21031897445

Committed 15 Jan 2026 12:50PM UTC coverage: 90.037% (-0.4%) from 90.395%

Build # 21031897445

Build Type

Pull #5240

github

Committed by

web-flow

Commit Message

Merge 13ffffdd5 into 32478179d

Pull Request Pull Request #5240: Some changes to reduce time taken by the coverage build

Run Details

102027 of 113317 relevant lines covered (90.04%)

11676540.94 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.38

/src/cli/x509.cpp

/*
* (C) 2010,2014,2015,2018 Jack Lloyd
* (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "cli.h"

#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)

   #include <botan/certstor.h>
   #include <botan/data_src.h>
   #include <botan/pk_keys.h>
   #include <botan/pkcs8.h>
   #include <botan/x509_ca.h>
   #include <botan/x509cert.h>
   #include <botan/x509path.h>
   #include <botan/x509self.h>

   #if defined(BOTAN_HAS_OCSP)
      #include <botan/ocsp.h>
   #endif

   #if defined(BOTAN_HAS_CERTSTOR_SYSTEM)
      #include <botan/certstor_system.h>
   #endif

   #include <fstream>

namespace Botan_CLI {

namespace {

std::unique_ptr<Botan::Private_Key> load_private_key(const std::string& key_file, const std::string& passphrase) {
   Botan::DataSource_Stream key_stream(key_file);
   auto key = Botan::PKCS8::load_key(key_stream, passphrase);

   if(!key) {
      throw CLI_Error("Failed to load key from " + key_file);
   }

   return key;
}

void update_stateful_private_key(const Botan::Private_Key& key,
                                 Botan::RandomNumberGenerator& rng,
                                 const std::string& key_file,
                                 const std::string& pass) {
   if(!key.stateful_operation()) {
      return;
   }

   std::ofstream updated_key(key_file);
   if(pass.empty()) {
      updated_key << Botan::PKCS8::PEM_encode(key);
   } else {
      updated_key << Botan::PKCS8::PEM_encode(key, rng, pass);
   }
}

}  // namespace

   #if defined(BOTAN_HAS_CERTSTOR_SYSTEM)

class Trust_Root_Info final : public Command {
   public:
      Trust_Root_Info() : Command("trust_roots --dn --dn-only --display") {}

      std::string group() const override { return "x509"; }

      std::string description() const override { return "List certs in the system trust store"; }

      void go() override {
         const Botan::System_Certificate_Store trust_roots;

         const auto dn_list = trust_roots.all_subjects();

         if(flag_set("dn-only")) {
            for(const auto& dn : dn_list) {
               output() << dn << "\n";
            }
         } else {
            for(const auto& dn : dn_list) {
               // Some certstores have more than one cert with a particular DN
               for(const auto& cert : trust_roots.find_all_certs(dn, std::vector<uint8_t>())) {
                  if(flag_set("dn")) {
                     output() << "# " << dn << "\n";
                  }

                  if(flag_set("display")) {
                     output() << cert.to_string() << "\n";
                  }

                  output() << cert.PEM_encode() << "\n";
               }
            }
         }
      }
};

BOTAN_REGISTER_COMMAND("trust_roots", Trust_Root_Info);

   #endif

class Sign_Cert final : public Command {
   public:
      Sign_Cert() :
            Command("sign_cert --ca-key-pass= --hash= --padding= --emsa= --duration=365 ca_cert ca_key pkcs10_req") {}

      std::string group() const override { return "x509"; }

      std::string description() const override { return "Create a CA-signed X.509 certificate from a PKCS #10 CSR"; }

      void go() override {
         const Botan::X509_Certificate ca_cert(get_arg("ca_cert"));

         const std::string key_file = get_arg("ca_key");
         const std::string pass = get_passphrase_arg("Password for " + key_file, "ca-key-pass");

