X.509 certificate. More...
#include <cert.h>
Public Member Functions | |
| ExtBasePtr | find_ext (ExtType t) const |
| bool | bin_compare (const X509Cert &other) const |
| X509SignatureAlgo | sig_algo () const |
| void | parse (const DerDocument &) |
| Parse from a document. More... | |
| std::string | str (bool=false) const |
| Descriptive string. More... | |
| bool | validate (const X509Cert &) const |
| Validate this certificate against another. More... | |
| bool | validate () const |
| Validate this certificate against it's own public key. More... | |
| bool | validate (const RsaPublicKey &) const |
| Validate signature against an RSA public key. More... | |
| bool | validate (const EccGfpPoint &) const |
| Validate signature against an ECDSA algorithm and public key. More... | |
| BasePtr | dump_cert () const |
| Dump the certificate to a sequence. | |
| void | sign_and_dump (DerDocument &, const RsaPrivateKey &, const X509SignatureAlgo &) |
| Sign the certificate and dump to a document using the RSA signature algorithm. More... | |
| void | sign_and_dump (DerDocument &, const KeyAlgoType &, const Bignum &, Bignum &, const X509SignatureAlgo &) |
| Sign the certificate and dump to a document using the ECDSA signature algorithm. More... | |
Public Attributes | |
| Bignum | serial_number |
| The certificate serial number. | |
| std::vector< RelativeDistinguishedName > | issuer |
| Issuer name. | |
| std::chrono::system_clock::time_point | valid_start |
| Time before which this certificate is invalid. | |
| std::chrono::system_clock::time_point | valid_end |
| Time after which this certificate is invalid. | |
| std::vector< RelativeDistinguishedName > | subject |
| Subject name. | |
| std::vector< char > | issuer_unique_id |
| Issuer unique id. Optional: size 0 means not present. | |
| std::vector< char > | subject_unique_id |
| Subject unique id. Optional: size 0 means not present. | |
| std::vector< ExtBasePtr > | extensions |
| Extensions. | |
| PublicKeyCert | public_key |
| Certificate owner's public key. | |
| std::vector< char > | cert_bin |
| Binary form of certificate from latest dump() or parse(), signed by the issuer. | |
| oid_value | sig_algo_oid |
| Algorithm used to sign this certificate. | |
| oid_value | sig_algo_params |
| Signature algorithm parameters. | |
| std::vector< uint8_t > | signature |
| Digital signature of this certificate signed using the issuer's private key. | |
Detailed Description
X.509 certificate.
Certificates for use in TLS. Supports only version 3 certificates.
See:
- https://tools.ietf.org/html/rfc5280 Updates:
- https://tools.ietf.org/html/rfc6818
- https://tools.ietf.org/html/rfc8398
- https://tools.ietf.org/html/rfc8399
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, – If present, version MUST be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, – If present, version MUST be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL – If present, version MUST be v3 }
Member Function Documentation
◆ parse()
| void scc::crypto::X509Cert::parse | ( | const DerDocument & | ) |
Parse from a document.
Resets certificate binary.
Throws an exception if this is not a version 3 X.509 certificate.
◆ sign_and_dump() [1/2]
| void scc::crypto::X509Cert::sign_and_dump | ( | DerDocument & | , |
| const KeyAlgoType & | , | ||
| const Bignum & | , | ||
| Bignum & | , | ||
| const X509SignatureAlgo & | |||
| ) |
Sign the certificate and dump to a document using the ECDSA signature algorithm.
- Parameters
-
doc Document to dump output. key_type The curve type. Must be an ecdsa_ key type. reg_key Regular private key. Signature will be verified using the public key associated with this key. tmp_key Temporary private key. sig_algo Signature algorithm. Throws exception if this is not an ecdsa_ signature algorithm.
This will set the certificate algorithm, certificate binary, and signature.
Throws exception if inconsistent keys are input.
◆ sign_and_dump() [2/2]
| void scc::crypto::X509Cert::sign_and_dump | ( | DerDocument & | , |
| const RsaPrivateKey & | , | ||
| const X509SignatureAlgo & | |||
| ) |
Sign the certificate and dump to a document using the RSA signature algorithm.
- Parameters
-
doc Document to dump output. key RSA private key. algo Signature algorithm. Throws exception if this is not an rsa_ signature algorithm.
This will set the certificate algorithm, certificate binary, and signature, then dump the document.
◆ str()
| std::string scc::crypto::X509Cert::str | ( | bool | = false | ) | const |
Descriptive string.
Debug dumps the asn.1 for all extensions.
◆ validate() [1/4]
|
inline |
◆ validate() [2/4]
| bool scc::crypto::X509Cert::validate | ( | const EccGfpPoint & | ) | const |
Validate signature against an ECDSA algorithm and public key.
- Parameters
-
curve EC curve type. key EC public key.
Returns false if signature algorithm is not ECDSA, is unknown, or validate fails.
If the point is invalid, throws an exception.
◆ validate() [3/4]
| bool scc::crypto::X509Cert::validate | ( | const RsaPublicKey & | ) | const |
Validate signature against an RSA public key.
- Parameters
-
key RSA public key.
Returns false if signature algorithm is not RSA, is unknown, or validate fails.
◆ validate() [4/4]
| bool scc::crypto::X509Cert::validate | ( | const X509Cert & | ) | const |
Validate this certificate against another.
Returns true if the private key associated with the issuer certificate public key was used to sign this certificate.
The documentation for this struct was generated from the following file:
- crypto/pub/crypto/cert.h
