aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/pkcs10
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-17 14:13:48 +0000
committerlloyd <[email protected]>2010-09-17 14:13:48 +0000
commit4ef234d711e1dd40f1cd7ec328e9933fb19dc5ee (patch)
treed0a9209ad8576e99bae3f85ff669695b4c4d416c /src/cert/pkcs10
parent8fa7d0b4f91eec572d8b2971d87e68741d1cd330 (diff)
Split up src/cert/x509 into a set of modules, though mostly mutually
dependent right now.
Diffstat (limited to 'src/cert/pkcs10')
-rw-r--r--src/cert/pkcs10/pkcs10.cpp200
-rw-r--r--src/cert/pkcs10/pkcs10.h101
2 files changed, 301 insertions, 0 deletions
diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp
new file mode 100644
index 000000000..81bb58555
--- /dev/null
+++ b/src/cert/pkcs10/pkcs10.cpp
@@ -0,0 +1,200 @@
+/*
+* PKCS #10
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/pkcs10.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/parsing.h>
+#include <botan/x509stor.h>
+#include <botan/x509_ext.h>
+#include <botan/oids.h>
+#include <botan/pem.h>
+
+namespace Botan {
+
+/*
+* PKCS10_Request Constructor
+*/
+PKCS10_Request::PKCS10_Request(DataSource& in) :
+ X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
+ {
+ do_decode();
+ }
+
+/*
+* PKCS10_Request Constructor
+*/
+PKCS10_Request::PKCS10_Request(const std::string& in) :
+ X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
+ {
+ do_decode();
+ }
+
+/*
+* Deocde the CertificateRequestInfo
+*/
+void PKCS10_Request::force_decode()
+ {
+ BER_Decoder cert_req_info(tbs_bits);
+
+ u32bit version;
+ cert_req_info.decode(version);
+ if(version != 0)
+ throw Decoding_Error("Unknown version code in PKCS #10 request: " +
+ to_string(version));
+
+ X509_DN dn_subject;
+ cert_req_info.decode(dn_subject);
+
+ info.add(dn_subject.contents());
+
+ BER_Object public_key = cert_req_info.get_next_object();
+ if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
+ throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
+ public_key.type_tag, public_key.class_tag);
+
+ info.add("X509.Certificate.public_key",
+ PEM_Code::encode(
+ ASN1::put_in_sequence(public_key.value),
+ "PUBLIC KEY"
+ )
+ );
+
+ BER_Object attr_bits = cert_req_info.get_next_object();
+
+ if(attr_bits.type_tag == 0 &&
+ attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
+ {
+ BER_Decoder attributes(attr_bits.value);
+ while(attributes.more_items())
+ {
+ Attribute attr;
+ attributes.decode(attr);
+ handle_attribute(attr);
+ }
+ attributes.verify_end();
+ }
+ else if(attr_bits.type_tag != NO_OBJECT)
+ throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
+ attr_bits.type_tag, attr_bits.class_tag);
+
+ cert_req_info.verify_end();
+
+ X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key());
+ if(sig_check != VERIFIED)
+ throw Decoding_Error("PKCS #10 request: Bad signature detected");
+ }
+
+/*
+* Handle attributes in a PKCS #10 request
+*/
+void PKCS10_Request::handle_attribute(const Attribute& attr)
+ {
+ BER_Decoder value(attr.parameters);
+
+ if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
+ {
+ ASN1_String email;
+ value.decode(email);
+ info.add("RFC822", email.value());
+ }
+ else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
+ {
+ ASN1_String challenge_password;
+ value.decode(challenge_password);
+ info.add("PKCS9.ChallengePassword", challenge_password.value());
+ }
+ else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
+ {
+ Extensions extensions;
+ value.decode(extensions).verify_end();
+
+ Data_Store issuer_info;
+ extensions.contents_to(info, issuer_info);
+ }
+ }
+
+/*
+* Return the challenge password (if any)
+*/
+std::string PKCS10_Request::challenge_password() const
+ {
+ return info.get1("PKCS9.ChallengePassword");
+ }
+
+/*
+* Return the name of the requestor
