d7/d4a/cert_8h_source.html

 /*

 BSD 3-Clause License


 Copyright (c) 2022, Stable Cloud Computing, Inc.


 Redistribution and use in source and binary forms, with or without

 modification, are permitted provided that the following conditions are met:


 1. Redistributions of source code must retain the above copyright notice, this

    list of conditions and the following disclaimer.


 2. Redistributions in binary form must reproduce the above copyright notice,

    this list of conditions and the following disclaimer in the documentation

    and/or other materials provided with the distribution.


 3. Neither the name of the copyright holder nor the names of its

    contributors may be used to endorse or promote products derived from

    this software without specific prior written permission.


 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */

 #ifndef _SCC_CRYPTO_CERT_H

 #define _SCC_CRYPTO_CERT_H


 #include <map>

 #include <memory>

 #include <set>

 #include <system_error>

 #include <fstream>

 #include <algorithm>

 #include <crypto/der.h>

 #include <crypto/rsa.h>

 #include <crypto/ecc.h>

 #include <crypto/bignum.h>


 namespace scc::crypto {


 enum KeyAlgoType

 {

     unknown = 0,

     rsa,

     ec_p192r1,

     ec_p224r1,

     ec_p256r1,

     ec_p384r1,

     ec_p521r1,

 };


 struct PublicKeyCert

 {

     PublicKeyCert() {}

     virtual ~PublicKeyCert() {}


     oid_value algorithm_id;

     BasePtr parameters;

     std::vector<uint8_t> public_key;


     KeyAlgoType type() const;


     void parse(const BasePtr);

     void parse(const DerDocument& doc)

     {

         parse(doc.root_ptr());

     }


     BasePtr dump() const;


     std::string str() const;


     void get(RsaPublicKey& key) const;

     void set(const RsaPublicKey& key);


     void get(EccGfpPoint&) const;

     void set(const KeyAlgoType&, const EccGfpPoint&);

 };


 struct RsaPublicKeyCert

 {

     static void parse(const BasePtr&, RsaPublicKey&);

     static void parse(const DerDocument& doc, RsaPublicKey& key)

     {

         parse(doc.root_ptr(), key);

     }


     static BasePtr dump(const RsaPublicKey&);

 };


 struct RsaPrivateKeyCert

 {

     static void parse(const BasePtr&, RsaPrivateKey&);

     static void parse(const DerDocument& doc, RsaPrivateKey& key)

     {

         parse(doc.root_ptr(), key);

     }


     static BasePtr dump(const RsaPrivateKey&);

 };


 struct EcParametersCert

 {

     static void parse(const BasePtr&, KeyAlgoType&);

     static void parse(const DerDocument& doc, KeyAlgoType& alg)

     {

         parse(doc.root_ptr(), alg);

     }


     static BasePtr dump(const KeyAlgoType&);

 };


 struct EcPublicKeyCert

 {

     static void parse(const BasePtr&, const KeyAlgoType&, EccGfpPoint&);

     static void parse(const DerDocument& doc, const KeyAlgoType& alg, EccGfpPoint& p)

     {

         parse(doc.root_ptr(), alg, p);

     }

     static void parse(const void*, int, const KeyAlgoType&, EccGfpPoint&);

     static void parse(const std::vector<char>& v, const KeyAlgoType& a, EccGfpPoint& p)

     {

         parse(v.data(), v.size(), a, p);

     }

     static void parse(const std::vector<uint8_t>& v, const KeyAlgoType& a, EccGfpPoint& p)

     {

         parse(v.data(), v.size(), a, p);

     }


     static BasePtr dump(const EccGfpPoint&);

     static void dump(const EccGfpPoint&, std::vector<char>&);

     static void dump(const EccGfpPoint&, std::vector<uint8_t>&);

 };


 struct EcPrivateKeyCert

 {

     static void parse(const BasePtr&, Bignum&, KeyAlgoType&, EccGfpPoint&);

     static void parse(const DerDocument& doc, Bignum& priv, KeyAlgoType& alg, EccGfpPoint& pub)

     {

         parse(doc.root_ptr(), priv, alg, pub);

     }


     static BasePtr dump(const Bignum&, const KeyAlgoType&, const EccGfpPoint&);

 };


 struct DirectoryString : public std::string

 {

     enum class Type

     {

         printable,

         utf8,

         universal,

         bmp,

         teletex,

         ia5,

         visible,

     };


     DirectoryString::Type type;


     DirectoryString() : type(DirectoryString::Type::printable) {}

     DirectoryString(const std::string& b, DirectoryString::Type t = Type::printable) : type(t)

     {

         assign(b);

     }

     DirectoryString(const BasePtr& b)

     {

         parse(b);

     }

     virtual ~DirectoryString() {}


     int compare(const DirectoryString& b) const

     {

         return std::string::compare(b);

     }


     bool operator==(const DirectoryString& b) const { return compare(b) == 0; }

     bool operator!=(const DirectoryString& b) const { return compare(b) != 0; }


     void parse(BasePtr);


     std::string str() const;


     BasePtr dump() const;

 };


 enum class AttributeType

 {

     unknown,

     name,

     surname,

     given_name,

     generation_qualifier,

     common_name,

     locality_name,

     state_or_province_name,

     organization_name,

     organizational_unit_name,

     title,

     dn_qualifier,

     country_name,

     serial_number,

     pseudonym,

     organization_id,

     street_address,

     domain_component,

     email_address,

 };


 using RDNPair = std::pair<oid_value, DirectoryString>;


 struct RDNComp

 {

     bool operator()(const RDNPair& lhs, const RDNPair& rhs) const

     {

         return lhs.first < rhs.first;

