WvStreams
WvX509 Class Referenceabstract

X509 Class to handle certificates and their related functions. More...

#include <wvx509.h>

Inheritance diagram for WvX509:

Classes

struct  PolicyMap

Public Types

enum  DumpMode {
  CertPEM = 0 , CertDER , CertHex , CertFilePEM ,
  CertFileDER , CertPEM = 0 , CertDER , CertHex ,
  CertFilePEM , CertFileDER
}
 Type for the encode() and decode() methods. More...
enum  FprintMode { FingerMD5 = 0 , FingerSHA1 , FingerMD5 = 0 , FingerSHA1 }
enum  DumpMode {
  CertPEM = 0 , CertDER , CertHex , CertFilePEM ,
  CertFileDER , CertPEM = 0 , CertDER , CertHex ,
  CertFilePEM , CertFileDER
}
 Type for the encode() and decode() methods. More...
enum  FprintMode { FingerMD5 = 0 , FingerSHA1 , FingerMD5 = 0 , FingerSHA1 }

Public Member Functions

 WvX509 ()
 Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it... good for building custom certificates.
 WvX509 (X509 *_cert)
 Initialize a blank X509 Object with the certificate *cert (used for client side operations...).
 WvX509 (const WvX509 &x509)
 Copy Constructor.
virtual ~WvX509 ()
 Destructor.
X509 * get_cert ()
 Allow us to access the certificate member - this will be going away eventually, but for now, it gets us out of a couple of issues :/.
void set_pubkey (WvRSAKey &rsa_pubkey)
 Set the public key of the certificate to the public key rsa_pubkey.
bool validate (WvX509 *cacert=NULL) const
 Function to verify the validity of a certificate that has been placed in cert.
bool signedbyca (WvX509 &cacert) const
 Check the certificate in cert against the CA certificate in cacert.
bool issuedbyca (WvX509 &cacert) const
 Check to see if the certificate in cert was issued by the CA certificate in cacert.
bool verify (WvBuf &original, WvStringParm signature) const
 Verify that the contents of data were signed by the certificate currently in cert.
bool verify (WvStringParm original, WvStringParm signature) const
WvString encode (const DumpMode mode) const
 Return the information requested by mode.
void encode (const DumpMode mode, WvBuf &buf) const
virtual void decode (const DumpMode mode, WvStringParm str)
 Load the information from the format requested by mode into the class - this overwrites the certificate.
virtual void decode (const DumpMode mode, WvBuf &encoded)
WvString get_issuer () const
 Get and set the Certificate Issuer (usually the CA who signed the certificate).
void set_issuer (WvStringParm name)
void set_issuer (const WvX509 &cacert)
WvString get_subject () const
 get and set the Subject field of the certificate
void set_subject (WvStringParm name)
void set_subject (const X509_NAME *name)
WvString get_serial (bool hex=false) const
 get and set the serialNumber field of the certificate
void set_serial (long serial_no)
WvString get_nscomment () const
 get and set the Netscape Comment extension
void set_nscomment (WvStringParm comment)
WvString get_nsserver () const
 get and set the Netscape SSL Server extension
void set_nsserver (WvStringParm server_fqdn)
WvString get_crl_dp () const
 get the CRL Distribution points if they exist, WvString::null if they don't.
bool get_policies (WvStringList &policy_oids) const
 Get any certificate Policy OIDs.
void set_policies (WvStringList &policy_oids)
 Set the Certificate Policy OIDs in the certificate to that of the input array.
void set_version ()
 Set the Certificate to use X509v3, since that's all modern PKI uses anyways :).
WvString get_key_usage () const
 Get and set the keyUsage field.
void set_key_usage (WvStringParm values)
WvString get_ext_key_usage () const
 Get and set the extendedKeyUsage field.
void set_ext_key_usage (WvStringParm values)
WvString get_altsubject () const
 Return the Subject alt name if it exists, and WvString::null if it doesn't.
void set_altsubject (WvStringParm name)
 Set the Subject Alt Name.
bool get_basic_constraints (bool &ca, int &pathlen) const
 Get the values in the basic constraints extension.
void set_basic_constraints (bool ca, int pathlen)
 Set the values in the basic constraints extension.
bool get_policy_constraints (int &require_explicit_policy, int &inhibit_policy_mapping) const
 Get the values in the policy constraints extension.
void set_policy_constraints (int require_explicit_policy, int inhibit_policy_mapping)
 Set the values in the policy constraints extension.
 DeclareWvList (PolicyMap)
bool get_policy_mapping (PolicyMapList &list) const
 Get the policy mappings for this certificate.
void set_policy_mapping (PolicyMapList &list)
 Set the policy mappings for this certificate.
time_t get_notvalid_before () const
 Return the not before and not after in a format we're more able to easily use.
time_t get_notvalid_after () const
void set_lifetime (long seconds)
 Set the lifetime to be used for this certificate... the lifetime starts from the minute that the certificate is signed...
WvString get_aia () const
 Get the authority info access information.
void set_aia (WvStringList &ca_urls, WvStringList &responders)
 Set a list of urls that have the Certificate of the CA that issued this certificate, as well as the list of OCSP responders for this certificate.
void get_ocsp (WvStringList &responders) const
 Get a list of OCSP Responders for this certificate.
void get_ca_urls (WvStringList &urls) const
 Get a list of urls that have the Certificate of the CA that issued this certificate.
void get_crl_urls (WvStringList &urls) const
 Get a list of URLs that are valid CRL distribution points for this certificate.
void set_crl_urls (WvStringList &urls)
 Set the list of URLs that are valid CRL distribution points for this certificate.
WvString get_ski () const
 Get the Subject Key Info.
WvString get_aki () const
 Get the Authority key Info.
WvString get_fingerprint (const FprintMode mode=FingerSHA1) const
 Get the certHash (fingerprint) of the certificate.
virtual bool isok () const
 Is the certificate object valid?
virtual WvString errstr () const
 Returns an error string if isok() is not true.
