Botan 3.0.0-alpha0
Crypto and TLS for C&
Functions
Botan::X509 Namespace Reference

Functions

std::vector< uint8_t > BER_encode (const Public_Key &key)
 
Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
Public_Keyload_key (const std::vector< uint8_t > &enc)
 
Public_Keyload_key (DataSource &source)
 
std::string PEM_encode (const Public_Key &key)
 

Detailed Description

This namespace contains functions for handling X.509 public keys

Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::X509::BER_encode ( const Public_Key key)
inline

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 28 of file x509_key.h.

29 {
30 return key.subject_public_key();
31 }
std::vector< uint8_t > subject_public_key() const
Definition: pk_keys.cpp:38

References Botan::Public_Key::subject_public_key().

Referenced by botan_privkey_export_pubkey(), botan_pubkey_export(), and create_self_signed_cert().

◆ copy_key()

Public_Key * Botan::X509::copy_key ( const Public_Key key)
inline

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 76 of file x509_key.h.

77 {
78 DataSource_Memory source(PEM_encode(key));
79 return X509::load_key(source);
80 }
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:137
Public_Key * load_key(const std::vector< uint8_t > &enc)
Definition: x509_key.h:65

References load_key(), and PEM_encode().

◆ create_cert_req()

PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options opts,
const Private_Key key,
const std::string &  hash_fn,
RandomNumberGenerator rng 
)

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 110 of file x509self.cpp.

114 {
115 X509_DN subject_dn;
116 AlternativeName subject_alt;
117 load_info(opts, subject_dn, subject_alt);
118
119 Key_Constraints constraints;
120 if(opts.is_CA)
121 {
122 constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
123 }
124 else
125 {
127 constraints = opts.constraints;
128 }
129
130 Extensions extensions = opts.extensions;
131
132 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit));
133
134 if(constraints != NO_CONSTRAINTS)
135 {
136 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints));
137 }
138 extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
139 extensions.add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
140
141 return PKCS10_Request::create(key,
142 subject_dn,
143 extensions,
144 hash_fn,
145 rng,
146 opts.padding_scheme,
147 opts.challenge);
148 }
bool add_new(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
Definition: x509_ext.cpp:133
std::vector< OID > ex_constraints
Definition: x509self.h:130
Key_Constraints constraints
Definition: x509self.h:125
std::string challenge
Definition: x509self.h:99
std::string padding_scheme
Definition: x509self.h:120
@ NO_CONSTRAINTS
Definition: ffi.h:1576
@ CRL_SIGN
Definition: ffi.h:1583
@ KEY_CERT_SIGN
Definition: ffi.h:1582
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
Key_Constraints
Definition: pkix_enums.h:102

References Botan::Extensions::add_new(), Botan::X509_Cert_Options::challenge, Botan::X509_Cert_Options::constraints, Botan::PKCS10_Request::create(), Botan::CRL_SIGN, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::NO_CONSTRAINTS, Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, and Botan::verify_cert_constraints_valid_for_key_type().

◆ create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options opts,
const Private_Key key,
const std::string &  hash_fn,
RandomNumberGenerator rng 
)

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 51 of file x509self.cpp.

55 {
56 AlgorithmIdentifier sig_algo;
57 X509_DN subject_dn;
58 AlternativeName subject_alt;
59
60 // for now, only the padding option is used
61 std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };
62
63 const std::vector<uint8_t> pub_key = X509::BER_encode(key);
64 std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));
66 load_info(opts, subject_dn, subject_alt);
67
68 Extensions extensions = opts.extensions;
69
70 Key_Constraints constraints;
71 if(opts.is_CA)
72 {
73 constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
74 }
75 else
76 {
78 constraints = opts.constraints;
79 }
80
81 extensions.add_new(
82 std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit),
83 true);
84
85 if(constraints != NO_CONSTRAINTS)
86 {
87 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints), true);
88 }
89
90 std::unique_ptr<Cert_Extension::Subject_Key_ID> skid(std::make_unique<Cert_Extension::Subject_Key_ID>(pub_key, hash_fn));
91
92 extensions.add_new(std::make_unique<Cert_Extension::Authority_Key_ID>(skid->get_key_id()));
93 extensions.add_new(std::move(skid));
94
95 extensions.add_new(
96 std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
97
98 extensions.add_new(
99 std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
100
101 return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
102 opts.start, opts.end,
103 subject_dn, subject_dn,
104 extensions);
105 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
const OID & get_oid() const
Definition: asn1_obj.h:447
bool has_value() const
Definition: asn1_obj.h:263
std::vector< uint8_t > BER_encode(const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds msec, const std::string &pbe_algo)
Definition: pkcs8.cpp:189
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:318

References Botan::Extensions::add_new(), BER_encode(), BOTAN_ASSERT_NOMSG, Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::AlgorithmIdentifier::get_oid(), Botan::OID::has_value(), Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_CA::make_cert(), Botan::NO_CONSTRAINTS, Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, Botan::X509_Cert_Options::start, and Botan::verify_cert_constraints_valid_for_key_type().

◆ load_key() [1/2]

Public_Key * Botan::X509::load_key ( const std::vector< uint8_t > &  enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 65 of file x509_key.h.

66 {
67 DataSource_Memory source(enc);
68 return X509::load_key(source);
69 }

References load_key().

◆ load_key() [2/2]

Public_Key * Botan::X509::load_key ( DataSource source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 29 of file x509_key.cpp.

30 {
31 try {
33 std::vector<uint8_t> key_bits;
34
35 if(ASN1::maybe_BER(source) && !PEM_Code::matches(source))
36 {
37 BER_Decoder(source)
39 .decode(alg_id)
40 .decode(key_bits, ASN1_Type::BitString)
41 .end_cons();
42 }
43 else
44 {
46 PEM_Code::decode_check_label(source, "PUBLIC KEY")
47 );
48
49 BER_Decoder(ber)
51 .decode(alg_id)
52 .decode(key_bits, ASN1_Type::BitString)
53 .end_cons();
54 }
55
56 if(key_bits.empty())
57 throw Decoding_Error("X.509 public key decoding");
58
59 return load_public_key(alg_id, key_bits).release();
60 }
61 catch(Decoding_Error& e)
62 {
63 throw Decoding_Error("X.509 public key decoding", e);
64 }
65 }
BER_Decoder & decode(bool &out)
Definition: ber_dec.h:187
BER_Decoder & end_cons()
Definition: ber_dec.cpp:303
BER_Decoder start_sequence()
Definition: ber_dec.h:111
bool maybe_BER(DataSource &source)
Definition: asn1_obj.cpp:218
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:140
secure_vector< uint8_t > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:52
std::unique_ptr< Public_Key > load_public_key(const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
Definition: pk_algs.cpp:78

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::BER_Decoder::start_sequence().

Referenced by botan_privkey_export_pubkey(), botan_pubkey_load(), copy_key(), load_key(), Botan::X509_Certificate::load_subject_public_key(), and Botan::PKCS10_Request::subject_public_key().

◆ PEM_encode()

std::string Botan::X509::PEM_encode ( const Public_Key key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 20 of file x509_key.cpp.

21 {
23 "PUBLIC KEY");
24 }
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:41

References Botan::PEM_Code::encode(), and Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_export(), copy_key(), and Botan::X509_Certificate::to_string().