Botan 3.8.1
Crypto and TLS for C&
Functions
Botan::X509 Namespace Reference

Functions

std::vector< uint8_t > BER_encode (const Public_Key &key)
 
std::unique_ptr< Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
 
std::unique_ptr< Public_Keyload_key (const std::vector< uint8_t > &enc)
 
std::unique_ptr< Public_Keyload_key (DataSource &source)
 
std::unique_ptr< Public_Keyload_key (std::span< const uint8_t > enc)
 
std::string PEM_encode (const Public_Key &key)
 

Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::X509::BER_encode ( const Public_Key & key)
inline

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 24 of file x509_key.h.

24 {
25 return key.subject_public_key();
26}
Botan::Public_Key::subject_public_key
std::vector< uint8_t > subject_public_key() const
Definition pk_keys.cpp:56

References Botan::Public_Key::subject_public_key().

Referenced by create_self_signed_cert(), and Botan::TLS::Certificate_13::Certificate_Entry::serialize().

◆ copy_key()

std::unique_ptr< Public_Key > Botan::X509::copy_key ( const Public_Key & key)
inline

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 79 of file x509_key.h.

79 {
80 DataSource_Memory source(PEM_encode(key));
81 return X509::load_key(source);
82}
Botan::DataSource_Memory
Definition data_src.h:101
Botan::X509::load_key
std::unique_ptr< Public_Key > load_key(DataSource &source)
Definition x509_key.cpp:28
Botan::X509::PEM_encode
std::string PEM_encode(const Public_Key &key)
Definition x509_key.cpp:21

References load_key(), and PEM_encode().

◆ create_cert_req()

PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options & opts,
const Private_Key & key,
std::string_view hash_fn,
RandomNumberGenerator & rng )

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 124 of file x509self.cpp.

127 {
128 const auto subject_dn = load_dn_info(opts);
129
130 const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
131
132 if(!constraints.compatible_with(key)) {
133 throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
134 }
135
136 Extensions extensions = opts.extensions;
137
138 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit));
139
140 if(!constraints.empty()) {
141 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints));
142 }
143
144 extensions.replace(create_alt_name_ext(opts, extensions));
145
146 if(!opts.ex_constraints.empty()) {
147 extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
148 }
149
150 return PKCS10_Request::create(key, subject_dn, extensions, hash_fn, rng, opts.padding_scheme, opts.challenge);
151}
Botan::Extensions::replace
void replace(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
Definition x509_ext.cpp:172
Botan::Extensions::add_new
bool add_new(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
Definition x509_ext.cpp:150
Botan::Invalid_Argument
Definition exceptn.h:131
Botan::Key_Constraints::ca_constraints
static Key_Constraints ca_constraints()
Definition pkix_enums.h:155
Botan::PKCS10_Request::create
static PKCS10_Request create(const Private_Key &key, const X509_DN &subject_dn, const Extensions &extensions, std::string_view hash_fn, RandomNumberGenerator &rng, std::string_view padding_scheme="", std::string_view challenge="")
Definition pkcs10.cpp:53
Botan::X509_Cert_Options::ex_constraints
std::vector< OID > ex_constraints
Definition x509self.h:129
Botan::X509_Cert_Options::is_CA
bool is_CA
Definition x509self.h:112
Botan::X509_Cert_Options::extensions
Extensions extensions
Definition x509self.h:134
Botan::X509_Cert_Options::path_limit
size_t path_limit
Definition x509self.h:117
Botan::X509_Cert_Options::challenge
std::string challenge
Definition x509self.h:98
Botan::X509_Cert_Options::padding_scheme
std::string padding_scheme
Definition x509self.h:119

References Botan::Extensions::add_new(), Botan::Key_Constraints::ca_constraints(), Botan::X509_Cert_Options::challenge, Botan::X509_Cert_Options::constraints, Botan::PKCS10_Request::create(), Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::X509_Cert_Options::is_CA, Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, and Botan::Extensions::replace().

◆ create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options & opts,
const Private_Key & key,
std::string_view hash_fn,
RandomNumberGenerator & rng )

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 84 of file x509self.cpp.

