Botan::X509 Namespace Reference

Functions
std::vector< uint8_t >	BER_encode (const Public_Key &key)
std::unique_ptr< Public_Key >	copy_key (const Public_Key &key)
PKCS10_Request	create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
X509_Certificate	create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
std::unique_ptr< Public_Key >	load_key (const std::vector< uint8_t > &enc)
std::unique_ptr< Public_Key >	load_key (DataSource &source)
std::unique_ptr< Public_Key >	load_key (std::span< const uint8_t > enc)
std::string	PEM_encode (const Public_Key &key)

Function Documentation

BER_encode()

std::vector< uint8_t > Botan::X509::BER_encode ( const Public_Key & key )

inline

BER encode a key

Parameters

key	the public key to encode

Returns

BER encoding of this key

Definition at line 23 of file x509_key.h.

                                                            {
   return key.subject_public_key();
}

References Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_der(), create_self_signed_cert(), and Botan::TLS::Certificate_13::Certificate_Entry::serialize().

copy_key()

std::unique_ptr< Public_Key > Botan::X509::copy_key ( const Public_Key & key )

inline

Copy a key.

Parameters

key	the public key to copy

Returns

new public key object

Definition at line 78 of file x509_key.h.

                                                                 {
   DataSource_Memory source(PEM_encode(key));
   return X509::load_key(source);
}

References load_key(), and PEM_encode().

create_cert_req()

PKCS10_Request Botan::X509::create_cert_req	(	const X509_Cert_Options &	opts,
		const Private_Key &	key,
		std::string_view	hash_fn,
		RandomNumberGenerator &	rng )

Create a PKCS#10 certificate request.

Parameters

opts	the options defining the request to create
key	the key used to sign this request
rng	the rng to use
hash_fn	the hash function to use

Returns

newly created PKCS#10 request

Definition at line 92 of file x509self.cpp.

                                                           {
   X509_DN subject_dn;
   AlternativeName subject_alt;
   load_info(opts, subject_dn, subject_alt);
 
   const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
 
   if(!constraints.compatible_with(key)) {
      throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
   }
 
   Extensions extensions = opts.extensions;
 
   extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit));
 
   if(!constraints.empty()) {
      extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints));
   }
 
   extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
   extensions.add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
 
   return PKCS10_Request::create(key, subject_dn, extensions, hash_fn, rng, opts.padding_scheme, opts.challenge);
}

References Botan::Extensions::add_new(), Botan::Key_Constraints::ca_constraints(), Botan::X509_Cert_Options::challenge, Botan::X509_Cert_Options::constraints, Botan::PKCS10_Request::create(), Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::X509_Cert_Options::is_CA, Botan::X509_Cert_Options::padding_scheme, and Botan::X509_Cert_Options::path_limit.

create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert	(	const X509_Cert_Options &	opts,
		const Private_Key &	key,
		std::string_view	hash_fn,
		RandomNumberGenerator &	rng )

Create a self-signed X.509 certificate.

Parameters

opts	the options defining the certificate to create
key	the private key used for signing, i.e. the key associated with this self-signed certificate
hash_fn	the hash function to use
rng	the rng to use

Returns

newly created self-signed certificate

Definition at line 50 of file x509self.cpp.

                                                                     {
   const std::vector<uint8_t> pub_key = X509::BER_encode(key);
   auto signer = X509_Object::choose_sig_format(key, rng, hash_fn, opts.padding_scheme);
   const AlgorithmIdentifier sig_algo = signer->algorithm_identifier();
   BOTAN_ASSERT_NOMSG(sig_algo.oid().has_value());
 
   X509_DN subject_dn;
   AlternativeName subject_alt;
   load_info(opts, subject_dn, subject_alt);
 
   Extensions extensions = opts.extensions;
 
   const auto constraints = opts.is_CA ? Key_Constraints::ca_constraints() : opts.constraints;
 
   if(!constraints.compatible_with(key)) {
      throw Invalid_Argument("The requested key constraints are incompatible with the algorithm");
   }
 
   extensions.add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.is_CA, opts.path_limit), true);
 
   if(!constraints.empty()) {
      extensions.add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints), true);
   }
 
   auto skid = std::make_unique<Cert_Extension::Subject_Key_ID>(pub_key, signer->hash_function());
 
   extensions.add_new(std::make_unique<Cert_Extension::Authority_Key_ID>(skid->get_key_id()));
   extensions.add_new(std::move(skid));
 
   extensions.add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
 
   extensions.add_new(std::make_unique<Cert_Extension::Extended_Key_Usage>(opts.ex_constraints));
 
   return X509_CA::make_cert(*signer, rng, sig_algo, pub_key, opts.start, opts.end, subject_dn, subject_dn, extensions);
}

References Botan::Extensions::add_new(), BER_encode(), BOTAN_ASSERT_NOMSG, Botan::Key_Constraints::ca_constraints(), Botan::X509_Object::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::OID::has_value(), Botan::X509_Cert_Options::is_CA, Botan::X509_CA::make_cert(), Botan::AlgorithmIdentifier::oid(), Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, and Botan::X509_Cert_Options::start.

load_key() [1/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( const std::vector< uint8_t > & enc )

inline

Create a public key from a memory region.

Parameters

enc	the memory region containing the DER or PEM encoded key

Returns

new public key object

Definition at line 58 of file x509_key.h.

                                                                         {
   DataSource_Memory source(enc);
   return X509::load_key(source);
}

References load_key().

load_key() [2/3]

std::unique_ptr< Public_Key > Botan::X509::load_key

(

DataSource &

source

)

Create a public key from a data source.

Parameters

source

the source providing the DER or PEM encoded key

Returns

new public key object

Definition at line 28 of file x509_key.cpp.

                                                       {
   try {
      AlgorithmIdentifier alg_id;
      std::vector<uint8_t> key_bits;
 
      if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) {
         BER_Decoder(source).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
      } else {
         DataSource_Memory ber(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
 
         BER_Decoder(ber).start_sequence().decode(alg_id).decode(key_bits, ASN1_Type::BitString).end_cons();
      }
 
      if(key_bits.empty()) {
         throw Decoding_Error("X.509 public key decoding");
      }
 
      return load_public_key(alg_id, key_bits);
   } catch(Decoding_Error& e) {
      throw Decoding_Error("X.509 public key decoding", e);
   }
}

References Botan::BitString, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), and Botan::BER_Decoder::start_sequence().

Referenced by botan_pubkey_load(), Botan::TLS::Certificate_13::Certificate_Entry::Certificate_Entry(), copy_key(), load_key(), load_key(), Botan::TLS::Session::Session(), Botan::PKCS10_Request::subject_public_key(), and Botan::X509_Certificate::subject_public_key().

load_key() [3/3]

std::unique_ptr< Public_Key > Botan::X509::load_key ( std::span< const uint8_t > enc )

inline

Create a public key from a memory region.

Parameters

enc	the memory region containing the DER or PEM encoded key

Returns

new public key object

Definition at line 68 of file x509_key.h.

                                                                      {
   DataSource_Memory source(enc);
   return X509::load_key(source);
}

References load_key().

PEM_encode()

std::string Botan::X509::PEM_encode

(

const Public_Key &

key

)

PEM encode a public key into a string.

Parameters

key	the key to encode

Returns

PEM encoded key

Definition at line 21 of file x509_key.cpp.

                                            {
   return PEM_Code::encode(key.subject_public_key(), "PUBLIC KEY");
}

References Botan::PEM_Code::encode(), and Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_view_pem(), copy_key(), and Botan::X509_Certificate::to_string().