bool operator! () const
 The not operator returns true if !isok().
 WvX509 ()
 Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it... good for building custom certificates.
 WvX509 (X509 *_cert)
 Initialize a blank X509 Object with the certificate *cert (used for client side operations...).
 WvX509 (const WvX509 &x509)
 Copy Constructor.
virtual ~WvX509 ()
 Destructor.
X509 * get_cert ()
 Allow us to access the certificate member - this will be going away eventually, but for now, it gets us out of a couple of issues :/.
void set_pubkey (WvRSAKey &rsa_pubkey)
 Set the public key of the certificate to the public key rsa_pubkey.
bool validate (WvX509 *cacert=NULL) const
 Function to verify the validity of a certificate that has been placed in cert.
bool signedbyca (WvX509 &cacert) const
 Check the certificate in cert against the CA certificate in cacert.
bool issuedbyca (WvX509 &cacert) const
 Check to see if the certificate in cert was issued by the CA certificate in cacert.
bool verify (WvBuf &original, WvStringParm signature) const
 Verify that the contents of data were signed by the certificate currently in cert.
bool verify (WvStringParm original, WvStringParm signature) const
WvString encode (const DumpMode mode) const
 Return the information requested by mode.
void encode (const DumpMode mode, WvBuf &buf) const
virtual void decode (const DumpMode mode, WvStringParm str)
 Load the information from the format requested by mode into the class - this overwrites the certificate.
virtual void decode (const DumpMode mode, WvBuf &encoded)
WvString get_issuer () const
 Get and set the Certificate Issuer (usually the CA who signed the certificate).
void set_issuer (WvStringParm name)
void set_issuer (const WvX509 &cacert)
WvString get_subject () const
 get and set the Subject field of the certificate
void set_subject (WvStringParm name)
void set_subject (const X509_NAME *name)
WvString get_serial (bool hex=false) const
 get and set the serialNumber field of the certificate
void set_serial (long serial_no)
WvString get_nscomment () const
 get and set the Netscape Comment extension
void set_nscomment (WvStringParm comment)
WvString get_nsserver () const
 get and set the Netscape SSL Server extension
void set_nsserver (WvStringParm server_fqdn)
WvString get_crl_dp () const
 get the CRL Distribution points if they exist, WvString::null if they don't.
bool get_policies (WvStringList &policy_oids) const
 Get any certificate Policy OIDs.
void set_policies (WvStringList &policy_oids)
 Set the Certificate Policy OIDs in the certificate to that of the input array.
void set_version ()
 Set the Certificate to use X509v3, since that's all modern PKI uses anyways :).
WvString get_key_usage () const
 Get and set the keyUsage field.
void set_key_usage (WvStringParm values)
WvString get_ext_key_usage () const
 Get and set the extendedKeyUsage field.
void set_ext_key_usage (WvStringParm values)
WvString get_altsubject () const
 Return the Subject alt name if it exists, and WvString::null if it doesn't.
void set_altsubject (WvStringParm name)
 Set the Subject Alt Name.
bool get_basic_constraints (bool &ca, int &pathlen) const
 Get the values in the basic constraints extension.
void set_basic_constraints (bool ca, int pathlen)
 Set the values in the basic constraints extension.
bool get_policy_constraints (int &require_explicit_policy, int &inhibit_policy_mapping) const
 Get the values in the policy constraints extension.
void set_policy_constraints (int require_explicit_policy, int inhibit_policy_mapping)
 Set the values in the policy constraints extension.
 DeclareWvList (PolicyMap)
bool get_policy_mapping (PolicyMapList &list) const
 Get the policy mappings for this certificate.
void set_policy_mapping (PolicyMapList &list)
 Set the policy mappings for this certificate.
time_t get_notvalid_before () const
 Return the not before and not after in a format we're more able to easily use.
time_t get_notvalid_after () const
void set_lifetime (long seconds)
 Set the lifetime to be used for this certificate... the lifetime starts from the minute that the certificate is signed...
WvString get_aia () const
 Get the authority info access information.
void set_aia (WvStringList &ca_urls, WvStringList &responders)
 Set a list of urls that have the Certificate of the CA that issued this certificate, as well as the list of OCSP responders for this certificate.
void get_ocsp (WvStringList &responders) const
 Get a list of OCSP Responders for this certificate.
void get_ca_urls (WvStringList &urls) const
 Get a list of urls that have the Certificate of the CA that issued this certificate.
void get_crl_urls (WvStringList &urls) const
 Get a list of URLs that are valid CRL distribution points for this certificate.
void set_crl_urls (WvStringList &urls)
 Set the list of URLs that are valid CRL distribution points for this certificate.
WvString get_ski () const
 Get the Subject Key Info.
WvString get_aki () const
 Get the Authority key Info.
WvString get_fingerprint (const FprintMode mode=FingerSHA1) const
 Get the certHash (fingerprint) of the certificate.
virtual bool isok () const
 Is the certificate object valid?
virtual WvString errstr () const
 Returns an error string if isok() is not true.
bool operator! () const
 The not operator returns true if !isok().
virtual unsigned int addRef ()=0
 Indicate you are using this object.
virtual unsigned int addRef ()=0
 Indicate you are using this object.
virtual unsigned int release ()=0
 Indicate that you are finished using this object.
virtual unsigned int release ()=0
 Indicate that you are finished using this object.
virtual IObjectgetInterface (const UUID &)=0
 Returns the requested XPLC interface.
virtual IObjectgetInterface (const UUID &)=0
 Returns the requested XPLC interface.
virtual IWeakRefgetWeakRef ()=0
 Return a weak reference to this object.
virtual IWeakRefgetWeakRef ()=0
 Return a weak reference to this object.

