Botan  1.11.34
Crypto and TLS for C++11
pkcs10.cpp
Go to the documentation of this file.
1 /*
2 * PKCS #10
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/pkcs10.h>
9 #include <botan/x509_ext.h>
10 #include <botan/x509cert.h>
11 #include <botan/der_enc.h>
12 #include <botan/ber_dec.h>
13 #include <botan/parsing.h>
14 #include <botan/oids.h>
15 #include <botan/pem.h>
16 
17 namespace Botan {
18 
19 /*
20 * PKCS10_Request Constructor
21 */
23  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
24  {
25  do_decode();
26  }
27 
28 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
29 /*
30 * PKCS10_Request Constructor
31 */
32 PKCS10_Request::PKCS10_Request(const std::string& fsname) :
33  X509_Object(fsname, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
34  {
35  do_decode();
36  }
37 #endif
38 
39 /*
40 * PKCS10_Request Constructor
41 */
42 PKCS10_Request::PKCS10_Request(const std::vector<byte>& in) :
43  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
44  {
45  do_decode();
46  }
47 
48 /*
49 * Deocde the CertificateRequestInfo
50 */
51 void PKCS10_Request::force_decode()
52  {
53  BER_Decoder cert_req_info(m_tbs_bits);
54 
55  size_t version;
56  cert_req_info.decode(version);
57  if(version != 0)
58  throw Decoding_Error("Unknown version code in PKCS #10 request: " +
59  std::to_string(version));
60 
61  X509_DN dn_subject;
62  cert_req_info.decode(dn_subject);
63 
64  m_info.add(dn_subject.contents());
65 
66  BER_Object public_key = cert_req_info.get_next_object();
67  if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
68  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
69  public_key.type_tag, public_key.class_tag);
70 
71  m_info.add("X509.Certificate.public_key",
73  ASN1::put_in_sequence(unlock(public_key.value)),
74  "PUBLIC KEY"
75  )
76  );
77 
78  BER_Object attr_bits = cert_req_info.get_next_object();
79 
80  if(attr_bits.type_tag == 0 &&
82  {
83  BER_Decoder attributes(attr_bits.value);
84  while(attributes.more_items())
85  {
86  Attribute attr;
87  attributes.decode(attr);
88  handle_attribute(attr);
89  }
90  attributes.verify_end();
91  }
92  else if(attr_bits.type_tag != NO_OBJECT)
93  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
94  attr_bits.type_tag, attr_bits.class_tag);
95 
96  cert_req_info.verify_end();
97 
99  throw Decoding_Error("PKCS #10 request: Bad signature detected");
100  }
101 
102 /*
103 * Handle attributes in a PKCS #10 request
104 */
105 void PKCS10_Request::handle_attribute(const Attribute& attr)
106  {
107  BER_Decoder value(attr.parameters);
108 
109  if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
110  {
111  ASN1_String email;
112  value.decode(email);
113  m_info.add("RFC822", email.value());
114  }
115  else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
116  {
118  value.decode(challenge_password);
119  m_info.add("PKCS9.ChallengePassword", challenge_password.value());
120  }
121  else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
122  {
123  Extensions extensions;
124  value.decode(extensions).verify_end();
125 
126  Data_Store issuer_info;
127  extensions.contents_to(m_info, issuer_info);
128  }
129  }
130 
131 /*
132 * Return the challenge password (if any)
133 */
135  {
136  return m_info.get1("PKCS9.ChallengePassword");
137  }
138 
139 /*
140 * Return the name of the requestor
141 */
143  {
144  return create_dn(m_info);
145  }
146 
147 /*
148 * Return the public key of the requestor
149 */
150 std::vector<byte> PKCS10_Request::raw_public_key() const
151  {
152  DataSource_Memory source(m_info.get1("X509.Certificate.public_key"));
153  return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
154  }
155 
156 /*
157 * Return the public key of the requestor
158 */
160  {
161  DataSource_Memory source(m_info.get1("X509.Certificate.public_key"));
162  return X509::load_key(source);
163  }
164 
165 /*
166 * Return the alternative names of the requestor
167 */
169  {
170  return create_alt_name(m_info);
171  }
172 
173 /*
174 * Return the key constraints (if any)
175 */
177  {
178  return Key_Constraints(m_info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS));
179  }
180 
181 /*
182 * Return the extendend key constraints (if any)
183 */
184 std::vector<OID> PKCS10_Request::ex_constraints() const
185  {
186  std::vector<std::string> oids = m_info.get("X509v3.ExtendedKeyUsage");
187 
188  std::vector<OID> result;
189  for(size_t i = 0; i != oids.size(); ++i)
190  result.push_back(OID(oids[i]));
191  return result;
192  }
193 
194 /*
195 * Return is a CA certificate is requested
196 */
198  {
199  return (m_info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0);
200  }
201 
202 /*
203 * Return the desired path limit (if any)
204 */
206  {
207  return m_info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
208  }
209 
210 }
std::vector< byte > raw_public_key() const
Definition: pkcs10.cpp:150
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:41
AlternativeName subject_alt_name() const
Definition: pkcs10.cpp:168
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:376
std::uint32_t u32bit
Definition: types.h:33
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
std::string challenge_password() const
Definition: pkcs10.cpp:134
std::vector< byte > parameters
bool check_signature(const Public_Key &key) const
Definition: x509_obj.cpp:189
secure_vector< byte > value
Definition: asn1_obj.h:91
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:660
std::string value() const
Definition: asn1_str.cpp:99
std::vector< std::string > get(const std::string &) const
Definition: datastor.cpp:50
AlternativeName create_alt_name(const Data_Store &info)
Definition: x509cert.cpp:679
std::string lookup(const OID &oid)
Definition: oids.cpp:18
ASN1_Tag
Definition: asn1_obj.h:22
bool is_CA() const
Definition: pkcs10.cpp:197
Key_Constraints constraints() const
Definition: pkcs10.cpp:176
std::vector< byte > m_tbs_bits
Definition: x509_obj.h:108
Definition: alg_id.cpp:13
void contents_to(Data_Store &, Data_Store &) const
Definition: x509_ext.cpp:188
BER_Object get_next_object()
Definition: ber_dec.cpp:210
std::vector< T > unlock(const secure_vector< T > &in)
Definition: secmem.h:117
ASN1_Tag class_tag
Definition: asn1_obj.h:88
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43
ASN1_Tag type_tag
Definition: asn1_obj.h:88
std::string get1(const std::string &key) const
Definition: datastor.cpp:62
BER_Decoder & verify_end()
Definition: ber_dec.cpp:168
u32bit path_limit() const
Definition: pkcs10.cpp:205
u32bit get1_u32bit(const std::string &, u32bit=0) const
Definition: datastor.cpp:109
PKCS10_Request(DataSource &source)
Definition: pkcs10.cpp:22
X509_DN subject_dn() const
Definition: pkcs10.cpp:142
Public_Key * subject_public_key() const
Definition: pkcs10.cpp:159
bool more_items() const
Definition: ber_dec.cpp:158
std::vector< byte > put_in_sequence(const std::vector< byte > &contents)
Definition: asn1_obj.cpp:35
std::multimap< std::string, std::string > contents() const
Definition: x509_dn.cpp:85
void add(const std::multimap< std::string, std::string > &)
Definition: datastor.cpp:155
secure_vector< byte > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:54
std::vector< OID > ex_constraints() const
Definition: pkcs10.cpp:184