_vector< uint8_t > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:54
RandomNumberGenerator const std::string AlgorithmIdentifier & alg_id
Definition: x509_ca.h:230

References Botan::alg_id, Botan::BIT_STRING, Botan::PEM_Code::decode_check_label(), e, Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), Botan::SEQUENCE, and source.

Referenced by botan_privkey_export_pubkey(), botan_pubkey_load(), copy_key(), and load_key().

◆ load_key() [2/2]

Public_Key* Botan::X509::load_key ( const std::vector< uint8_t > &  mem)

Definition at line 89 of file x509_key.cpp.

90  {
91  DataSource_Memory source(mem);
92  return X509::load_key(source);
93  }
Public_Key * load_key(const std::vector< uint8_t > &mem)
Definition: x509_key.cpp:89
const botan_hash_t source
Definition: ffi.h:269

References load_key(), and source.

◆ PEM_encode()

std::string Botan::X509::PEM_encode ( const Public_Key &  key)

Definition at line 28 of file x509_key.cpp.

29  {
30  return PEM_Code::encode(key.subject_public_key(),
31  "PUBLIC KEY");
32  }
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43
const uint8_t * key
Definition: ffi.h:359

References Botan::PEM_Code::encode(), and key.

Referenced by botan_pubkey_export(), and copy_key().

Variable Documentation

◆ hash_fn

const Private_Key const std::string & Botan::X509::hash_fn

Definition at line 194 of file x509self.h.

Referenced by create_cert_req(), and create_self_signed_cert().

◆ key

const Private_Key & Botan::X509::key

◆ rng

const Private_Key const std::string RandomNumberGenerator & Botan::X509::rng

Definition at line 194 of file x509self.h.

Referenced by create_cert_req(), and create_self_signed_cert().