WvStreams
|
X509 Class to handle certificates and their related functions. More...
#include <wvx509.h>
Classes | |
struct | PolicyMap |
Public Types | |
enum | DumpMode { CertPEM = 0, CertDER, CertHex, CertFilePEM, CertFileDER } |
Type for the encode() and decode() methods. More... | |
enum | FprintMode { FingerMD5 = 0, FingerSHA1 } |
Public Member Functions | |
WvX509 () | |
Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it... More... | |
WvX509 (X509 *_cert) | |
Initialize a blank X509 Object with the certificate *cert (used for client side operations...) More... | |
WvX509 (const WvX509 &x509) | |
Copy Constructor. | |
virtual | ~WvX509 () |
Destructor. | |
X509 * | get_cert () |
Allow us to access the certificate member - this will be going away eventually, but for now, it gets us out of a couple of issues :/. | |
void | set_pubkey (WvRSAKey &rsa_pubkey) |
Set the public key of the certificate to the public key rsa_pubkey. | |
bool | validate (WvX509 *cacert=NULL) const |
Function to verify the validity of a certificate that has been placed in cert. More... | |
bool | signedbyca (WvX509 &cacert) const |
Check the certificate in cert against the CA certificate in cacert. More... | |
bool | issuedbyca (WvX509 &cacert) const |
Check to see if the certificate in cert was issued by the CA certificate in cacert. More... | |
bool | verify (WvBuf &original, WvStringParm signature) const |
Verify that the contents of data were signed by the certificate currently in cert. More... | |
bool | verify (WvStringParm original, WvStringParm signature) const |
WvString | encode (const DumpMode mode) const |
Return the information requested by mode. | |
void | encode (const DumpMode mode, WvBuf &buf) const |
virtual void | decode (const DumpMode mode, WvStringParm str) |
Load the information from the format requested by mode into the class - this overwrites the certificate. | |
virtual void | decode (const DumpMode mode, WvBuf &encoded) |
WvString | get_issuer () const |
Get and set the Certificate Issuer (usually the CA who signed the certificate). | |
void | set_issuer (WvStringParm name) |
void | set_issuer (const WvX509 &cacert) |
WvString | get_subject () const |
get and set the Subject field of the certificate | |
void | set_subject (WvStringParm name) |
void | set_subject (X509_NAME *name) |
WvString | get_serial (bool hex=false) const |
get and set the serialNumber field of the certificate | |
void | set_serial (long serial_no) |
WvString | get_nscomment () const |
get and set the Netscape Comment extension | |
void | set_nscomment (WvStringParm comment) |
WvString | get_nsserver () const |
get and set the Netscape SSL Server extension | |
void | set_nsserver (WvStringParm server_fqdn) |
WvString | get_crl_dp () const |
get the CRL Distribution points if they exist, WvString::null if they don't. | |
bool | get_policies (WvStringList &policy_oids) const |
Get any certificate Policy OIDs. More... | |
void | set_policies (WvStringList &policy_oids) |
Set the Certificate Policy OIDs in the certificate to that of the input array. | |
void | set_version () |
Set the Certificate to use X509v3, since that's all modern PKI uses anyways :) | |
WvString | get_key_usage () const |
Get and set the keyUsage field. | |
void | set_key_usage (WvStringParm values) |
WvString | get_ext_key_usage () const |
Get and set the extendedKeyUsage field. | |
void | set_ext_key_usage (WvStringParm values) |
WvString | get_altsubject () const |
Return the Subject alt name if it exists, and WvString::null if it doesn't. | |
void | set_altsubject (WvStringParm name) |
Set the Subject Alt Name. | |
bool | get_basic_constraints (bool &ca, int &pathlen) const |
Get the values in the basic constraints extension. More... | |
void | set_basic_constraints (bool ca, int pathlen) |
Set the values in the basic constraints extension. | |
bool | get_policy_constraints (int &require_explicit_policy, int &inhibit_policy_mapping) const |
Get the values in the policy constraints extension. More... | |
void | set_policy_constraints (int require_explicit_policy, int inhibit_policy_mapping) |
Set the values in the policy constraints extension. | |
DeclareWvList (PolicyMap) | |
bool | get_policy_mapping (PolicyMapList &list) const |
Get the policy mappings for this certificate. More... | |
void | set_policy_mapping (PolicyMapList &list) |
Set the policy mappings for this certificate. | |
time_t | get_notvalid_before () const |
Return the not before and not after in a format we're more able to easily use. | |
time_t | get_notvalid_after () const |
void | set_lifetime (long seconds) |
Set the lifetime to be used for this certificate... More... | |
WvString | get_aia () const |
Get the authority info access information. More... | |
void | set_aia (WvStringList &ca_urls, WvStringList &responders) |
Set a list of urls that have the Certificate of the CA that issued this certificate, as well as the list of OCSP responders for this certificate. | |
void | get_ocsp (WvStringList &responders) const |
Get a list of OCSP Responders for this certificate. | |
void | get_ca_urls (WvStringList &urls) const |
Get a list of urls that have the Certificate of the CA that issued this certificate. | |
void | get_crl_urls (WvStringList &urls) const |
Get a list of URLs that are valid CRL distribution points for this certificate. | |
void | set_crl_urls (WvStringList &urls) |
Set the list of URLs that are valid CRL distribution points for this certificate. | |
WvString | get_ski () const |
Get the Subject Key Info. | |
WvString | get_aki () const |
Get the Authority key Info. | |
WvString | get_fingerprint (const FprintMode mode=FingerSHA1) const |
Get the certHash (fingerprint) of the certificate. | |
virtual bool | isok () const |
Is the certificate object valid? | |
virtual WvString | errstr () const |
Returns an error string if isok() is not true. | |
bool | operator! () const |
The not operator returns true if !isok() | |
virtual unsigned int | addRef ()=0 |
Indicate you are using this object. More... | |
virtual unsigned int | release ()=0 |
Indicate that you are finished using this object. More... | |
virtual IObject * | getInterface (const UUID &)=0 |
Returns the requested XPLC interface. More... | |
virtual IWeakRef * | getWeakRef ()=0 |
Return a weak reference to this object. More... | |
Static Public Member Functions | |
static WvString | certreq (WvStringParm subject, const WvRSAKey &rsa) |
Create a certificate request (PKCS#10) using this function. More... | |
Friends | |
class | WvCRL |
class | WvX509Mgr |
class | WvOCSPReq |
class | WvOCSPResp |
X509 Class to handle certificates and their related functions.
enum WvX509::DumpMode |
Type for the encode() and decode() methods.
CertPEM = PEM Encoded X.509 Certificate CertDER = DER Encoded X.509 Certificate CertHex = DER Encoded X.509 Certificate in hexified form CertFilePEM = PEM Encoded X.509 Certificate from file CertFileDER = DER Encoded X.509 Certificate from file
CertFilePEM and CertFileDER are only valid modes for decode(), calling encode with these modes will result in no effect.
WvX509::WvX509 | ( | ) |
WvX509::WvX509 | ( | X509 * | _cert | ) |
Initialize a blank X509 Object with the certificate *cert (used for client side operations...)
This either initializes a completely empty object, or takes _cert, and extracts the distinguished name into dname, and the RSA public key into rsa. rsa->prv is empty.
Create a certificate request (PKCS#10) using this function.
. this request is what you would send off to Verisign, or Entrust.net (or any other CA), to get your real certificate. It leaves the RSA key pair in rsa, where you MUST save it for the certificate to be AT ALL valid when you get it back. Returns a PEM Encoded PKCS#10 certificate request, and leaves the RSA keypair in rsa.
Definition at line 266 of file wvx509.cc.
References WvBufBase< unsigned char >::getstr().
Referenced by WvX509Mgr::signreq().
bool WvX509::validate | ( | WvX509 * | cacert = NULL | ) | const |
Function to verify the validity of a certificate that has been placed in cert.
