#include <pkcs10.h>
Public Member Functions | |
| std::vector< byte > | BER_encode () const |
| std::string | challenge_password () const |
| bool | check_signature (const Public_Key &key) const |
| bool | check_signature (const Public_Key *key) const |
| Key_Constraints | constraints () const |
| void | decode_from (class BER_Decoder &from) override |
| void | encode_into (class DER_Encoder &to) const override |
| std::vector< OID > | ex_constraints () const |
| std::string | hash_used_for_signature () const |
| bool | is_CA () const |
| u32bit | path_limit () const |
| std::string | PEM_encode () const |
| PKCS10_Request (DataSource &source) | |
| PKCS10_Request (const std::string &filename) | |
| PKCS10_Request (const std::vector< byte > &vec) | |
| std::vector< byte > | raw_public_key () const |
| std::vector< byte > | signature () const |
| AlgorithmIdentifier | signature_algorithm () const |
| AlternativeName | subject_alt_name () const |
| X509_DN | subject_dn () const |
| Public_Key * | subject_public_key () const |
| std::vector< byte > | tbs_data () const |
Static Public Member Functions | |
| static std::vector< byte > | make_signed (class PK_Signer *signer, RandomNumberGenerator &rng, const AlgorithmIdentifier &alg_id, const secure_vector< byte > &tbs) |
Protected Member Functions | |
| void | do_decode () |
Protected Attributes | |
| std::vector< byte > | sig |
| AlgorithmIdentifier | sig_algo |
| std::vector< byte > | tbs_bits |
Detailed Description
Constructor & Destructor Documentation
| Botan::PKCS10_Request::PKCS10_Request | ( | DataSource & | source | ) |
Create a PKCS#10 Request from a data source.
- Parameters:
-
source the data source providing the DER encoded request
Definition at line 22 of file pkcs10.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { do_decode(); }
| Botan::PKCS10_Request::PKCS10_Request | ( | const std::string & | filename | ) |
Create a PKCS#10 Request from a file.
- Parameters:
-
filename the name of the file containing the DER or PEM encoded request file
Definition at line 31 of file pkcs10.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { do_decode(); }
| Botan::PKCS10_Request::PKCS10_Request | ( | const std::vector< byte > & | vec | ) |
Create a PKCS#10 Request from binary data.
- Parameters:
-
vec a std::vector containing the DER value
Definition at line 40 of file pkcs10.cpp.
References Botan::X509_Object::do_decode().
: X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { do_decode(); }
Member Function Documentation
| std::vector< byte > Botan::X509_Object::BER_encode | ( | ) | const [inherited] |
- Returns:
- BER encoding of this
Definition at line 113 of file x509_obj.cpp.
References Botan::X509_Object::encode_into(), and Botan::DER_Encoder::get_contents_unlocked().
Referenced by Botan::X509_Certificate::fingerprint(), and Botan::X509_Object::PEM_encode().
{
DER_Encoder der;
encode_into(der);
return der.get_contents_unlocked();
}
| std::string Botan::PKCS10_Request::challenge_password | ( | ) | const |
Get the challenge password for this request
- Returns:
- challenge password for this request
Definition at line 132 of file pkcs10.cpp.
References Botan::Data_Store::get1().
{
return info.get1("PKCS9.ChallengePassword");
}
| bool Botan::X509_Object::check_signature | ( | const Public_Key & | key | ) | const [inherited] |
Check the signature on this data
- Parameters:
-
key the public key purportedly used to sign this data
- Returns:
- true if the signature is valid, otherwise false
Definition at line 187 of file x509_obj.cpp.
References Botan::Public_Key::algo_name(), Botan::DER_SEQUENCE, Botan::IEEE_1363, Botan::OIDS::lookup(), Botan::Public_Key::message_parts(), Botan::AlgorithmIdentifier::oid, Botan::X509_Object::sig_algo, Botan::X509_Object::signature(), Botan::split_on(), Botan::X509_Object::tbs_data(), and Botan::PK_Verifier::verify_message().
Referenced by Botan::X509_Object::check_signature().
{
try {
std::vector<std::string> sig_info =
split_on(OIDS::lookup(sig_algo.oid), '/');
if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
return false;
std::string padding = sig_info[1];
Signature_Format format =
(pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
PK_Verifier verifier(pub_key, padding, format);
return verifier.verify_message(tbs_data(), signature());
}
catch(std::exception& e)
{
return false;
}
}
| bool Botan::X509_Object::check_signature | ( | const Public_Key * | key | ) | const [inherited] |
Check the signature on this data
- Parameters:
-
key the public key purportedly used to sign this data the pointer will be deleted after use
- Returns:
- true if the signature is valid, otherwise false
Definition at line 176 of file x509_obj.cpp.
