Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Related Pages

WvX509Mgr Class Reference

#include <wvx509.h>

Collaboration diagram for WvX509Mgr:

[legend]
List of all members.

Detailed Description

X509 Class to handle certificates and their related functions.

Definition at line 28 of file wvx509.h.

Public Types

enum  DumpMode { CertPEM = 0, RsaPEM, RsaRaw }
 Type for the dump() method, which can output the information in this class in a variety of formats. More...


Public Member Functions

 WvX509Mgr (X509 *_cert=NULL)
 Initialize a blank X509 Object with the certificate *cert (used for client side operations...).

 WvX509Mgr (WvStringParm hexcert, WvStringParm hexrsa)
 Constructor to initialize this object with a pre-existing certificate and key.

 WvX509Mgr (WvStringParm _dname, WvRSAKey *_rsa)
 Constructor to create a selfsigned certificate for dn dname NOTE: If you already have a WvRSAKey, then you can shove it in here in the second parameter (i.e.: If you wanted to generate a cert for an existing TunnelVision connection), or if you don't have an RSA Key yet, you can just give it a number of bits, and it will create one for you.

 WvX509Mgr (WvStringParm _dname, int bits)
 WvX509Mgr (const WvX509Mgr &mgr)
 Placeholder: this doesn't exist yet.

virtual ~WvX509Mgr ()
 Destructor.

void create_selfsigned ()
 Given the Distinguished Name dname and an already generated keypair in rsa, return a Self Signed Certificate in cert.

WvString certreq ()
 Create a certificate request (PKCS#10) using this function..

bool test ()
 test to make sure that a certificate and a keypair go together.

void unhexify (WvStringParm encodedcert)
 Given a hexified certificate, fill the cert member NOTE: ALWAYS load your RSA Keys before calling this! It is best if you have hexify()'d keys to simply use the proper constructor.

WvString hexify ()
 Given the X509 certificate object cert, return a hexified string useful in a WvConf or UniConf file.

bool validate ()
 Function to verify the validity of a certificate that has been placed in cert.

bool signedbyCAindir (WvStringParm certdir)
 Check the certificate in cert against the CA certificates in certfile - returns true if cert was signed by one of the CA certificates.

bool signedbyCAinfile (WvStringParm certfile)
 Check the certificate in cert against the CA certificates in certdir returns true if cert was signed by one of the CA certificates.

void sign (WvRSAKey CAKeypair)
 Sign the X509 certificate in cert with CAKeypair.

bool isinCRL ()
 Check and see if the certificate in cert has been revoked...

WvString encode (const DumpMode mode)
 Return the information requested by mode as a WvString.

void decode (DumpMode mode, WvStringParm PemEncoded)
 Load the information from the format requested by mode into the class - this overwrites the certificate, and possibly the key - and to enable two stage loading (the certificate first, then the key), it DOES NOT call test() - that will be up to the programmer.

void write_p12 (WvStringParm filename)
 And of course, since PKCS12 files are in the rediculous DER encoding format, which is binary, we can't use the encode/decode functions, so we deal straight with files...

void read_p12 (WvStringParm filename)
 And this reads from the file specified in filename, and fills the RSA and cert members with the decoded information.

void setPkcs12Password (WvStringParm passwd)
 Sets the PKCS12 password.

WvString get_issuer ()
 Return the Certificate Issuer (usually the CA who issued the certificate).

WvString get_subject ()
 Return the Subject field of the certificate.

WvString get_crl_dp ()
 Return the CRL Distribution points if they exist, WvString::null if they don't.

WvString get_cp_oid ()
 Return the Certificate Policy OID if it exists, and WvString::null it if doesn't.

WvString get_altsubject ()
 Return the Subject alt name if it exists, and WvString::null if it doesn't.

bool isok () const
 Is this certificate Object valid, and in a non-error state.

const WvStringerrstr ()
 Accessor for the error string if !isok().


Public Attributes

WvString dname
 Distinguished Name to be used in the certificate.

X509cert
 X.509v3 Certificate - this is why this class exists.

WvRSAKeyrsa
 The Public and Private RSA keypair associated with this certificate Make sure that you save this somewhere!!! If you don't, then you won't really be able to use the certificate for anything...


Member Enumeration Documentation

enum WvX509Mgr::DumpMode
 

Type for the dump() method, which can output the information in this class in a variety of formats.

Enumeration values:
CertPEM 
RsaPEM 
RsaRaw 

Definition at line 38 of file wvx509.h.


Constructor & Destructor Documentation

WvX509Mgr::WvX509Mgr X509 _cert = NULL  ) 
 

Initialize a blank X509 Object with the certificate *cert (used for client side operations...).

This either initializes a completely empty object, or takes _cert, and extracts the distinguished name into dname, and the the RSA public key into rsa. rsa->prv is empty.

Definition at line 59 of file wvx509.cc.

References cert, dname, WvString::edit(), rsa, WvFastString::setsize(), wvssl_init(), and X509.

