aboutsummaryrefslogtreecommitdiffstats
path: root/doc/examples/ca.cpp
blob: 25a3b5a0333d1cd15d59d24868f518951bb2bc9c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
/*
* (C) 2009 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/

/*
  Implement the functionality of a simple CA: read in a CA certificate,
  the associated private key, and a PKCS #10 certificate request. Sign the
  request and print out the new certificate.

  File names are hardcoded for simplicity.
    cacert.pem:    The CA's certificate (perhaps created by self_sig)
    caprivate.pem: The CA's private key
    req.pem:       The user's PKCS #10 certificate request
*/

#include <botan/botan.h>
#include <botan/x509_ca.h>
using namespace Botan;

#include <iostream>
#include <memory>
#include <chrono>

int main(int argc, char* argv[])
   {
   if(argc != 5)
      {
      std::cout << "Usage: " << argv[0] << " <passphrase> "
                << "<ca cert> <ca key> <pkcs10>" << std::endl;
      return 1;
      }

   Botan::LibraryInitializer init;

   try
      {
      const std::string arg_passphrase = argv[1];
      const std::string arg_ca_cert = argv[2];
      const std::string arg_ca_key = argv[3];
      const std::string arg_req_file = argv[4];

      AutoSeeded_RNG rng;

      X509_Certificate ca_cert(arg_ca_cert);

      std::auto_ptr<PKCS8_PrivateKey> privkey(
         PKCS8::load_key(arg_ca_key, rng, arg_passphrase)
         );

      X509_CA ca(ca_cert, *privkey, "SHA-256");

      // got a request
      PKCS10_Request req(arg_req_file);

      // you would insert checks here, and perhaps modify the request
      // (this example should be extended to show how)

      // now sign the request
      auto now = std::chrono::system_clock::now();

      X509_Time start_time(now);

      typedef std::chrono::duration<int, std::ratio<31556926>> years;

      X509_Time end_time(now + years(1));

      X509_Certificate new_cert = ca.sign_request(req, rng,
                                                  start_time, end_time);

      // send the new cert back to the requestor
      std::cout << new_cert.PEM_encode();
   }
   catch(std::exception& e)
      {
      std::cout << e.what() << std::endl;
      return 1;
      }
   return 0;
   }