     }

 };


 struct RelativeDistinguishedName : public std::set<RDNPair, RDNComp>

 {

     RelativeDistinguishedName() {}

     RelativeDistinguishedName(BasePtr b)

     {

         parse(b);

     }

     virtual ~RelativeDistinguishedName() {}


     void parse(BasePtr);

     BasePtr dump() const;

     std::string str() const;


     static AttributeType type(const oid_value&);


     static const oid_value name;

     static const oid_value surname;

     static const oid_value given_name;

     static const oid_value generation_qualifier;

     static const oid_value common_name;

     static const oid_value locality_name;

     static const oid_value state_or_province_name;

     static const oid_value organization_name;

     static const oid_value organizational_unit_name;

     static const oid_value title;

     static const oid_value dn_qualifier;

     static const oid_value country_name;

     static const oid_value serial_number;

     static const oid_value pseudonym;

     static const oid_value organization_id;

     static const oid_value street_address;

     static const oid_value domain_component;

     static const oid_value email_address;

 };


 struct GeneralName

 {

     enum class Type : int

     {

         other_name = 0,                     // base_val

         rfc822_name = 1,                    // string_val

         dns_name = 2,                       // string_val

         x400_address = 3,                   // base_val

         directory_name = 4,                 // name_val

         edi_party_name = 5,                 // base_val

         uniform_resource_identifier = 6,    // string_val

         ip_address = 7,                     // string_val

         registered_id = 8,                  // oid_val

     };


     Type type;


     GeneralName(Type t = Type::directory_name);

     virtual ~GeneralName() {}


     BasePtr base;

     std::string string_val;

     std::vector<RelativeDistinguishedName> name_val;

     oid_value oid_val;


     void clear()

     {

         string_val.clear();

         name_val.clear();

         oid_val.clear();

         base.reset();

     }


     bool compare(const GeneralName& b) const

     {

         if (type != b.type)     return false;


         switch (type)

         {

         case Type::registered_id:

             return oid_val == b.oid_val;

         case Type::rfc822_name:

         case Type::dns_name:

         case Type::uniform_resource_identifier:

         case Type::ip_address:

             return string_val.compare(b.string_val) == 0;

         case Type::directory_name:

             return name_val == b.name_val;

         case Type::other_name:

         case Type::x400_address:

         case Type::edi_party_name:

             return false;       // not possible to compare raw elements

         }

         return false;

     }


     bool operator==(const GeneralName& b) const { return compare(b); }

     bool operator!=(const GeneralName& b) const { return !compare(b); }


     void parse(BasePtr);

     BasePtr dump();

     std::string str(bool = false) const;

 };


 enum class ExtType

 {

     subject_alternative_name,               // oid = {2, 5, 29, 17}

     authority_key_identifier,               // oid = {2, 5, 29, 35}

     subject_key_identifier,                 // oid = {2, 5, 29, 14}

     issuer_alternative_name,                // oid = {2, 5, 29, 18}

     basic_constraints,                      // oid = {2, 5, 29, 19}

     key_usage,                              // oid = {2, 5, 29, 15}

     extended_key_usage,                     // oid = {2, 5, 29, 37}

 /*

     Not implemented:


     certificate_policies,                   // oid = {2, 5, 29, 32}

     policy_mappings,                        // oid = {2, 5, 29, 33}

     subject_directory_attributes,           // oid = {2, 5, 29, 9}

     name_constraints,                       // oid = {2, 5, 29, 30}

     policy_constraints,                     // oid = {2, 5, 29, 36}

     crl_distribution_points,                // oid = {2, 5, 29, 31}

     inhibit_any_policy,                     // oid = {2, 5, 29, 54}

     freshest_crl,                           // oid = {2, 5, 29, 46}

     authority_information_access,           // oid = {1, 3, 6, 1, 5, 5, 7, 1, 1}

     subject_information_access,             // oid = {1, 3, 6, 1, 5, 5, 7, 1, 11}

     signed_certificate_timestamp_list,      // oid = {1, 3, 6, 1, 4, 1, 11129, 2, 4, 2}

 */

 };


 class ExtBase;

 using ExtBasePtr = std::shared_ptr<ExtBase>;


 struct ExtBase

 {

     oid_value oid;

     bool critical;

     BasePtr value;


     ExtBase(bool crit = false) : critical(crit) {}

     virtual ~ExtBase() {}


     virtual std::string name() const { return "ExtUnknown"; }

     virtual std::string str(bool = false) const;

     virtual void parse() {}

     virtual void dump() {}

     virtual bool implemented() const {  return false; }


     static ExtBasePtr create(BasePtr);


     BasePtr dump_seq();


     static oid_value find_oid(ExtType);

 };


 struct ExtSubjectAlternativeName : public ExtBase

 {

     ExtSubjectAlternativeName(bool crit=false) : ExtBase(crit)

     {

         oid = ExtBase::find_oid(ExtType::subject_alternative_name);

     }

     virtual ~ExtSubjectAlternativeName() {}


     std::string name() const { return "ExtSubjectAlternativeName"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtSubjectAlternativeName);

     }

     static ExtSubjectAlternativeName& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtSubjectAlternativeName: invalid cast");

         return *dynamic_cast<ExtSubjectAlternativeName*>(b.get());

     }


     std::vector<GeneralName> names;

 };


 struct ExtAuthorityKeyIdentifier : public ExtBase

 {

     ExtAuthorityKeyIdentifier(bool crit=false) : ExtBase(crit)

     {

         oid = ExtBase::find_oid(ExtType::authority_key_identifier);