         // TODO(Botan4) remove --emsa option and this logic
         const std::string padding = [&]() {
            auto p = get_arg("padding");
            auto e = get_arg("emsa");
            if(e.empty() || p == e) {
               return p;
            } else if(p.empty()) {
               return e;
            } else {
               throw CLI_Usage_Error("Use either --padding or --emsa not both");
            }
         }();

         const std::string hash = get_arg("hash");

         auto key = load_private_key(key_file, pass);

         const Botan::X509_CA ca(ca_cert, *key, hash, padding, rng());

         const Botan::PKCS10_Request req(get_arg("pkcs10_req"));

         auto now = std::chrono::system_clock::now();

         const Botan::X509_Time start_time(now);

         typedef std::chrono::duration<int, std::ratio<86400>> days;

         const Botan::X509_Time end_time(now + days(get_arg_sz("duration")));

         const Botan::X509_Certificate new_cert = ca.sign_request(req, rng(), start_time, end_time);
         update_stateful_private_key(*key, rng(), key_file, pass);

         output() << new_cert.PEM_encode();
      }
};

BOTAN_REGISTER_COMMAND("sign_cert", Sign_Cert);

class Cert_Info final : public Command {
   public:
      Cert_Info() : Command("cert_info --fingerprint file") {}

      std::string group() const override { return "x509"; }

      std::string description() const override { return "Parse X.509 certificate and display data fields"; }

      void go() override {
         const std::vector<uint8_t> data = slurp_file(get_arg("file"));

         Botan::DataSource_Memory in(data);

         while(!in.end_of_data()) {
            try {
               const Botan::X509_Certificate cert(in);

               try {
                  output() << cert.to_string() << "\n";
               } catch(Botan::Exception& e) {
                  // to_string failed - report the exception and continue
                  output() << "X509_Certificate::to_string failed: " << e.what() << "\n";
               }

               if(flag_set("fingerprint")) {
                  output() << "Fingerprint: " << cert.fingerprint("SHA-256") << "\n";
               }
            } catch(Botan::Exception& e) {
               if(!in.end_of_data()) {
                  output() << "X509_Certificate parsing failed " << e.what() << "\n";
               }
            }
         }
      }
};

BOTAN_REGISTER_COMMAND("cert_info", Cert_Info);

   #if defined(BOTAN_HAS_OCSP) && defined(BOTAN_HAS_HTTP_UTIL)

class OCSP_Check final : public Command {
   public:
      OCSP_Check() : Command("ocsp_check --timeout=3000 subject issuer") {}

      std::string group() const override { return "x509"; }

      std::string description() const override {
         return "Verify an X.509 certificate against the issuers OCSP responder";
      }

      void go() override {
         const Botan::X509_Certificate subject(get_arg("subject"));
         const Botan::X509_Certificate issuer(get_arg("issuer"));
         const std::chrono::milliseconds timeout(get_arg_sz("timeout"));

         Botan::Certificate_Store_In_Memory cas;
         cas.add_certificate(issuer);
         const Botan::OCSP::Response resp = Botan::OCSP::online_check(issuer, subject, timeout);

         auto status = resp.status_for(issuer, subject, std::chrono::system_clock::now());

         if(status == Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD) {
            output() << "OCSP check OK\n";
         } else {
            output() << "OCSP check failed " << Botan::Path_Validation_Result::status_string(status) << "\n";
         }
      }
};

BOTAN_REGISTER_COMMAND("ocsp_check", OCSP_Check);

   #endif  // OCSP && HTTP

class Cert_Verify final : public Command {
   public:
      Cert_Verify() : Command("cert_verify subject *ca_certs") {}

      std::string group() const override { return "x509"; }

      std::string description() const override {
         return "Verify if the passed X.509 certificate passes path validation";
      }

      void go() override {
         const Botan::X509_Certificate subject_cert(get_arg("subject"));
         Botan::Certificate_Store_In_Memory trusted;

         for(const auto& certfile : get_arg_list("ca_certs")) {
            trusted.add_certificate(Botan::X509_Certificate(certfile));
         }

         const Botan::Path_Validation_Restrictions restrictions;

         const Botan::Path_Validation_Result result = Botan::x509_path_validate(subject_cert, restrictions, trusted);

         if(result.successful_validation()) {
            output() << "Certificate passes validation checks\n";
         } else {
            output() << "Certificate did not validate - " << result.result_string() << "\n";
         }
      }
};