WvX509Mgr::WvX509Mgr WvStringParm  hexcert,
WvStringParm  hexrsa
 

Constructor to initialize this object with a pre-existing certificate and key.

Definition at line 96 of file wvx509.cc.

References cert, dname, WvError::errstr(), WvError::isok(), rsa, unhexify(), wvssl_init(), WvStringParm, and X509.

WvX509Mgr::WvX509Mgr WvStringParm  _dname,
WvRSAKey _rsa
 

Constructor to create a selfsigned certificate for dn dname NOTE: If you already have a WvRSAKey, then you can shove it in here in the second parameter (i.e.: If you wanted to generate a cert for an existing TunnelVision connection), or if you don't have an RSA Key yet, you can just give it a number of bits, and it will create one for you.

Also: For SSL Servers: the dname MUST be in the form: cn=FQDN,o=foo,c=CA (actually, any part after the cn=FQDN is up to you... dc= works as well..)

But the important bit is to use the Fully Qualified Domain Name in the cn= part - otherwise Web Clients get confused...(I imagine other server clients will get equally confused, but I haven't checked). I don't check for this, since other kinds of certificates are perfectly valid without this... If you want to generate invalid certs, that's up to you.

Definition at line 123 of file wvx509.cc.

References cert, create_selfsigned(), dname, rsa, wvssl_init(), WvStringParm, and X509.

WvX509Mgr::WvX509Mgr WvStringParm  _dname,
int  bits
 

Definition at line 136 of file wvx509.cc.

References cert, create_selfsigned(), dname, rsa, wvssl_init(), WvStringParm, and X509.

WvX509Mgr::WvX509Mgr const WvX509Mgr mgr  ) 
 

Placeholder: this doesn't exist yet.

WvX509Mgr::~WvX509Mgr  )  [virtual]
 

Destructor.

Definition at line 147 of file wvx509.cc.

References cert, rsa, and wvssl_free().


Member Function Documentation

WvString WvX509Mgr::certreq  ) 
 

Create a certificate request (PKCS#10) using this function..

this request is what you would send off to Verisign, or Entrust.net (or any other CA), to get your real certificate. It leaves the RSA key pair in rsa, where you MUST save it for the certificate to be AT ALL valid when you get it back. Returns a PEM Encoded PKCS#10 certificate request, and leaves the RSA keypair in rsa, and a self-signed temporary certificate in cert.

Definition at line 380 of file wvx509.cc.

References certreq(), dname, file_hack_end(), file_hack_start(), WvRSAKey::rsa, rsa, and set_name_entry().

Referenced by certreq().

void WvX509Mgr::create_selfsigned  ) 
 

Given the Distinguished Name dname and an already generated keypair in rsa, return a Self Signed Certificate in cert.

Definition at line 244 of file wvx509.cc.

References cert, dname, WvString::edit(), WvRSAKey::rsa, rsa, and set_name_entry().

Referenced by WvX509Mgr().

void WvX509Mgr::decode DumpMode  mode,
WvStringParm  PemEncoded
 

Load the information from the format requested by mode into the class - this overwrites the certificate, and possibly the key - and to enable two stage loading (the certificate first, then the key), it DOES NOT call test() - that will be up to the programmer.

Definition at line 689 of file wvx509.cc.

References cert, CertPEM, WvString::edit(), file_hack_start(), WvFastString::len(), WvRSAKey::rsa, rsa, RsaPEM, RsaRaw, and WvStringParm.

WvString WvX509Mgr::encode const DumpMode  mode  ) 
 

Return the information requested by mode as a WvString.

Definition at line 646 of file wvx509.cc.

References cert, CertPEM, file_hack_end(), file_hack_start(), WvRSAKey::rsa, rsa, RsaPEM, and RsaRaw.

const WvString& WvX509Mgr::errstr  )  [inline]
 

Accessor for the error string if !isok().

Definition at line 238 of file wvx509.h.

Referenced by WvSSLStream::post_select().

WvString WvX509Mgr::get_altsubject  ) 
 

Return the Subject alt name if it exists, and WvString::null if it doesn't.

Definition at line 901 of file wvx509.cc.

References WvDynBuf.

WvString WvX509Mgr::get_cp_oid  ) 
 

Return the Certificate Policy OID if it exists, and WvString::null it if doesn't.

Definition at line 887 of file wvx509.cc.

References WvDynBuf.

WvString WvX509Mgr::get_crl_dp  ) 
 

Return the CRL Distribution points if they exist, WvString::null if they don't.

Definition at line 873 of file wvx509.cc.

References WvDynBuf.

WvString WvX509Mgr::get_issuer  ) 
 

Return the Certificate Issuer (usually the CA who issued the certificate).

Definition at line 861 of file wvx509.cc.

References cert.

WvString WvX509Mgr::get_subject  ) 
 

Return the Subject field of the certificate.

Definition at line 867 of file wvx509.cc.

References cert.