Static Public Member Functions

static WvString certreq (WvStringParm subject, const WvRSAKey &rsa)
 Create a certificate request (PKCS#10) using this function.
static WvString certreq (WvStringParm subject, const WvRSAKey &rsa)
 Create a certificate request (PKCS#10) using this function.

Friends

class WvCRL
class WvX509Mgr
class WvOCSPReq
class WvOCSPResp

Detailed Description

X509 Class to handle certificates and their related functions.

Definition at line 41 of file debian/libwvstreams-dev/usr/include/wvstreams/wvx509.h.

Member Enumeration Documentation

◆ DumpMode [1/2]

Type for the encode() and decode() methods.

CertPEM = PEM Encoded X.509 Certificate CertDER = DER Encoded X.509 Certificate CertHex = DER Encoded X.509 Certificate in hexified form CertFilePEM = PEM Encoded X.509 Certificate from file CertFileDER = DER Encoded X.509 Certificate from file

CertFilePEM and CertFileDER are only valid modes for decode(), calling encode with these modes will result in no effect.

Definition at line 56 of file debian/libwvstreams-dev/usr/include/wvstreams/wvx509.h.

◆ FprintMode [1/2]

enum WvX509::FprintMode

◆ DumpMode [2/2]

Type for the encode() and decode() methods.