87 {
88 const std::vector<uint8_t> pub_key = X509::BER_encode(key);
89 auto signer = X509_Object::choose_sig_format(key, rng, hash_fn, opts.padding_scheme);
90 const AlgorithmIdentifier sig_algo = signer->algorithm_identifier();
91 BOTAN_ASSERT_NOMSG(sig_algo.oid().has_value());
92
93 const auto subject_dn = load_dn_info(opts);
94
95 Extensions extensions = opts.extensions;
96
97 const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
98
99 if(!constraints.compatible_with(key)) {
100 throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
101 }
102
103 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit), true);
104
105 if(!constraints.empty()) {
106 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints), true);
107 }
108
109 auto skid = std::make_unique<Cert_Extension::Subject_Key_ID>(pub_key, signer->hash_function());
110
111 extensions.add_new(std::make_unique<Cert_Extension::Authority_Key_ID>(skid->get_key_id()));
112 extensions.add_new(std::move(skid));
113
114 extensions.replace(create_alt_name_ext(opts, extensions));
115
116 extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
117
118 return X509_CA::make_cert(*signer, rng, sig_algo, pub_key, opts.start, opts.end, subject_dn, subject_dn, extensions);
119}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:61
Botan::AlgorithmIdentifier::oid
const OID & oid() const
Definition asn1_obj.h:472
Botan::OID::has_value
bool has_value() const
Definition asn1_obj.h:272
Botan::X509_CA::make_cert
static X509_Certificate make_cert(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const std::vector< uint8_t > &pub_key, const X509_Time &not_before, const X509_Time &not_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
Definition x509_ca.cpp:109
Botan::X509_Cert_Options::end
X509_Time end
Definition x509self.h:107
Botan::X509_Cert_Options::start
X509_Time start
Definition x509self.h:103
Botan::X509_Object::choose_sig_format
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
Definition x509_obj.cpp:209
Botan::X509::BER_encode
std::vector< uint8_t > BER_encode(const Public_Key &key)
Definition x509_key.h:24

References Botan::Extensions::add_new(), BER_encode(), BOTAN_ASSERT_NOMSG, Botan::Key_Constraints::ca_constraints(), Botan::X509_Object::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::OID::has_value(), Botan::X509_Cert_Options::is_CA, Botan::X509_CA::make_cert(), Botan::AlgorithmIdentifier::oid(), Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, Botan::Extensions::replace(), and Botan::X509_Cert_Options::start.

◆ load_key() [1/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( const std::vector< uint8_t > & enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 59 of file x509_key.h.

59 {
60 DataSource_Memory source(enc);
61 return X509::load_key(source);
62}

References load_key().

◆ load_key() [2/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( DataSource & source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 28 of file x509_key.cpp.

28 {
29 try {
30 AlgorithmIdentifier alg_id;
31 std::vector<uint8_t> key_bits;
32
33 if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) {
34 BER_Decoder(source).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
35 } else {
36 DataSource_Memory ber(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
37
38 BER_Decoder(ber).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
39 }
40
41 if(key_bits.empty()) {
42 throw Decoding_Error("X.509 public key decoding");
43 }
44
45 return load_public_key(alg_id, key_bits);
46 } catch(Decoding_Error& e) {
47 throw Decoding_Error("X.509 public key decoding", e);
48 }
49}
Botan::BER_Decoder
Definition ber_dec.h:21
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:185
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition ber_dec.cpp:309
Botan::BER_Decoder::start_sequence
BER_Decoder start_sequence()
Definition ber_dec.h:122
Botan::ASN1::maybe_BER
bool maybe_BER(DataSource &source)
Definition asn1_obj.cpp:192
Botan::PEM_Code::decode_check_label
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
Botan::PEM_Code::matches
bool matches(DataSource &source, std::string_view extra, size_t search_range)
Definition pem.cpp:137
Botan::load_public_key
std::unique_ptr< Public_Key > load_public_key(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
Definition pk_algs.cpp:124

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::BER_Decoder::start_sequence().

Referenced by botan_pubkey_load(), Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry(), copy_key(), load_key(), load_key(), Botan::TLS::Session::Session(), Botan::PKCS10_Request::subject_public_key(), and Botan::X509_Certificate::subject_public_key().

◆ load_key() [3/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( std::span< const uint8_t > enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 69 of file x509_key.h.

69 {
70 DataSource_Memory source(enc);
71 return X509::load_key(source);
72}

References load_key().

◆ PEM_encode()

std::string Botan::X509::PEM_encode ( const Public_Key & key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 21 of file x509_key.cpp.

21 {
22 return PEM_Code::encode(key.subject_public_key(), "PUBLIC KEY");
23}
Botan::PEM_Code::encode
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39

References Botan::PEM_Code::encode(), and Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_pem(), copy_key(), and Botan::X509_Certificate::to_string().

Generated by doxygen 1.13.2