BOTAN_REGISTER_COMMAND("cert_verify", Cert_Verify);

class Gen_Self_Signed final : public Command {
   public:
      Gen_Self_Signed() :
            Command(
               "gen_self_signed key CN --country= --dns= "
               "--organization= --email= --path-limit=1 --days=365 --key-pass= --ca --hash= --padding= --emsa= --der") {
      }

      std::string group() const override { return "x509"; }

      std::string description() const override { return "Generate a self signed X.509 certificate"; }

      void go() override {
         const std::string key_file = get_arg("key");
         const std::string passphrase = get_passphrase_arg("Passphrase for " + key_file, "key-pass");
         auto key = load_private_key(key_file, passphrase);

         const uint32_t lifetime = static_cast<uint32_t>(get_arg_sz("days") * 24 * 60 * 60);

         Botan::X509_Cert_Options opts("", lifetime);

         opts.common_name = get_arg("CN");
         opts.country = get_arg("country");
         opts.organization = get_arg("organization");
         opts.email = get_arg("email");
         opts.more_dns = Command::split_on(get_arg("dns"), ',');
         const bool der_format = flag_set("der");

         // TODO(Botan4) remove --emsa option and this logic
         const std::string padding = [&]() {
            auto p = get_arg("padding");
            auto e = get_arg("emsa");
            if(e.empty() || p == e) {
               return p;
            } else if(p.empty()) {
               return e;
            } else {
               throw CLI_Usage_Error("Use either --padding or --emsa not both");
            }
         }();

         if(padding.empty() == false) {
            opts.set_padding_scheme(padding);
         }

         if(flag_set("ca")) {
            opts.CA_key(get_arg_sz("path-limit"));
         }

         const Botan::X509_Certificate cert = Botan::X509::create_self_signed_cert(opts, *key, get_arg("hash"), rng());
         update_stateful_private_key(*key, rng(), key_file, passphrase);

         if(der_format) {
            auto der = cert.BER_encode();
            output().write(reinterpret_cast<const char*>(der.data()), der.size());
         } else {
            output() << cert.PEM_encode();
         }
      }
};

BOTAN_REGISTER_COMMAND("gen_self_signed", Gen_Self_Signed);

class Generate_PKCS10 final : public Command {
   public:
      Generate_PKCS10() :
            Command(
               "gen_pkcs10 key CN --country= --organization= "
               "--ca --path-limit=1 --email= --dns= --ext-ku= --key-pass= --hash= --padding= --emsa=") {}

      std::string group() const override { return "x509"; }

      std::string description() const override { return "Generate a PKCS #10 certificate signing request (CSR)"; }

      void go() override {
         const std::string key_file = get_arg("key");
         const std::string passphrase = get_passphrase_arg("Passphrase for " + key_file, "key-pass");

         auto key = load_private_key(key_file, passphrase);

         Botan::X509_Cert_Options opts;

         opts.common_name = get_arg("CN");
         opts.country = get_arg("country");
         opts.organization = get_arg("organization");
         opts.email = get_arg("email");
         opts.more_dns = Command::split_on(get_arg("dns"), ',');

         if(flag_set("ca")) {
            opts.CA_key(get_arg_sz("path-limit"));
         }

         for(const std::string& ext_ku : Command::split_on(get_arg("ext-ku"), ',')) {
            opts.add_ex_constraint(ext_ku);
         }

