Cert Struct Reference

#include <cert.h>

Collaboration diagram for Cert:

Collaboration graph

Detailed Description

Data type used for encoding and decoding individual X.509 certificates.

Data members closely map to standard X.509v3 certifcate fields. See RFC 3280, section 4.1 for details.

Sample code illustrating the use of this class appears in the Cookbook section Processing X.509v3 Certificates and CRLs.


Public Types

 V1 = 0
 = 0 (1988)
 V2 = 1
 = 1 (1992)
 V3 = 2
 = 2 (1994)
 digitalSignature = 0x80
 = 0x80, sign things other than certificates and CRLs
 nonRepudiation = 0x40
 = 0x40, verify digital signatures for non-repudiation
 keyEncipherment = 0x20
 = 0x20, wrap symmetric keys for transport
 dataEncipherment = 0x10
 = 0x10, encrypt data other than keys
 keyAgreement = 0x08
 = 0x08, perform key agreement
 keyCertSign = 0x04
 = 0x04, verify signatures on certificates
 crlSign = 0x02
 = 0x02, verify signatures on CRLs
 encipherOnly = 0x01
 = 0x01, only for key enciphering; undefined without keyAgreement
 decipherOnly = 0x80
 = 0x80, only for key deciphering; undefined without keyAgreement
 errNone
 no error (success)
 errExpired
 certificate has expired
 errIssuerMismatch
 found unexpected issuer
 errRevoked
 certificate has been revoked
 errParse
 cannot parse certificate
 errBadPassword
 invalid password
enum  {
  V1 = 0,
  V2 = 1,
  V3 = 2
}
 X.509 certificate version numbers. More...
enum  KeyUsage {
  digitalSignature = 0x80,
  nonRepudiation = 0x40,
  keyEncipherment = 0x20,
  dataEncipherment = 0x10,
  keyAgreement = 0x08,
  keyCertSign = 0x04,
  crlSign = 0x02,
  encipherOnly = 0x01,
  decipherOnly = 0x80
}
 Masks for bits in the keyUsage extension. (See RFC 3280, section 4.2.1.3, for suggested semantics. Hints are provided below). More...
enum  errors {
  errNone,
  errExpired,
  errIssuerMismatch,
  errRevoked,
  errParse,
  errBadPassword
}
 Various internal error codes. More...

Public Member Functions

Object Reuse and Initilization
void clear ()
 Clear the Cert object.
int load (const str &b)
 Load an ASN.1 DER-encoded certificate.
int loadbody (const str &body)
 Load an ASN.1 DER-encoded certificate body.
Inspectors
int getext (int k, asn &val, asn &val2) const
 Get extensions.
str makebody () const
 Get an ASN.1 DER-encoded tbsCertificate body.
Predicates
bool isCA () const
 Predicate to test whether the certificate is that of a CA.
int isExpired () const
 Predicate to test whether the certificate has expired.

Data Fields

int version
 version number
num serial
 certificate serial number
asn issuer_oid
 issuer signature algorithm identifier
asn issuer
 issuer distinguished name
TimeT notBefore
 start of validity period
TimeT notAfter
 end of validity period
asn subject
 subject distinguished name
asn subject_oid
 subject key type identifier
asn subject_pub
 subject public key info; zeroized by str::~str()
asn issuer_uid
 issuer unique ID
asn subject_uid
 subject unique ID
asn extensions
 extensions


Member Enumeration Documentation

anonymous enum

X.509 certificate version numbers.

Enumerator:
V1  = 0 (1988)
V2  = 1 (1992)
V3  = 2 (1994)

enum errors

Various internal error codes.

Enumerator:
errNone  no error (success)
errExpired  certificate has expired
errIssuerMismatch  found unexpected issuer
errRevoked  certificate has been revoked
errParse  cannot parse certificate
errBadPassword  invalid password

enum KeyUsage

Masks for bits in the keyUsage extension. (See RFC 3280, section 4.2.1.3, for suggested semantics. Hints are provided below).

Enumerator:
digitalSignature  = 0x80, sign things other than certificates and CRLs
nonRepudiation  = 0x40, verify digital signatures for non-repudiation
keyEncipherment  = 0x20, wrap symmetric keys for transport
dataEncipherment  = 0x10, encrypt data other than keys
keyAgreement  = 0x08, perform key agreement
keyCertSign  = 0x04, verify signatures on certificates
crlSign  = 0x02, verify signatures on CRLs
encipherOnly  = 0x01, only for key enciphering; undefined without keyAgreement
decipherOnly  = 0x80, only for key deciphering; undefined without keyAgreement


Member Function Documentation

int getext ( int  k,
asn val,
asn val2 
) const

Get extensions.

Parameters:
k index of certificate extension to retrieve (0, 1, etc. for first extension, second extension, etc.)
val output buffer to receive OID of the k-th extension
val2 output buffer to receive the value of the k-th extension
Returns:
0 (success)
CDK_EXTENSION_CRITICAL if the kth extension is marked critical (also considered a success)
CDK_EXTENSION_EMPTY if there is no kth extension
CDK_EXTENSION_PARSE_ERROR if the kth extension can't be parsed
Remarks:
Call this function within a for/while loop until it returns CDK_EXTENSION_EMPTY to retrieve all extensions in order.

bool isCA (  )  const

Predicate to test whether the certificate is that of a CA.

Returns:
true if the certificate is self-signed or contains a basicConstraints extension indicating that the certificate is a CA certificate
false otherwise

int isExpired (  )  const

Predicate to test whether the certificate has expired.

Returns:
true if the current system date lies within the certificate's validity period
false if the current system date lies outside the certificate's validity period

int load ( const str b  ) 

Load an ASN.1 DER-encoded certificate.

Parameters:
b an ASN.1 DER-encoded certificate.
Returns:
0 (success)
CDK_CANT_PARSE_CERT
Remarks:
load() removes the issuer's signature and passes the tbsCertificate body to loadbody()

Modifies: version, serial, issuer_oid, issuer, notBefore, notAfter, subject, subject_oid subject_pub, issuer, issuer_oid, and extensions.

int loadbody ( const str body  ) 

Load an ASN.1 DER-encoded certificate body.

Parameters:
body an ASN.1 DER-encoded tbsCertificate body (certificate without issuer's signature).
Returns:
0 (success)
CDK_CANT_PARSE_CERT
Remarks:
Modifies: version, serial, issuer_oid, issuer, notBefore, notAfter, subject, subject_oid subject_pub, issuer, issuer_oid, and extensions.

str makebody (  )  const

Get an ASN.1 DER-encoded tbsCertificate body.

Returns:
an ASN.1 DER-encoded str containing the tbsCertificate body (i.e., the certificate body to be signed consisting of: subject DN, subject oid, subject public key, validity period, issuer DN, issuer oid, serial number, vesion, and extensions, but *not* the issuer's signature).


The documentation for this struct was generated from the following file:
ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.