This convenience class is a wrapper around a native certificate. More...
#include <IceSSL/IceSSL.h>
Public Member Functions | |
| virtual bool | checkValidity () const =0 |
| Checks that the certificate is currently valid, that is, the current date falls between the validity period given in the certificate. More... | |
| virtual bool | checkValidity (const std::chrono::system_clock::time_point &t) const =0 |
| Checks that the certificate is valid at the given time. More... | |
| virtual std::string | encode () const =0 |
| Obtains a string encoding of the certificate in PEM format. More... | |
| virtual std::vector< Ice::Byte > | getAuthorityKeyIdentifier () const =0 |
| Obtains the authority key identifier. More... | |
| unsigned int | getExtendedKeyUsage () const |
| Returns the value of the extended key usage extension. More... | |
| virtual std::vector< std::pair< int, std::string > > | getIssuerAlternativeNames () const =0 |
| Obtains the values in the issuer's alternative names extension. More... | |
| virtual DistinguishedName | getIssuerDN () const =0 |
| Obtains the issuer's distinguished name (DN). More... | |
| unsigned int | getKeyUsage () const |
| Returns the value of the key usage extension. More... | |
| virtual std::chrono::system_clock::time_point | getNotAfter () const =0 |
| Obtains the not-after validity time. More... | |
| virtual std::chrono::system_clock::time_point | getNotBefore () const =0 |
| Obtains the not-before validity time. More... | |
| virtual std::string | getSerialNumber () const =0 |
| Obtains the serial number. More... | |
| virtual std::vector< std::pair< int, std::string > > | getSubjectAlternativeNames () const =0 |
| See the comment for Plugin::getIssuerAlternativeNames. More... | |
| virtual DistinguishedName | getSubjectDN () const =0 |
| Obtains the subject's distinguished name (DN). More... | |
| virtual std::vector< Ice::Byte > | getSubjectKeyIdentifier () const =0 |
| Obtains the subject key identifier. More... | |
| virtual int | getVersion () const =0 |
| Obtains the certificate version number. More... | |
| virtual X509ExtensionPtr | getX509Extension (const std::string &oid) const =0 |
| Obtains the extension with the given OID. More... | |
| virtual std::vector< X509ExtensionPtr > | getX509Extensions () const =0 |
| Obtains a list of the X509v3 extensions contained in the certificate. More... | |
| virtual bool | operator!= (const Certificate &) const =0 |
| Compares the certificates for equality using the native certificate comparison method. More... | |
| virtual bool | operator== (const Certificate &) const =0 |
| Compares the certificates for equality using the native certificate comparison method. More... | |
| virtual std::string | toString () const =0 |
| Stringifies the certificate. More... | |
| virtual bool | verify (const CertificatePtr &cert) const =0 |
| Verifies that this certificate was signed by the given certificate public key. More... | |
Static Public Member Functions | |
| static CertificatePtr | decode (const std::string &str) |
| Decodes a certificate from a string that uses the PEM encoding format. More... | |
| static CertificatePtr | load (const std::string &file) |
| Loads the certificate from a file. More... | |
Detailed Description
This convenience class is a wrapper around a native certificate.
The interface is inspired by java.security.cert.X509Certificate.
Member Function Documentation
◆ checkValidity() [1/2]
|
pure virtual |
Checks that the certificate is currently valid, that is, the current date falls between the validity period given in the certificate.
- Returns
- True if the certificate is valid, false otherwise.
◆ checkValidity() [2/2]
|
pure virtual |
Checks that the certificate is valid at the given time.
- Parameters
-
t The target time.
- Returns
- True if the certificate is valid, false otherwise.
◆ decode()
|
static |
Decodes a certificate from a string that uses the PEM encoding format.
- Parameters
-
str A string containing the encoded certificate.
- Exceptions
-
CertificateEncodingException if an error occurs.
◆ encode()
|
pure virtual |
Obtains a string encoding of the certificate in PEM format.
- Returns
- The encoded certificate.
- Exceptions
-
CertificateEncodingException if an error occurs.
◆ getAuthorityKeyIdentifier()
|
pure virtual |
Obtains the authority key identifier.
- Returns
- The identifier.
◆ getExtendedKeyUsage()
| unsigned int IceSSL::Certificate::getExtendedKeyUsage | ( | ) | const |
Returns the value of the extended key usage extension.
The flags EXTENDED_KEY_USAGE_ANY_KEY_USAGE, EXTENDED_KEY_USAGE_SERVER_AUTH, EXTENDED_KEY_USAGE_CLIENT_AUTH, EXTENDED_KEY_USAGE_CODE_SIGNING, EXTENDED_KEY_USAGE_EMAIL_PROTECTION, EXTENDED_KEY_USAGE_TIME_STAMPING and EXTENDED_KEY_USAGE_OCSP_SIGNING can be used to check what extended key usage bits are set.
◆ getIssuerAlternativeNames()
|
pure virtual |
Obtains the values in the issuer's alternative names extension.
The returned list contains a pair of int, string.
otherName [0] OtherName rfc822Name [1] IA5String dNSName [2] IA5String x400Address [3] ORAddress directoryName [4] Name ediPartyName [5] EDIPartyName uniformResourceIdentifier [6] IA5String iPAddress [7] OCTET STRING registeredID [8] OBJECT IDENTIFIER
rfc822Name, dNSName, directoryName and uniformResourceIdentifier data is returned as a string.
iPAddress is returned in dotted quad notation. IPv6 is not currently supported.
All distinguished names are encoded in RFC2253 format.
The remainder of the data will result in an empty string. Use the raw X509* certificate to obtain these values.
- Returns
- The issuer's alternative names.
◆ getIssuerDN()
|
pure virtual |
Obtains the issuer's distinguished name (DN).
- Returns
- The distinguished name.
◆ getKeyUsage()
| unsigned int IceSSL::Certificate::getKeyUsage | ( | ) | const |
Returns the value of the key usage extension.
The flags KEY_USAGE_DIGITAL_SIGNATURE, KEY_USAGE_NON_REPUDIATION, KEY_USAGE_KEY_ENCIPHERMENT, KEY_USAGE_DATA_ENCIPHERMENT KEY_USAGE_KEY_AGREEMENT, KEY_USAGE_KEY_CERT_SIGN, KEY_USAGE_CRL_SIGN, KEY_USAGE_ENCIPHER_ONLY and KEY_USAGE_DECIPHER_ONLY can be used to check what key usage bits are set.
◆ getNotAfter()
|
pure virtual |
Obtains the not-after validity time.
- Returns
- The time after which this certificate is invalid.
◆ getNotBefore()
|
pure virtual |
Obtains the not-before validity time.
- Returns
- The time at which this certificate is valid.
◆ getSerialNumber()
|
pure virtual |
Obtains the serial number.
This is an arbitrarily large number.
- Returns
- The certificate's serial number.
◆ getSubjectAlternativeNames()
|
pure virtual |
See the comment for Plugin::getIssuerAlternativeNames.
- Returns
- The subject's alternative names.
◆ getSubjectDN()
|
pure virtual |
Obtains the subject's distinguished name (DN).
- Returns
- The distinguished name.
◆ getSubjectKeyIdentifier()
|
pure virtual |
Obtains the subject key identifier.
- Returns
- The identifier.
◆ getVersion()
|
pure virtual |
Obtains the certificate version number.
- Returns
- The version number.
◆ getX509Extension()
|
pure virtual |
Obtains the extension with the given OID.
- Returns
- The extension, or null if the certificate does not contain a extension with the given OID.
◆ getX509Extensions()
|
pure virtual |
Obtains a list of the X509v3 extensions contained in the certificate.
- Returns
- The extensions.
◆ load()
|
static |
Loads the certificate from a file.
The certificate must use the PEM encoding format.
- Parameters
-
file The certificate file.
- Returns
- The new certificate instance.
- Exceptions
-
CertificateReadException if the file cannot be read.
◆ operator!=()
|
pure virtual |
Compares the certificates for equality using the native certificate comparison method.
◆ operator==()
|
pure virtual |
Compares the certificates for equality using the native certificate comparison method.
◆ toString()
|
pure virtual |
Stringifies the certificate.
This is a human readable version of the certificate, not a DER or PEM encoding.
- Returns
- A string version of the certificate.
◆ verify()
|
pure virtual |
Verifies that this certificate was signed by the given certificate public key.
- Parameters
-
cert A certificate containing the public key.
- Returns
- True if signed, false otherwise.
The documentation for this class was generated from the following file:
- IceSSL/Plugin.h
