8#include <botan/x509self.h>
10#include <botan/der_enc.h>
11#include <botan/hash.h>
12#include <botan/pubkey.h>
13#include <botan/x509_ca.h>
14#include <botan/x509_ext.h>
15#include <botan/x509_key.h>
24void load_info(
const X509_Cert_Options& opts, X509_DN& subject_dn, AlternativeName& subject_alt) {
25 subject_dn.add_attribute(
"X520.CommonName", opts.common_name);
26 subject_dn.add_attribute(
"X520.Country", opts.country);
27 subject_dn.add_attribute(
"X520.State", opts.state);
28 subject_dn.add_attribute(
"X520.Locality", opts.locality);
29 subject_dn.add_attribute(
"X520.Organization", opts.organization);
30 subject_dn.add_attribute(
"X520.OrganizationalUnit", opts.org_unit);
31 for(
const auto& extra_ou : opts.more_org_units) {
32 subject_dn.add_attribute(
"X520.OrganizationalUnit", extra_ou);
35 subject_dn.add_attribute(
"X520.SerialNumber", opts.serial_number);
36 subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip);
39 for(
const auto& dns : opts.more_dns) {
40 subject_alt.add_attribute(
"DNS", dns);
52 std::string_view hash_fn,
61 load_info(opts, subject_dn, subject_alt);
67 if(!constraints.compatible_with(key)) {
68 throw Invalid_Argument(
"The requested key constraints are incompatible with the algorithm");
71 extensions.
add_new(std::make_unique<Cert_Extension::Basic_Constraints>(opts.
is_CA, opts.
path_limit),
true);
73 if(!constraints.empty()) {
74 extensions.
add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints),
true);
77 auto skid = std::make_unique<Cert_Extension::Subject_Key_ID>(pub_key, signer->hash_function());
79 extensions.
add_new(std::make_unique<Cert_Extension::Authority_Key_ID>(skid->get_key_id()));
80 extensions.
add_new(std::move(skid));
82 extensions.
add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
94 std::string_view hash_fn,
98 load_info(opts, subject_dn, subject_alt);
102 if(!constraints.compatible_with(key)) {
103 throw Invalid_Argument(
"The requested key constraints are incompatible with the algorithm");
110 if(!constraints.empty()) {
111 extensions.
add_new(std::make_unique<Cert_Extension::Key_Usage>(constraints));
115 extensions.
add_new(std::make_unique<Cert_Extension::Subject_Alternative_Name>(subject_alt));
#define BOTAN_ASSERT_NOMSG(expr)
bool add_new(std::unique_ptr< Certificate_Extension > extn, bool critical=false)
static Key_Constraints ca_constraints()
static OID from_string(std::string_view str)
static PKCS10_Request create(const Private_Key &key, const X509_DN &subject_dn, const Extensions &extensions, std::string_view hash_fn, RandomNumberGenerator &rng, std::string_view padding_scheme="", std::string_view challenge="")
static X509_Certificate make_cert(PK_Signer &signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &sig_algo, const std::vector< uint8_t > &pub_key, const X509_Time ¬_before, const X509_Time ¬_after, const X509_DN &issuer_dn, const X509_DN &subject_dn, const Extensions &extensions)
std::vector< OID > ex_constraints
Key_Constraints constraints
std::string padding_scheme
static std::unique_ptr< PK_Signer > choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, std::string_view hash_fn, std::string_view padding_algo)
PKCS10_Request create_cert_req(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)
std::vector< uint8_t > BER_encode(const Public_Key &key)
X509_Certificate create_self_signed_cert(const X509_Cert_Options &opts, const Private_Key &key, std::string_view hash_fn, RandomNumberGenerator &rng)