#include <wvx509.h>
Collaboration diagram for WvX509Mgr:
Definition at line 28 of file wvx509.h.
Public Types | |
enum | DumpMode { CertPEM = 0, RsaPEM, RsaRaw } |
Type for the dump() method, which can output the information in this class in a variety of formats. More... | |
Public Member Functions | |
WvX509Mgr (X509 *_cert=NULL) | |
Initialize a blank X509 Object with the certificate *cert (used for client side operations...). | |
WvX509Mgr (WvStringParm hexcert, WvStringParm hexrsa) | |
Constructor to initialize this object with a pre-existing certificate and key. | |
WvX509Mgr (WvStringParm _dname, WvRSAKey *_rsa) | |
Constructor to create a selfsigned certificate for dn dname NOTE: If you already have a WvRSAKey, then you can shove it in here in the second parameter (i.e.: If you wanted to generate a cert for an existing TunnelVision connection), or if you don't have an RSA Key yet, you can just give it a number of bits, and it will create one for you. | |
WvX509Mgr (WvStringParm _dname, int bits) | |
WvX509Mgr (const WvX509Mgr &mgr) | |
Placeholder: this doesn't exist yet. | |
virtual | ~WvX509Mgr () |
Destructor. | |
void | create_selfsigned () |
Given the Distinguished Name dname and an already generated keypair in rsa, return a Self Signed Certificate in cert. | |
WvString | certreq () |
Create a certificate request (PKCS#10) using this function.. | |
bool | test () |
test to make sure that a certificate and a keypair go together. | |
void | unhexify (WvStringParm encodedcert) |
Given a hexified certificate, fill the cert member NOTE: ALWAYS load your RSA Keys before calling this! It is best if you have hexify()'d keys to simply use the proper constructor. | |
WvString | hexify () |
Given the X509 certificate object cert, return a hexified string useful in a WvConf or UniConf file. | |
bool | validate () |
Function to verify the validity of a certificate that has been placed in cert. | |
bool | signedbyCAindir (WvStringParm certdir) |
Check the certificate in cert against the CA certificates in certfile - returns true if cert was signed by one of the CA certificates. | |
bool | signedbyCAinfile (WvStringParm certfile) |
Check the certificate in cert against the CA certificates in certdir returns true if cert was signed by one of the CA certificates. | |
void | sign (WvRSAKey CAKeypair) |
Sign the X509 certificate in cert with CAKeypair. | |
bool | isinCRL () |
Check and see if the certificate in cert has been revoked... | |
WvString | encode (const DumpMode mode) |
Return the information requested by mode as a WvString. | |
void | decode (DumpMode mode, WvStringParm PemEncoded) |
Load the information from the format requested by mode into the class - this overwrites the certificate, and possibly the key - and to enable two stage loading (the certificate first, then the key), it DOES NOT call test() - that will be up to the programmer. | |
void | write_p12 (WvStringParm filename) |
And of course, since PKCS12 files are in the rediculous DER encoding format, which is binary, we can't use the encode/decode functions, so we deal straight with files... | |
void | read_p12 (WvStringParm filename) |
And this reads from the file specified in filename, and fills the RSA and cert members with the decoded information. | |
void | setPkcs12Password (WvStringParm passwd) |
Sets the PKCS12 password. | |
WvString | get_issuer () |
Return the Certificate Issuer (usually the CA who issued the certificate). | |
WvString | get_subject () |
Return the Subject field of the certificate. | |
WvString | get_crl_dp () |
Return the CRL Distribution points if they exist, WvString::null if they don't. | |
WvString | get_cp_oid () |
Return the Certificate Policy OID if it exists, and WvString::null it if doesn't. | |
WvString | get_altsubject () |
Return the Subject alt name if it exists, and WvString::null if it doesn't. | |
bool | isok () const |
Is this certificate Object valid, and in a non-error state. | |
const WvString & | errstr () |
Accessor for the error string if !isok(). | |
Public Attributes | |
WvString | dname |
Distinguished Name to be used in the certificate. | |
X509 * | cert |
X.509v3 Certificate - this is why this class exists. | |
WvRSAKey * | rsa |
The Public and Private RSA keypair associated with this certificate Make sure that you save this somewhere!!! If you don't, then you won't really be able to use the certificate for anything... |
|
Type for the dump() method, which can output the information in this class in a variety of formats.
