/* * Sign a PKCS #10 certificate request */ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, RandomNumberGenerator& rng, const X509_Time& not_before, const X509_Time& not_after) { Key_Constraints constraints; if(req.is_CA()) { constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN); } else { std::unique_ptr<Public_Key> key(req.subject_public_key()); verify_cert_constraints_valid_for_key_type(*key, req.constraints()); constraints = req.constraints(); } Extensions extensions = req.extensions(); extensions.replace( new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()), true); if(constraints != NO_CONSTRAINTS) { extensions.replace(new Cert_Extension::Key_Usage(constraints), true); } extensions.replace(new Cert_Extension::Authority_Key_ID(m_cert.subject_key_id())); extensions.replace(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.replace( new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); extensions.replace( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); return make_cert(m_signer, rng, m_ca_sig_algo, req.raw_public_key(), not_before, not_after, m_cert.subject_dn(), req.subject_dn(), extensions); }
/* * Sign a PKCS #10 certificate request */ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, RandomNumberGenerator& rng, const X509_Time& not_before, const X509_Time& not_after) { Key_Constraints constraints; if(req.is_CA()) constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN); else { std::unique_ptr<Public_Key> key(req.subject_public_key()); constraints = find_constraints(*key, req.constraints()); } Extensions extensions; extensions.add( new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()), true); extensions.add(new Cert_Extension::Key_Usage(constraints), true); extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); extensions.add( new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); extensions.add( new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); return make_cert(signer, rng, ca_sig_algo, req.raw_public_key(), not_before, not_after, cert.subject_dn(), req.subject_dn(), extensions); }