CPKIFCertificate Class Reference

#include <Certificate.h>

Inheritance diagram for CPKIFCertificate:

[legend]

Collaboration diagram for CPKIFCertificate:

[legend]

List of all members.

Detailed Description

CPKIFCertificate The CPKIFCertificate class provides an interface to X.509 certificate objects. The ASN.1 definition used by PKIF is given below:

Certificate ::= SIGNED { UnsignedCertificate }

UnsignedCertificate ::= SEQUENCE 
{
      version                  [0] Version DEFAULT v1,
      serialNumber             CertificateSerialNumber,
      signature                AlgorithmIdentifier,
      issuer                   Name,
      validity                 Validity,
      subject                  Name,
      subjectPublicKeyInfo     SubjectPublicKeyInfo,
      issuerUniqueIdentifier   [1] IMPLICIT UniqueIdentifier OPTIONAL,
      subjectUniqueIdentifier  [2] IMPLICIT UniqueIdentifier OPTIONAL,
      extensions               [3] Extensions OPTIONAL
}

The SignatureValidityCache interface is currently not used. In future versions of PKIF, it may be used to cache the signature verification status of a certificate.

CPKIFCertificate member functions provide access to the contents of the certificate, but it is not typically necessary for an application to access these contents directly. PKIF does not provide a means for creating certificates, i.e. PKIF can not currently be used to implement a certification authority.

TSP-enforcing: Yes

Definition at line 60 of file Certificate.h.


Public Member Functions
	CPKIFCertificate (void)
virtual	~CPKIFCertificate (void)
void	Decode (const unsigned char *cert, int certLen)
CPKIFBufferPtr	Encoded () const
int	Version () const
const char *	SerialNumber () const
CPKIFAlgorithmIdentifierPtr	TBSSignatureAlgorithm () const
CPKIFNamePtr	Issuer () const
CPKIFValidityPtr	Validity () const
CPKIFNamePtr	Subject () const
CPKIFSubjectPublicKeyInfoPtr	SubjectPublicKeyInfo () const
CPKIFAlgorithmIdentifierPtr	SignatureAlgorithm () const
CPKIFBufferPtr	Signature () const
bool	operator== (const CPKIFCertificate &rhs) const
bool	IsSelfIssued () const
bool	IsSelfSigned () const
void	GetExtensionByOID (const CPKIFOID &oid, CPKIFX509ExtensionPtr &ref)
void	GetEncodedExtensions (CPKIFBufferPtr &buf)
bool	AreThereAnyUnprocessedCriticalExtensions (std::vector< CPKIFX509ExtensionPtr > &processedExts)
CPKIFNamePtr	GetSubjectName () const
CPKIFNamePtr	GetIssuerName () const
CPKIFBufferPtr	GetKey () const
CPKIFSubjectPublicKeyInfoPtr	GetSubjectPublicKeyInfo () const

Constructor & Destructor Documentation

CPKIFCertificate::CPKIFCertificate ( void )

Interface: External

This function creates a new, empty CPKIFCertificate object.

Returns:: None

Definition at line 164 of file CACCertificate.cpp.

CPKIFCertificate::~CPKIFCertificate ( void ) [virtual]

Interface: External

The function destroys an instance of CPKIFCertificate.

Returns:: None

Definition at line 181 of file CACCertificate.cpp.

Member Function Documentation

void CPKIFCertificate::Decode	(	const unsigned char *	cert,
		int	certLen
	)

Interface: External

This function is used to decode an encoded certificate. A copy of the encoded buffer is created and maintained throughout the life of the CPKIFCertificate instance. The encoded buffer is accessible via a call to Encoded. The encoded buffer is parsed and the values of various certificate fields are available as properties of CPKIFCertificate.

Previously decoded content is discarded when this function is called. If an exception is thrown, the contents of the object are empty.

Returns:: None

Exceptions:

ASN1_DECODE_FAILED

Parameters:

cert	[in] Pointer to a buffer containing the certificate to decode
certLen	[in] Integer containing the length of the buffer passed via the cert parameter

Definition at line 261 of file CACCertificate.cpp.

References PEMDecode_l(), and Version().

CPKIFBufferPtr CPKIFCertificate::Encoded ( ) const

Interface: External

This function is used to retrieve an encoded certificate in the form of a smart pointer to a CPKIFBuffer object, which may contain NULL if Decode has not been successfully called. As PKIF is a toolkit intended for use enabling client applications, PKIF does not support creation of certificates and does not feature an Encode function. The value returned from this function is a copy of the buffer passed to Decode.

