WvStreams
Classes | Public Types | Public Member Functions | Static Public Member Functions | Friends
WvX509 Class Reference

X509 Class to handle certificates and their related functions. More...

#include <wvx509.h>

Inheritance diagram for WvX509:
Inheritance graph
[legend]

List of all members.

Classes

struct  PolicyMap

Public Types

enum  DumpMode {
  CertPEM = 0, CertDER, CertHex, CertFilePEM,
  CertFileDER
}
 Type for the encode() and decode() methods. More...
enum  FprintMode { FingerMD5 = 0, FingerSHA1 }

Public Member Functions

 WvX509 ()
 Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it...
 WvX509 (X509 *_cert)
 Initialize a blank X509 Object with the certificate *cert (used for client side operations...)
 WvX509 (const WvX509 &x509)
 Copy Constructor.
virtual ~WvX509 ()
 Destructor.
X509 * get_cert ()
 Allow us to access the certificate member - this will be going away eventually, but for now, it gets us out of a couple of issues :/.
void set_pubkey (WvRSAKey &rsa_pubkey)
 Set the public key of the certificate to the public key rsa_pubkey.
bool validate (WvX509 *cacert=NULL) const
 Function to verify the validity of a certificate that has been placed in cert.
bool signedbyca (WvX509 &cacert) const
 Check the certificate in cert against the CA certificate in cacert.
bool issuedbyca (WvX509 &cacert) const
 Check to see if the certificate in cert was issued by the CA certificate in cacert.
bool verify (WvBuf &original, WvStringParm signature) const
 Verify that the contents of data were signed by the certificate currently in cert.
bool verify (WvStringParm original, WvStringParm signature) const
WvString encode (const DumpMode mode) const
 Return the information requested by mode.
void encode (const DumpMode mode, WvBuf &buf) const
virtual void decode (const DumpMode mode, WvStringParm str)
 Load the information from the format requested by mode into the class - this overwrites the certificate.
virtual void decode (const DumpMode mode, WvBuf &encoded)
WvString get_issuer () const
 Get and set the Certificate Issuer (usually the CA who signed the certificate).
void set_issuer (WvStringParm name)
void set_issuer (const WvX509 &cacert)
WvString get_subject () const
 get and set the Subject field of the certificate
void set_subject (WvStringParm name)
void set_subject (X509_NAME *name)
WvString get_serial (bool hex=false) const
 get and set the serialNumber field of the certificate
void set_serial (long serial_no)
WvString get_nscomment () const
 get and set the Netscape Comment extension
void set_nscomment (WvStringParm comment)
WvString get_nsserver () const
 get and set the Netscape SSL Server extension
void set_nsserver (WvStringParm server_fqdn)
WvString get_crl_dp () const
 get the CRL Distribution points if they exist, WvString::null if they don't.
bool get_policies (WvStringList &policy_oids) const
 Get any certificate Policy OIDs.
void set_policies (WvStringList &policy_oids)
 Set the Certificate Policy OIDs in the certificate to that of the input array.
void set_version ()
 Set the Certificate to use X509v3, since that's all modern PKI uses anyways :)
WvString get_key_usage () const
 Get and set the keyUsage field.
void set_key_usage (WvStringParm values)
WvString get_ext_key_usage () const
 Get and set the extendedKeyUsage field.
void set_ext_key_usage (WvStringParm values)
WvString get_altsubject () const
 Return the Subject alt name if it exists, and WvString::null if it doesn't.
void set_altsubject (WvStringParm name)
 Set the Subject Alt Name.
bool get_basic_constraints (bool &ca, int &pathlen) const
 Get the values in the basic constraints extension.
void set_basic_constraints (bool ca, int pathlen)
 Set the values in the basic constraints extension.
bool get_policy_constraints (int &require_explicit_policy, int &inhibit_policy_mapping) const
 Get the values in the policy constraints extension.
void set_policy_constraints (int require_explicit_policy, int inhibit_policy_mapping)
 Set the values in the policy constraints extension.
 DeclareWvList (PolicyMap)
bool get_policy_mapping (PolicyMapList &list) const
 Get the policy mappings for this certificate.
void set_policy_mapping (PolicyMapList &list)
 Set the policy mappings for this certificate.
time_t get_notvalid_before () const
 Return the not before and not after in a format we're more able to easily use.
time_t get_notvalid_after () const
void set_lifetime (long seconds)
 Set the lifetime to be used for this certificate...
WvString get_aia () const
 Get the authority info access information.
void set_aia (WvStringList &ca_urls, WvStringList &responders)
 Set a list of urls that have the Certificate of the CA that issued this certificate, as well as the list of OCSP responders for this certificate.
void get_ocsp (WvStringList &responders) const
 Get a list of OCSP Responders for this certificate.
void get_ca_urls (WvStringList &urls) const
 Get a list of urls that have the Certificate of the CA that issued this certificate.
void get_crl_urls (WvStringList &urls) const
 Get a list of URLs that are valid CRL distribution points for this certificate.
void set_crl_urls (WvStringList &urls)
 Set the list of URLs that are valid CRL distribution points for this certificate.
WvString get_ski () const
 Get the Subject Key Info.
WvString get_aki () const
 Get the Authority key Info.
WvString get_fingerprint (const FprintMode mode=FingerSHA1) const
 Get the certHash (fingerprint) of the certificate.
virtual bool isok () const
 Is the certificate object valid?
virtual WvString errstr () const
 Returns an error string if isok() is not true.
bool operator! () const
 The not operator returns true if !isok()
virtual unsigned int addRef ()=0
 Indicate you are using this object.
virtual unsigned int release ()=0
 Indicate that you are finished using this object.
virtual IObjectgetInterface (const UUID &)=0
 Returns the requested XPLC interface.
virtual IWeakRefgetWeakRef ()=0
 Return a weak reference to this object.

