WvStreams
wvx509.h
1/* -*- Mode: C++ -*-
2 *
3 * X.509 certificate class: This class abstracts some of the common operations
4 * performed on basic X.509 certificates (signature verification, public
5 * key identification, etc.). If you want to perform operations with
6 * a certificate and its corresponding private key, consider using WvX509Mgr
7 * instead.
8 */
9#ifndef __WVX509_H
10#define __WVX509_H
11
12#include "wvlog.h"
13#include "wverror.h"
14#include "wvrsa.h"
15#include "wvstringlist.h"
16
17// Structures to make the compiler happy so we don't have to include x509v3.h ;)
18struct x509_st;
19typedef struct x509_st X509;
20struct ssl_ctx_st;
21typedef struct ssl_ctx_st SSL_CTX;
22
23struct X509_name_st;
24typedef struct X509_name_st X509_NAME;
25
26struct asn1_string_st;
27typedef struct asn1_string_st ASN1_TIME;
28
29
30// workaround for the fact that OpenSSL initialization stuff must be called
31// only once.
32void wvssl_init();
33void wvssl_free();
34WvString wvssl_errstr();
35
36
41class WvX509 : public IObject
42{
43 IMPLEMENT_IOBJECT(WvX509);
44public:
56 enum DumpMode { CertPEM = 0, CertDER, CertHex, CertFilePEM, CertFileDER };
57
58 enum FprintMode { FingerMD5 = 0, FingerSHA1 };
64 WvX509();
65
74 WvX509(X509 *_cert);
75
79 WvX509(const WvX509 &x509);
80
81public:
83 virtual ~WvX509();
84
89 X509 *get_cert() { return cert; }
90
94 void set_pubkey(WvRSAKey &rsa_pubkey);
95
104 static WvString certreq(WvStringParm subject, const WvRSAKey &rsa);
105
112 bool validate(WvX509 *cacert = NULL) const;
113
118 bool signedbyca(WvX509 &cacert) const;
119
127 bool issuedbyca(WvX509 &cacert) const;
128
135 bool verify(WvBuf &original, WvStringParm signature) const;
136 bool verify(WvStringParm original, WvStringParm signature) const;
137
141 WvString encode(const DumpMode mode) const;
142 void encode(const DumpMode mode, WvBuf &buf) const;
143
148 virtual void decode(const DumpMode mode, WvStringParm str);
149 virtual void decode(const DumpMode mode, WvBuf &encoded);
150
155 WvString get_issuer() const;
156 void set_issuer(WvStringParm name);
157 void set_issuer(const WvX509 &cacert);
158
162 WvString get_subject() const;
163 void set_subject(WvStringParm name);
164 void set_subject(X509_NAME *name);
165
169 WvString get_serial(bool hex = false) const;
170 void set_serial(long serial_no);
171
176 void set_nscomment(WvStringParm comment);
177
181 WvString get_nsserver() const;
182 void set_nsserver(WvStringParm server_fqdn);
183
188 WvString get_crl_dp() const;
189
194 bool get_policies(WvStringList &policy_oids) const;
195
200 void set_policies(WvStringList &policy_oids);
201
206 void set_version();
207
211 WvString get_key_usage() const;
212 void set_key_usage(WvStringParm values);
213
218 void set_ext_key_usage(WvStringParm values);
219
224 WvString get_altsubject() const;
225
230
235 bool get_basic_constraints(bool &ca, int &pathlen) const;
236
240 void set_basic_constraints(bool ca, int pathlen);
241
246 bool get_policy_constraints(int &require_explicit_policy,
247 int &inhibit_policy_mapping) const;
251 void set_policy_constraints(int require_explicit_policy,
252 int inhibit_policy_mapping);
253
254 struct PolicyMap {
255 PolicyMap(WvStringParm _issuer_domain, WvStringParm _subject_domain)
256 {
257 issuer_domain = _issuer_domain;
258 subject_domain = _subject_domain;
259 }
260 WvString issuer_domain;
261 WvString subject_domain;
262 };
263 DeclareWvList(PolicyMap);
264
269 bool get_policy_mapping(PolicyMapList &list) const;
270
274 void set_policy_mapping(PolicyMapList &list);
275
279 time_t get_notvalid_before() const;