+*/
+X509_DN PKCS10_Request::subject_dn() const
+ {
+ return create_dn(info);
+ }
+
+/*
+* Return the public key of the requestor
+*/
+MemoryVector<byte> PKCS10_Request::raw_public_key() const
+ {
+ DataSource_Memory source(info.get1("X509.Certificate.public_key"));
+ return PEM_Code::decode_check_label(source, "PUBLIC KEY");
+ }
+
+/*
+* Return the public key of the requestor
+*/
+Public_Key* PKCS10_Request::subject_public_key() const
+ {
+ DataSource_Memory source(info.get1("X509.Certificate.public_key"));
+ return X509::load_key(source);
+ }
+
+/*
+* Return the alternative names of the requestor
+*/
+AlternativeName PKCS10_Request::subject_alt_name() const
+ {
+ return create_alt_name(info);
+ }
+
+/*
+* Return the key constraints (if any)
+*/
+Key_Constraints PKCS10_Request::constraints() const
+ {
+ return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS));
+ }
+
+/*
+* Return the extendend key constraints (if any)
+*/
+std::vector<OID> PKCS10_Request::ex_constraints() const
+ {
+ std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage");
+
+ std::vector<OID> result;
+ for(u32bit j = 0; j != oids.size(); ++j)
+ result.push_back(OID(oids[j]));
+ return result;
+ }
+
+/*
+* Return is a CA certificate is requested
+*/
+bool PKCS10_Request::is_CA() const
+ {
+ return (info.get1_u32bit("X509v3.BasicConstraints.is_ca") > 0);
+ }
+
+/*
+* Return the desired path limit (if any)
+*/
+u32bit PKCS10_Request::path_limit() const
+ {
+ return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0);
+ }
+
+}
diff --git a/src/cert/pkcs10/pkcs10.h b/src/cert/pkcs10/pkcs10.h
new file mode 100644
index 000000000..d1be9e0d3
--- /dev/null
+++ b/src/cert/pkcs10/pkcs10.h
@@ -0,0 +1,101 @@
+/*
+* PKCS #10
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_PKCS10_H__
+#define BOTAN_PKCS10_H__
+
+#include <botan/x509_obj.h>
+#include <botan/pkcs8.h>
+#include <botan/datastor.h>
+#include <vector>
+
+namespace Botan {
+
+/**
+* PKCS #10 Certificate Request.
+*/
+class BOTAN_DLL PKCS10_Request : public X509_Object
+ {
+ public:
+ /**
+ * Get the subject public key.
+ * @return subject public key
+ */
+ Public_Key* subject_public_key() const;
+
+ /**
+ * Get the raw DER encoded public key.
+ * @return raw DER encoded public key
+ */
+ MemoryVector<byte> raw_public_key() const;
+
+ /**
+ * Get the subject DN.
+ * @return subject DN
+ */
+ X509_DN subject_dn() const;
+
+ /**
+ * Get the subject alternative name.
+ * @return subject alternative name.
+ */
+ AlternativeName subject_alt_name() const;
+
+ /**
+ * Get the key constraints for the key associated with this
+ * PKCS#10 object.
+ * @return key constraints
+ */
+ Key_Constraints constraints() const;
+
+ /**
+ * Get the extendend key constraints (if any).
+ * @return extended key constraints
+ */
+ std::vector<OID> ex_constraints() const;
+
+ /**
+ * Find out whether this is a CA request.
+ * @result true if it is a CA request, false otherwise.
+ */
+ bool is_CA() const;
+
+ /**
+ * Return the constraint on the path length defined
+ * in the BasicConstraints extension.
+ * @return path limit
+ */
+ u32bit path_limit() const;
+
+ /**
+ * Get the challenge password for this request
+ * @return challenge password for this request
+ */
+ std::string challenge_password() const;
+
+ /**
+ * Create a PKCS#10 Request from a data source.
+ * @param source the data source providing the DER encoded request
+ */
+ PKCS10_Request(DataSource& source);
+
+ /**
+ * Create a PKCS#10 Request from a file.
+ * @param filename the name of the file containing the DER or PEM
+ * encoded request file
+ */
+ PKCS10_Request(const std::string& filename);
+ private:
+ void force_decode();
+ void handle_attribute(const Attribute&);
+
+ Data_Store info;
+ };
+
+}
+
+#endif