CertPEM = PEM Encoded X.509 Certificate CertDER = DER Encoded X.509 Certificate CertHex = DER Encoded X.509 Certificate in hexified form CertFilePEM = PEM Encoded X.509 Certificate from file CertFileDER = DER Encoded X.509 Certificate from file

CertFilePEM and CertFileDER are only valid modes for decode(), calling encode with these modes will result in no effect.

Definition at line 56 of file include/wvx509.h.

◆ FprintMode [2/2]

enum WvX509::FprintMode

Definition at line 58 of file include/wvx509.h.

Constructor & Destructor Documentation

◆ WvX509() [1/4]

WvX509::WvX509 ( )

Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it... good for building custom certificates.

Definition at line 131 of file wvx509.cc.

Referenced by get_issuer(), issuedbyca(), operator!(), set_policy_mapping(), WvX509Mgr::signcert(), signedbyca(), WvX509Mgr::signreq(), validate(), WvX509(), WvX509Mgr::WvX509Mgr(), WvX509Mgr::WvX509Mgr(), WvX509Mgr::WvX509Mgr(), and WvX509Mgr::WvX509Mgr().

◆ WvX509() [2/4]

WvX509::WvX509 ( X509 * _cert)

Initialize a blank X509 Object with the certificate *cert (used for client side operations...).

This either initializes a completely empty object, or takes _cert, and extracts the distinguished name into dname, and the RSA public key into rsa. rsa->prv is empty.

Definition at line 123 of file wvx509.cc.

◆ WvX509() [3/4]

WvX509::WvX509 ( const WvX509 & x509)

Copy Constructor.

Definition at line 139 of file wvx509.cc.

References WvX509().

◆ ~WvX509()

WvX509::~WvX509 ( )
virtual

Destructor.

Definition at line 150 of file wvx509.cc.

◆ WvX509() [4/4]

WvX509::WvX509 ( X509 * _cert)

Initialize a blank X509 Object with the certificate *cert (used for client side operations...).

This either initializes a completely empty object, or takes _cert, and extracts the distinguished name into dname, and the RSA public key into rsa. rsa->prv is empty.

Member Function Documentation

◆ get_cert() [1/2]

X509 * WvX509::get_cert ( )
inline

Allow us to access the certificate member - this will be going away eventually, but for now, it gets us out of a couple of issues :/.

Definition at line 89 of file debian/libwvstreams-dev/usr/include/wvstreams/wvx509.h.

Referenced by WvX509Mgr::bind_ssl(), WvX509Mgr::signcert(), and WvX509Mgr::signreq().

◆ set_pubkey()

void WvX509::set_pubkey ( WvRSAKey & rsa_pubkey)

Set the public key of the certificate to the public key rsa_pubkey.

Definition at line 665 of file wvx509.cc.

Referenced by WvX509Mgr::create_selfissued().

◆ certreq() [1/2]

WvString WvX509::certreq ( WvStringParm subject,
const WvRSAKey & rsa )
static

Create a certificate request (PKCS#10) using this function.

. this request is what you would send off to Verisign, or Entrust.net (or any other CA), to get your real certificate. It leaves the RSA key pair in rsa, where you MUST save it for the certificate to be AT ALL valid when you get it back. Returns a PEM Encoded PKCS#10 certificate request, and leaves the RSA keypair in rsa.

Definition at line 266 of file wvx509.cc.

References certreq(), WvBufBase< unsigned char >::getstr(), and WvBufBaseCommonImpl< T >::put().

Referenced by certreq(), and WvX509Mgr::signreq().

◆ validate() [1/2]

bool WvX509::validate ( WvX509 * cacert = NULL) const

Function to verify the validity of a certificate that has been placed in cert.

It checks and make sure that it was signed by the CA certificate cacert, as well as that it is not expired (or not yet valid).

Definition at line 365 of file wvx509.cc.

References issuedbyca(), signedbyca(), and WvX509().

Referenced by WvSSLStream::post_select().

◆ signedbyca() [1/2]

bool WvX509::signedbyca ( WvX509 & cacert) const

Check the certificate in cert against the CA certificate in cacert.

  • returns true if cert was signed by that CA certificate.

Definition at line 399 of file wvx509.cc.

References get_subject(), and WvX509().

Referenced by validate().

◆ issuedbyca() [1/2]

bool WvX509::issuedbyca ( WvX509 & cacert) const

Check to see if the certificate in cert was issued by the CA certificate in cacert.

Note: You are going on the certificate's say-so by using this function. You may also want to use signedbyca to check if the certificate is actually signed by who it claims to be issued by.

