예제 #1
0
파일: x509_ca.cpp 프로젝트: ChrisBFX/botan
/*
* Load the certificate and private key
*/
X509_CA::X509_CA(const X509_Certificate& c,
                 const Private_Key& key,
                 const std::string& hash_fn) : m_cert(c)
   {
   if(!m_cert.is_CA_cert())
      throw Invalid_Argument("X509_CA: This certificate is not for a CA");

   m_signer = choose_sig_format(key, hash_fn, m_ca_sig_algo);
   }
예제 #2
0
/*
* Create a new self-signed X.509 certificate
*/
X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
                                         const Private_Key& key,
                                         const std::string& hash_fn,
                                         RandomNumberGenerator& rng)
   {
   AlgorithmIdentifier sig_algo;
   X509_DN subject_dn;
   AlternativeName subject_alt;

   // for now, only the padding option is used
   std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };

   const std::vector<uint8_t> pub_key = X509::BER_encode(key);
   std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));
   load_info(opts, subject_dn, subject_alt);

   Extensions extensions = opts.extensions;

   Key_Constraints constraints;
   if(opts.is_CA)
      {
      constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
      }
   else
      {
      verify_cert_constraints_valid_for_key_type(key, opts.constraints);
      constraints = opts.constraints;
      }

   extensions.add_new(
      new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
      true);

   if(constraints != NO_CONSTRAINTS)
      {
      extensions.add_new(new Cert_Extension::Key_Usage(constraints), true);
      }

   std::unique_ptr<Cert_Extension::Subject_Key_ID> skid(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn));

   extensions.add_new(new Cert_Extension::Authority_Key_ID(skid->get_key_id()));
   extensions.add_new(skid.release());

   extensions.add_new(
      new Cert_Extension::Subject_Alternative_Name(subject_alt));

   extensions.add_new(
      new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));

   return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
                             opts.start, opts.end,
                             subject_dn, subject_dn,
                             extensions);
   }
예제 #3
0
/*
* Create a new self-signed X.509 certificate
*/
X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
                                         const Private_Key& key,
                                         const std::string& hash_fn,
                                         RandomNumberGenerator& rng)
   {
   AlgorithmIdentifier sig_algo;
   X509_DN subject_dn;
   AlternativeName subject_alt;

   std::vector<byte> pub_key = X509::BER_encode(key);
   std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
   load_info(opts, subject_dn, subject_alt);

   Key_Constraints constraints;
   if(opts.is_CA)
      {
      constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
      }
   else
      {
      verify_cert_constraints_valid_for_key_type(key, opts.constraints);
      constraints = opts.constraints;
      }

   Extensions extensions;

   extensions.add(
      new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
      true);

   if(constraints != NO_CONSTRAINTS)
      {
      extensions.add(new Cert_Extension::Key_Usage(constraints), true);
      }

   extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));

   extensions.add(
      new Cert_Extension::Subject_Alternative_Name(subject_alt));

   extensions.add(
      new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));

   return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
                             opts.start, opts.end,
                             subject_dn, subject_dn,
                             extensions);
   }
예제 #4
0
파일: x509self.cpp 프로젝트: Stautob/botan
/*
* Create a PKCS #10 certificate request
*/
PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
                               const Private_Key& key,
                               const std::string& hash_fn,
                               RandomNumberGenerator& rng)
   {
   AlgorithmIdentifier sig_algo;
   X509_DN subject_dn;
   AlternativeName subject_alt;

   opts.sanity_check();

   std::vector<byte> pub_key = X509::BER_encode(key);
   std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
   load_info(opts, subject_dn, subject_alt);

   const size_t PKCS10_VERSION = 0;

   Extensions extensions;

   extensions.add(
      new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
   extensions.add(
      new Cert_Extension::Key_Usage(
         opts.is_CA ? Key_Constraints(KEY_CERT_SIGN | CRL_SIGN) :
                      find_constraints(key, opts.constraints)
         )
      );
   extensions.add(
      new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
   extensions.add(
      new Cert_Extension::Subject_Alternative_Name(subject_alt));

   DER_Encoder tbs_req;

   tbs_req.start_cons(SEQUENCE)
      .encode(PKCS10_VERSION)
      .encode(subject_dn)
      .raw_bytes(pub_key)
      .start_explicit(0);

   if(opts.challenge != "")
      {
      ASN1_String challenge(opts.challenge, DIRECTORY_STRING);

      tbs_req.encode(
         Attribute("PKCS9.ChallengePassword",
                   DER_Encoder().encode(challenge).get_contents_unlocked()
            )
         );
      }

   tbs_req.encode(
      Attribute("PKCS9.ExtensionRequest",
                DER_Encoder()
                   .start_cons(SEQUENCE)
                      .encode(extensions)
                   .end_cons()
               .get_contents_unlocked()
         )
      )
      .end_explicit()
      .end_cons();

   const std::vector<byte> req =
      X509_Object::make_signed(signer.get(), rng, sig_algo,
                               tbs_req.get_contents());

   return PKCS10_Request(req);
   }