diff options
author | Jack Lloyd <[email protected]> | 2018-03-06 05:58:05 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-03-06 05:58:05 -0500 |
commit | c7ad5439326d64c7fab30067aa5ced67583b0aad (patch) | |
tree | 9bb9bbd00b32a8c5c0395134d2ed8dc5af523226 /src | |
parent | 03a44b499a12bc4f965bf37f1625e09e7de2340c (diff) |
Include AKID in generated self signed certificates
GH #1007
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/x509/x509_ext.h | 3 | ||||
-rw-r--r-- | src/lib/x509/x509self.cpp | 13 |
2 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h index 7c8a8569c..6e71fb879 100644 --- a/src/lib/x509/x509_ext.h +++ b/src/lib/x509/x509_ext.h @@ -346,6 +346,8 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension public: Subject_Key_ID() = default; + explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {} + Subject_Key_ID(const std::vector<uint8_t>& public_key, const std::string& hash_fn); @@ -358,7 +360,6 @@ class BOTAN_PUBLIC_API(2,0) Subject_Key_ID final : public Certificate_Extension OID oid_of() const override { return static_oid(); } private: - explicit Subject_Key_ID(const std::vector<uint8_t>& k) : m_key_id(k) {} std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index 78cdfe741..418fd85a4 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -1,6 +1,6 @@ /* * PKCS #10/Self Signed Cert Creation -* (C) 1999-2008 Jack Lloyd +* (C) 1999-2008,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -11,6 +11,7 @@ #include <botan/der_enc.h> #include <botan/pubkey.h> #include <botan/oids.h> +#include <botan/hash.h> namespace Botan { @@ -52,7 +53,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, // for now, only the padding option is used std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} }; - std::vector<uint8_t> pub_key = X509::BER_encode(key); + const std::vector<uint8_t> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -78,7 +79,13 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, extensions.add_new(new Cert_Extension::Key_Usage(constraints), true); } - extensions.add_new(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn)); + std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn)); + hash->update(pub_key); + std::vector<uint8_t> skid(hash->output_length()); + hash->final(skid.data()); + + extensions.add_new(new Cert_Extension::Subject_Key_ID(skid)); + extensions.add_new(new Cert_Extension::Authority_Key_ID(skid)); extensions.add_new( new Cert_Extension::Subject_Alternative_Name(subject_alt)); |