|
|
Initialize a blank X509 Object with the certificate *cert (used for client side operations...). This either initializes a completely empty object, or takes _cert, and extracts the distinguished name into dname, and the the RSA public key into rsa. rsa->prv is empty. Definition at line 59 of file wvx509.cc. References cert, dname, WvString::edit(), rsa, WvFastString::setsize(), and wvssl_init(). |
|
Constructor to initialize this object with a pre-existing certificate and key.
Definition at line 96 of file wvx509.cc. References cert, dname, WvError::errstr(), WvError::isok(), rsa, unhexify(), wvssl_init(), and WvStringParm. |
|
Constructor to create a selfsigned certificate for dn dname NOTE: If you already have a WvRSAKey, then you can shove it in here in the second parameter (i.e.: If you wanted to generate a cert for an existing TunnelVision connection), or if you don't have an RSA Key yet, you can just give it a number of bits, and it will create one for you. Also: For SSL Servers: the dname MUST be in the form: cn=FQDN,o=foo,c=CA (actually, any part after the cn=FQDN is up to you... dc= works as well..) But the important bit is to use the Fully Qualified Domain Name in the cn= part - otherwise Web Clients get confused...(I imagine other server clients will get equally confused, but I haven't checked). I don't check for this, since other kinds of certificates are perfectly valid without this... If you want to generate invalid certs, that's up to you. Definition at line 123 of file wvx509.cc. References cert, create_selfsigned(), dname, rsa, wvssl_init(), and WvStringParm. |
|
Definition at line 136 of file wvx509.cc. References cert, create_selfsigned(), dname, rsa, wvssl_init(), and WvStringParm. |
|
Placeholder: this doesn't exist yet.
|
|
Destructor.
Definition at line 147 of file wvx509.cc. References cert, and wvssl_free(). |
|
Create a certificate request (PKCS#10) using this function.. this request is what you would send off to Verisign, or Entrust.net (or any other CA), to get your real certificate. It leaves the RSA key pair in rsa, where you MUST save it for the certificate to be AT ALL valid when you get it back. Returns a PEM Encoded PKCS#10 certificate request, and leaves the RSA keypair in rsa, and a self-signed temporary certificate in cert. Definition at line 380 of file wvx509.cc. References dname, file_hack_end(), file_hack_start(), WvRSAKey::rsa, rsa, and set_name_entry(). |
|
Given the Distinguished Name dname and an already generated keypair in rsa, return a Self Signed Certificate in cert.
Definition at line 244 of file wvx509.cc. References cert, dname, WvString::edit(), WvRSAKey::rsa, rsa, and set_name_entry(). Referenced by WvX509Mgr(). |
|
Load the information from the format requested by mode into the class - this overwrites the certificate, and possibly the key - and to enable two stage loading (the certificate first, then the key), it DOES NOT call test() - that will be up to the programmer.
Definition at line 689 of file wvx509.cc. References cert, CertPEM, WvString::edit(), file_hack_start(), WvFastString::len(), WvRSAKey::rsa, rsa, RsaPEM, RsaRaw, and WvStringParm. |
|
Return the information requested by mode as a WvString.
Definition at line 646 of file wvx509.cc. References cert, CertPEM, file_hack_end(), file_hack_start(), WvRSAKey::rsa, rsa, RsaPEM, and RsaRaw. |
|
Accessor for the error string if !isok().
Definition at line 238 of file wvx509.h. Referenced by WvSSLStream::post_select(). |
|
Return the Subject alt name if it exists, and WvString::null if it doesn't.
Definition at line 901 of file wvx509.cc. References WvBufBase< unsigned char >::getstr(), and WvDynBuf. |
|
Return the Certificate Policy OID if it exists, and WvString::null it if doesn't.
Definition at line 887 of file wvx509.cc. References WvBufBase< unsigned char >::getstr(), and WvDynBuf. |
|
Return the CRL Distribution points if they exist, WvString::null if they don't.