     }

     virtual ~ExtAuthorityKeyIdentifier() {}


     std::string name() const { return "ExtAuthorityKeyIdentifier"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtAuthorityKeyIdentifier);

     }

     static ExtAuthorityKeyIdentifier& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtAuthorityKeyIdentifier: invalid cast");

         return *dynamic_cast<ExtAuthorityKeyIdentifier*>(b.get());

     }


     std::vector<char> key_identifier;

     std::vector<GeneralName> authority_cert_issuer;

     Bignum authority_cert_serial_number;

 };


 struct ExtSubjectKeyIdentifier : public ExtBase

 {

     ExtSubjectKeyIdentifier(bool crit=false) : ExtBase(crit)

     {

         oid = ExtBase::find_oid(ExtType::subject_key_identifier);

     }

     virtual ~ExtSubjectKeyIdentifier() {}


     std::string name() const { return "ExtSubjectKeyIdentifier"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtSubjectKeyIdentifier);

     }

     static ExtSubjectKeyIdentifier& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtSubjectKeyIdentifier: invalid cast");

         return *dynamic_cast<ExtSubjectKeyIdentifier*>(b.get());

     }


     std::vector<char> key_identifier;

 };


 struct ExtIssuerAlternativeName : public ExtBase

 {

     ExtIssuerAlternativeName(bool crit=false) : ExtBase(crit)

     {

         oid = ExtBase::find_oid(ExtType::issuer_alternative_name);

     }

     virtual ~ExtIssuerAlternativeName() {}


     std::string name() const { return "ExtIssuerAlternativeName"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtIssuerAlternativeName);

     }

     static ExtIssuerAlternativeName& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtIssuerAlternativeName: invalid cast");

         return *dynamic_cast<ExtIssuerAlternativeName*>(b.get());

     }


     std::vector<GeneralName> names;

 };


 struct ExtBasicConstraints : public ExtBase

 {

     ExtBasicConstraints(bool crit=false, bool ca=false, unsigned plen=0) : ExtBase(crit), conditional_access(ca), max_path_len(plen)

     {

         oid = ExtBase::find_oid(ExtType::basic_constraints);

     }

     virtual ~ExtBasicConstraints() {}


     std::string name() const { return "ExtBasicConstraints"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtBasicConstraints);

     }

     static ExtBasicConstraints& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtBasicConstraints: invalid cast");

         return *dynamic_cast<ExtBasicConstraints*>(b.get());

     }


     bool conditional_access;

     Bignum max_path_len;

 };


 struct ExtKeyUsage : public ExtBase

 {

     ExtKeyUsage(bool crit=false) : ExtBase(crit)

     {

         oid = ExtBase::find_oid(ExtType::key_usage);

         clear();

     }

     virtual ~ExtKeyUsage() {}


     std::string name() const { return "ExtKeyUsage"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtKeyUsage);

     }

     static ExtKeyUsage& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtKeyUsage: invalid cast");

         return *dynamic_cast<ExtKeyUsage*>(b.get());

     }


     void clear()

     {

         digital_signature = false;

         content_commitment = false;

         key_encipherment = false;

         data_encipherment = false;

         key_agreement = false;

         key_cert_sign = false;

         crl_sign = false;

         encipher_only = false;

         decipher_only = false;

     }


     bool digital_signature;

     bool content_commitment;

     bool key_encipherment;

     bool data_encipherment;

     bool key_agreement;

     bool key_cert_sign;

     bool crl_sign;

     bool encipher_only;

     bool decipher_only;

 };


 struct ExtExtendedKeyUsage : public ExtBase

 {

     ExtExtendedKeyUsage(bool crit=false) : ExtBase(crit)

     {

         oid = ExtBase::find_oid(ExtType::extended_key_usage);

         clear();

     }

     virtual ~ExtExtendedKeyUsage() {}


     std::string name() const { return "ExtExtendedKeyUsage"; }

     virtual std::string str(bool = false) const;

     virtual void parse();

     virtual void dump();

     virtual bool implemented() const {  return true; }


     static bool is_castable(ExtBasePtr b)

     {

         return typeid(*b) == typeid(ExtExtendedKeyUsage);

     }

     static ExtExtendedKeyUsage& cast(ExtBasePtr b)

     {

         if (b == nullptr || !is_castable(b))    throw std::runtime_error("ExtExtendedKeyUsage: invalid cast");

         return *dynamic_cast<ExtExtendedKeyUsage*>(b.get());

     }


     void clear()

     {

         server_auth = false;

         client_auth = false;

         code_signing = false;

         email_protection = false;

         time_stamping = false;

         ocsp_signing = false;

         additional_usage_ids.clear();

     }


     bool permit_any;

     bool server_auth;

     bool client_auth;

     bool code_signing;

     bool email_protection;

     bool time_stamping;

     bool ocsp_signing;


     std::vector<oid_value> additional_usage_ids;

 };


 #if 0


 class ExtSignedCertificateTimestampList : public ExtBase

 {

     static int struct_size(const void*, unsigned int);

     bool add_sct(const void*, int, std::string&);

     int dump_scts(std::vector<char>&);

 public:

     std::string name() const { return "ExtSignedCertificateTimestampList"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     std::vector<char> val;


     enum class HashAlgorithm : int

     {

         none = 0,

         md5,

         sha1,

         sha224,

         sha256,

         sha384,

         sha512,

     };


     enum class SigAlgorithm : int

     {

         anonymous = 0,

         rsa,

         dsa,

         ecdsa,

     };


     struct SCT

     {

         std::vector<char> log_id;

         uint64_t timestamp;

         HashAlgorithm hash;

         SigAlgorithm sig_algo;

         std::vector<char> signature;

