doxygen/x509self_8cpp_source.html

/*

* PKCS #10/Self Signed Cert Creation

* (C) 1999-2008,2018 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/x509self.h>

#include <botan/x509_key.h>

#include <botan/x509_ext.h>

#include <botan/x509_ca.h>

#include <botan/der_enc.h>

#include <botan/pubkey.h>

#include <botan/hash.h>


namespace Botan {


namespace {


/*

* Load information from the X509_Cert_Options

*/

void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn,

               AlternativeName& subject_alt)

   {

   subject_dn.add_attribute("X520.CommonName", opts.common_name);

   subject_dn.add_attribute("X520.Country", opts.country);

   subject_dn.add_attribute("X520.State", opts.state);

   subject_dn.add_attribute("X520.Locality", opts.locality);

   subject_dn.add_attribute("X520.Organization", opts.organization);

   subject_dn.add_attribute("X520.OrganizationalUnit", opts.org_unit);

   for(auto extra_ou : opts.more_org_units) {

      subject_dn.add_attribute("X520.OrganizationalUnit", extra_ou);

   }


   subject_dn.add_attribute("X520.SerialNumber", opts.serial_number);

   subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip);

   subject_alt.add_othername(OID::from_string("PKIX.XMPPAddr"),

                             opts.xmpp, UTF8_STRING);


   for(auto dns : opts.more_dns)

      subject_alt.add_attribute("DNS", dns);

   }

}


namespace X509 {


/*

* Create a new self-signed X.509 certificate

*/

X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,

                                         const Private_Key& key,

                                         const std::string& hash_fn,

                                         RandomNumberGenerator& rng)

   {

   AlgorithmIdentifier sig_algo;

   X509_DN subject_dn;

   AlternativeName subject_alt;


   // for now, only the padding option is used

   std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };


   const std::vector<uint8_t> pub_key = X509::BER_encode(key);

   std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));

   BOTAN_ASSERT_NOMSG(sig_algo.get_oid().has_value());

   load_info(opts, subject_dn, subject_alt);


   Extensions extensions = opts.extensions;


   Key_Constraints constraints;

   if(opts.is_CA)

      {

      constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);

      }

   else

      {

      verify_cert_constraints_valid_for_key_type(key, opts.constraints);

      constraints = opts.constraints;

      }


   extensions.add_new(

      new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),

      true);


   if(constraints != NO_CONSTRAINTS)

      {

      extensions.add_new(new Cert_Extension::Key_Usage(constraints), true);

      }


   std::unique_ptr<Cert_Extension::Subject_Key_ID> skid(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn));


   extensions.add_new(new Cert_Extension::Authority_Key_ID(skid->get_key_id()));

   extensions.add_new(skid.release());


   extensions.add_new(

      new Cert_Extension::Subject_Alternative_Name(subject_alt));


   extensions.add_new(

      new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));


   return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,

                             opts.start, opts.end,

                             subject_dn, subject_dn,

                             extensions);

   }


/*

* Create a PKCS #10 certificate request

*/

PKCS10_Request create_cert_req(const X509_Cert_Options& opts,

                               const Private_Key& key,

                               const std::string& hash_fn,

                               RandomNumberGenerator& rng)

   {

   X509_DN subject_dn;

   AlternativeName subject_alt;

   load_info(opts, subject_dn, subject_alt);


   Key_Constraints constraints;

   if(opts.is_CA)

      {

      constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);

      }

   else

      {

      verify_cert_constraints_valid_for_key_type(key, opts.constraints);

      constraints = opts.constraints;

      }


   Extensions extensions = opts.extensions;


   extensions.add_new(new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));


   if(constraints != NO_CONSTRAINTS)

      {

      extensions.add_new(new Cert_Extension::Key_Usage(constraints));

      }

   extensions.add_new(new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));

   extensions.add_new(new Cert_Extension::Subject_Alternative_Name(subject_alt));


   return PKCS10_Request::create(key,

                                 subject_dn,

                                 extensions,

                                 hash_fn,

                                 rng,

                                 opts.padding_scheme,

                                 opts.challenge);

   }


}


}

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:68

Botan::AlgorithmIdentifier
Definition: asn1_obj.h:430

Botan::AlgorithmIdentifier::get_oid
const OID & get_oid() const
Definition: asn1_obj.h:445

Botan::AlternativeName
Definition: pkix_types.h:124

Botan::Cert_Extension::Authority_Key_ID
Definition: x509_ext.h:118

Botan::Cert_Extension::Basic_Constraints
Definition: x509_ext.h:27

Botan::Cert_Extension::Extended_Key_Usage
Definition: x509_ext.h:203

Botan::Cert_Extension::Key_Usage
Definition: x509_ext.h:57

Botan::Cert_Extension::Subject_Alternative_Name
Definition: x509_ext.h:147

Botan::Cert_Extension::Subject_Key_ID
Definition: x509_ext.h:84

Botan::Extensions
Definition: pkix_types.h:413

Botan::Extensions::add_new
bool add_new(Certificate_Extension *extn, bool critical=false)
Definition: x509_ext.cpp:139

Botan::OID::has_value
bool has_value() const
Definition: asn1_obj.h:238

Botan::OID::from_string
static OID from_string(const std::string &str)
Definition: asn1_oid.cpp:62

Botan::PKCS10_Request
Definition: pkcs10.h:29

Botan::PKCS10_Request::create
static PKCS10_Request create(const Private_Key &key, const X509_DN &subject_dn, const Extensions &extensions, const std::string &hash_fn, RandomNumberGenerator &rng, const std::string &padding_scheme="", const std::string &challenge="")
Definition: pkcs10.cpp:59

Botan::Private_Key
Definition: pk_keys.h:181

Botan::RandomNumberGenerator
Definition: rng.h:26

Botan::X509_CA::make_cert
static X509_Certificate make_cert(PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const std::vector< uint8_t > &pub_key, const X509_Time &not_before, const X509_Time &not_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
Definition: x509_ca.cpp:150

Botan::X509_Cert_Options
Definition: x509self.h:24

Botan::X509_Cert_Options::ex_constraints
std::vector< OID > ex_constraints
Definition: x509self.h:130

Botan::X509_Cert_Options::constraints
Key_Constraints constraints
Definition: x509self.h:125

Botan::X509_Cert_Options::is_CA
bool is_CA
Definition: x509self.h:113

Botan::X509_Cert_Options::extensions
Extensions extensions
Definition: x509self.h:135

Botan::X509_Cert_Options::end
X509_Time end
Definition: x509self.h:108

Botan::X509_Cert_Options::start
X509_Time start
Definition: x509self.h:104

Botan::X509_Cert_Options::path_limit
size_t path_limit
Definition: x509self.h:118

Botan::X509_Cert_Options::challenge
std::string challenge
Definition: x509self.h:99

Botan::X509_Cert_Options::padding_scheme
std::string padding_scheme
Definition: x509self.h:120

Botan::X509_Certificate
Definition: x509cert.h:38

Botan::X509_DN
Definition: pkix_types.h:43

Botan::PKCS11::CertificateType::X509
@ X509

Botan::X509::create_cert_req
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:110

Botan::X509::BER_encode
std::vector< uint8_t > BER_encode(const Public_Key &key)
Definition: x509_key.cpp:19

Botan::X509::create_self_signed_cert
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
Definition: x509self.cpp:51

Botan
Definition: alg_id.cpp:13

Botan::choose_sig_format
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:318

Botan::UTF8_STRING
@ UTF8_STRING
Definition: asn1_obj.h:45

Botan::verify_cert_constraints_valid_for_key_type
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
Definition: key_constraint.cpp:70

Botan::Key_Constraints
Key_Constraints
Definition: pkix_enums.h:106

Botan::CRL_SIGN
@ CRL_SIGN
Definition: pkix_enums.h:114

Botan::KEY_CERT_SIGN
@ KEY_CERT_SIGN
Definition: pkix_enums.h:113

Botan::NO_CONSTRAINTS
@ NO_CONSTRAINTS
Definition: pkix_enums.h:107