Definition at line 873 of file wvx509.cc. References WvBufBase< unsigned char >::getstr(), and WvDynBuf. |
|
Return the Certificate Issuer (usually the CA who issued the certificate).
Definition at line 861 of file wvx509.cc. References cert. |
|
Return the Subject field of the certificate.
Definition at line 867 of file wvx509.cc. References cert. |
|
Given the X509 certificate object cert, return a hexified string useful in a WvConf or UniConf file. I don't provide a similar function for that for the rsa key, because you can always call rsa->private_str() and rsa->public_str() for that information. Definition at line 545 of file wvx509.cc. References cert, WvString::edit(), and WvFastString::setsize(). |
|
Check and see if the certificate in cert has been revoked... currently relies on the CRL Distribution Point X509v3 extension... returns true if it has expired NOT IMPLEMENTED |
|
Is this certificate Object valid, and in a non-error state.
Definition at line 232 of file wvx509.h. Referenced by main(), and WvSSLStream::post_select(). |
|
And this reads from the file specified in filename, and fills the RSA and cert members with the decoded information.
Definition at line 805 of file wvx509.cc. References cert, rsa, test(), and WvStringParm. |
|
Sets the PKCS12 password.
Definition at line 197 of file wvx509.h. References WvStringParm. |
|
Sign the X509 certificate in cert with CAKeypair. NOT IMPLEMENTED |
|
Check the certificate in cert against the CA certificates in certfile - returns true if cert was signed by one of the CA certificates.
Definition at line 628 of file wvx509.cc. References WvDirIter::next(), WvDirIter::rewind(), signedbyCAinfile(), and WvStringParm. |
|
Check the certificate in cert against the CA certificates in certdir returns true if cert was signed by one of the CA certificates.
Definition at line 591 of file wvx509.cc. References cert, lookup(), and WvStringParm. Referenced by signedbyCAindir(). |
|
test to make sure that a certificate and a keypair go together. called internally by unhexify() although you can call it if you want to test a certificate yourself Definition at line 470 of file wvx509.cc. References cert, WvRSAKey::rsa, rsa, and wvssl_errstr(). Referenced by read_p12(), and unhexify(). |
|
Given a hexified certificate, fill the cert member NOTE: ALWAYS load your RSA Keys before calling this! It is best if you have hexify()'d keys to simply use the proper constructor.
Definition at line 516 of file wvx509.cc. References cert, WvFastString::cstr(), test(), wv_d2i_X509(), WvStringParm, and X509. Referenced by WvX509Mgr(). |
|
Function to verify the validity of a certificate that has been placed in cert. Currently, this only outputs some information about the certificate but eventually, it should be used to verify that the certificate is valid (has not expired, and was issued by a valid and trusted CA) Definition at line 563 of file wvx509.cc. References cert. Referenced by WvSSLStream::post_select(). |
|
And of course, since PKCS12 files are in the rediculous DER encoding format, which is binary, we can't use the encode/decode functions, so we deal straight with files... *sigh* As should be obvious, this writes the certificate and RSA keys in PKCS12 format to the file specified by filename. Definition at line 745 of file wvx509.cc. References WvString::edit(), WvRSAKey::rsa, rsa, and WvStringParm. |
|
X.509v3 Certificate - this is why this class exists.
Definition at line 81 of file wvx509.h. Referenced by create_selfsigned(), decode(), encode(), get_issuer(), get_subject(), hexify(), read_p12(), signedbyCAinfile(), test(), unhexify(), validate(), WvX509Mgr(), and ~WvX509Mgr(). |
|
Distinguished Name to be used in the certificate.
Definition at line 32 of file wvx509.h. Referenced by certreq(), create_selfsigned(), and WvX509Mgr(). |
|
The Public and Private RSA keypair associated with this certificate Make sure that you save this somewhere!!! If you don't, then you won't really be able to use the certificate for anything...
Definition at line 88 of file wvx509.h. Referenced by certreq(), create_selfsigned(), decode(), encode(), read_p12(), test(), write_p12(), and WvX509Mgr(). |