References Botan::X509_Object::check_signature().
{
if(!pub_key)
throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
std::unique_ptr<const Public_Key> key(pub_key);
return check_signature(*key);
}
Get the key constraints for the key associated with this PKCS#10 object.
- Returns:
- key constraints
Definition at line 174 of file pkcs10.cpp.
References Botan::Data_Store::get1_u32bit(), and Botan::NO_CONSTRAINTS.
Referenced by Botan::X509_CA::sign_request().
{
return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS));
}
| void Botan::X509_Object::decode_from | ( | class BER_Decoder & | from | ) | [override, virtual, inherited] |
Decode whatever this object is from from
- Parameters:
-
from the BER_Decoder that will be read from
Implements Botan::ASN1_Object.
Definition at line 98 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::BER_Decoder::end_cons(), Botan::BER_Decoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::BER_Decoder::start_cons(), Botan::X509_Object::tbs_bits, and Botan::BER_Decoder::verify_end().
| void Botan::X509_Object::do_decode | ( | ) | [protected, inherited] |
Definition at line 230 of file x509_obj.cpp.
Referenced by PKCS10_Request(), Botan::X509_Certificate::X509_Certificate(), and Botan::X509_CRL::X509_CRL().
{
try {
force_decode();
}
catch(Decoding_Error& e)
{
throw Decoding_Error(PEM_label_pref + " decoding failed (" +
e.what() + ")");
}
catch(Invalid_Argument& e)
{
throw Decoding_Error(PEM_label_pref + " decoding failed (" +
e.what() + ")");
}
}
| void Botan::X509_Object::encode_into | ( | class DER_Encoder & | to | ) | const [override, virtual, inherited] |
Encode whatever this object is into to
- Parameters:
-
to the DER_Encoder that will be written to
Implements Botan::ASN1_Object.
Definition at line 84 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::X509_Object::sig, Botan::X509_Object::sig_algo, Botan::DER_Encoder::start_cons(), and Botan::X509_Object::tbs_bits.
Referenced by Botan::X509_Object::BER_encode().
| std::vector< OID > Botan::PKCS10_Request::ex_constraints | ( | ) | const |
Get the extendend key constraints (if any).
- Returns:
- extended key constraints
Definition at line 182 of file pkcs10.cpp.
References Botan::Data_Store::get().
Referenced by Botan::X509_CA::sign_request().
{
std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage");
std::vector<OID> result;
for(size_t i = 0; i != oids.size(); ++i)
result.push_back(OID(oids[i]));
return result;
}
| std::string Botan::X509_Object::hash_used_for_signature | ( | ) | const [inherited] |
- Returns:
- hash algorithm that was used to generate signature
Definition at line 155 of file x509_obj.cpp.
References Botan::OID::as_string(), Botan::OIDS::lookup(), Botan::AlgorithmIdentifier::oid, Botan::parse_algorithm_name(), Botan::X509_Object::sig_algo, and Botan::split_on().
{
std::vector<std::string> sig_info =
split_on(OIDS::lookup(sig_algo.oid), '/');
if(sig_info.size() != 2)
throw Internal_Error("Invalid name format found for " +
sig_algo.oid.as_string());
std::vector<std::string> pad_and_hash =
parse_algorithm_name(sig_info[1]);
if(pad_and_hash.size() != 2)
throw Internal_Error("Invalid name format " + sig_info[1]);
return pad_and_hash[1];
}
| bool Botan::PKCS10_Request::is_CA | ( | ) | const |
Find out whether this is a CA request.
- Returns:
- true if it is a CA request, false otherwise.
Definition at line 195 of file pkcs10.cpp.
References Botan::Data_Store::get1_u32bit().
Referenced by Botan::X509_CA::sign_request().
{
return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0);
}
| std::vector< byte > Botan::X509_Object::make_signed | ( | class PK_Signer * | signer, |
| RandomNumberGenerator & | rng, | ||
| const AlgorithmIdentifier & | alg_id, | ||
| const secure_vector< byte > & | tbs | ||
| ) | [static, inherited] |
Create a signed X509 object.
- Parameters:
-
signer the signer used to sign the object rng the random number generator to use alg_id the algorithm identifier of the signature scheme tbs the tbs bits to be signed
- Returns:
- signed X509 object
Definition at line 213 of file x509_obj.cpp.
References Botan::BIT_STRING, Botan::DER_Encoder::encode(), Botan::DER_Encoder::get_contents_unlocked(), Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::PK_Signer::sign_message(), and Botan::DER_Encoder::start_cons().
Referenced by Botan::X509::create_cert_req(), and Botan::X509_CA::make_cert().
{
return DER_Encoder()
.start_cons(SEQUENCE)
.raw_bytes(tbs_bits)
.encode(algo)
.encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
.end_cons()
.get_contents_unlocked();
}
| u32bit Botan::PKCS10_Request::path_limit | ( | ) | const |
Return the constraint on the path length defined in the BasicConstraints extension.
- Returns:
- path limit
Definition at line 203 of file pkcs10.cpp.
References Botan::Data_Store::get1_u32bit().
Referenced by Botan::X509_CA::sign_request().
{
return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
}
| std::string Botan::X509_Object::PEM_encode | ( | ) | const [inherited] |
- Returns:
- PEM encoding of this
Definition at line 123 of file x509_obj.cpp.
References Botan::X509_Object::BER_encode(), and Botan::PEM_Code::encode().
Referenced by Botan::X509_Certificate::to_string().
{
return PEM_Code::encode(BER_encode(), PEM_label_pref);
}
| std::vector< byte > Botan::PKCS10_Request::raw_public_key | ( | ) | const |
Get the raw DER encoded public key.
- Returns:
- raw DER encoded public key
Definition at line 148 of file pkcs10.cpp.
References Botan::PEM_Code::decode_check_label(), Botan::Data_Store::get1(), and Botan::unlock().
Referenced by Botan::X509_CA::sign_request().
{
DataSource_Memory source(info.get1("X509.Certificate.public_key"));
return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY"));
}
| std::vector< byte > Botan::X509_Object::signature | ( | ) | const [inherited] |
- Returns:
- signature on tbs_data()
Definition at line 139 of file x509_obj.cpp.
References Botan::X509_Object::sig.
Referenced by Botan::X509_Object::check_signature().
{
return sig;
}
| AlgorithmIdentifier Botan::X509_Object::signature_algorithm | ( | ) | const [inherited] |
- Returns:
- signature algorithm that was used to generate signature
Definition at line 147 of file x509_obj.cpp.
References Botan::X509_Object::sig_algo.
Referenced by Botan::X509_Certificate::to_string().
{
return sig_algo;
}
Get the subject alternative name.
- Returns:
- subject alternative name.
Definition at line 166 of file pkcs10.cpp.
References Botan::create_alt_name().
Referenced by Botan::X509_CA::sign_request().
{
return create_alt_name(info);
}
| X509_DN Botan::PKCS10_Request::subject_dn | ( | ) | const |
Get the subject DN.
- Returns:
- subject DN
Definition at line 140 of file pkcs10.cpp.
References Botan::create_dn().
Referenced by Botan::X509_CA::sign_request().
{
return create_dn(info);
}
| Public_Key * Botan::PKCS10_Request::subject_public_key | ( | ) | const |
Get the subject public key.
- Returns:
- subject public key
Definition at line 157 of file pkcs10.cpp.
References Botan::Data_Store::get1(), and Botan::PKCS8::load_key().
Referenced by Botan::X509_CA::sign_request().
{
DataSource_Memory source(info.get1("X509.Certificate.public_key"));
return X509::load_key(source);
}
| std::vector< byte > Botan::X509_Object::tbs_data | ( | ) | const [inherited] |
The underlying data that is to be or was signed
- Returns:
- data that is or was signed
Definition at line 131 of file x509_obj.cpp.
References Botan::ASN1::put_in_sequence(), and Botan::X509_Object::tbs_bits.
Referenced by Botan::X509_Object::check_signature().
{
return ASN1::put_in_sequence(tbs_bits);
}
Member Data Documentation
std::vector<byte> Botan::X509_Object::sig [protected, inherited] |
Definition at line 97 of file x509_obj.h.
Referenced by Botan::X509_Object::decode_from(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), Botan::X509_Certificate::operator==(), and Botan::X509_Object::signature().
AlgorithmIdentifier Botan::X509_Object::sig_algo [protected, inherited] |
std::vector<byte> Botan::X509_Object::tbs_bits [protected, inherited] |
Definition at line 97 of file x509_obj.h.
Referenced by Botan::X509_Object::decode_from(), Botan::X509_Object::encode_into(), Botan::X509_Certificate::operator<(), and Botan::X509_Object::tbs_data().
The documentation for this class was generated from the following files:
- src/lib/cert/x509/pkcs10.h
- src/lib/cert/x509/pkcs10.cpp