     };


     std::vector<SCT> sct_list;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtAuthorityInformationAccess : public ExtBase

 {

 public:

     std::string name() const { return "ExtAuthorityInformationAccess"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtCertificatePolicies : public ExtBase

 {

 public:

     std::string name() const { return "ExtCertificatePolicies"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     enum class PolicyQualifierId

     {

         cps,

         unotice,

     };


     struct DisplayText

     {

         enum Type

         {

             ia5_string,

             visible_string,

             bmp_string,

             utf8_string,

         };

         Type type;

         std::string string;


         DisplayText() : type(Type::ia5_string) {}

     };


     struct NoticeReference

     {

         DisplayText organization;

         std::vector<Bignum> notice_numbers;

     };


     struct UserNotice

     {

         NoticeReference notice_ref;

         DisplayText explicit_text;

     };


     struct PolicyQualifierInfo

     {

         PolicyQualifierId id;

         std::string cps_qual;

         UserNotice user_notice;

     };


     struct PolicyInfo

     {

         oid_value policy_qualifier_id;

         std::vector<PolicyQualifierInfo> policy_qualifiers;

     };


     std::vector<PolicyInfo> certificate_policies;


     //DerSequence val;          ///< Does not interpret contents.


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtPolicyMappings : public ExtBase

 {

 public:

     std::string name() const { return "ExtPolicyMappings"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtSubjectDirectoryAttributes : public ExtBase

 {

 public:

     std::string name() const { return "ExtSubjectDirectoryAttributes"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     std::vector<std::pair<AttributeType, DirectoryString>> directory_attributes;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtNameConstraints : public ExtBase

 {

 public:

     std::string name() const { return "ExtNameConstraints"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtPolicyConstraints : public ExtBase

 {

 public:

     std::string name() const { return "ExtPolicyConstraints"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtCrlDistributionPoints : public ExtBase

 {

 public:

     std::string name() const { return "ExtCrlDistributionPoints"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtInhibitAnyPolicy : public ExtBase

 {

 public:

     std::string name() const { return "ExtInhibitAnyPolicy"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     Bignum val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtFreshestCrl : public ExtBase

 {

 public:

     std::string name() const { return "ExtFreshestCrl"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 class ExtSubjectInformationAccess : public ExtBase

 {

 public:

     std::string name() const { return "ExtSubjectInformationAccess"; }

     static const oid_value s_oid;

     oid_value oid() const { return s_oid; }


     DerSequence val;


     std::string str() const;

     bool parse(std::string&);

     void dump();

 };


 #endif


 enum class X509SignatureAlgo : int

 {

     unknown         = 0x0,

     rsa_md5         = 0x01,

     rsa_sha1        = 0x02,

     rsa_sha224      = 0x03,

     rsa_sha256      = 0x04,

     rsa_sha384      = 0x05,

     rsa_sha512      = 0x06,

     ecdsa_sha1      = 0x10,

     ecdsa_sha224    = 0x20,

     ecdsa_sha256    = 0x30,

     ecdsa_sha384    = 0x40,

     ecdsa_sha512    = 0x50,

 };


 struct X509Cert

 {

     X509Cert() {}

     virtual ~X509Cert() {}


     Bignum serial_number;

     std::vector<RelativeDistinguishedName> issuer;

     std::chrono::system_clock::time_point valid_start;

     std::chrono::system_clock::time_point valid_end;

     std::vector<RelativeDistinguishedName> subject;

     std::vector<char> issuer_unique_id;

     std::vector<char> subject_unique_id;

     std::vector<ExtBasePtr> extensions;


     ExtBasePtr find_ext(ExtType t) const

     {

         auto it = std::find_if(extensions.begin(), extensions.end(), [&t](auto& i)

         {

             return i->oid == ExtBase::find_oid(ExtType::subject_alternative_name);

         });

         ExtBasePtr ret;

         if (it != extensions.end()) ret = *it;

         return ret;

     }


     PublicKeyCert public_key;


     std::vector<char> cert_bin;

     oid_value sig_algo_oid;

     oid_value sig_algo_params;

     std::vector<uint8_t> signature;


     bool bin_compare(const X509Cert& other) const

     {

         return cert_bin == other.cert_bin;

     }


     X509SignatureAlgo sig_algo() const;


     void parse(const DerDocument&);


     std::string str(bool = false) const;


     bool validate(const X509Cert&) const;


     bool validate() const

     {

         return validate(*this);

     }


     bool validate(const RsaPublicKey&) const;


     bool validate(const EccGfpPoint&) const;


     BasePtr dump_cert() const;


     void sign_and_dump(DerDocument&, const RsaPrivateKey&, const X509SignatureAlgo&);


     void sign_and_dump(DerDocument&, const KeyAlgoType&, const Bignum&, Bignum&, const X509SignatureAlgo&);


 };


 struct CertBundle : std::vector<std::shared_ptr<X509Cert>>

 {

     CertBundle() {}

     CertBundle(std::istream& s)

     {

         parse(s);

     }

     virtual ~CertBundle() {}


     void parse(std::istream& s);

 };


 }   // namespace


 std::ostream& operator<<(std::ostream&, const scc::crypto::X509Cert&);

 std::ostream& operator<<(std::ostream&, const scc::crypto::KeyAlgoType&);

 std::ostream& operator<<(std::ostream&, const scc::crypto::X509SignatureAlgo&);


 #endif

bignum.h
Big number arithmetic.

