doxygen/pkcs10_8cpp_source.html

/*

* PKCS #10

* (C) 1999-2007,2017 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/pkcs10.h>

#include <botan/x509_key.h>

#include <botan/x509_ext.h>

#include <botan/x509cert.h>

#include <botan/ber_dec.h>

#include <botan/der_enc.h>

#include <botan/pubkey.h>

#include <botan/oids.h>

#include <botan/pem.h>


namespace Botan {


struct PKCS10_Data

   {

   X509_DN m_subject_dn;

   std::vector<uint8_t> m_public_key_bits;

   AlternativeName m_alt_name;

   std::string m_challenge;

   Extensions m_extensions;

   };


std::string PKCS10_Request::PEM_label() const

   {

   return "CERTIFICATE REQUEST";

   }


std::vector<std::string> PKCS10_Request::alternate_PEM_labels() const

   {

   return { "NEW CERTIFICATE REQUEST" };

   }


PKCS10_Request::PKCS10_Request(DataSource& src)

   {

   load_data(src);

   }


PKCS10_Request::PKCS10_Request(const std::vector<uint8_t>& vec)

   {

   DataSource_Memory src(vec.data(), vec.size());

   load_data(src);

   }


#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)

PKCS10_Request::PKCS10_Request(const std::string& fsname)

   {

   DataSource_Stream src(fsname, true);

   load_data(src);

   }

#endif


//static

PKCS10_Request PKCS10_Request::create(const Private_Key& key,

                                      const X509_DN& subject_dn,

                                      const Extensions& extensions,

                                      const std::string& hash_fn,

                                      RandomNumberGenerator& rng,

                                      const std::string& padding_scheme,

                                      const std::string& challenge)

   {

   AlgorithmIdentifier sig_algo;

   std::unique_ptr<PK_Signer> signer = choose_sig_format(sig_algo, key, rng, hash_fn, padding_scheme);


   const size_t PKCS10_VERSION = 0;


   DER_Encoder tbs_req;


   tbs_req.start_sequence()

      .encode(PKCS10_VERSION)

      .encode(subject_dn)

      .raw_bytes(key.subject_public_key())

      .start_explicit(0);


   if(challenge.empty() == false)

      {

      std::vector<uint8_t> value;

      DER_Encoder(value).encode(ASN1_String(challenge));

      tbs_req.encode(Attribute("PKCS9.ChallengePassword", value));

      }


   std::vector<uint8_t> extension_req;

   DER_Encoder(extension_req).start_sequence().encode(extensions).end_cons();

   tbs_req.encode(Attribute("PKCS9.ExtensionRequest", extension_req));


   // end the start_explicit above

   tbs_req.end_explicit().end_cons();


   const std::vector<uint8_t> req =

      X509_Object::make_signed(signer.get(), rng, sig_algo,

                               tbs_req.get_contents());


   return PKCS10_Request(req);

   }


/*

* Decode the CertificateRequestInfo

*/

namespace {


std::unique_ptr<PKCS10_Data> decode_pkcs10(const std::vector<uint8_t>& body)

   {

   auto data = std::make_unique<PKCS10_Data>();


   BER_Decoder cert_req_info(body);


   size_t version;

   cert_req_info.decode(version);

   if(version != 0)

      throw Decoding_Error("Unknown version code in PKCS #10 request: " +

                           std::to_string(version));


   cert_req_info.decode(data->m_subject_dn);


   BER_Object public_key = cert_req_info.get_next_object();

   if(public_key.is_a(ASN1_Type::Sequence, ASN1_Class::Constructed) == false)

       throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", public_key.tagging());


   data->m_public_key_bits = ASN1::put_in_sequence(public_key.bits(), public_key.length());


   BER_Object attr_bits = cert_req_info.get_next_object();


   std::set<std::string> pkcs9_email;


   if(attr_bits.is_a(0, ASN1_Class::Constructed | ASN1_Class::ContextSpecific))

      {

      BER_Decoder attributes(attr_bits);

      while(attributes.more_items())

         {

         Attribute attr;

         attributes.decode(attr);


         const OID& oid = attr.get_oid();

         BER_Decoder value(attr.get_parameters());


         if(oid == OID::from_string("PKCS9.EmailAddress"))

            {

            ASN1_String email;

            value.decode(email);

            pkcs9_email.insert(email.value());

            }

         else if(oid == OID::from_string("PKCS9.ChallengePassword"))

            {

            ASN1_String challenge_password;

            value.decode(challenge_password);

            data->m_challenge = challenge_password.value();

            }

         else if(oid == OID::from_string("PKCS9.ExtensionRequest"))

            {

            value.decode(data->m_extensions).verify_end();

            }

         }

      attributes.verify_end();

      }

   else if(attr_bits.is_set())

          throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes", attr_bits.tagging());


   cert_req_info.verify_end();


   if(auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>())

      {

      data->m_alt_name = ext->get_alt_name();

      }


   for(const std::string& email : pkcs9_email)

      {

      data->m_alt_name.add_attribute("RFC882", email);

      }


   return data;

   }


}


void PKCS10_Request::force_decode()

   {

   m_data.reset();


   std::unique_ptr<PKCS10_Data> data = decode_pkcs10(signed_body());


   m_data.reset(data.release());


   if(!this->check_signature(subject_public_key()))

      throw Decoding_Error("PKCS #10 request: Bad signature detected");

   }


const PKCS10_Data& PKCS10_Request::data() const

   {

   if(m_data == nullptr)

      throw Decoding_Error("PKCS10_Request decoding failed");

   return *m_data.get();

   }


/*

* Return the challenge password (if any)

*/

std::string PKCS10_Request::challenge_password() const

   {

   return data().m_challenge;

   }


/*

* Return the name of the requestor

*/

const X509_DN& PKCS10_Request::subject_dn() const

   {

   return data().m_subject_dn;

   }


/*

* Return the public key of the requestor

*/

const std::vector<uint8_t>& PKCS10_Request::raw_public_key() const

   {

   return data().m_public_key_bits;

   }


/*

* Return the public key of the requestor

*/

Public_Key* PKCS10_Request::subject_public_key() const

   {

   DataSource_Memory source(raw_public_key());

   return X509::load_key(source);

   }


/*

* Return the alternative names of the requestor

*/

const AlternativeName& PKCS10_Request::subject_alt_name() const

   {

   return data().m_alt_name;

   }


/*

* Return the X509v3 extensions

*/

const Extensions& PKCS10_Request::extensions() const

   {

   return data().m_extensions;

   }


/*

* Return the key constraints (if any)

*/

Key_Constraints PKCS10_Request::constraints() const

   {

   if(auto ext = extensions().get(OID::from_string("X509v3.KeyUsage")))

      {

      return dynamic_cast<Cert_Extension::Key_Usage&>(*ext).get_constraints();

      }


   return NO_CONSTRAINTS;

   }


/*

* Return the extendend key constraints (if any)

*/

std::vector<OID> PKCS10_Request::ex_constraints() const

   {

   if(auto ext = extensions().get(OID::from_string("X509v3.ExtendedKeyUsage")))

      {

      return dynamic_cast<Cert_Extension::Extended_Key_Usage&>(*ext).get_oids();

      }


   return {};

   }


/*

* Return is a CA certificate is requested

*/

bool PKCS10_Request::is_CA() const

   {

   if(auto ext = extensions().get(OID::from_string("X509v3.BasicConstraints")))

      {

      return dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext).get_is_ca();

      }


   return false;

   }


/*

* Return the desired path limit (if any)

*/

size_t PKCS10_Request::path_limit() const

   {

   if(auto ext = extensions().get(OID::from_string("X509v3.BasicConstraints")))

      {

      Cert_Extension::Basic_Constraints& basic_constraints = dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext);

      if(basic_constraints.get_is_ca())

         {

         return basic_constraints.get_path_limit();

         }

      }


   return 0;

   }


}

Botan::ASN1_String
Definition: asn1_obj.h:396

Botan::ASN1_String::value
const std::string & value() const
Definition: asn1_obj.h:403

Botan::AlgorithmIdentifier
Definition: asn1_obj.h:429

Botan::AlternativeName
Definition: pkix_types.h:125

Botan::Attribute
Definition: pkix_types.h:167

Botan::Attribute::get_oid
const OID & get_oid() const
Definition: pkix_types.h:179

Botan::Attribute::get_parameters
const std::vector< uint8_t > & get_parameters() const
Definition: pkix_types.h:180

Botan::BER_Bad_Tag
Definition: asn1_obj.h:210

Botan::BER_Decoder
Definition: ber_dec.h:22

Botan::BER_Object
Definition: asn1_obj.h:129

Botan::BER_Object::length
size_t length() const
Definition: asn1_obj.h:153

Botan::BER_Object::bits
const uint8_t * bits() const
Definition: asn1_obj.h:151

Botan::BER_Object::is_a
bool is_a(ASN1_Type type_tag, ASN1_Class class_tag) const
Definition: asn1_obj.cpp:71

Botan::BER_Object::tagging
uint32_t tagging() const
Definition: asn1_obj.h:143

Botan::BER_Object::is_set
bool is_set() const
Definition: asn1_obj.h:141

Botan::Cert_Extension::Basic_Constraints
Definition: x509_ext.h:26

Botan::Cert_Extension::Basic_Constraints::get_path_limit
size_t get_path_limit() const
Definition: x509_ext.cpp:296

Botan::Cert_Extension::Basic_Constraints::get_is_ca
bool get_is_ca() const
Definition: x509_ext.h:34

Botan::Cert_Extension::Extended_Key_Usage
Definition: x509_ext.h:199

Botan::Cert_Extension::Extended_Key_Usage::get_oids
const std::vector< OID > & get_oids() const
Definition: x509_ext.h:207

Botan::Cert_Extension::Key_Usage
Definition: x509_ext.h:55

Botan::Cert_Extension::Key_Usage::get_constraints
Key_Constraints get_constraints() const
Definition: x509_ext.h:64

