Example #1
0
/*
* Sign a PKCS #10 certificate request
*/
X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
                                       RandomNumberGenerator& rng,
                                       const X509_Time& not_before,
                                       const X509_Time& not_after)
   {
   Key_Constraints constraints;
   if(req.is_CA())
      {
      constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
      }
   else
      {
      std::unique_ptr<Public_Key> key(req.subject_public_key());
      verify_cert_constraints_valid_for_key_type(*key, req.constraints());
      constraints = req.constraints();
      }

   Extensions extensions = req.extensions();

   extensions.replace(
      new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()),
      true);

   if(constraints != NO_CONSTRAINTS)
      {
      extensions.replace(new Cert_Extension::Key_Usage(constraints), true);
      }

   extensions.replace(new Cert_Extension::Authority_Key_ID(m_cert.subject_key_id()));
   extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key()));

   extensions.replace(
      new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));

   extensions.replace(
      new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));

   return make_cert(m_signer, rng, m_ca_sig_algo,
                    req.raw_public_key(),
                    not_before, not_after,
                    m_cert.subject_dn(), req.subject_dn(),
                    extensions);
   }