scc::crypto::Bignum
Big number.
Definition: bignum.h:59

scc::crypto::DerDocument
DER document.
Definition: der.h:824

scc::crypto::DerDocument::root_ptr
BasePtr root_ptr() const
Return the root pointer.
Definition: der.h:936

scc::crypto::EccGfpPoint
Definition: ecc.h:197

scc::crypto::RsaPrivateKey
RSA Private Key.
Definition: rsa.h:185

scc::crypto::RsaPublicKey
RSA Public Key.
Definition: rsa.h:69

der.h
Distinguished encoding rules (DER).

ecc.h
Elliptic curve cryptography.

scc::crypto::RDNPair
std::pair< oid_value, DirectoryString > RDNPair
An x.509 relative distingushed name is a set of attribute / directory string names.
Definition: cert.h:426

scc::crypto::KeyAlgoType
KeyAlgoType
Key algorithm type.
Definition: cert.h:78

scc::crypto::X509SignatureAlgo
X509SignatureAlgo
Signature algorithms for X.509 certificates.
Definition: cert.h:1258

scc::crypto::AttributeType
AttributeType
Attribute types.
Definition: cert.h:382

scc::crypto::ec_p192r1
@ ec_p192r1
parameter {1, 2, 840, 10045, 3, 1, 1}
Definition: cert.h:81

scc::crypto::ec_p256r1
@ ec_p256r1
parameter {1, 2, 840, 10045, 3, 1, 7}
Definition: cert.h:83

scc::crypto::ec_p384r1
@ ec_p384r1
parameter {1, 3, 132, 0, 34}
Definition: cert.h:84

scc::crypto::rsa
@ rsa
parameter null
Definition: cert.h:80

scc::crypto::ec_p224r1
@ ec_p224r1
parameter {1, 3, 132, 0, 33}
Definition: cert.h:82

scc::crypto::ec_p521r1
@ ec_p521r1
parameter {1, 3, 132, 0, 35}
Definition: cert.h:85

scc::crypto::X509SignatureAlgo::rsa_sha512
@ rsa_sha512
{1, 2, 840, 113549, 1, 1, 13}

scc::crypto::X509SignatureAlgo::ecdsa_sha512
@ ecdsa_sha512
{1, 2, 840, 10045, 4, 3, 4}

scc::crypto::X509SignatureAlgo::ecdsa_sha224
@ ecdsa_sha224
{1, 2, 840, 10045, 4, 3, 1}

scc::crypto::X509SignatureAlgo::rsa_sha224
@ rsa_sha224
{1, 2, 840, 113549, 1, 1, 14}

scc::crypto::X509SignatureAlgo::ecdsa_sha1
@ ecdsa_sha1
{1, 2, 840, 10045, 4, 1}

scc::crypto::X509SignatureAlgo::rsa_md5
@ rsa_md5
{1, 2, 840, 113549, 1, 1, 4}

scc::crypto::X509SignatureAlgo::rsa_sha1
@ rsa_sha1
{1, 2, 840, 113549, 1, 1, 5}

scc::crypto::X509SignatureAlgo::ecdsa_sha256
@ ecdsa_sha256
{1, 2, 840, 10045, 4, 3, 2}

scc::crypto::X509SignatureAlgo::ecdsa_sha384
@ ecdsa_sha384
{1, 2, 840, 10045, 4, 3, 3}

scc::crypto::X509SignatureAlgo::rsa_sha384
@ rsa_sha384
{1, 2, 840, 113549, 1, 1, 12}

scc::crypto::X509SignatureAlgo::rsa_sha256
@ rsa_sha256
{1, 2, 840, 113549, 1, 1, 11}

scc::crypto::AttributeType::pseudonym
@ pseudonym
{2, 5, 4, 65} },

scc::crypto::AttributeType::organization_id
@ organization_id
{2, 5, 4, 97} },

scc::crypto::AttributeType::generation_qualifier
@ generation_qualifier
{2, 5, 4, 44} },

scc::crypto::AttributeType::state_or_province_name
@ state_or_province_name
{2, 5, 4, 8} },

scc::crypto::AttributeType::domain_component
@ domain_component
{ 0, 9, 2342, 19200300, 100, 1, 25 } },

scc::crypto::AttributeType::locality_name
@ locality_name
{2, 5, 4, 7} },

scc::crypto::AttributeType::serial_number
@ serial_number
{2, 5, 4, 5} },

scc::crypto::AttributeType::street_address
@ street_address
{2, 5, 4, 9} },

scc::crypto::AttributeType::given_name
@ given_name
{2, 5, 4, 42} },

scc::crypto::AttributeType::name
@ name
{2, 5, 4, 41} },

scc::crypto::AttributeType::email_address
@ email_address
{1, 2, 840, 113549, 1, 9, 1} },

scc::crypto::AttributeType::country_name
@ country_name
{2, 5, 4, 6} },

scc::crypto::AttributeType::dn_qualifier
@ dn_qualifier
{2, 5, 4, 46} },

scc::crypto::AttributeType::organizational_unit_name
@ organizational_unit_name
{2, 5, 4, 11} },

scc::crypto::AttributeType::title
@ title
{2, 5, 4, 12} },

scc::crypto::AttributeType::organization_name
@ organization_name
{2, 5, 4, 10} },

scc::crypto::AttributeType::surname
@ surname
{2, 5, 4, 4} },

scc::crypto::AttributeType::common_name
@ common_name
{2, 5, 4, 3} },

operator<<
std::ostream & operator<<(std::ostream &, const scc::net::InetAddr &)
Print the socket address details to an output stream.
Definition: inet.cc:320

rsa.h
RSA public key cryptography.

scc::crypto::CertBundle
Certificate bundle.
Definition: cert.h:1432

scc::crypto::CertBundle::parse
void parse(std::istream &s)
Parse bundle from stream.