Botan::DER_Encoder
Definition: der_enc.h:23

Botan::DER_Encoder::get_contents
secure_vector< uint8_t > get_contents()
Definition: der_enc.cpp:155

Botan::DER_Encoder::end_explicit
DER_Encoder & end_explicit()
Definition: der_enc.cpp:223

Botan::DER_Encoder::start_explicit
DER_Encoder & start_explicit(uint16_t type_tag)
Definition: der_enc.cpp:209

Botan::DER_Encoder::start_sequence
DER_Encoder & start_sequence()
Definition: der_enc.h:66

Botan::DER_Encoder::raw_bytes
DER_Encoder & raw_bytes(const uint8_t val[], size_t len)
Definition: der_enc.cpp:231

Botan::DER_Encoder::end_cons
DER_Encoder & end_cons()
Definition: der_enc.cpp:194

Botan::DER_Encoder::encode
DER_Encoder & encode(bool b)
Definition: der_enc.cpp:288

Botan::DataSource_Memory
Definition: data_src.h:99

Botan::DataSource_Stream
Definition: data_src.h:144

Botan::DataSource
Definition: data_src.h:22

Botan::Decoding_Error
Definition: exceptn.h:188

Botan::Extensions
Definition: pkix_types.h:404

Botan::OID
Definition: asn1_obj.h:219

Botan::OID::from_string
static OID from_string(const std::string &str)
Definition: asn1_oid.cpp:61

Botan::PKCS10_Request
Definition: pkcs10.h:29

Botan::PKCS10_Request::create
static PKCS10_Request create(const Private_Key &key, const X509_DN &subject_dn, const Extensions &extensions, const std::string &hash_fn, RandomNumberGenerator &rng, const std::string &padding_scheme="", const std::string &challenge="")
Definition: pkcs10.cpp:59

Botan::PKCS10_Request::PKCS10_Request
PKCS10_Request(DataSource &source)
Definition: pkcs10.cpp:39

Botan::PKCS10_Request::subject_public_key
Public_Key * subject_public_key() const
Definition: pkcs10.cpp:226

Botan::PKCS10_Request::subject_dn
const X509_DN & subject_dn() const
Definition: pkcs10.cpp:210

Botan::PKCS10_Request::ex_constraints
std::vector< OID > ex_constraints() const
Definition: pkcs10.cpp:264

Botan::PKCS10_Request::path_limit
size_t path_limit() const
Definition: pkcs10.cpp:290

Botan::PKCS10_Request::raw_public_key
const std::vector< uint8_t > & raw_public_key() const
Definition: pkcs10.cpp:218

Botan::PKCS10_Request::constraints
Key_Constraints constraints() const
Definition: pkcs10.cpp:251

Botan::PKCS10_Request::is_CA
bool is_CA() const
Definition: pkcs10.cpp:277

Botan::PKCS10_Request::subject_alt_name
const AlternativeName & subject_alt_name() const
Definition: pkcs10.cpp:235

Botan::PKCS10_Request::extensions
const Extensions & extensions() const
Definition: pkcs10.cpp:243

Botan::PKCS10_Request::challenge_password
std::string challenge_password() const
Definition: pkcs10.cpp:202

Botan::Private_Key
Definition: pk_keys.h:181

Botan::Public_Key
Definition: pk_keys.h:29

Botan::Public_Key::subject_public_key
std::vector< uint8_t > subject_public_key() const
Definition: pk_keys.cpp:38

Botan::RandomNumberGenerator
Definition: rng.h:26

Botan::X509_DN
Definition: pkix_types.h:42

Botan::X509_Object::signed_body
const std::vector< uint8_t > & signed_body() const
Definition: x509_obj.h:43

Botan::X509_Object::choose_sig_format
static std::unique_ptr< PK_Signer > choose_sig_format(AlgorithmIdentifier &sig_algo, const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, const std::string &padding_algo)
Definition: x509_obj.cpp:411

Botan::X509_Object::make_signed
static std::vector< uint8_t > make_signed(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
Definition: x509_obj.cpp:303

Botan::X509_Object::load_data
void load_data(DataSource &src)
Definition: x509_obj.cpp:52

Botan::X509_Object::check_signature
bool check_signature(const Public_Key &key) const
Definition: x509_obj.cpp:178

Botan::ASN1::put_in_sequence
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
Definition: asn1_obj.cpp:191

Botan::ASN1::to_string
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209

Botan::PKCS11::Attribute
CK_ATTRIBUTE Attribute
Definition: p11.h:847

Botan::X509::load_key
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:29

Botan
Definition: alg_id.cpp:13

Botan::ASN1_Class::ContextSpecific
@ ContextSpecific

Botan::ASN1_Class::Constructed
@ Constructed

Botan::ASN1_Type::Sequence
@ Sequence

Botan::Key_Constraints
Key_Constraints
Definition: pkix_enums.h:102

Botan::NO_CONSTRAINTS
@ NO_CONSTRAINTS
Definition: pkix_enums.h:103