         // TODO(Botan4) remove --emsa option and this logic
         const std::string padding = [&]() {
            auto p = get_arg("padding");
            auto e = get_arg("emsa");
            if(e.empty() || p == e) {
               return p;
            } else if(p.empty()) {
               return e;
            } else {
               throw CLI_Usage_Error("Use either --padding or --emsa not both");
            }
         }();

         if(padding.empty() == false) {
            opts.set_padding_scheme(padding);
         }

         const Botan::PKCS10_Request req = Botan::X509::create_cert_req(opts, *key, get_arg("hash"), rng());
         update_stateful_private_key(*key, rng(), key_file, passphrase);

         output() << req.PEM_encode();
      }
};

BOTAN_REGISTER_COMMAND("gen_pkcs10", Generate_PKCS10);

}  // namespace Botan_CLI

#endif

1	/*
2	* (C) 2010,2014,2015,2018 Jack Lloyd
3	* (C) 2017 René Korthaus, Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "cli.h"
9
10	#if defined(BOTAN_HAS_X509_CERTIFICATES) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
11
12	#include <botan/certstor.h>
13	#include <botan/data_src.h>
14	#include <botan/pk_keys.h>
15	#include <botan/pkcs8.h>
16	#include <botan/x509_ca.h>
17	#include <botan/x509cert.h>
18	#include <botan/x509path.h>
19	#include <botan/x509self.h>
20
21	#if defined(BOTAN_HAS_OCSP)
22	#include <botan/ocsp.h>
23	#endif
24
25	#if defined(BOTAN_HAS_CERTSTOR_SYSTEM)
26	#include <botan/certstor_system.h>
27	#endif
28
29	#include <fstream>
30
31	namespace Botan_CLI {
32
33	namespace {
34
35	std::unique_ptr<Botan::Private_Key> load_private_key(const std::string& key_file, const std::string& passphrase) {	32✔
36	Botan::DataSource_Stream key_stream(key_file);	32✔
37	auto key = Botan::PKCS8::load_key(key_stream, passphrase);	32✔
38
39	if(!key) {	32✔
40	throw CLI_Error("Failed to load key from " + key_file);	×
41	}
42
43	return key;	32✔
44	}	32✔
45
46	void update_stateful_private_key(const Botan::Private_Key& key,	32✔
47	Botan::RandomNumberGenerator& rng,
48	const std::string& key_file,
49	const std::string& pass) {
50	if(!key.stateful_operation()) {	32✔
51	return;	32✔
52	}
53
54	std::ofstream updated_key(key_file);	×
55	if(pass.empty()) {	×
56	updated_key << Botan::PKCS8::PEM_encode(key);	×
57	} else {
58	updated_key << Botan::PKCS8::PEM_encode(key, rng, pass);	×
59	}
60	}	×
61
62	} // namespace
63
64	#if defined(BOTAN_HAS_CERTSTOR_SYSTEM)
65
66	class Trust_Root_Info final : public Command {
67	public:
68	Trust_Root_Info() : Command("trust_roots --dn --dn-only --display") {}	6✔
69
70	std::string group() const override { return "x509"; }	1✔
71
72	std::string description() const override { return "List certs in the system trust store"; }	1✔
73
74	void go() override {	2✔
75	const Botan::System_Certificate_Store trust_roots;	2✔
76
77	const auto dn_list = trust_roots.all_subjects();	2✔
78
79	if(flag_set("dn-only")) {	2✔
80	for(const auto& dn : dn_list) {	147✔
81	output() << dn << "\n";	146✔
82	}
83	} else {
84	for(const auto& dn : dn_list) {	147✔
85	// Some certstores have more than one cert with a particular DN
86	for(const auto& cert : trust_roots.find_all_certs(dn, std::vector<uint8_t>())) {	292✔
87	if(flag_set("dn")) {	146✔
88	output() << "# " << dn << "\n";	×
89	}
90
91	if(flag_set("display")) {	146✔
92	output() << cert.to_string() << "\n";	×
93	}
94
95	output() << cert.PEM_encode() << "\n";	438✔
96	}	146✔
97	}
98	}
99	}	2✔
100	};
101
102	BOTAN_REGISTER_COMMAND("trust_roots", Trust_Root_Info);	3✔
103
104	#endif
105
106	class Sign_Cert final : public Command {
107	public:
108	Sign_Cert() :	13✔
109	Command("sign_cert --ca-key-pass= --hash= --padding= --emsa= --duration=365 ca_cert ca_key pkcs10_req") {}	26✔
110
111	std::string group() const override { return "x509"; }	1✔
112
113	std::string description() const override { return "Create a CA-signed X.509 certificate from a PKCS #10 CSR"; }	1✔
114
115	void go() override {	12✔
116	const Botan::X509_Certificate ca_cert(get_arg("ca_cert"));	24✔
117
118	const std::string key_file = get_arg("ca_key");	12✔
119	const std::string pass = get_passphrase_arg("Password for " + key_file, "ca-key-pass");	24✔
120
121	// TODO(Botan4) remove --emsa option and this logic
122	const std::string padding = [&]() {	×
123	auto p = get_arg("padding");	12✔
124	auto e = get_arg("emsa");	12✔
125	if(e.empty() \|\| p == e) {	12✔
126	return p;	12✔
127	} else if(p.empty()) {	×
128	return e;	×
129	} else {
130	throw CLI_Usage_Error("Use either --padding or --emsa not both");	×
131	}
132	}();	24✔
133
134	const std::string hash = get_arg("hash");	12✔
135
136	auto key = load_private_key(key_file, pass);	12✔
137
138	const Botan::X509_CA ca(ca_cert, *key, hash, padding, rng());	12✔
139
140	const Botan::PKCS10_Request req(get_arg("pkcs10_req"));	24✔
141
142	auto now = std::chrono::system_clock::now();	12✔
143
144	const Botan::X509_Time start_time(now);	12✔
145
146	typedef std::chrono::duration<int, std::ratio<86400>> days;	12✔
147
148	const Botan::X509_Time end_time(now + days(get_arg_sz("duration")));	12✔
149
150	const Botan::X509_Certificate new_cert = ca.sign_request(req, rng(), start_time, end_time);	12✔
151	update_stateful_private_key(*key, rng(), key_file, pass);	12✔
152
153	output() << new_cert.PEM_encode();	24✔
154	}	24✔
155	};
156
157	BOTAN_REGISTER_COMMAND("sign_cert", Sign_Cert);	13✔
158
159	class Cert_Info final : public Command {
160	public:
161	Cert_Info() : Command("cert_info --fingerprint file") {}	4✔
162
163	std::string group() const override { return "x509"; }	2✔
164
165	std::string description() const override { return "Parse X.509 certificate and display data fields"; }	1✔
166
167	void go() override {	1✔
168	const std::vector<uint8_t> data = slurp_file(get_arg("file"));	2✔
169
170	Botan::DataSource_Memory in(data);	1✔
171
172	while(!in.end_of_data()) {	3✔
173	try {	2✔
174	const Botan::X509_Certificate cert(in);	2✔
175
176	try {	1✔
177	output() << cert.to_string() << "\n";	3✔
178	} catch(Botan::Exception& e) {	×
179	// to_string failed - report the exception and continue
180	output() << "X509_Certificate::to_string failed: " << e.what() << "\n";	×
181	}	×
182
183	if(flag_set("fingerprint")) {	1✔
184	output() << "Fingerprint: " << cert.fingerprint("SHA-256") << "\n";	2✔
185	}
186	} catch(Botan::Exception& e) {	2✔
187	if(!in.end_of_data()) {	1✔
188	output() << "X509_Certificate parsing failed " << e.what() << "\n";	×
189	}
190	}	1✔
191	}
192	}	2✔
193	};
194
195	BOTAN_REGISTER_COMMAND("cert_info", Cert_Info);	2✔
196
197	#if defined(BOTAN_HAS_OCSP) && defined(BOTAN_HAS_HTTP_UTIL)
198
199	class OCSP_Check final : public Command {
200	public:
201	OCSP_Check() : Command("ocsp_check --timeout=3000 subject issuer") {}	2✔
202
203	std::string group() const override { return "x509"; }	1✔
204
205	std::string description() const override {	1✔
206	return "Verify an X.509 certificate against the issuers OCSP responder";	1✔
207	}
208
209	void go() override {	×
210	const Botan::X509_Certificate subject(get_arg("subject"));	×
211	const Botan::X509_Certificate issuer(get_arg("issuer"));	×
212	const std::chrono::milliseconds timeout(get_arg_sz("timeout"));	×
213
214	Botan::Certificate_Store_In_Memory cas;	×
215	cas.add_certificate(issuer);	×
216	const Botan::OCSP::Response resp = Botan::OCSP::online_check(issuer, subject, timeout);	×
217
218	auto status = resp.status_for(issuer, subject, std::chrono::system_clock::now());	×
219
220	if(status == Botan::Certificate_Status_Code::OCSP_RESPONSE_GOOD) {	×
221	output() << "OCSP check OK\n";	×
222	} else {
223	output() << "OCSP check failed " << Botan::Path_Validation_Result::status_string(status) << "\n";	×
224	}
225	}	×
226	};
227
228	BOTAN_REGISTER_COMMAND("ocsp_check", OCSP_Check);	1✔
229
230	#endif // OCSP && HTTP
231
232	class Cert_Verify final : public Command {
233	public:
234	Cert_Verify() : Command("cert_verify subject *ca_certs") {}	22✔
235
236	std::string group() const override { return "x509"; }	1✔
237
238	std::string description() const override {	1✔
239	return "Verify if the passed X.509 certificate passes path validation";	1✔
240	}
241
242	void go() override {	10✔
243	const Botan::X509_Certificate subject_cert(get_arg("subject"));	20✔
244	Botan::Certificate_Store_In_Memory trusted;	10✔
245
246	for(const auto& certfile : get_arg_list("ca_certs")) {	19✔
247	trusted.add_certificate(Botan::X509_Certificate(certfile));	9✔
248	}	10✔
249
250	const Botan::Path_Validation_Restrictions restrictions;	20✔
251
252	const Botan::Path_Validation_Result result = Botan::x509_path_validate(subject_cert, restrictions, trusted);	10✔
253
254	if(result.successful_validation()) {	10✔
255	output() << "Certificate passes validation checks\n";	5✔
256	} else {
257	output() << "Certificate did not validate - " << result.result_string() << "\n";	15✔
258	}
259	}	10✔
260	};
261
262	BOTAN_REGISTER_COMMAND("cert_verify", Cert_Verify);	11✔
263
264	class Gen_Self_Signed final : public Command {
265	public:
266	Gen_Self_Signed() :	9✔
267	Command(
268	"gen_self_signed key CN --country= --dns= "
269	"--organization= --email= --path-limit=1 --days=365 --key-pass= --ca --hash= --padding= --emsa= --der") {	9✔
270	}	9✔
271
272	std::string group() const override { return "x509"; }	1✔
273
274	std::string description() const override { return "Generate a self signed X.509 certificate"; }	1✔
275
276	void go() override {	8✔
277	const std::string key_file = get_arg("key");	8✔
278	const std::string passphrase = get_passphrase_arg("Passphrase for " + key_file, "key-pass");	16✔
279	auto key = load_private_key(key_file, passphrase);	8✔
280
281	const uint32_t lifetime = static_cast<uint32_t>(get_arg_sz("days") * 24 * 60 * 60);	8✔
282
283	Botan::X509_Cert_Options opts("", lifetime);	8✔
284
285	opts.common_name = get_arg("CN");	8✔
286	opts.country = get_arg("country");	8✔
287	opts.organization = get_arg("organization");	8✔