scc::crypto::DirectoryString
An x.509 directory string is used to store generic names.
Definition: cert.h:326

scc::crypto::DirectoryString::str
std::string str() const
Descriptive string <chars> <type>.

scc::crypto::DirectoryString::compare
int compare(const DirectoryString &b) const
Compare two directory strings.
Definition: cert.h:355

scc::crypto::DirectoryString::parse
void parse(BasePtr)
Parse the string from a base object.

scc::crypto::EcParametersCert
From: https://tools.ietf.org/html/rfc3279#section-2.3.5.
Definition: cert.h:210

scc::crypto::EcParametersCert::parse
static void parse(const BasePtr &, KeyAlgoType &)
Parse from an object id.
Definition: cert.cc:313

scc::crypto::EcParametersCert::dump
static BasePtr dump(const KeyAlgoType &)
Dump to an object id.
Definition: cert.cc:326

scc::crypto::EcPrivateKeyCert
Private key certificate utility.
Definition: cert.h:298

scc::crypto::EcPrivateKeyCert::dump
static BasePtr dump(const Bignum &, const KeyAlgoType &, const EccGfpPoint &)
Dump to a sequence.
Definition: cert.cc:431

scc::crypto::EcPrivateKeyCert::parse
static void parse(const BasePtr &, Bignum &, KeyAlgoType &, EccGfpPoint &)
Parse from a sequence.
Definition: cert.cc:405

scc::crypto::EcPublicKeyCert
Elliptic curve public key.
Definition: cert.h:248

scc::crypto::EcPublicKeyCert::parse
static void parse(const BasePtr &, const KeyAlgoType &, EccGfpPoint &)
Parse from a bit string for a specific curve.
Definition: cert.cc:366

scc::crypto::EcPublicKeyCert::dump
static BasePtr dump(const EccGfpPoint &)
Dump to an uncompressed bit string.
Definition: cert.cc:375

scc::crypto::ExtAuthorityKeyIdentifier
Authority key identifier.
Definition: cert.h:705

scc::crypto::ExtAuthorityKeyIdentifier::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtAuthorityKeyIdentifier::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtAuthorityKeyIdentifier::key_identifier
std::vector< char > key_identifier
Identifies the private key used to sign.
Definition: cert.h:728

scc::crypto::ExtAuthorityKeyIdentifier::name
std::string name() const
Return the name of the extension.
Definition: cert.h:712

scc::crypto::ExtAuthorityKeyIdentifier::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:716

scc::crypto::ExtAuthorityKeyIdentifier::authority_cert_serial_number
Bignum authority_cert_serial_number
Serial number of the certificate.
Definition: cert.h:730

scc::crypto::ExtAuthorityKeyIdentifier::authority_cert_issuer
std::vector< GeneralName > authority_cert_issuer
Certificate issuer.
Definition: cert.h:729

scc::crypto::ExtAuthorityKeyIdentifier::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::ExtBase
X.509 extensions.
Definition: cert.h:621

scc::crypto::ExtBase::parse
virtual void parse()
Parse value into the the local sub-class data.
Definition: cert.h:634

scc::crypto::ExtBase::oid
oid_value oid
The oid of the extension.
Definition: cert.h:622

scc::crypto::ExtBase::dump_seq
BasePtr dump_seq()
Dump the extension into an Extension sequence.

scc::crypto::ExtBase::create
static ExtBasePtr create(BasePtr)
Create an extension.

scc::crypto::ExtBase::name
virtual std::string name() const
Return the name of the extension.
Definition: cert.h:630

scc::crypto::ExtBase::critical
bool critical
Is the extension marked critical? If a CRL contains a critical extension that cannot be processed,...
Definition: cert.h:623

scc::crypto::ExtBase::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtBase::value
BasePtr value
Parsed extension value.
Definition: cert.h:624

scc::crypto::ExtBase::find_oid
static oid_value find_oid(ExtType)
Find the oid associated with the extension type.

scc::crypto::ExtBase::dump
virtual void dump()
Dump sub-class data into the value.
Definition: cert.h:636

scc::crypto::ExtBase::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:641

scc::crypto::ExtBasicConstraints
Basic constraints.
Definition: cert.h:811

scc::crypto::ExtBasicConstraints::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:822

scc::crypto::ExtBasicConstraints::name
std::string name() const
Return the name of the extension.
Definition: cert.h:818

scc::crypto::ExtBasicConstraints::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtBasicConstraints::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtBasicConstraints::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::ExtBasicConstraints::conditional_access
bool conditional_access
Is this a conditional access certificate? If so, the public key can be used to verify certificate.
Definition: cert.h:834

scc::crypto::ExtBasicConstraints::max_path_len
Bignum max_path_len
If conditional access, the maximum number of intermediate certificates in the certification path.
Definition: cert.h:835

scc::crypto::ExtExtendedKeyUsage
Extended key usage.
Definition: cert.h:912

scc::crypto::ExtExtendedKeyUsage::server_auth
bool server_auth
TLS WWW server auth. Consistent with digital_signature, key_encipherment, key_agreement.
Definition: cert.h:948

scc::crypto::ExtExtendedKeyUsage::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:924

scc::crypto::ExtExtendedKeyUsage::additional_usage_ids
std::vector< oid_value > additional_usage_ids
Key usage ids not in the list above.
Definition: cert.h:955

scc::crypto::ExtExtendedKeyUsage::client_auth
bool client_auth
TLS WWW client auth. Consistent with digital_signature, key_agreement.
Definition: cert.h:949