Definition at line 428 of file wvx509.cc.

References WvX509().

Referenced by validate().

◆ verify() [1/3]

bool WvX509::verify ( WvBuf & original,
WvStringParm signature ) const

Verify that the contents of data were signed by the certificate currently in cert.

This only checks the signature, it doesn't check the validity of the certificate.

Definition at line 1326 of file wvx509.cc.

References WvEncoder::flushstrmem(), WvBufBaseCommonImpl< T >::peek(), and WvBufBaseCommonImpl< T >::used().

◆ verify() [2/3]

bool WvX509::verify ( WvStringParm original,
WvStringParm signature ) const

Definition at line 1318 of file wvx509.cc.

◆ encode() [1/2]

WvString WvX509::encode ( const DumpMode mode) const

Return the information requested by mode.

Definition at line 447 of file wvx509.cc.

References encode(), and WvBufBase< unsigned char >::getstr().

Referenced by encode(), WvX509Mgr::encode(), WvSSLStream::post_select(), and WvX509Mgr::signreq().

◆ encode() [2/2]

void WvX509::encode ( const DumpMode mode,
WvBuf & buf ) const

Definition at line 455 of file wvx509.cc.

◆ decode() [1/3]

void WvX509::decode ( const DumpMode mode,
WvStringParm str )
virtual

Load the information from the format requested by mode into the class - this overwrites the certificate.

Reimplemented in WvX509Mgr, and WvX509Mgr.

Definition at line 505 of file wvx509.cc.

References WvFastString::cstr(), decode(), WvBufBase< unsigned char >::putstr(), and unhexify().

Referenced by decode(), and WvX509Mgr::decode().

◆ decode() [2/3]

void WvX509::decode ( const DumpMode mode,
WvBuf & encoded )
virtual

Definition at line 571 of file wvx509.cc.

◆ get_issuer()

WvString WvX509::get_issuer ( ) const

Get and set the Certificate Issuer (usually the CA who signed the certificate).

Definition at line 600 of file wvx509.cc.

◆ set_issuer() [1/2]

void WvX509::set_issuer ( WvStringParm name)

Definition at line 611 of file wvx509.cc.

◆ set_issuer() [2/2]

void WvX509::set_issuer ( const WvX509 & cacert)

Definition at line 624 of file wvx509.cc.

◆ get_subject()

WvString WvX509::get_subject ( ) const

get and set the Subject field of the certificate

Definition at line 633 of file wvx509.cc.

Referenced by WvCRL::issuedbyca(), WvSSLStream::post_select(), WvCRL::signedbyca(), signedbyca(), and WvX509Mgr::signreq().

◆ set_subject() [1/2]

void WvX509::set_subject ( WvStringParm name)

Definition at line 644 of file wvx509.cc.

◆ set_subject() [2/2]

void WvX509::set_subject ( const X509_NAME * name)

Definition at line 657 of file wvx509.cc.

◆ get_serial()

WvString WvX509::get_serial ( bool hex = false) const

get and set the serialNumber field of the certificate

Definition at line 716 of file wvx509.cc.

◆ set_serial()

void WvX509::set_serial ( long serial_no)

Definition at line 742 of file wvx509.cc.

◆ get_nsserver()

WvString WvX509::get_nsserver ( ) const

get and set the Netscape SSL Server extension

Definition at line 710 of file wvx509.cc.

◆ set_nsserver()

void WvX509::set_nsserver ( WvStringParm server_fqdn)

Definition at line 686 of file wvx509.cc.

◆ get_crl_dp()

WvString WvX509::get_crl_dp ( ) const

get the CRL Distribution points if they exist, WvString::null if they don't.

Definition at line 750 of file wvx509.cc.

Referenced by get_crl_urls().

◆ get_policies() [1/2]

bool WvX509::get_policies ( WvStringList & policy_oids) const

Get any certificate Policy OIDs.

Returns true if the policy oids extension is present, false otherwise.

Definition at line 1092 of file wvx509.cc.

◆ set_policies()

void WvX509::set_policies ( WvStringList & policy_oids)

Set the Certificate Policy OIDs in the certificate to that of the input array.

Definition at line 1120 of file wvx509.cc.

References WvString::edit().

◆ set_version()

void WvX509::set_version ( )

Set the Certificate to use X509v3, since that's all modern PKI uses anyways :).

Definition at line 734 of file wvx509.cc.

