8#include <botan/pkcs10.h>
9#include <botan/x509_key.h>
10#include <botan/x509_ext.h>
11#include <botan/x509cert.h>
12#include <botan/ber_dec.h>
13#include <botan/der_enc.h>
14#include <botan/pubkey.h>
15#include <botan/oids.h>
23 std::vector<uint8_t> m_public_key_bits;
24 AlternativeName m_alt_name;
25 std::string m_challenge;
26 Extensions m_extensions;
29std::string PKCS10_Request::PEM_label()
const
31 return "CERTIFICATE REQUEST";
34std::vector<std::string> PKCS10_Request::alternate_PEM_labels()
const
36 return {
"NEW CERTIFICATE REQUEST" };
50#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
62 const std::string& hash_fn,
64 const std::string& padding_scheme,
65 const std::string& challenge)
68 std::unique_ptr<PK_Signer> signer =
choose_sig_format(sig_algo, key, rng, hash_fn, padding_scheme);
70 const size_t PKCS10_VERSION = 0;
80 if(challenge.empty() ==
false)
82 std::vector<uint8_t> value;
87 std::vector<uint8_t> extension_req;
94 const std::vector<uint8_t> req =
106std::unique_ptr<PKCS10_Data> decode_pkcs10(
const std::vector<uint8_t>& body)
108 auto data = std::make_unique<PKCS10_Data>();
113 cert_req_info.decode(version);
115 throw Decoding_Error(
"Unknown version code in PKCS #10 request: " +
118 cert_req_info.decode(data->m_subject_dn);
120 BER_Object public_key = cert_req_info.get_next_object();
122 throw BER_Bad_Tag(
"PKCS10_Request: Unexpected tag for public key", public_key.
tagging());
126 BER_Object attr_bits = cert_req_info.get_next_object();
128 std::set<std::string> pkcs9_email;
133 while(attributes.more_items())
136 attributes.decode(attr);
145 pkcs9_email.insert(email.
value());
149 ASN1_String challenge_password;
150 value.decode(challenge_password);
151 data->m_challenge = challenge_password.
value();
155 value.decode(data->m_extensions).verify_end();
158 attributes.verify_end();
160 else if(attr_bits.
is_set())
161 throw BER_Bad_Tag(
"PKCS10_Request: Unexpected tag for attributes", attr_bits.
tagging());
163 cert_req_info.verify_end();
165 if(
auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::Subject_Alternative_Name>())
167 data->m_alt_name = ext->get_alt_name();
170 for(
const std::string& email : pkcs9_email)
172 data->m_alt_name.add_attribute(
"RFC882", email);
180void PKCS10_Request::force_decode()
184 std::unique_ptr<PKCS10_Data> data = decode_pkcs10(
signed_body());
186 m_data.reset(data.release());
189 throw Decoding_Error(
"PKCS #10 request: Bad signature detected");
192const PKCS10_Data& PKCS10_Request::data()
const
194 if(m_data ==
nullptr)
195 throw Decoding_Error(
"PKCS10_Request decoding failed");
196 return *m_data.get();
204 return data().m_challenge;
212 return data().m_subject_dn;
220 return data().m_public_key_bits;
237 return data().m_alt_name;
245 return data().m_extensions;
const std::string & value() const
const OID & get_oid() const
const std::vector< uint8_t > & get_parameters() const
const uint8_t * bits() const
bool is_a(ASN1_Type type_tag, ASN1_Class class_tag) const
size_t get_path_limit() const
const std::vector< OID > & get_oids() const
Key_Constraints get_constraints() const
secure_vector< uint8_t > get_contents()
DER_Encoder & end_explicit()
DER_Encoder & start_explicit(uint16_t type_tag)
DER_Encoder & start_sequence()
DER_Encoder & raw_bytes(const uint8_t val[], size_t len)
DER_Encoder & encode(bool b)
static OID from_string(const std::string &str)
static PKCS10_Request create(const Private_Key &key, const X509_DN &subject_dn, const Extensions &extensions, const std::string &hash_fn, RandomNumberGenerator &rng, const std::string &padding_scheme="", const std::string &challenge="")
PKCS10_Request(DataSource &source)
Public_Key * subject_public_key() const
const X509_DN & subject_dn() const
std::vector< OID > ex_constraints() const
size_t path_limit() const
const std::vector< uint8_t > & raw_public_key() const
Key_Constraints constraints() const
const AlternativeName & subject_alt_name() const
const Extensions & extensions() const
std::string challenge_password() const
std::vector< uint8_t > subject_public_key() const
const std::vector< uint8_t > & signed_body() const
static std::unique_ptr< PK_Signer > choose_sig_format(AlgorithmIdentifier &sig_algo, const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, const std::string &padding_algo)
static std::vector< uint8_t > make_signed(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &tbs)
void load_data(DataSource &src)
bool check_signature(const Public_Key &key) const
std::vector< uint8_t > put_in_sequence(const std::vector< uint8_t > &contents)
std::string to_string(const BER_Object &obj)
Public_Key * load_key(DataSource &source)