Botan 3.5.0
Crypto and TLS for C&
Botan::X509 Namespace Reference

Functions

std::vector< uint8_t > BER_encode (const Public_Key &key)
 
std::unique_ptr< Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
 
std::unique_ptr< Public_Keyload_key (const std::vector< uint8_t > &enc)
 
std::unique_ptr< Public_Keyload_key (DataSource &source)
 
std::unique_ptr< Public_Keyload_key (std::span< const uint8_t > enc)
 
std::string PEM_encode (const Public_Key &key)
 

Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::X509::BER_encode ( const Public_Key & key)
inline

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 23 of file x509_key.h.

23 {
24 return key.subject_public_key();
25}
std::vector< uint8_t > subject_public_key() const
Definition pk_keys.cpp:48

References Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_der(), create_self_signed_cert(), and Botan::TLS::Certificate_13::Certificate_Entry::serialize().

◆ copy_key()

std::unique_ptr< Public_Key > Botan::X509::copy_key ( const Public_Key & key)
inline

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 78 of file x509_key.h.

78 {
79 DataSource_Memory source(PEM_encode(key));
80 return X509::load_key(source);
81}

References load_key(), and PEM_encode().

◆ create_cert_req()

PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options & opts,
const Private_Key & key,
std::string_view hash_fn,
RandomNumberGenerator & rng )

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 123 of file x509self.cpp.

126 {
127 const auto subject_dn = load_dn_info(opts);
128
129 const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
130
131 if(!constraints.compatible_with(key)) {
132 throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
133 }
134
135 Extensions extensions = opts.extensions;
136
137 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit));
138
139 if(!constraints.empty()) {
140 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints));
141 }
142
143 extensions.replace(create_alt_name_ext(opts, extensions));
144
145 create_alt_name_ext(opts, extensions);
146
147 return PKCS10_Request::create(key, subject_dn, extensions, hash_fn, rng, opts.padding_scheme, opts.challenge);
148}
void replace(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
Definition x509_ext.cpp:177
bool add_new(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
Definition x509_ext.cpp:155
std::string challenge
Definition x509self.h:98
std::string padding_scheme
Definition x509self.h:119

References Botan::Extensions::add_new(), Botan::Key_Constraints::ca_constraints(), Botan::X509_Cert_Options::challenge, Botan::X509_Cert_Options::constraints, Botan::PKCS10_Request::create(), Botan::X509_Cert_Options::extensions, Botan::X509_Cert_Options::is_CA, Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, and Botan::Extensions::replace().

◆ create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options & opts,
const Private_Key & key,
std::string_view hash_fn,
RandomNumberGenerator & rng )

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 83 of file x509self.cpp.

86 {
87 const std::vector<uint8_t> pub_key = X509::BER_encode(key);
88 auto signer = X509_Object::choose_sig_format(key, rng, hash_fn, opts.padding_scheme);
89 const AlgorithmIdentifier sig_algo = signer->algorithm_identifier();
90 BOTAN_ASSERT_NOMSG(sig_algo.oid().has_value());
91
92 const auto subject_dn = load_dn_info(opts);
93
94 Extensions extensions = opts.extensions;
95
96 const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
97
98 if(!constraints.compatible_with(key)) {
99 throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
100 }
101
102 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit), true);
103
104 if(!constraints.empty()) {
105 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints), true);
106 }
107
108 auto skid = std::make_unique<Cert_Extension::Subject_Key_ID>(pub_key, signer->hash_function());
109
110 extensions.add_new(std::make_unique<Cert_Extension::Authority_Key_ID>(skid->get_key_id()));
111 extensions.add_new(std::move(skid));
112
113 extensions.replace(create_alt_name_ext(opts, extensions));
114
115 extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
116
117 return X509_CA::make_cert(*signer, rng, sig_algo, pub_key, opts.start, opts.end, subject_dn, subject_dn, extensions);
118}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
const OID & oid() const
Definition asn1_obj.h:464
bool has_value() const
Definition asn1_obj.h:272
std::vector< OID > ex_constraints
Definition x509self.h:129

References Botan::Extensions::add_new(), BER_encode(), BOTAN_ASSERT_NOMSG, Botan::Key_Constraints::ca_constraints(), Botan::X509_Object::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::OID::has_value(), Botan::X509_Cert_Options::is_CA, Botan::X509_CA::make_cert(), Botan::AlgorithmIdentifier::oid(), Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, Botan::Extensions::replace(), and Botan::X509_Cert_Options::start.

◆ load_key() [1/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( const std::vector< uint8_t > & enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 58 of file x509_key.h.

58 {
59 DataSource_Memory source(enc);
60 return X509::load_key(source);
61}

References load_key().

◆ load_key() [2/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( DataSource & source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 28 of file x509_key.cpp.

28 {
29 try {
31 std::vector<uint8_t> key_bits;
32
33 if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) {
34 BER_Decoder(source).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
35 } else {
36 DataSource_Memory ber(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
37
38 BER_Decoder(ber).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
39 }
40
41 if(key_bits.empty()) {
42 throw Decoding_Error("X.509 public key decoding");
43 }
44
45 return load_public_key(alg_id, key_bits);
46 } catch(Decoding_Error& e) {
47 throw Decoding_Error("X.509 public key decoding", e);
48 }
49}
BER_Decoder & decode(bool &out)
Definition ber_dec.h:186
BER_Decoder & end_cons()
Definition ber_dec.cpp:309
BER_Decoder start_sequence()
Definition ber_dec.h:123
std::unique_ptr< Public_Key > load_public_key(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
Definition pk_algs.cpp:107

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::BER_Decoder::start_sequence().

Referenced by botan_pubkey_load(), Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry(), copy_key(), load_key(), load_key(), Botan::TLS::Session::Session(), Botan::PKCS10_Request::subject_public_key(), and Botan::X509_Certificate::subject_public_key().

◆ load_key() [3/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( std::span< const uint8_t > enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 68 of file x509_key.h.

68 {
69 DataSource_Memory source(enc);
70 return X509::load_key(source);
71}

References load_key().

◆ PEM_encode()

std::string Botan::X509::PEM_encode ( const Public_Key & key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 21 of file x509_key.cpp.

21 {
22 return PEM_Code::encode(key.subject_public_key(), "PUBLIC KEY");
23}

References Botan::PEM_Code::encode(), and Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_pem(), copy_key(), and Botan::X509_Certificate::to_string().