Referenced by WvX509Mgr::create_selfissued(), and WvX509Mgr::signreq().

◆ get_key_usage()

WvString WvX509::get_key_usage ( ) const

Get and set the keyUsage field.

Definition at line 776 of file wvx509.cc.

◆ set_key_usage()

void WvX509::set_key_usage ( WvStringParm values)

Definition at line 770 of file wvx509.cc.

◆ get_ext_key_usage()

WvString WvX509::get_ext_key_usage ( ) const

Get and set the extendedKeyUsage field.

Definition at line 788 of file wvx509.cc.

◆ set_ext_key_usage()

void WvX509::set_ext_key_usage ( WvStringParm values)

Definition at line 782 of file wvx509.cc.

◆ get_altsubject()

WvString WvX509::get_altsubject ( ) const

Return the Subject alt name if it exists, and WvString::null if it doesn't.

Definition at line 794 of file wvx509.cc.

◆ get_basic_constraints() [1/2]

bool WvX509::get_basic_constraints ( bool & ca,
int & pathlen ) const

Get the values in the basic constraints extension.

Returns true if the basic constraints extension exists and is valid, false otherwise.

Definition at line 800 of file wvx509.cc.

◆ set_basic_constraints()

void WvX509::set_basic_constraints ( bool ca,
int pathlen )

Set the values in the basic constraints extension.

Definition at line 837 of file wvx509.cc.

◆ get_policy_constraints() [1/2]

bool WvX509::get_policy_constraints ( int & require_explicit_policy,
int & inhibit_policy_mapping ) const

Get the values in the policy constraints extension.

Returns true if the policy constraints extension exists, false otherwise.

◆ get_policy_mapping() [1/2]

bool WvX509::get_policy_mapping ( PolicyMapList & list) const

Get the policy mappings for this certificate.

Returns true if there were any policy mappings to be found.

◆ get_notvalid_before()

time_t WvX509::get_notvalid_before ( ) const

Return the not before and not after in a format we're more able to easily use.

Definition at line 1390 of file wvx509.cc.

◆ get_notvalid_after()

time_t WvX509::get_notvalid_after ( ) const

Definition at line 1398 of file wvx509.cc.

◆ set_lifetime()

void WvX509::set_lifetime ( long seconds)

Set the lifetime to be used for this certificate... the lifetime starts from the minute that the certificate is signed...

Definition at line 756 of file wvx509.cc.

Referenced by WvX509Mgr::create_selfissued(), and WvX509Mgr::signreq().

◆ get_aia() [1/2]

WvString WvX509::get_aia ( ) const

Get the authority info access information.

Usually includes a list of URLs where the issuer's CA certificate may be fetched, as well as a list of OCSP responders. Note that this function returns this information in a giant string: get_ca_urls and get_ocsp may return this information in a more useful format.

Definition at line 1018 of file wvx509.cc.

Referenced by get_ca_urls(), and get_ocsp().

◆ set_aia()

void WvX509::set_aia ( WvStringList & ca_urls,
WvStringList & responders )

Set a list of urls that have the Certificate of the CA that issued this certificate, as well as the list of OCSP responders for this certificate.

Definition at line 996 of file wvx509.cc.

◆ get_ocsp()

void WvX509::get_ocsp ( WvStringList & responders) const

Get a list of OCSP Responders for this certificate.

Definition at line 1042 of file wvx509.cc.

References get_aia().

◆ get_ca_urls()

void WvX509::get_ca_urls ( WvStringList & urls) const

Get a list of urls that have the Certificate of the CA that issued this certificate.

Definition at line 1048 of file wvx509.cc.

References get_aia().

◆ get_crl_urls()

void WvX509::get_crl_urls ( WvStringList & urls) const

Get a list of URLs that are valid CRL distribution points for this certificate.

Definition at line 1054 of file wvx509.cc.

References get_crl_dp().

◆ set_crl_urls()

void WvX509::set_crl_urls ( WvStringList & urls)

Set the list of URLs that are valid CRL distribution points for this certificate.

Definition at line 1060 of file wvx509.cc.

◆ get_ski()

WvString WvX509::get_ski ( ) const

Get the Subject Key Info.

Definition at line 1406 of file wvx509.cc.

◆ get_aki()

WvString WvX509::get_aki ( ) const

Get the Authority key Info.

Definition at line 1414 of file wvx509.cc.

References WvStringList::popstr().