scc::crypto::ExtExtendedKeyUsage::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtExtendedKeyUsage::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::ExtExtendedKeyUsage::name
std::string name() const
Return the name of the extension.
Definition: cert.h:920

scc::crypto::ExtExtendedKeyUsage::time_stamping
bool time_stamping
Binding the hash of an object to a time. Consistent with digital_signature, content_commitment.
Definition: cert.h:952

scc::crypto::ExtExtendedKeyUsage::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtExtendedKeyUsage::code_signing
bool code_signing
Signing of downloadable code. Consistent with digital_signature.
Definition: cert.h:950

scc::crypto::ExtExtendedKeyUsage::ocsp_signing
bool ocsp_signing
Signing OCSP responses. Consistent with digital_signature, content_commitment.
Definition: cert.h:953

scc::crypto::ExtExtendedKeyUsage::email_protection
bool email_protection
Email protection. Consistent with digital_signature, content_commitment, key_encipherment,...
Definition: cert.h:951

scc::crypto::ExtExtendedKeyUsage::permit_any
bool permit_any
Permit any usage. Used for applications that must include this extension, but do not wish to specify ...
Definition: cert.h:947

scc::crypto::ExtIssuerAlternativeName
Issuer alternative name.
Definition: cert.h:774

scc::crypto::ExtIssuerAlternativeName::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtIssuerAlternativeName::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:785

scc::crypto::ExtIssuerAlternativeName::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtIssuerAlternativeName::name
std::string name() const
Return the name of the extension.
Definition: cert.h:781

scc::crypto::ExtIssuerAlternativeName::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::ExtKeyUsage
Key usage.
Definition: cert.h:853

scc::crypto::ExtKeyUsage::digital_signature
bool digital_signature
Public key is used for verifying digital signatures other than certificates and CRLs.
Definition: cert.h:890

scc::crypto::ExtKeyUsage::name
std::string name() const
Return the name of the extension.
Definition: cert.h:861

scc::crypto::ExtKeyUsage::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtKeyUsage::key_cert_sign
bool key_cert_sign
Public key is used for verifying signatures on public key certificates. ExtBasicConstraints condition...
Definition: cert.h:895

scc::crypto::ExtKeyUsage::data_encipherment
bool data_encipherment
Public key is used to encipher data. This should be rare, as most applications will use key transport...
Definition: cert.h:893

scc::crypto::ExtKeyUsage::decipher_only
bool decipher_only
If key_agreement set, public key can only be used for deciphering data while performing key agreement...
Definition: cert.h:898

scc::crypto::ExtKeyUsage::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::ExtKeyUsage::encipher_only
bool encipher_only
If key_agreement set, public key can only be used for enciphering data while performing key agreement...
Definition: cert.h:897

scc::crypto::ExtKeyUsage::key_encipherment
bool key_encipherment
Public key is used to encipher private keys, e.g. in key transport.
Definition: cert.h:892

scc::crypto::ExtKeyUsage::key_agreement
bool key_agreement
Public key is used for key agreement, e.g. Diffie-Hellman key management.
Definition: cert.h:894

scc::crypto::ExtKeyUsage::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtKeyUsage::content_commitment
bool content_commitment
Public key is used for verifying digital signatures in a content commitment (non-repudiation) service...
Definition: cert.h:891

scc::crypto::ExtKeyUsage::crl_sign
bool crl_sign
Public key is used for verifying certificates on certificate revocation lists, e.g....
Definition: cert.h:896

scc::crypto::ExtKeyUsage::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:865

scc::crypto::ExtSubjectAlternativeName
Subject alternative name.
Definition: cert.h:666

scc::crypto::ExtSubjectAlternativeName::names
std::vector< GeneralName > names
Alternative names.
Definition: cert.h:689

scc::crypto::ExtSubjectAlternativeName::name
std::string name() const
Return the name of the extension.
Definition: cert.h:673

scc::crypto::ExtSubjectAlternativeName::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::ExtSubjectAlternativeName::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:677

scc::crypto::ExtSubjectAlternativeName::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtSubjectAlternativeName::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtSubjectKeyIdentifier
Subject key identifier.
Definition: cert.h:741

scc::crypto::ExtSubjectKeyIdentifier::name
std::string name() const
Return the name of the extension.
Definition: cert.h:748

scc::crypto::ExtSubjectKeyIdentifier::str
virtual std::string str(bool=false) const
Print to string, optionally printing the value.

scc::crypto::ExtSubjectKeyIdentifier::implemented
virtual bool implemented() const
Is this implemented (sub-classed)?
Definition: cert.h:752

scc::crypto::ExtSubjectKeyIdentifier::dump
virtual void dump()
Dump sub-class data into the value.

scc::crypto::ExtSubjectKeyIdentifier::parse
virtual void parse()
Parse value into the the local sub-class data.

scc::crypto::GeneralName
General name.
Definition: cert.h:511

scc::crypto::GeneralName::GeneralName
GeneralName(Type t=Type::directory_name)
Create the base sequence.

scc::crypto::GeneralName::parse
void parse(BasePtr)
Parse an input as an implicit element (must have id corresponding to the type above.

scc::crypto::GeneralName::type
Type type
Value type.
Definition: cert.h:525

scc::crypto::GeneralName::dump
BasePtr dump()
Reset the base pointer and dump the element to a context-class element.

scc::crypto::GeneralName::str
std::string str(bool=false) const
Print contents.