It checks and make sure that it was signed by the CA certificate cacert, as well as that it is not expired (or not yet valid).
Definition at line 359 of file wvx509.cc.
References issuedbyca(), and signedbyca().
Referenced by WvSSLStream::post_select().
bool WvX509::signedbyca | ( | WvX509 & | cacert | ) | const |
Check the certificate in cert against the CA certificate in cacert.
Definition at line 393 of file wvx509.cc.
References get_subject().
Referenced by validate().
bool WvX509::issuedbyca | ( | WvX509 & | cacert | ) | const |
Check to see if the certificate in cert was issued by the CA certificate in cacert.
Note: You are going on the certificate's say-so by using this function. You may also want to use signedbyca to check if the certificate is actually signed by who it claims to be issued by.
Definition at line 422 of file wvx509.cc.
Referenced by validate().
bool WvX509::verify | ( | WvBuf & | original, |
WvStringParm | signature | ||
) | const |
Verify that the contents of data were signed by the certificate currently in cert.
This only checks the signature, it doesn't check the validity of the certificate.
Definition at line 1314 of file wvx509.cc.
References WvEncoder::flushstrmem(), WvBufBaseCommonImpl< T >::peek(), and WvBufBaseCommonImpl< T >::used().
bool WvX509::get_policies | ( | WvStringList & | policy_oids | ) | const |
bool WvX509::get_basic_constraints | ( | bool & | ca, |
int & | pathlen | ||
) | const |
bool WvX509::get_policy_constraints | ( | int & | require_explicit_policy, |
int & | inhibit_policy_mapping | ||
) | const |
Get the values in the policy constraints extension.
Returns true if the policy constraints extension exists, false otherwise.
bool WvX509::get_policy_mapping | ( | PolicyMapList & | list | ) | const |
Get the policy mappings for this certificate.
Returns true if there were any policy mappings to be found.
void WvX509::set_lifetime | ( | long | seconds | ) |
Set the lifetime to be used for this certificate...
the lifetime starts from the minute that the certificate is signed...
Definition at line 744 of file wvx509.cc.
Referenced by WvX509Mgr::create_selfissued(), and WvX509Mgr::signreq().
WvString WvX509::get_aia | ( | ) | const |
Get the authority info access information.
Usually includes a list of URLs where the issuer's CA certificate may be fetched, as well as a list of OCSP responders. Note that this function returns this information in a giant string: get_ca_urls and get_ocsp may return this information in a more useful format.
Definition at line 1006 of file wvx509.cc.
Referenced by get_ca_urls(), and get_ocsp().
|
pure virtualinherited |
Indicate you are using this object.
This increases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.
This called a "strong reference", because they will prevent the object from being destroyed. They should thus be used carefully, as they control the lifetime of the object. For example, you do not need to call addRef() on object passed as parameters, unless you intend on keeping them.
addRef() is often called automatically for you in XPLC, but you'll have to call release() by hand sometimes unless you use xplc_ptr.
Referenced by WvIStreamList::execute(), IObjectImplInternal::getInterface(), StaticServiceHandler::getObject(), WeakRef::getObject(), WvIStreamList::post_select(), WvQtStreamClone::WvQtStreamClone(), and WvSSLStream::WvSSLStream().
|
pure virtualinherited |
Indicate that you are finished using this object.
This decreases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.
You will usually need to manually release() any object given to you by any other XPLC function, unless you give the object to someone else who will call release.
If you use xplc_ptr, it will do this for you.
Referenced by WvIStreamList::execute(), mutate(), NewMoniker::resolve(), and MonikerService::resolve().
Returns the requested XPLC interface.
Will return NULL if the interface is not supported. The returned interface has been addRef()ed, so you will need to release() it when done. Note that the interface returned may be a pointer to the same object or a different one - that's none of your business. Asking for the IObject interface should always return the same pointer for a given logical object, so this can be used for comparison by identity.
You should probably use the convenient mutate() and get() functions instead of this, or use an xplc_ptr, which mutates the object for you.
|
pure virtualinherited |