◆ get_fingerprint()

WvString WvX509::get_fingerprint ( const FprintMode mode = FingerSHA1) const

Get the certHash (fingerprint) of the certificate.

Definition at line 1428 of file wvx509.cc.

References WvBufBase< unsigned char >::getstr(), WvBufBase< unsigned char >::putch(), and WvBufBase< unsigned char >::putstr().

◆ isok() [1/2]

bool WvX509::isok ( ) const
virtual

Is the certificate object valid?

Reimplemented in WvX509Mgr, and WvX509Mgr.

Definition at line 1297 of file wvx509.cc.

Referenced by WvX509Mgr::errstr(), WvX509Mgr::isok(), operator!(), and WvSSLStream::post_select().

◆ errstr() [1/2]

WvString WvX509::errstr ( ) const
virtual

Returns an error string if isok() is not true.

Reimplemented in WvX509Mgr, and WvX509Mgr.

Definition at line 1309 of file wvx509.cc.

Referenced by WvX509Mgr::errstr(), and WvSSLStream::post_select().

◆ operator!()

bool WvX509::operator! ( ) const

The not operator returns true if !isok().

Definition at line 1303 of file wvx509.cc.

References isok().

◆ get_cert() [2/2]

X509 * WvX509::get_cert ( )
inline

Allow us to access the certificate member - this will be going away eventually, but for now, it gets us out of a couple of issues :/.

Definition at line 89 of file include/wvx509.h.

◆ certreq() [2/2]

WvString WvX509::certreq ( WvStringParm subject,
const WvRSAKey & rsa )
static

Create a certificate request (PKCS#10) using this function.

. this request is what you would send off to Verisign, or Entrust.net (or any other CA), to get your real certificate. It leaves the RSA key pair in rsa, where you MUST save it for the certificate to be AT ALL valid when you get it back. Returns a PEM Encoded PKCS#10 certificate request, and leaves the RSA keypair in rsa.

◆ validate() [2/2]

bool WvX509::validate ( WvX509 * cacert = NULL) const

Function to verify the validity of a certificate that has been placed in cert.

It checks and make sure that it was signed by the CA certificate cacert, as well as that it is not expired (or not yet valid).

References WvX509().

◆ signedbyca() [2/2]

bool WvX509::signedbyca ( WvX509 & cacert) const

Check the certificate in cert against the CA certificate in cacert.

  • returns true if cert was signed by that CA certificate.

References WvX509().

◆ issuedbyca() [2/2]

bool WvX509::issuedbyca ( WvX509 & cacert) const

Check to see if the certificate in cert was issued by the CA certificate in cacert.

Note: You are going on the certificate's say-so by using this function. You may also want to use signedbyca to check if the certificate is actually signed by who it claims to be issued by.

References WvX509().

◆ verify() [3/3]

bool WvX509::verify ( WvBuf & original,
WvStringParm signature ) const

Verify that the contents of data were signed by the certificate currently in cert.

This only checks the signature, it doesn't check the validity of the certificate.

◆ decode() [3/3]

virtual void WvX509::decode ( const DumpMode mode,
WvStringParm str )
virtual

Load the information from the format requested by mode into the class - this overwrites the certificate.

Reimplemented in WvX509Mgr, and WvX509Mgr.

◆ get_policies() [2/2]

bool WvX509::get_policies ( WvStringList & policy_oids) const

Get any certificate Policy OIDs.

Returns true if the policy oids extension is present, false otherwise.

◆ get_basic_constraints() [2/2]

bool WvX509::get_basic_constraints ( bool & ca,
int & pathlen ) const

Get the values in the basic constraints extension.

Returns true if the basic constraints extension exists and is valid, false otherwise.

◆ get_policy_constraints() [2/2]

bool WvX509::get_policy_constraints ( int & require_explicit_policy,
int & inhibit_policy_mapping ) const

Get the values in the policy constraints extension.

Returns true if the policy constraints extension exists, false otherwise.

◆ get_policy_mapping() [2/2]

bool WvX509::get_policy_mapping ( PolicyMapList & list) const

Get the policy mappings for this certificate.

Returns true if there were any policy mappings to be found.

◆ get_aia() [2/2]

WvString WvX509::get_aia ( ) const

Get the authority info access information.

Usually includes a list of URLs where the issuer's CA certificate may be fetched, as well as a list of OCSP responders. Note that this function returns this information in a giant string: get_ca_urls and get_ocsp may return this information in a more useful format.

◆ isok() [2/2]

virtual bool WvX509::isok ( ) const
virtual

Is the certificate object valid?

Reimplemented in WvX509Mgr, and WvX509Mgr.

◆ errstr() [2/2]

virtual WvString WvX509::errstr ( ) const
virtual

Returns an error string if isok() is not true.

Reimplemented in WvX509Mgr, and WvX509Mgr.

◆ addRef() [1/2]

virtual unsigned int IObject::addRef ( )
pure virtualinherited

Indicate you are using this object.

This increases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.

This called a "strong reference", because they will prevent the object from being destroyed. They should thus be used carefully, as they control the lifetime of the object. For example, you do not need to call addRef() on object passed as parameters, unless you intend on keeping them.

addRef() is often called automatically for you in XPLC, but you'll have to call release() by hand sometimes unless you use xplc_ptr.

Referenced by WvIStreamList::execute(), IObjectImplInternal::getInterface(), StaticServiceHandler::getObject(), WeakRef::getObject(), WvIStreamList::post_select(), WvQtStreamClone::WvQtStreamClone(), and WvSSLStream::WvSSLStream().

◆ addRef() [2/2]

virtual unsigned int IObject::addRef ( )
pure virtualinherited

Indicate you are using this object.

This increases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.

This called a "strong reference", because they will prevent the object from being destroyed. They should thus be used carefully, as they control the lifetime of the object. For example, you do not need to call addRef() on object passed as parameters, unless you intend on keeping them.

addRef() is often called automatically for you in XPLC, but you'll have to call release() by hand sometimes unless you use xplc_ptr.

◆ release() [1/2]

virtual unsigned int IObject::release ( )
pure virtualinherited

Indicate that you are finished using this object.

This decreases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.

You will usually need to manually release() any object given to you by any other XPLC function, unless you give the object to someone else who will call release.

If you use xplc_ptr, it will do this for you.

Referenced by WvIStreamList::execute(), mutate(), MonikerService::resolve(), and NewMoniker::resolve().

◆ release() [2/2]

virtual unsigned int IObject::release ( )
pure virtualinherited

Indicate that you are finished using this object.

This decreases the reference count of the object by one. Usually, when the reference count reaches zero, the object is freed automatically.

You will usually need to manually release() any object given to you by any other XPLC function, unless you give the object to someone else who will call release.

If you use xplc_ptr, it will do this for you.

◆ getInterface() [1/2]

virtual IObject * IObject::getInterface ( const UUID & )
pure virtualinherited

Returns the requested XPLC interface.

Will return NULL if the interface is not supported. The returned interface has been addRef()ed, so you will need to release() it when done. Note that the interface returned may be a pointer to the same object or a different one - that's none of your business. Asking for the IObject interface should always return the same pointer for a given logical object, so this can be used for comparison by identity.

You should probably use the convenient mutate() and get() functions instead of this, or use an xplc_ptr, which mutates the object for you.

Referenced by get(), and mutate().

◆ getInterface() [2/2]

virtual IObject * IObject::getInterface ( const UUID & )
pure virtualinherited

Returns the requested XPLC interface.

Will return NULL if the interface is not supported. The returned interface has been addRef()ed, so you will need to release() it when done. Note that the interface returned may be a pointer to the same object or a different one - that's none of your business. Asking for the IObject interface should always return the same pointer for a given logical object, so this can be used for comparison by identity.

You should probably use the convenient mutate() and get() functions instead of this, or use an xplc_ptr, which mutates the object for you.

◆ getWeakRef() [1/2]

virtual IWeakRef * IObject::getWeakRef ( )
pure virtualinherited

Return a weak reference to this object.

A weak reference points at the object, but does not control the lifetime of the object. An object can thus still be deleted while someone holds a weak reference. You will still need to release() the weak reference when you are done with it.

See also
IWeakRef

◆ getWeakRef() [2/2]

virtual IWeakRef * IObject::getWeakRef ( )
pure virtualinherited

Return a weak reference to this object.

A weak reference points at the object, but does not control the lifetime of the object. An object can thus still be deleted while someone holds a weak reference. You will still need to release() the weak reference when you are done with it.

See also
IWeakRef

◆ WvCRL

◆ WvX509Mgr

◆ WvOCSPReq

◆ WvOCSPResp


The documentation for this class was generated from the following files: