diff options
-rw-r--r-- | include/pkcs10.h | 10 | ||||
-rw-r--r-- | src/pkcs10.cpp | 108 |
2 files changed, 68 insertions, 50 deletions
diff --git a/include/pkcs10.h b/include/pkcs10.h index 212bf7749..c37040068 100644 --- a/include/pkcs10.h +++ b/include/pkcs10.h @@ -8,6 +8,7 @@ #include <botan/x509_obj.h> #include <botan/pkcs8.h> +#include <botan/datastor.h> #include <vector> namespace Botan { @@ -38,14 +39,7 @@ class PKCS10_Request : public X509_Object void handle_attribute(const Attribute&); void handle_v3_extension(const Extension&); - MemoryVector<byte> pub_key; - X509_DN dn; - AlternativeName subject_alt; - std::string challenge; - Key_Constraints constraints_value; - std::vector<OID> ex_constraints_list; - bool is_ca; - u32bit max_path_len; + Data_Store info; }; } diff --git a/src/pkcs10.cpp b/src/pkcs10.cpp index 74ff30867..bc73be403 100644 --- a/src/pkcs10.cpp +++ b/src/pkcs10.cpp @@ -8,7 +8,9 @@ #include <botan/ber_dec.h> #include <botan/parsing.h> #include <botan/x509stor.h> +#include <botan/x509_ext.h> #include <botan/oids.h> +#include <botan/pem.h> namespace Botan { @@ -18,10 +20,6 @@ namespace Botan { PKCS10_Request::PKCS10_Request(DataSource& in) : X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { - is_ca = false; - max_path_len = 0; - constraints_value = NO_CONSTRAINTS; - do_decode(); } @@ -31,9 +29,6 @@ PKCS10_Request::PKCS10_Request(DataSource& in) : PKCS10_Request::PKCS10_Request(const std::string& in) : X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") { - is_ca = false; - max_path_len = 0; - do_decode(); } @@ -50,13 +45,22 @@ void PKCS10_Request::force_decode() throw Decoding_Error("Unknown version code in PKCS #10 request: " + to_string(version)); - cert_req_info.decode(dn); + X509_DN dn_subject; + cert_req_info.decode(dn_subject); + + info.add(dn_subject.contents()); BER_Object public_key = cert_req_info.get_next_object(); if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - pub_key = ASN1::put_in_sequence(public_key.value); + + info.add("X509.Certificate.public_key", + PEM_Code::encode( + ASN1::put_in_sequence(public_key.value), + "PUBLIC KEY" + ) + ); BER_Object attr_bits = cert_req_info.get_next_object(); @@ -78,10 +82,6 @@ void PKCS10_Request::force_decode() cert_req_info.verify_end(); - std::vector<std::string> emails = dn.get_attribute("PKCS9.EmailAddress"); - for(u32bit j = 0; j != emails.size(); ++j) - subject_alt.add_attribute("RFC822", emails[j]); - X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key()); if(sig_check != VERIFIED) throw Decoding_Error("PKCS #10 request: Bad signature detected"); @@ -98,18 +98,17 @@ void PKCS10_Request::handle_attribute(const Attribute& attr) { ASN1_String email; value.decode(email); - subject_alt.add_attribute("RFC822", email.value()); + info.add("RFC822", email.value()); } else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) { ASN1_String challenge_password; value.decode(challenge_password); - challenge = challenge_password.value(); + info.add("PKCS9.ChallengePassword", challenge_password.value()); } else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest")) { BER_Decoder sequence = value.start_cons(SEQUENCE); - while(sequence.more_items()) { Extension extn; @@ -128,7 +127,13 @@ void PKCS10_Request::handle_v3_extension(const Extension& extn) BER_Decoder value(extn.value); if(extn.oid == OIDS::lookup("X509v3.KeyUsage")) - BER::decode(value, constraints_value); + { + Key_Constraints constraints; + BER::decode(value, constraints); + + if(constraints != NO_CONSTRAINTS) + info.add("X509v3.KeyUsage", constraints); + } else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage")) { BER_Decoder key_usage = value.start_cons(SEQUENCE); @@ -136,18 +141,30 @@ void PKCS10_Request::handle_v3_extension(const Extension& extn) { OID usage_oid; key_usage.decode(usage_oid); - ex_constraints_list.push_back(usage_oid); + info.add("X509v3.ExtendedKeyUsage", usage_oid.as_string()); } } else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints")) { - BER_Decoder constraints = value.start_cons(SEQUENCE); - constraints.decode_optional(is_ca, BOOLEAN, UNIVERSAL, false); - constraints.decode_optional(max_path_len, INTEGER, UNIVERSAL, - NO_CERT_PATH_LIMIT); + u32bit max_path_len = 0; + bool is_ca = false; + + value.start_cons(SEQUENCE) + .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false) + .decode_optional(max_path_len, INTEGER, UNIVERSAL, + NO_CERT_PATH_LIMIT) + .verify_end() + .end_cons(); + + info.add("X509v3.BasicConstraints.is_ca", (is_ca ? 1 : 0)); + info.add("X509v3.BasicConstraints.path_constraint", max_path_len); } else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName")) - value.decode(subject_alt); + { + AlternativeName alt_name; + value.decode(alt_name); + info.add(alt_name.contents()); + } else return; @@ -155,43 +172,45 @@ void PKCS10_Request::handle_v3_extension(const Extension& extn) } /************************************************* -* Return the public key of the requestor * +* Return the challenge password (if any) * *************************************************/ -MemoryVector<byte> PKCS10_Request::raw_public_key() const +std::string PKCS10_Request::challenge_password() const { - return pub_key; + return info.get1("PKCS9.ChallengePassword"); } /************************************************* -* Return the public key of the requestor * +* Return the name of the requestor * *************************************************/ -X509_PublicKey* PKCS10_Request::subject_public_key() const +X509_DN PKCS10_Request::subject_dn() const { - return X509::load_key(pub_key); + return create_dn(info); } /************************************************* -* Return the name of the requestor * +* Return the public key of the requestor * *************************************************/ -X509_DN PKCS10_Request::subject_dn() const +MemoryVector<byte> PKCS10_Request::raw_public_key() const { - return dn; + DataSource_Memory source(info.get1("X509.Certificate.public_key")); + return PEM_Code::decode_check_label(source, "PUBLIC KEY"); } /************************************************* -* Return the alternative names of the requestor * +* Return the public key of the requestor * *************************************************/ -AlternativeName PKCS10_Request::subject_alt_name() const +X509_PublicKey* PKCS10_Request::subject_public_key() const { - return subject_alt; + DataSource_Memory source(info.get1("X509.Certificate.public_key")); + return X509::load_key(source); } /************************************************* -* Return the challenge password (if any) * +* Return the alternative names of the requestor * *************************************************/ -std::string PKCS10_Request::challenge_password() const +AlternativeName PKCS10_Request::subject_alt_name() const { - return challenge; + return create_alt_name(info); } /************************************************* @@ -199,7 +218,7 @@ std::string PKCS10_Request::challenge_password() const *************************************************/ Key_Constraints PKCS10_Request::constraints() const { - return constraints_value; + return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); } /************************************************* @@ -207,7 +226,12 @@ Key_Constraints PKCS10_Request::constraints() const *************************************************/ std::vector<OID> PKCS10_Request::ex_constraints() const { - return ex_constraints_list; + std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage"); + + std::vector<OID> result; + for(u32bit j = 0; j != oids.size(); ++j) + result.push_back(OIDS::lookup(oids[j])); + return result; } /************************************************* @@ -215,7 +239,7 @@ std::vector<OID> PKCS10_Request::ex_constraints() const *************************************************/ bool PKCS10_Request::is_CA() const { - return is_ca; + return info.get1_u32bit("X509v3.BasicConstraints.is_ca"); } /************************************************* @@ -223,7 +247,7 @@ bool PKCS10_Request::is_CA() const *************************************************/ u32bit PKCS10_Request::path_limit() const { - return max_path_len; + return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); } } |