monotone

monotone Mtn Source Tree

Root/botan/pkcs10.cpp

1/*************************************************
2* PKCS #10 Source File *
3* (C) 1999-2005 The Botan Project *
4*************************************************/
5
6#include <botan/pkcs10.h>
7#include <botan/parsing.h>
8#include <botan/x509stor.h>
9#include <botan/oids.h>
10
11namespace Botan {
12
13/*************************************************
14* PKCS10_Request Constructor *
15*************************************************/
16PKCS10_Request::PKCS10_Request(DataSource& in) :
17 X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
18 {
19 is_ca = false;
20 max_path_len = 0;
21 constraints_value = NO_CONSTRAINTS;
22
23 do_decode();
24 }
25
26/*************************************************
27* PKCS10_Request Constructor *
28*************************************************/
29PKCS10_Request::PKCS10_Request(const std::string& in) :
30 X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
31 {
32 is_ca = false;
33 max_path_len = 0;
34
35 do_decode();
36 }
37
38/*************************************************
39* Deocde the CertificateRequestInfo *
40*************************************************/
41void PKCS10_Request::force_decode()
42 {
43 BER_Decoder cert_req_info(tbs_bits);
44
45 u32bit version;
46 BER::decode(cert_req_info, version);
47 if(version != 0)
48 throw Decoding_Error("Unknown version code in PKCS #10 request: " +
49 to_string(version));
50
51 BER::decode(cert_req_info, dn);
52
53 BER_Object public_key = cert_req_info.get_next_object();
54 if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
55 throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
56 public_key.type_tag, public_key.class_tag);
57 pub_key = DER::put_in_sequence(public_key.value);
58
59 BER_Object attr_bits = cert_req_info.get_next_object();
60
61 if(attr_bits.type_tag == 0 &&
62 attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
63 {
64 BER_Decoder attributes(attr_bits.value);
65 while(attributes.more_items())
66 {
67 Attribute attr;
68 BER::decode(attributes, attr);
69 handle_attribute(attr);
70 }
71 attributes.verify_end();
72 }
73 else if(attr_bits.type_tag != NO_OBJECT)
74 throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
75 attr_bits.type_tag, attr_bits.class_tag);
76
77 cert_req_info.verify_end();
78
79 std::vector<std::string> emails = dn.get_attribute("PKCS9.EmailAddress");
80 for(u32bit j = 0; j != emails.size(); j++)
81 subject_alt.add_attribute("RFC822", emails[j]);
82
83 X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key());
84 if(sig_check != VERIFIED)
85 throw Decoding_Error("PKCS #10 request: Bad signature detected");
86 }
87
88/*************************************************
89* Handle attributes in a PKCS #10 request *
90*************************************************/
91void PKCS10_Request::handle_attribute(const Attribute& attr)
92 {
93 BER_Decoder value(attr.parameters);
94
95 if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
96 {
97 ASN1_String email;
98 BER::decode(value, email);
99 subject_alt.add_attribute("RFC822", email.value());
100 }
101 else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
102 {
103 ASN1_String challenge_password;
104 BER::decode(value, challenge_password);
105 challenge = challenge_password.value();
106 }
107 else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
108 {
109 BER_Decoder sequence = BER::get_subsequence(value);
110
111 while(sequence.more_items())
112 {
113 Extension extn;
114 BER::decode(sequence, extn);
115 handle_v3_extension(extn);
116 }
117 sequence.verify_end();
118 }
119 }
120
121/*************************************************
122* Decode a requested X.509v3 extension *
123*************************************************/
124void PKCS10_Request::handle_v3_extension(const Extension& extn)
125 {
126 BER_Decoder value(extn.value);
127
128 if(extn.oid == OIDS::lookup("X509v3.KeyUsage"))
129 BER::decode(value, constraints_value);
130 else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage"))
131 {
132 BER_Decoder key_usage = BER::get_subsequence(value);
133 while(key_usage.more_items())
134 {
135 OID usage_oid;
136 BER::decode(key_usage, usage_oid);
137 ex_constraints_list.push_back(usage_oid);
138 }
139 }
140 else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints"))
141 {
142 BER_Decoder constraints = BER::get_subsequence(value);
143 BER::decode_optional(constraints, is_ca, BOOLEAN, UNIVERSAL, false);
144 BER::decode_optional(constraints, max_path_len,
145 INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
146 }
147 else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName"))
148 BER::decode(value, subject_alt);
149 else
150 return;
151
152 value.verify_end();
153 }
154
155/*************************************************
156* Return the public key of the requestor *
157*************************************************/
158MemoryVector<byte> PKCS10_Request::raw_public_key() const
159 {
160 return pub_key;
161 }
162
163/*************************************************
164* Return the public key of the requestor *
165*************************************************/
166X509_PublicKey* PKCS10_Request::subject_public_key() const
167 {
168 return X509::load_key(pub_key);
169 }
170
171/*************************************************
172* Return the name of the requestor *
173*************************************************/
174X509_DN PKCS10_Request::subject_dn() const
175 {
176 return dn;
177 }
178
179/*************************************************
180* Return the alternative names of the requestor *
181*************************************************/
182AlternativeName PKCS10_Request::subject_alt_name() const
183 {
184 return subject_alt;
185 }
186
187/*************************************************
188* Return the challenge password (if any) *
189*************************************************/
190std::string PKCS10_Request::challenge_password() const
191 {
192 return challenge;
193 }
194
195/*************************************************
196* Return the key constraints (if any) *
197*************************************************/
198Key_Constraints PKCS10_Request::constraints() const
199 {
200 return constraints_value;
201 }
202
203/*************************************************
204* Return the extendend key constraints (if any) *
205*************************************************/
206std::vector<OID> PKCS10_Request::ex_constraints() const
207 {
208 return ex_constraints_list;
209 }
210
211/*************************************************
212* Return is a CA certificate is requested *
213*************************************************/
214bool PKCS10_Request::is_CA() const
215 {
216 return is_ca;
217 }
218
219/*************************************************
220* Return the desired path limit (if any) *
221*************************************************/
222u32bit PKCS10_Request::path_limit() const
223 {
224 return max_path_len;
225 }
226
227}

Archive Download this file

Branches

Tags

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status