Static Public Member Functions

static WvString certreq (WvStringParm subject, const WvRSAKey &rsa)
 Create a certificate request (PKCS#10) using this function.

Friends

class WvCRL
class WvX509Mgr
class WvOCSPReq
class WvOCSPResp

Detailed Description

X509 Class to handle certificates and their related functions.

Definition at line 41 of file wvx509.h.


Member Enumeration Documentation

Type for the encode() and decode() methods.

CertPEM = PEM Encoded X.509 Certificate CertDER = DER Encoded X.509 Certificate CertHex = DER Encoded X.509 Certificate in hexified form CertFilePEM = PEM Encoded X.509 Certificate from file CertFileDER = DER Encoded X.509 Certificate from file

CertFilePEM and CertFileDER are only valid modes for decode(), calling encode with these modes will result in no effect.

Definition at line 56 of file wvx509.h.


Constructor & Destructor Documentation

Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it...

good for building custom certificates.

Definition at line 131 of file wvx509.cc.

WvX509::WvX509 ( X509 *  _cert)

Initialize a blank X509 Object with the certificate *cert (used for client side operations...)

This either initializes a completely empty object, or takes _cert, and extracts the distinguished name into dname, and the RSA public key into rsa. rsa->prv is empty.

Definition at line 123 of file wvx509.cc.


Member Function Documentation

WvString WvX509::certreq ( WvStringParm  subject,
const WvRSAKey rsa 
) [static]

Create a certificate request (PKCS#10) using this function.

. this request is what you would send off to Verisign, or Entrust.net (or any other CA), to get your real certificate. It leaves the RSA key pair in rsa, where you MUST save it for the certificate to be AT ALL valid when you get it back. Returns a PEM Encoded PKCS#10 certificate request, and leaves the RSA keypair in rsa.

Definition at line 266 of file wvx509.cc.

References WvBufBase< unsigned char >::getstr().

Referenced by WvX509Mgr::signreq().

bool WvX509::validate ( WvX509 cacert = NULL) const

Function to verify the validity of a certificate that has been placed in cert.

It checks and make sure that it was signed by the CA certificate cacert, as well as that it is not expired (or not yet valid).

Definition at line 359 of file wvx509.cc.

References issuedbyca(), and signedbyca().

Referenced by WvSSLStream::post_select().

bool WvX509::signedbyca ( WvX509 cacert) const

Check the certificate in cert against the CA certificate in cacert.

  • returns true if cert was signed by that CA certificate.

Definition at line 393 of file wvx509.cc.

References get_subject().