scc::crypto::PublicKeyCert
Public key information certificate.
Definition: cert.h:105

scc::crypto::PublicKeyCert::dump
BasePtr dump() const
Dump to a sequence.
Definition: cert.cc:133

scc::crypto::PublicKeyCert::parse
void parse(const BasePtr)
Parse from a sequence.
Definition: cert.cc:101

scc::crypto::PublicKeyCert::set
void set(const RsaPublicKey &key)
Set rsa public key.
Definition: cert.cc:181

scc::crypto::PublicKeyCert::type
KeyAlgoType type() const
Return the embedded public key type.
Definition: cert.cc:82

scc::crypto::PublicKeyCert::public_key
std::vector< uint8_t > public_key
The uninterpreted public key.
Definition: cert.h:111

scc::crypto::PublicKeyCert::parameters
BasePtr parameters
The optional parameters (may be null)
Definition: cert.h:110

scc::crypto::PublicKeyCert::str
std::string str() const
Print descriptive string.
Definition: cert.cc:159

scc::crypto::PublicKeyCert::algorithm_id
oid_value algorithm_id
Algorithm id.
Definition: cert.h:109

scc::crypto::PublicKeyCert::get
void get(RsaPublicKey &key) const
Get rsa public key.
Definition: cert.cc:172

scc::crypto::RDNComp
Definition: cert.h:429

scc::crypto::RelativeDistinguishedName
Definition: cert.h:437

scc::crypto::RelativeDistinguishedName::parse
void parse(BasePtr)
Parse from RelativeDistinguishedName.

scc::crypto::RelativeDistinguishedName::dump
BasePtr dump() const
Dump and return an element of type set.

scc::crypto::RelativeDistinguishedName::str
std::string str() const
Print contents.

scc::crypto::RsaPrivateKeyCert
RSA private key certificate.
Definition: cert.h:184

scc::crypto::RsaPrivateKeyCert::dump
static BasePtr dump(const RsaPrivateKey &)
Dump to a sequence.
Definition: cert.cc:280

scc::crypto::RsaPrivateKeyCert::parse
static void parse(const BasePtr &, RsaPrivateKey &)
Parse from a sequence.
Definition: cert.cc:259

scc::crypto::RsaPublicKeyCert
RSA public key certificate.
Definition: cert.h:152

scc::crypto::RsaPublicKeyCert::dump
static BasePtr dump(const RsaPublicKey &)
Dump to a sequence.
Definition: cert.cc:241

scc::crypto::RsaPublicKeyCert::parse
static void parse(const BasePtr &, RsaPublicKey &)
Parse from a sequence.
Definition: cert.cc:228

scc::crypto::X509Cert
X.509 certificate.
Definition: cert.h:1305

scc::crypto::X509Cert::serial_number
Bignum serial_number
The certificate serial number.
Definition: cert.h:1309

scc::crypto::X509Cert::subject_unique_id
std::vector< char > subject_unique_id
Subject unique id. Optional: size 0 means not present.
Definition: cert.h:1315

scc::crypto::X509Cert::extensions
std::vector< ExtBasePtr > extensions
Extensions.
Definition: cert.h:1316

scc::crypto::X509Cert::issuer
std::vector< RelativeDistinguishedName > issuer
Issuer name.
Definition: cert.h:1310

scc::crypto::X509Cert::issuer_unique_id
std::vector< char > issuer_unique_id
Issuer unique id. Optional: size 0 means not present.
Definition: cert.h:1314

scc::crypto::X509Cert::validate
bool validate(const X509Cert &) const
Validate this certificate against another.

scc::crypto::X509Cert::dump_cert
BasePtr dump_cert() const
Dump the certificate to a sequence.

scc::crypto::X509Cert::str
std::string str(bool=false) const
Descriptive string.

scc::crypto::X509Cert::validate
bool validate(const EccGfpPoint &) const
Validate signature against an ECDSA algorithm and public key.

scc::crypto::X509Cert::sig_algo_oid
oid_value sig_algo_oid
Algorithm used to sign this certificate.
Definition: cert.h:1332

scc::crypto::X509Cert::validate
bool validate() const
Validate this certificate against it's own public key.
Definition: cert.h:1367

scc::crypto::X509Cert::public_key
PublicKeyCert public_key
Certificate owner's public key.
Definition: cert.h:1329

scc::crypto::X509Cert::sign_and_dump
void sign_and_dump(DerDocument &, const KeyAlgoType &, const Bignum &, Bignum &, const X509SignatureAlgo &)
Sign the certificate and dump to a document using the ECDSA signature algorithm.

scc::crypto::X509Cert::valid_end
std::chrono::system_clock::time_point valid_end
Time after which this certificate is invalid.
Definition: cert.h:1312

scc::crypto::X509Cert::sign_and_dump
void sign_and_dump(DerDocument &, const RsaPrivateKey &, const X509SignatureAlgo &)
Sign the certificate and dump to a document using the RSA signature algorithm.

scc::crypto::X509Cert::sig_algo_params
oid_value sig_algo_params
Signature algorithm parameters.
Definition: cert.h:1333

scc::crypto::X509Cert::valid_start
std::chrono::system_clock::time_point valid_start
Time before which this certificate is invalid.
Definition: cert.h:1311

scc::crypto::X509Cert::validate
bool validate(const RsaPublicKey &) const
Validate signature against an RSA public key.

scc::crypto::X509Cert::signature
std::vector< uint8_t > signature
Digital signature of this certificate signed using the issuer's private key.
Definition: cert.h:1334

scc::crypto::X509Cert::parse
void parse(const DerDocument &)
Parse from a document.

scc::crypto::X509Cert::subject
std::vector< RelativeDistinguishedName > subject
Subject name.
Definition: cert.h:1313

scc::crypto::X509Cert::cert_bin
std::vector< char > cert_bin
Binary form of certificate from latest dump() or parse(), signed by the issuer.
Definition: cert.h:1331