288	opts.email = get_arg("email");	8✔
289	opts.more_dns = Command::split_on(get_arg("dns"), ',');	8✔
290	const bool der_format = flag_set("der");	8✔
291
292	// TODO(Botan4) remove --emsa option and this logic
293	const std::string padding = [&]() {	24✔
294	auto p = get_arg("padding");	8✔
295	auto e = get_arg("emsa");	8✔
296	if(e.empty() \|\| p == e) {	8✔
297	return p;	8✔
298	} else if(p.empty()) {	×
299	return e;	×
300	} else {
301	throw CLI_Usage_Error("Use either --padding or --emsa not both");	×
302	}
303	}();	16✔
304
305	if(padding.empty() == false) {	8✔
306	opts.set_padding_scheme(padding);	×
307	}
308
309	if(flag_set("ca")) {	8✔
310	opts.CA_key(get_arg_sz("path-limit"));	16✔
311	}
312
313	const Botan::X509_Certificate cert = Botan::X509::create_self_signed_cert(opts, *key, get_arg("hash"), rng());	16✔
314	update_stateful_private_key(*key, rng(), key_file, passphrase);	8✔
315
316	if(der_format) {	8✔
317	auto der = cert.BER_encode();	×
318	output().write(reinterpret_cast<const char*>(der.data()), der.size());	×
319	} else {	×
320	output() << cert.PEM_encode();	16✔
321	}
322	}	16✔
323	};
324
325	BOTAN_REGISTER_COMMAND("gen_self_signed", Gen_Self_Signed);	9✔
326
327	class Generate_PKCS10 final : public Command {
328	public:
329	Generate_PKCS10() :	13✔
330	Command(
331	"gen_pkcs10 key CN --country= --organization= "
332	"--ca --path-limit=1 --email= --dns= --ext-ku= --key-pass= --hash= --padding= --emsa=") {}	26✔
333
334	std::string group() const override { return "x509"; }	1✔
335
336	std::string description() const override { return "Generate a PKCS #10 certificate signing request (CSR)"; }	1✔
337
338	void go() override {	12✔
339	const std::string key_file = get_arg("key");	12✔
340	const std::string passphrase = get_passphrase_arg("Passphrase for " + key_file, "key-pass");	24✔
341
342	auto key = load_private_key(key_file, passphrase);	12✔
343
344	Botan::X509_Cert_Options opts;	12✔
345
346	opts.common_name = get_arg("CN");	12✔
347	opts.country = get_arg("country");	12✔
348	opts.organization = get_arg("organization");	12✔
349	opts.email = get_arg("email");	12✔
350	opts.more_dns = Command::split_on(get_arg("dns"), ',');	12✔
351
352	if(flag_set("ca")) {	12✔
353	opts.CA_key(get_arg_sz("path-limit"));	8✔
354	}
355
356	for(const std::string& ext_ku : Command::split_on(get_arg("ext-ku"), ',')) {	12✔
357	opts.add_ex_constraint(ext_ku);	×
358	}	12✔
359
360	// TODO(Botan4) remove --emsa option and this logic
361	const std::string padding = [&]() {	36✔
362	auto p = get_arg("padding");	12✔
363	auto e = get_arg("emsa");	12✔
364	if(e.empty() \|\| p == e) {	12✔
365	return p;	12✔
366	} else if(p.empty()) {	×
367	return e;	×
368	} else {
369	throw CLI_Usage_Error("Use either --padding or --emsa not both");	×
370	}
371	}();	24✔
372
373	if(padding.empty() == false) {	12✔
374	opts.set_padding_scheme(padding);	×
375	}
376
377	const Botan::PKCS10_Request req = Botan::X509::create_cert_req(opts, *key, get_arg("hash"), rng());	24✔
378	update_stateful_private_key(*key, rng(), key_file, passphrase);	12✔
379
380	output() << req.PEM_encode();	24✔
381	}	24✔
382	};
383
384	BOTAN_REGISTER_COMMAND("gen_pkcs10", Generate_PKCS10);	13✔
385
386	} // namespace Botan_CLI
387
388	#endif

randombit / botan / 21031897445

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous