Botan  1.10.9
pkcs10.cpp
Go to the documentation of this file.
1 /*
2 * PKCS #10
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/pkcs10.h>
9 #include <botan/x509_ext.h>
10 #include <botan/x509cert.h>
11 #include <botan/der_enc.h>
12 #include <botan/ber_dec.h>
13 #include <botan/parsing.h>
14 #include <botan/oids.h>
15 #include <botan/pem.h>
16 
17 namespace Botan {
18 
19 /*
20 * PKCS10_Request Constructor
21 */
23  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
24  {
25  do_decode();
26  }
27 
28 /*
29 * PKCS10_Request Constructor
30 */
31 PKCS10_Request::PKCS10_Request(const std::string& in) :
32  X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
33  {
34  do_decode();
35  }
36 
37 /*
38 * Deocde the CertificateRequestInfo
39 */
40 void PKCS10_Request::force_decode()
41  {
42  BER_Decoder cert_req_info(tbs_bits);
43 
44  size_t version;
45  cert_req_info.decode(version);
46  if(version != 0)
47  throw Decoding_Error("Unknown version code in PKCS #10 request: " +
48  to_string(version));
49 
50  X509_DN dn_subject;
51  cert_req_info.decode(dn_subject);
52 
53  info.add(dn_subject.contents());
54 
55  BER_Object public_key = cert_req_info.get_next_object();
56  if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
57  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
58  public_key.type_tag, public_key.class_tag);
59 
60  info.add("X509.Certificate.public_key",
62  ASN1::put_in_sequence(public_key.value),
63  "PUBLIC KEY"
64  )
65  );
66 
67  BER_Object attr_bits = cert_req_info.get_next_object();
68 
69  if(attr_bits.type_tag == 0 &&
71  {
72  BER_Decoder attributes(attr_bits.value);
73  while(attributes.more_items())
74  {
75  Attribute attr;
76  attributes.decode(attr);
77  handle_attribute(attr);
78  }
79  attributes.verify_end();
80  }
81  else if(attr_bits.type_tag != NO_OBJECT)
82  throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
83  attr_bits.type_tag, attr_bits.class_tag);
84 
85  cert_req_info.verify_end();
86 
88  throw Decoding_Error("PKCS #10 request: Bad signature detected");
89  }
90 
91 /*
92 * Handle attributes in a PKCS #10 request
93 */
94 void PKCS10_Request::handle_attribute(const Attribute& attr)
95  {
96  BER_Decoder value(attr.parameters);
97 
98  if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
99  {
100  ASN1_String email;
101  value.decode(email);
102  info.add("RFC822", email.value());
103  }
104  else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
105  {
106  ASN1_String challenge_password;
107  value.decode(challenge_password);
108  info.add("PKCS9.ChallengePassword", challenge_password.value());
109  }
110  else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
111  {
112  Extensions extensions;
113  value.decode(extensions).verify_end();
114 
115  Data_Store issuer_info;
116  extensions.contents_to(info, issuer_info);
117  }
118  }
119 
120 /*
121 * Return the challenge password (if any)
122 */
124  {
125  return info.get1("PKCS9.ChallengePassword");
126  }
127 
128 /*
129 * Return the name of the requestor
130 */
132  {
133  return create_dn(info);
134  }
135 
136 /*
137 * Return the public key of the requestor
138 */
140  {
141  DataSource_Memory source(info.get1("X509.Certificate.public_key"));
142  return PEM_Code::decode_check_label(source, "PUBLIC KEY");
143  }
144 
145 /*
146 * Return the public key of the requestor
147 */
149  {
150  DataSource_Memory source(info.get1("X509.Certificate.public_key"));
151  return X509::load_key(source);
152  }
153 
154 /*
155 * Return the alternative names of the requestor
156 */
158  {
159  return create_alt_name(info);
160  }
161 
162 /*
163 * Return the key constraints (if any)
164 */
166  {
167  return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS));
168  }
169 
170 /*
171 * Return the extendend key constraints (if any)
172 */
173 std::vector<OID> PKCS10_Request::ex_constraints() const
174  {
175  std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage");
176 
177  std::vector<OID> result;
178  for(size_t i = 0; i != oids.size(); ++i)
179  result.push_back(OID(oids[i]));
180  return result;
181  }
182 
183 /*
184 * Return is a CA certificate is requested
185 */
187  {
188  return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0);
189  }
190 
191 /*
192 * Return the desired path limit (if any)
193 */
195  {
196  return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
197  }
198 
199 }
MemoryVector< byte > tbs_bits
Definition: x509_obj.h:102
std::vector< OID > ex_constraints() const
Definition: pkcs10.cpp:173
Public_Key * subject_public_key() const
Definition: pkcs10.cpp:148
bool is_CA() const
Definition: pkcs10.cpp:186
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:43
MemoryVector< byte > raw_public_key() const
Definition: pkcs10.cpp:139
bool check_signature(class Public_Key &key) const
Definition: x509_obj.cpp:178
std::string get1(const std::string &) const
Definition: datastor.cpp:87
X509_DN create_dn(const Data_Store &info)
Definition: x509cert.cpp:414
AlternativeName subject_alt_name() const
Definition: pkcs10.cpp:157
AlternativeName create_alt_name(const Data_Store &info)
Definition: x509cert.cpp:442
std::string lookup(const OID &oid)
Definition: oids.cpp:31
ASN1_Tag
Definition: asn1_int.h:19
X509_DN subject_dn() const
Definition: pkcs10.cpp:131
SecureVector< byte > value
Definition: asn1_int.h:83
Key_Constraints constraints() const
Definition: pkcs10.cpp:165
SecureVector< byte > put_in_sequence(const MemoryRegion< byte > &contents)
Definition: asn1_int.cpp:34
ASN1_Tag class_tag
Definition: asn1_int.h:82
std::string challenge_password() const
Definition: pkcs10.cpp:123
std::string encode(const byte der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:19
u32bit get1_u32bit(const std::string &, u32bit=0) const
Definition: datastor.cpp:120
ASN1_Tag type_tag
Definition: asn1_int.h:82
PKCS10_Request(DataSource &source)
Definition: pkcs10.cpp:22
std::string to_string(u64bit n, size_t min_len)
Definition: parsing.cpp:42
std::multimap< std::string, std::string > contents() const
Definition: x509_dn.cpp:89
u32bit path_limit() const
Definition: pkcs10.cpp:194
Key_Constraints
Definition: pubkey_enums.h:18
SecureVector< byte > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:42
std::vector< std::string > get(const std::string &) const
Definition: datastor.cpp:72
unsigned int u32bit
Definition: types.h:32
void add(const std::multimap< std::string, std::string > &)
Definition: datastor.cpp:161