280 time_t get_notvalid_after() const;
281
286 void set_lifetime(long seconds);
287
295 WvString get_aia() const;
296
302 void set_aia(WvStringList &ca_urls, WvStringList &responders);
303
307 void get_ocsp(WvStringList &responders) const;
308
313 void get_ca_urls(WvStringList &urls) const;
314
319 void get_crl_urls(WvStringList &urls) const;
320
325 void set_crl_urls(WvStringList &urls);
326
330 WvString get_ski() const;
331
335 WvString get_aki() const;
336
340 WvString get_fingerprint(const FprintMode mode = FingerSHA1) const;
341
345 virtual bool isok() const;
346
350 virtual WvString errstr() const;
351
355 bool operator! () const;
356
357
358private:
359 friend class WvCRL;
360 friend class WvX509Mgr;
361 friend class WvOCSPReq;
362 friend class WvOCSPResp;
363
365 X509 *cert;
366
367 mutable WvLog debug;
368
373 WvString get_extension(int nid) const;
374 void set_extension(int nid, WvStringParm values);
375
379 void set_ski();
380
385 void set_aki(const WvX509 &cacert);
386
391 void warningset(WvStringParm var);
392
397 WvRSAKey *get_rsa_pub() const;
398};
399
400#endif // __WVX509_H
The basic interface which is included by all other XPLC interfaces and objects.
Definition: IObject.h:65
Specialization of WvBufBase for unsigned char type buffers intended for use with raw memory buffers.
Definition: wvbuf.h:24
CRL Class to handle certificate revocation lists and their related functions.
Definition: wvcrl.h:29
A WvFastString acts exactly like a WvString, but can take (const char *) strings without needing to a...
Definition: wvstring.h:94
A WvLog stream accepts log messages from applications and forwards them to all registered WvLogRcv's.
Definition: wvlog.h:57
An RSA public key or public/private key pair that can be used for encryption.
Definition: wvrsa.h:27
This is a WvList of WvStrings, and is a really handy way to parse strings.
Definition: wvstringlist.h:28
WvString is an implementation of a simple and efficient printable-string class.
Definition: wvstring.h:330
X509 Class to handle certificates and their related functions.
Definition: wvx509.h:42
virtual WvString errstr() const
Returns an error string if isok() is not true.
Definition: wvx509.cc:1297
WvString get_ski() const
Get the Subject Key Info.
Definition: wvx509.cc:1394
void set_policy_mapping(PolicyMapList &list)
Set the policy mappings for this certificate.
void set_policies(WvStringList &policy_oids)
Set the Certificate Policy OIDs in the certificate to that of the input array.
Definition: wvx509.cc:1108
time_t get_notvalid_before() const
Return the not before and not after in a format we're more able to easily use.
Definition: wvx509.cc:1378
bool signedbyca(WvX509 &cacert) const
Check the certificate in cert against the CA certificate in cacert.
Definition: wvx509.cc:393
void set_basic_constraints(bool ca, int pathlen)
Set the values in the basic constraints extension.
Definition: wvx509.cc:825
WvString get_serial(bool hex=false) const
get and set the serialNumber field of the certificate
Definition: wvx509.cc:704
WvString get_aki() const
Get the Authority key Info.
Definition: wvx509.cc:1402
void get_ocsp(WvStringList &responders) const
Get a list of OCSP Responders for this certificate.
Definition: wvx509.cc:1030
void get_ca_urls(WvStringList &urls) const
Get a list of urls that have the Certificate of the CA that issued this certificate.
Definition: wvx509.cc:1036
WvX509()
Initialize a completely empty X509 Object with an X509 certificate that doesn't have anything it it....
Definition: wvx509.cc:131
virtual ~WvX509()
Destructor.
Definition: wvx509.cc:150
bool get_policy_mapping(PolicyMapList &list) const
Get the policy mappings for this certificate.
void set_crl_urls(WvStringList &urls)
Set the list of URLs that are valid CRL distribution points for this certificate.
Definition: wvx509.cc:1048
void set_version()
Set the Certificate to use X509v3, since that's all modern PKI uses anyways :)
Definition: wvx509.cc:722
WvString get_ext_key_usage() const
Get and set the extendedKeyUsage field.
Definition: wvx509.cc:776
bool get_policies(WvStringList &policy_oids) const
Get any certificate Policy OIDs.
Definition: wvx509.cc:1080
WvString get_subject() const
get and set the Subject field of the certificate
Definition: wvx509.cc:624
X509 * get_cert()
Allow us to access the certificate member - this will be going away eventually, but for now,...
Definition: wvx509.h:89
bool validate(WvX509 *cacert=NULL) const
Function to verify the validity of a certificate that has been placed in cert.
Definition: wvx509.cc:359
bool get_policy_constraints(int &require_explicit_policy, int &inhibit_policy_mapping) const
Get the values in the policy constraints extension.
bool get_basic_constraints(bool &ca, int &pathlen) const
Get the values in the basic constraints extension.
Definition: wvx509.cc:788
WvString get_fingerprint(const FprintMode mode=FingerSHA1) const
Get the certHash (fingerprint) of the certificate.
Definition: wvx509.cc:1416
DumpMode
Type for the encode() and decode() methods.
Definition: wvx509.h:56
bool issuedbyca(WvX509 &cacert) const
Check to see if the certificate in cert was issued by the CA certificate in cacert.
Definition: wvx509.cc:422
WvString get_crl_dp() const
get the CRL Distribution points if they exist, WvString::null if they don't.
Definition: wvx509.cc:738
void set_lifetime(long seconds)
Set the lifetime to be used for this certificate... the lifetime starts from the minute that the cert...
Definition: wvx509.cc:744
void set_pubkey(WvRSAKey &rsa_pubkey)
Set the public key of the certificate to the public key rsa_pubkey.
Definition: wvx509.cc:653
virtual void decode(const DumpMode mode, WvStringParm str)
Load the information from the format requested by mode into the class - this overwrites the certifica...
Definition: wvx509.cc:499
static WvString certreq(WvStringParm subject, const WvRSAKey &rsa)
Create a certificate request (PKCS#10) using this function.
Definition: wvx509.cc:266
bool operator!() const
The not operator returns true if !isok()
Definition: wvx509.cc:1291
void set_policy_constraints(int require_explicit_policy, int inhibit_policy_mapping)
Set the values in the policy constraints extension.
WvString get_issuer() const
Get and set the Certificate Issuer (usually the CA who signed the certificate).
Definition: wvx509.cc:594
WvString get_aia() const
Get the authority info access information.
Definition: wvx509.cc:1006
WvString get_altsubject() const
Return the Subject alt name if it exists, and WvString::null if it doesn't.
Definition: wvx509.cc:782
bool verify(WvBuf &original, WvStringParm signature) const
Verify that the contents of data were signed by the certificate currently in cert.
Definition: wvx509.cc:1314
void set_altsubject(WvStringParm name)
Set the Subject Alt Name.
WvString get_key_usage() const
Get and set the keyUsage field.
Definition: wvx509.cc:764
WvString encode(const DumpMode mode) const
Return the information requested by mode.
Definition: wvx509.cc:441
void get_crl_urls(WvStringList &urls) const
Get a list of URLs that are valid CRL distribution points for this certificate.
Definition: wvx509.cc:1042
void set_aia(WvStringList &ca_urls, WvStringList &responders)
Set a list of urls that have the Certificate of the CA that issued this certificate,...
Definition: wvx509.cc:984
WvString get_nscomment() const
get and set the Netscape Comment extension
WvString get_nsserver() const
get and set the Netscape SSL Server extension
Definition: wvx509.cc:698
virtual bool isok() const
Is the certificate object valid?
Definition: wvx509.cc:1285