Returns:: A smart pointer to a buffer which contains the encoded certificate

Definition at line 241 of file CACCertificate.cpp.

Referenced by _GetHashOfToBeSignedCert(), GetTBSCertSequence(), operator==(), CPKIFNSSRaw::VerifyCertificate(), CPKIFCNGCAPIRaw::VerifyCertificate(), and CPKIFCAPIRaw::VerifyCertificate().

int CPKIFCertificate::Version ( ) const

Interface: External

This function returns the version of the certificate object.

Returns:: The version of the certificate object

Exceptions:

	CPKIFException(COMMON_INVALID_INPUT)
	CPKIFException(COMMON_UNSUPPORTED_VERSION)

Definition at line 325 of file CACCertificate.cpp.

References COMMON_INVALID_INPUT, COMMON_UNSUPPORTED_VERSION, TOOLKIT_ASN, and TOOLKIT_X509_ASN.

Referenced by Decode().

const char * CPKIFCertificate::SerialNumber ( ) const

Interface: External

This function returns a pointer to a NULL-terminated buffer contain the serial number from a certificate object as an ASCII hexadecimal string, or NULL, if no serial number is present. The pointer returned by this function is valid for the remaining life of the associated CPKIFCertificate object or until Decode is invoked again on that object.

Returns:: A pointer to a NULL-terminated buffer contain the serial number

Exceptions:

CPKIFException(COMMON_INVALID_INPUT)

Definition at line 361 of file CACCertificate.cpp.

References COMMON_INVALID_INPUT, and TOOLKIT_X509_ASN.

Referenced by _CertIDMatchesCert(), _CreateSimpleOCSPRequest(), CPKIFCAPIRepository2::FindCertificates(), and operator==().

CPKIFAlgorithmIdentifierPtr CPKIFCertificate::TBSSignatureAlgorithm ( ) const

Interface: External

This function returns a smart pointer to a CPKIFAlgorithmIdentifier object containing the signature algorithm from a certificate object.

Returns:: A smart pointer to a CPKIFAlgorithmIdentifier object containing the signature algorithm

Exceptions:

CPKIFException(COMMON_INVALID_INPUT)

Definition at line 378 of file CACCertificate.cpp.

References COMMON_INVALID_INPUT, m_impl, and TOOLKIT_X509_ASN.

CPKIFNamePtr CPKIFCertificate::Issuer ( ) const

Interface: External

This function returns a smart pointer to a CPKIFName object containing the issuer name from a certificate object.

Returns:: A smart pointer to a CPKIFName object containing the issuer name from a certificate object.

Exceptions:

CPKIFException(COMMON_INVALID_INPUT)

Definition at line 489 of file CACCertificate.cpp.

References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, m_impl, and TOOLKIT_X509_ASN.

Referenced by _HashIssuerName(), CPKIFCAPIRepository2::FindCertificates(), CPKIFCAPIRepository2::GetCertificates(), CPKIFCAPIRepository2::GetCRLs(), CPKIFCAPIRepository2::GetCRLSources(), GetIssuerName(), IsSelfIssued(), and operator==().

CPKIFValidityPtr CPKIFCertificate::Validity ( ) const

Interface: External

This function returns a smart pointer to a CPKIFValidity object containing the validity period information from a certificate object.

Returns:: A smart pointer to a CPKIFValidity object containing the validity period information from a certificate object.

Exceptions:

CPKIFException(COMMON_INVALID_INPUT)

Definition at line 557 of file CACCertificate.cpp.

References COMMON_INVALID_INPUT, CPKIFTime, GENERALIZEDTIME, m_impl, TOOLKIT_X509_ASN, and UTCTIME.

CPKIFNamePtr CPKIFCertificate::Subject ( ) const

Interface: External This function returns a smart pointer to a CPKIFName object containing the subject name from a certificate object. If Decode has not been successfully called, an exception indicating COMMON_INVALID_INPUT will be thrown.

Returns:: A smart pointer to a CPKIFName object containing the subject name from a certificate object.

Exceptions:

CPKIFException(COMMON_INVALID_INPUT)

Definition at line 523 of file CACCertificate.cpp.

References CACASNWRAPPER_CREATE, COMMON_INVALID_INPUT, m_impl, and TOOLKIT_X509_ASN.

Referenced by GetSubjectName(), and IsSelfIssued().

CPKIFSubjectPublicKeyInfoPtr CPKIFCertificate::SubjectPublicKeyInfo ( ) const

Interface: External

This function returns a smart pointer to a CPKIFSubjectPublicKeyInfo object containing the subject public key information from a certificate object.

If Decode has not been successfully called, an exception indicating COMMON_INVALID_INPUT will be thrown.

Returns:: A smart pointer to a CPKIFSubjectPublicKeyInfo object containing the subject public key information from a certificate object.

Exceptions:

CPKIFException(COMMON_INVALID_INPUT)

Definition at line 446 of file CACCertificate.cpp.

References COMMON_INVALID_INPUT, m_impl, and TOOLKIT_X509_ASN.

Referenced by GetKey(), and GetSubjectPublicKeyInfo().

CPKIFAlgorithmIdentifierPtr CPKIFCertificate::SignatureAlgorithm ( ) const

Definition at line 406 of file CACCertificate.cpp.

References COMMON_INVALID_INPUT, m_impl, and TOOLKIT_X509_ASN.

Referenced by CPKIFCryptoPPRaw::VerifyCertificate(), and VerifyCertificateWithCryptoPP().

CPKIFBufferPtr CPKIFCertificate::Signature ( ) const

Interface: External

This function returns a smart pointer to a CPKIFBuffer object containing the signature from a certificate object.

Returns:: A smart pointer to a CPKIFBuffer object containing the signature from a certificate object.

Definition at line 696 of file CACCertificate.cpp.

Referenced by CPKIFCryptoPPRaw::VerifyCertificate(), and VerifyCertificateWithCryptoPP().

bool CPKIFCertificate::operator== ( const CPKIFCertificate & rhs ) const

Interface: External

This function returns true if each CPKIFCertificate points to the same encoded buffer and false otherwise.

Returns:: True if each CPKIFCertificate points to the same encoded buffer and false otherwise.

Parameters:

rhs

[in] Reference to a CPKIFCertificate object to compare

Definition at line 672 of file CACCertificate.cpp.

References Encoded(), Issuer(), SerialNumber(), and stricmp.

bool CPKIFCertificate::IsSelfIssued ( ) const

Interface: External

This function returns true if the certificate is self issued.

Return values:

	True	if the certificate is self issued.
	False	if the certificate is not self issued.

Definition at line 197 of file CACCertificate.cpp.

References Issuer(), m_impl, and Subject().

bool CPKIFCertificate::IsSelfSigned ( ) const

Interface: External

This function returns true if the certificate is self signed.

Return values:

	True	if the certificate is self signed.
	False	if the certificate is not self signed.

Definition at line 216 of file CACCertificate.cpp.

References GetPlatformCryptoRaw(), m_impl, and IPKIFCryptoRawOperations::VerifyCertificate().

void CPKIFCertificate::GetExtensionByOID	(	const CPKIFOID &	oid,
		CPKIFX509ExtensionPtr &	ref
	)			`[virtual]`

Interface: External

This function is used to retrieve an extension from a certificate object.

Returns:: None

Exceptions:

	CPKIFException(COMMON_INVALID_INPUT)
	CPKIFException(COMMON_ALREADY_INITIALIZED)

Parameters:

oid	[in] Identifies the extension sought
ref	[out] The extension (if present).

Implements IPKIFHasExtensions.

Definition at line 611 of file CACCertificate.cpp.

Referenced by CPKIFOCSPChecker::CheckStatusPath().

void CPKIFCertificate::GetEncodedExtensions ( CPKIFBufferPtr & buf ) [virtual]

Interface: External

This function returns a smart pointer to CPKIFBuffer object which will contain the encoded extension

Returns:: A smart pointer to CPKIFBuffer object which will contain the encoded extension

Parameters:

buf

[out] A reference to a smart pointer to CPKIFBuffer object which will contain the encoded extension

Implements IPKIFHasExtensions.

Definition at line 709 of file CACCertificate.cpp.

References CACASNWRAPPER_CREATE, and data.

bool CPKIFCertificate::AreThereAnyUnprocessedCriticalExtensions ( std::vector< CPKIFX509ExtensionPtr > & processedExts )

Interface: External

This function is used to determine if a certificate object holds any unprocessed critical extensions. Processed extensions are passed in the processedExts parameters.