This convenience class is a wrapper around a native certificate. More...

#include <IceSSL/IceSSL.h>

Inheritance diagram for IceSSL::Certificate:

[legend]

Collaboration diagram for IceSSL::Certificate:

Public Member Functions
virtual bool	checkValidity () const =0
	Checks that the certificate is currently valid, that is, the current date falls between the validity period given in the certificate.
virtual bool	checkValidity (const std::chrono::system_clock::time_point &t) const =0
	Checks that the certificate is valid at the given time.
virtual std::string	encode () const =0
	Obtains a string encoding of the certificate in PEM format.
virtual std::vector< Ice::Byte >	getAuthorityKeyIdentifier () const =0
	Obtains the authority key identifier.
unsigned int	getExtendedKeyUsage () const
	Returns the value of the extended key usage extension.
virtual std::vector< std::pair< int, std::string > >	getIssuerAlternativeNames () const =0
	Obtains the values in the issuer's alternative names extension.
virtual DistinguishedName	getIssuerDN () const =0
	Obtains the issuer's distinguished name (DN).
unsigned int	getKeyUsage () const
	Returns the value of the key usage extension.
virtual std::chrono::system_clock::time_point	getNotAfter () const =0
	Obtains the not-after validity time.
virtual std::chrono::system_clock::time_point	getNotBefore () const =0
	Obtains the not-before validity time.
virtual std::string	getSerialNumber () const =0
	Obtains the serial number.
virtual std::vector< std::pair< int, std::string > >	getSubjectAlternativeNames () const =0
	See the comment for Plugin::getIssuerAlternativeNames.
virtual DistinguishedName	getSubjectDN () const =0
	Obtains the subject's distinguished name (DN).
virtual std::vector< Ice::Byte >	getSubjectKeyIdentifier () const =0
	Obtains the subject key identifier.
virtual int	getVersion () const =0
	Obtains the certificate version number.
virtual X509ExtensionPtr	getX509Extension (const std::string &oid) const =0
	Obtains the extension with the given OID.
virtual std::vector< X509ExtensionPtr >	getX509Extensions () const =0
	Obtains a list of the X509v3 extensions contained in the certificate.
virtual bool	operator!= (const Certificate &) const =0
	Compares the certificates for equality using the native certificate comparison method.
virtual bool	operator== (const Certificate &) const =0
	Compares the certificates for equality using the native certificate comparison method.
virtual std::string	toString () const =0
	Stringifies the certificate.
virtual bool	verify (const CertificatePtr &cert) const =0
	Verifies that this certificate was signed by the given certificate public key.

Static Public Member Functions
static CertificatePtr	decode (const std::string &str)
	Decodes a certificate from a string that uses the PEM encoding format.
static CertificatePtr	load (const std::string &file)
	Loads the certificate from a file.

Detailed Description

This convenience class is a wrapper around a native certificate.

The interface is inspired by java.security.cert.X509Certificate.

Member Function Documentation

◆ checkValidity() [1/2]

virtual bool IceSSL::Certificate::checkValidity ( ) const

pure virtual

Checks that the certificate is currently valid, that is, the current date falls between the validity period given in the certificate.

Returns: True if the certificate is valid, false otherwise.

◆ checkValidity() [2/2]

virtual bool IceSSL::Certificate::checkValidity ( const std::chrono::system_clock::time_point & t ) const

pure virtual

Checks that the certificate is valid at the given time.

Parameters

t	The target time.

Returns: True if the certificate is valid, false otherwise.

◆ decode()

CertificatePtr IceSSL::Certificate::decode ( const std::string & str )

static

Decodes a certificate from a string that uses the PEM encoding format.

Parameters

str	A string containing the encoded certificate.

Exceptions

CertificateEncodingException if an error occurs.

◆ encode()

virtual std::string IceSSL::Certificate::encode ( ) const

pure virtual

Obtains a string encoding of the certificate in PEM format.

Returns: The encoded certificate.

Exceptions

CertificateEncodingException if an error occurs.

◆ getAuthorityKeyIdentifier()

virtual std::vector< Ice::Byte > IceSSL::Certificate::getAuthorityKeyIdentifier ( ) const

pure virtual

Obtains the authority key identifier.

Returns: The identifier.

◆ getExtendedKeyUsage()

unsigned int IceSSL::Certificate::getExtendedKeyUsage ( ) const

Returns the value of the extended key usage extension.

The flags EXTENDED_KEY_USAGE_ANY_KEY_USAGE, EXTENDED_KEY_USAGE_SERVER_AUTH, EXTENDED_KEY_USAGE_CLIENT_AUTH, EXTENDED_KEY_USAGE_CODE_SIGNING, EXTENDED_KEY_USAGE_EMAIL_PROTECTION, EXTENDED_KEY_USAGE_TIME_STAMPING and EXTENDED_KEY_USAGE_OCSP_SIGNING can be used to check what extended key usage bits are set.

◆ getIssuerAlternativeNames()

virtual std::vector< std::pair< int, std::string > > IceSSL::Certificate::getIssuerAlternativeNames ( ) const

pure virtual

Obtains the values in the issuer's alternative names extension.

The returned list contains a pair of int, string.

otherName [0] OtherName rfc822Name [1] IA5String dNSName [2] IA5String x400Address [3] ORAddress directoryName [4] Name ediPartyName [5] EDIPartyName uniformResourceIdentifier [6] IA5String iPAddress [7] OCTET STRING registeredID [8] OBJECT IDENTIFIER

rfc822Name, dNSName, directoryName and uniformResourceIdentifier data is returned as a string.

iPAddress is returned in dotted quad notation. IPv6 is not currently supported.

All distinguished names are encoded in RFC2253 format.

The remainder of the data will result in an empty string. Use the raw X509* certificate to obtain these values.

Returns: The issuer's alternative names.

◆ getIssuerDN()

virtual DistinguishedName IceSSL::Certificate::getIssuerDN ( ) const

pure virtual

Obtains the issuer's distinguished name (DN).

Returns: The distinguished name.

◆ getKeyUsage()

unsigned int IceSSL::Certificate::getKeyUsage ( ) const

Returns the value of the key usage extension.

The flags KEY_USAGE_DIGITAL_SIGNATURE, KEY_USAGE_NON_REPUDIATION, KEY_USAGE_KEY_ENCIPHERMENT, KEY_USAGE_DATA_ENCIPHERMENT KEY_USAGE_KEY_AGREEMENT, KEY_USAGE_KEY_CERT_SIGN, KEY_USAGE_CRL_SIGN, KEY_USAGE_ENCIPHER_ONLY and KEY_USAGE_DECIPHER_ONLY can be used to check what key usage bits are set.

◆ getNotAfter()

virtual std::chrono::system_clock::time_point IceSSL::Certificate::getNotAfter ( ) const

pure virtual

Obtains the not-after validity time.

Returns: The time after which this certificate is invalid.

◆ getNotBefore()

virtual std::chrono::system_clock::time_point IceSSL::Certificate::getNotBefore ( ) const

pure virtual

Obtains the not-before validity time.

Returns: The time at which this certificate is valid.

◆ getSerialNumber()

virtual std::string IceSSL::Certificate::getSerialNumber ( ) const

pure virtual

Obtains the serial number.

This is an arbitrarily large number.

Returns: The certificate's serial number.

◆ getSubjectAlternativeNames()

virtual std::vector< std::pair< int, std::string > > IceSSL::Certificate::getSubjectAlternativeNames ( ) const

pure virtual

See the comment for Plugin::getIssuerAlternativeNames.

Returns: The subject's alternative names.

◆ getSubjectDN()

virtual DistinguishedName IceSSL::Certificate::getSubjectDN ( ) const

pure virtual

Obtains the subject's distinguished name (DN).

Returns: The distinguished name.

◆ getSubjectKeyIdentifier()

virtual std::vector< Ice::Byte > IceSSL::Certificate::getSubjectKeyIdentifier ( ) const

pure virtual

Obtains the subject key identifier.

Returns: The identifier.

◆ getVersion()

virtual int IceSSL::Certificate::getVersion ( ) const

pure virtual

Obtains the certificate version number.

Returns: The version number.

◆ getX509Extension()

virtual X509ExtensionPtr IceSSL::Certificate::getX509Extension ( const std::string & oid ) const

pure virtual

Obtains the extension with the given OID.

Returns: The extension, or null if the certificate does not contain a extension with the given OID.

◆ getX509Extensions()

virtual std::vector< X509ExtensionPtr > IceSSL::Certificate::getX509Extensions ( ) const

pure virtual

Obtains a list of the X509v3 extensions contained in the certificate.

Returns: The extensions.

◆ load()

CertificatePtr IceSSL::Certificate::load ( const std::string & file )

static

Loads the certificate from a file.

The certificate must use the PEM encoding format.

Parameters

file	The certificate file.

Returns: The new certificate instance.

Exceptions

CertificateReadException if the file cannot be read.

◆ operator!=()

virtual bool IceSSL::Certificate::operator!= ( const Certificate & ) const

pure virtual

Compares the certificates for equality using the native certificate comparison method.

◆ operator==()

virtual bool IceSSL::Certificate::operator== ( const Certificate & ) const

pure virtual

Compares the certificates for equality using the native certificate comparison method.

◆ toString()

virtual std::string IceSSL::Certificate::toString ( ) const

pure virtual

Stringifies the certificate.

This is a human readable version of the certificate, not a DER or PEM encoding.

Returns: A string version of the certificate.

◆ verify()

virtual bool IceSSL::Certificate::verify ( const CertificatePtr & cert ) const

pure virtual

Verifies that this certificate was signed by the given certificate public key.

Parameters

cert	A certificate containing the public key.

Returns: True if signed, false otherwise.

The documentation for this class was generated from the following file:

IceSSL/Plugin.h

Public Member Functions

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ checkValidity() [1/2]

◆ checkValidity() [2/2]

◆ decode()

◆ encode()

◆ getAuthorityKeyIdentifier()

◆ getExtendedKeyUsage()

◆ getIssuerAlternativeNames()

◆ getIssuerDN()

◆ getKeyUsage()

◆ getNotAfter()

◆ getNotBefore()

◆ getSerialNumber()

◆ getSubjectAlternativeNames()

◆ getSubjectDN()

◆ getSubjectKeyIdentifier()

◆ getVersion()

◆ getX509Extension()

◆ getX509Extensions()

◆ load()

◆ operator!=()

◆ operator==()

◆ toString()

◆ verify()