Botan 3.3.0
Crypto and TLS for C&
Functions
Botan::X509 Namespace Reference

Functions

std::vector< uint8_t > BER_encode (const Public_Key &key)
 
std::unique_ptr< Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
 
std::unique_ptr< Public_Keyload_key (const std::vector< uint8_t > &enc)
 
std::unique_ptr< Public_Keyload_key (DataSource &source)
 
std::unique_ptr< Public_Keyload_key (std::span< const uint8_t > enc)
 
std::string PEM_encode (const Public_Key &key)
 

Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::X509::BER_encode ( const Public_Key & key)
inline

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 23 of file x509_key.h.

23 {
24 return key.subject_public_key();
25}
std::vector< uint8_t > subject_public_key() const
Definition pk_keys.cpp:48

References Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_der(), create_self_signed_cert(), and Botan::TLS::Certificate_13::Certificate_Entry::serialize().

◆ copy_key()

std::unique_ptr< Public_Key > Botan::X509::copy_key ( const Public_Key & key)
inline

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 78 of file x509_key.h.

78 {
79 DataSource_Memory source(PEM_encode(key));
80 return X509::load_key(source);
81}

References load_key(), and PEM_encode().

◆ create_cert_req()

PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options & opts,
const Private_Key & key,
std::string_view hash_fn,
RandomNumberGenerator & rng )

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 92 of file x509self.cpp.

95 {
96 X509_DN subject_dn;
97 AlternativeName subject_alt;
98 load_info(opts, subject_dn, subject_alt);
99
100 const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
101
102 if(!constraints.compatible_with(key)) {
103 throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
104 }
105
106 Extensions extensions = opts.extensions;
107
108 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit));
109
110 if(!constraints.empty()) {
111 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints));
112 }
113
114 extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
115 extensions.add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
116
117 return PKCS10_Request::create(key, subject_dn, extensions, hash_fn, rng, opts.padding_scheme, opts.challenge);
118}
bool add_new(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
Definition x509_ext.cpp:137
std::vector< OID > ex_constraints
Definition x509self.h:129
std::string challenge
Definition x509self.h:98
std::string padding_scheme
Definition x509self.h:119

References Botan::Extensions::add_new(), Botan::Key_Constraints::ca_constraints(), Botan::X509_Cert_Options::challenge, Botan::X509_Cert_Options::constraints, Botan::PKCS10_Request::create(), Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::X509_Cert_Options::is_CA, Botan::X509_Cert_Options::padding_scheme, and Botan::X509_Cert_Options::path_limit.

◆ create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options & opts,
const Private_Key & key,
std::string_view hash_fn,
RandomNumberGenerator & rng )

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 50 of file x509self.cpp.

53 {
54 const std::vector<uint8_t> pub_key = X509::BER_encode(key);
55 auto signer = X509_Object::choose_sig_format(key, rng, hash_fn, opts.padding_scheme);
56 const AlgorithmIdentifier sig_algo = signer->algorithm_identifier();
57 BOTAN_ASSERT_NOMSG(sig_algo.oid().has_value());
58
59 X509_DN subject_dn;
60 AlternativeName subject_alt;
61 load_info(opts, subject_dn, subject_alt);
62
63 Extensions extensions = opts.extensions;
64
65 const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
66
67 if(!constraints.compatible_with(key)) {
68 throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
69 }
70
71 extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit), true);
72
73 if(!constraints.empty()) {
74 extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints), true);
75 }
76
77 auto skid = std::make_unique<Cert_Extension::Subject_Key_ID>(pub_key, signer->hash_function());
78
79 extensions.add_new(std::make_unique<Cert_Extension::Authority_Key_ID>(skid->get_key_id()));
80 extensions.add_new(std::move(skid));
81
82 extensions.add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
83
84 extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
85
86 return X509_CA::make_cert(*signer, rng, sig_algo, pub_key, opts.start, opts.end, subject_dn, subject_dn, extensions);
87}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
const OID & oid() const
Definition asn1_obj.h:455
bool has_value() const
Definition asn1_obj.h:271

References Botan::Extensions::add_new(), BER_encode(), BOTAN_ASSERT_NOMSG, Botan::Key_Constraints::ca_constraints(), Botan::X509_Object::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::OID::has_value(), Botan::X509_Cert_Options::is_CA, Botan::X509_CA::make_cert(), Botan::AlgorithmIdentifier::oid(), Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, and Botan::X509_Cert_Options::start.

◆ load_key() [1/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( const std::vector< uint8_t > & enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 58 of file x509_key.h.

58 {
59 DataSource_Memory source(enc);
60 return X509::load_key(source);
61}

References load_key().

◆ load_key() [2/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( DataSource & source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 28 of file x509_key.cpp.

28 {
29 try {
31 std::vector<uint8_t> key_bits;
32
33 if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) {
34 BER_Decoder(source).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
35 } else {
36 DataSource_Memory ber(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
37
38 BER_Decoder(ber).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
39 }
40
41 if(key_bits.empty()) {
42 throw Decoding_Error("X.509 public key decoding");
43 }
44
45 return load_public_key(alg_id, key_bits);
46 } catch(Decoding_Error& e) {
47 throw Decoding_Error("X.509 public key decoding", e);
48 }
49}
BER_Decoder & decode(bool &out)
Definition ber_dec.h:176
BER_Decoder & end_cons()
Definition ber_dec.cpp:295
BER_Decoder start_sequence()
Definition ber_dec.h:113
std::unique_ptr< Public_Key > load_public_key(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
Definition pk_algs.cpp:95

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::BER_Decoder::start_sequence().

Referenced by botan_pubkey_load(), Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry(), copy_key(), load_key(), load_key(), Botan::TLS::Session::Session(), Botan::PKCS10_Request::subject_public_key(), and Botan::X509_Certificate::subject_public_key().

◆ load_key() [3/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( std::span< const uint8_t > enc)
inline

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 68 of file x509_key.h.

68 {
69 DataSource_Memory source(enc);
70 return X509::load_key(source);
71}

References load_key().

◆ PEM_encode()

std::string Botan::X509::PEM_encode ( const Public_Key & key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 21 of file x509_key.cpp.

21 {
22 return PEM_Code::encode(key.subject_public_key(), "PUBLIC KEY");
23}

References Botan::PEM_Code::encode(), and Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_pem(), copy_key(), and Botan::X509_Certificate::to_string().