1 /* 2 * PKCS #10 3 * (C) 1999-2007 Jack Lloyd 4 * (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity 5 * 6 * Botan is released under the Simplified BSD License (see license.txt) 7 */ 8 9 #ifndef BOTAN_PKCS10_H_ 10 #define BOTAN_PKCS10_H_ 11 12 #include <botan/x509_obj.h> 13 #include <botan/pkix_enums.h> 14 #include <vector> 15 16 namespace Botan { 17 18 struct PKCS10_Data; 19 20 class Private_Key; 21 class Extensions; 22 class X509_DN; 23 class AlternativeName; 24 25 /** 26 * PKCS #10 Certificate Request. 27 */ 28 class BOTAN_PUBLIC_API(2,0) PKCS10_Request final : public X509_Object 29 { 30 public: 31 /** 32 * Get the subject public key. 33 * @return subject public key 34 */ 35 Public_Key* subject_public_key() const; 36 37 /** 38 * Get the raw DER encoded public key. 39 * @return raw DER encoded public key 40 */ 41 const std::vector<uint8_t>& raw_public_key() const; 42 43 /** 44 * Get the subject DN. 45 * @return subject DN 46 */ 47 const X509_DN& subject_dn() const; 48 49 /** 50 * Get the subject alternative name. 51 * @return subject alternative name. 52 */ 53 const AlternativeName& subject_alt_name() const; 54 55 /** 56 * Get the key constraints for the key associated with this 57 * PKCS#10 object. 58 * @return key constraints 59 */ 60 Key_Constraints constraints() const; 61 62 /** 63 * Get the extendend key constraints (if any). 64 * @return extended key constraints 65 */ 66 std::vector<OID> ex_constraints() const; 67 68 /** 69 * Find out whether this is a CA request. 70 * @result true if it is a CA request, false otherwise. 71 */ 72 bool is_CA() const; 73 74 /** 75 * Return the constraint on the path length defined 76 * in the BasicConstraints extension. 77 * @return path limit 78 */ 79 size_t path_limit() const; 80 81 /** 82 * Get the challenge password for this request 83 * @return challenge password for this request 84 */ 85 std::string challenge_password() const; 86 87 /** 88 * Get the X509v3 extensions. 89 * @return X509v3 extensions 90 */ 91 const Extensions& extensions() const; 92 93 /** 94 * Create a PKCS#10 Request from a data source. 95 * @param source the data source providing the DER encoded request 96 */ 97 explicit PKCS10_Request(DataSource& source); 98 99 #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) 100 /** 101 * Create a PKCS#10 Request from a file. 102 * @param filename the name of the file containing the DER or PEM 103 * encoded request file 104 */ 105 explicit PKCS10_Request(const std::string& filename); 106 #endif 107 108 /** 109 * Create a PKCS#10 Request from binary data. 110 * @param vec a std::vector containing the DER value 111 */ 112 explicit PKCS10_Request(const std::vector<uint8_t>& vec); 113 114 /** 115 * Create a new PKCS10 certificate request 116 * @param key the key that will be included in the certificate request 117 * @param subject_dn the DN to be placed in the request 118 * @param extensions extensions to include in the request 119 * @param hash_fn the hash function to use to create the signature 120 * @param rng a random number generator 121 * @param padding_scheme if set specifies the padding scheme, otherwise an 122 * algorithm-specific default is used. 123 * @param challenge a challenge string to be included in the PKCS10 request, 124 * sometimes used for revocation purposes. 125 */ 126 static PKCS10_Request create(const Private_Key& key, 127 const X509_DN& subject_dn, 128 const Extensions& extensions, 129 const std::string& hash_fn, 130 RandomNumberGenerator& rng, 131 const std::string& padding_scheme = "", 132 const std::string& challenge = ""); 133 134 private: 135 std::string PEM_label() const override; 136 137 std::vector<std::string> alternate_PEM_labels() const override; 138 139 void force_decode() override; 140 141 const PKCS10_Data& data() const; 142 143 std::shared_ptr<PKCS10_Data> m_data; 144 }; 145 146 } 147 148 #endif 149