WvString WvX509Mgr::hexify  ) 
 

Given the X509 certificate object cert, return a hexified string useful in a WvConf or UniConf file.

I don't provide a similar function for that for the rsa key, because you can always call rsa->private_str() and rsa->public_str() for that information.

Definition at line 545 of file wvx509.cc.

References cert, WvString::edit(), and WvFastString::setsize().

bool WvX509Mgr::isinCRL  ) 
 

Check and see if the certificate in cert has been revoked...

currently relies on the CRL Distribution Point X509v3 extension... returns true if it has expired

NOT IMPLEMENTED

Definition at line 640 of file wvx509.cc.

bool WvX509Mgr::isok  )  const [inline]
 

Is this certificate Object valid, and in a non-error state.

Definition at line 232 of file wvx509.h.

References cert, and rsa.

Referenced by main(), and WvSSLStream::post_select().

void WvX509Mgr::read_p12 WvStringParm  filename  ) 
 

And this reads from the file specified in filename, and fills the RSA and cert members with the decoded information.

Definition at line 805 of file wvx509.cc.

References cert, rsa, test(), and WvStringParm.

void WvX509Mgr::setPkcs12Password WvStringParm  passwd  )  [inline]
 

Sets the PKCS12 password.

Definition at line 197 of file wvx509.h.

References WvStringParm.

void WvX509Mgr::sign WvRSAKey  CAKeypair  ) 
 

Sign the X509 certificate in cert with CAKeypair.

NOT IMPLEMENTED

bool WvX509Mgr::signedbyCAindir WvStringParm  certdir  ) 
 

Check the certificate in cert against the CA certificates in certfile - returns true if cert was signed by one of the CA certificates.

Definition at line 628 of file wvx509.cc.

References WvDirIter::next(), WvDirIter::rewind(), signedbyCAinfile(), and WvStringParm.

bool WvX509Mgr::signedbyCAinfile WvStringParm  certfile  ) 
 

Check the certificate in cert against the CA certificates in certdir returns true if cert was signed by one of the CA certificates.

Definition at line 591 of file wvx509.cc.

References cert, lookup(), and WvStringParm.

Referenced by signedbyCAindir().

bool WvX509Mgr::test  ) 
 

test to make sure that a certificate and a keypair go together.

called internally by unhexify() although you can call it if you want to test a certificate yourself

Definition at line 470 of file wvx509.cc.

References cert, WvRSAKey::rsa, rsa, and wvssl_errstr().

Referenced by read_p12(), and unhexify().

void WvX509Mgr::unhexify WvStringParm  encodedcert  ) 
 

Given a hexified certificate, fill the cert member NOTE: ALWAYS load your RSA Keys before calling this! It is best if you have hexify()'d keys to simply use the proper constructor.

Definition at line 516 of file wvx509.cc.

References cert, WvFastString::cstr(), test(), wv_d2i_X509(), WvStringParm, and X509.

Referenced by WvX509Mgr().

bool WvX509Mgr::validate  ) 
 

Function to verify the validity of a certificate that has been placed in cert.

Currently, this only outputs some information about the certificate but eventually, it should be used to verify that the certificate is valid (has not expired, and was issued by a valid and trusted CA)

Definition at line 563 of file wvx509.cc.

References cert.

Referenced by WvSSLStream::post_select().

void WvX509Mgr::write_p12 WvStringParm  filename  ) 
 

And of course, since PKCS12 files are in the rediculous DER encoding format, which is binary, we can't use the encode/decode functions, so we deal straight with files...

*sigh*

As should be obvious, this writes the certificate and RSA keys in PKCS12 format to the file specified by filename.

Definition at line 745 of file wvx509.cc.

References cert, WvString::edit(), WvRSAKey::rsa, rsa, and WvStringParm.


Member Data Documentation

X509* WvX509Mgr::cert
 

X.509v3 Certificate - this is why this class exists.

Definition at line 81 of file wvx509.h.

Referenced by create_selfsigned(), decode(), encode(), get_issuer(), get_subject(), hexify(), isok(), read_p12(), signedbyCAinfile(), test(), unhexify(), validate(), write_p12(), WvX509Mgr(), and ~WvX509Mgr().

WvString WvX509Mgr::dname
 

Distinguished Name to be used in the certificate.

Definition at line 32 of file wvx509.h.

Referenced by certreq(), create_selfsigned(), and WvX509Mgr().

WvRSAKey* WvX509Mgr::rsa
 

The Public and Private RSA keypair associated with this certificate Make sure that you save this somewhere!!! If you don't, then you won't really be able to use the certificate for anything...

Definition at line 88 of file wvx509.h.

Referenced by certreq(), create_selfsigned(), decode(), encode(), isok(), read_p12(), test(), write_p12(), WvX509Mgr(), and ~WvX509Mgr().


The documentation for this class was generated from the following files:
Generated on Sat Feb 21 21:07:28 2004 for WvStreams by doxygen 1.3.5