Referenced by validate().

bool WvX509::issuedbyca ( WvX509 cacert) const

Check to see if the certificate in cert was issued by the CA certificate in cacert.

Note: You are going on the certificate's say-so by using this function. You may also want to use signedbyca to check if the certificate is actually signed by who it claims to be issued by.

Definition at line 422 of file wvx509.cc.

Referenced by validate().

bool WvX509::verify ( WvBuf original,
WvStringParm  signature 
) const

Verify that the contents of data were signed by the certificate currently in cert.

This only checks the signature, it doesn't check the validity of the certificate.

Definition at line 1313 of file wvx509.cc.

References WvEncoder::flushstrmem(), WvBufBaseCommonImpl< T >::peek(), and WvBufBaseCommonImpl< T >::used().

bool WvX509::get_policies ( WvStringList policy_oids) const

Get any certificate Policy OIDs.

Returns true if the policy oids extension is present, false otherwise.

Definition at line 1080 of file wvx509.cc.

bool WvX509::get_basic_constraints ( bool &  ca,
int &  pathlen 
) const

Get the values in the basic constraints extension.

Returns true if the basic constraints extension exists and is valid, false otherwise.

Definition at line 788 of file wvx509.cc.

bool WvX509::get_policy_constraints ( int &  require_explicit_policy,
int &  inhibit_policy_mapping 
) const

Get the values in the policy constraints extension.

Returns true if the policy constraints extension exists, false otherwise.

bool WvX509::get_policy_mapping ( PolicyMapList &  list) const

Get the policy mappings for this certificate.

Returns true if there were any policy mappings to be found.

void WvX509::set_lifetime ( long  seconds)

Set the lifetime to be used for this certificate...

the lifetime starts from the minute that the certificate is signed...

Definition at line 744 of file wvx509.cc.

Referenced by WvX509Mgr::create_selfissued(), and WvX509Mgr::signreq().

Get the authority info access information.

Usually includes a list of URLs where the issuer's CA certificate may be fetched, as well as a list of OCSP responders. Note that this function returns this information in a giant string: get_ca_urls and get_ocsp may return this information in a more useful format.

Definition at line 1006 of file wvx509.cc.

Referenced by get_ca_urls(), and get_ocsp().

virtual unsigned int IObject::addRef ( ) [pure virtual, inherited]

Indicate you are using this object.

This increases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.

This called a "strong reference", because they will prevent the object from being destroyed. They should thus be used carefully, as they control the lifetime of the object. For example, you do not need to call addRef() on object passed as parameters, unless you intend on keeping them.

addRef() is often called automatically for you in XPLC, but you'll have to call release() by hand sometimes unless you use xplc_ptr.

Referenced by WvIStreamList::execute(), IObjectImplInternal::getInterface(), StaticServiceHandler::getObject(), WeakRef::getObject(), WvIStreamList::post_select(), WvQtStreamClone::WvQtStreamClone(), and WvSSLStream::WvSSLStream().

virtual unsigned int IObject::release ( ) [pure virtual, inherited]

Indicate that you are finished using this object.

This decreases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.

You will usually need to manually release() any object given to you by any other XPLC function, unless you give the object to someone else who will call release.

If you use xplc_ptr, it will do this for you.

Referenced by WvIStreamList::execute(), mutate(), NewMoniker::resolve(), and MonikerService::resolve().

virtual IObject* IObject::getInterface ( const UUID ) [pure virtual, inherited]

Returns the requested XPLC interface.

Will return NULL if the interface is not supported. The returned interface has been addRef()ed, so you will need to release() it when done. Note that the interface returned may be a pointer to the same object or a different one - that's none of your business. Asking for the IObject interface should always return the same pointer for a given logical object, so this can be used for comparison by identity.

You should probably use the convenient mutate() and get() functions instead of this, or use an xplc_ptr, which mutates the object for you.

Referenced by mutate().

virtual IWeakRef* IObject::getWeakRef ( ) [pure virtual, inherited]

Return a weak reference to this object.

A weak reference points at the object, but does not control the lifetime of the object. An object can thus still be deleted while someone holds a weak reference. You will still need to release() the weak reference when you are done with it.

See also:
IWeakRef

The documentation for this class was generated from the following files: