libdigidocpp
digidoc::X509Cert Class Reference

#include <X509Cert.h>

Collaboration diagram for digidoc::X509Cert:
Collaboration graph

Public Types

enum  KeyUsage {
  DigitalSignature = 0, NonRepudiation, KeyEncipherment, DataEncipherment,
  KeyAgreement, KeyCertificateSign, CRLSign, EncipherOnly,
  DecipherOnly
}

Public Member Functions

 X509Cert ()
 X509Cert (X509 *cert) throw (IOException)
 X509Cert (const std::vector< unsigned char > &bytes) throw (IOException)
 X509Cert (const X509Cert &copy) throw (IOException)
 ~X509Cert ()
int getPaddingSize () const throw (IOException)
std::vector< unsigned char > encodeDER () const throw (IOException)
std::string getSerial () const throw (IOException)
X509_NAME * getIssuerNameAsn1 () const
std::string getIssuerName (const std::string &obj="") const throw (IOException)
std::vector< KeyUsagegetKeyUsage () const throw (IOException)
std::vector< std::string > getCertificatePolicies () const throw (IOException)
std::string getSubjectName (const std::string &obj="") const throw (IOException)
std::vector< unsigned char > getRsaModulus () const throw (IOException)
std::vector< unsigned char > getRsaExponent () const throw (IOException)
X509 * getX509 () const throw (IOException)
X509 * handle () const
bool isValid () const throw (IOException)
bool verify () const throw (IOException)
int compareIssuerToString (const std::string &name) const throw (IOException)
X509Certoperator= (const X509Cert &copy) throw (IOException)
bool operator== (const X509Cert &other) const

Static Public Member Functions

static X509 * copyX509 (X509 *cert) throw (IOException)
static X509 * loadX509 (const std::string &path) throw (IOException)

Private Member Functions

EVP_PKEY * getPublicKey () const throw (IOException)
std::string toString (X509_NAME *name, const std::string &obj) const throw (IOException)

Private Attributes

X509 * cert

Detailed Description

Wrapper for OpenSSL X509 certificate structure.

Definition at line 34 of file X509Cert.h.

Member Enumeration Documentation

Enumerator:
DigitalSignature 
NonRepudiation 
KeyEncipherment 
DataEncipherment 
KeyAgreement 
KeyCertificateSign 
CRLSign 
EncipherOnly 
DecipherOnly 

Definition at line 38 of file X509Cert.h.

Constructor & Destructor Documentation

digidoc::X509Cert::X509Cert ( )

Creates NULL X509 certificate.

Definition at line 36 of file X509Cert.cpp.

digidoc::X509Cert::X509Cert ( X509 *  cert) throw (IOException)

Creates copy of the X509 certificate.

Parameters
certX509 certificate structure to be wrapped.
Exceptions
IOExceptionthrows exception if the X509 certificate structure copy fails.

Definition at line 44 of file X509Cert.cpp.

digidoc::X509Cert::X509Cert ( const std::vector< unsigned char > &  bytes) throw (IOException)

Creates X509 certificate from the provider DER encoded bytes.

Parameters
bytesX509 certificate in DER encoding.
Exceptions
IOExceptionthrows exception if X509 certificate parsing failed.

Definition at line 56 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

digidoc::X509Cert::X509Cert ( const X509Cert copy) throw (IOException)

Copy constructor.

Parameters
copyinstance of X509Cert class to be copied.
Exceptions
IOExceptionthrows exception if the X509 cert structure copy fails.

Definition at line 79 of file X509Cert.cpp.

digidoc::X509Cert::~X509Cert ( )

Clean up underlying X509* struct.

Definition at line 88 of file X509Cert.cpp.

Member Function Documentation

int digidoc::X509Cert::compareIssuerToString ( const std::string &  name) const throw (IOException)

Check if X509Cert issuer is same as provided issuer name by http://www.w3.org/TR/xmldsig-core/#dname-encrules which refers to http://www.ietf.org/rfc/rfc4514.txt

String X.500 AttributeType CN commonName (2.5.4.3) L localityName (2.5.4.7) ST stateOrProvinceName (2.5.4.8) O organizationName (2.5.4.10) OU organizationalUnitName (2.5.4.11) C countryName (2.5.4.6) STREET streetAddress (2.5.4.9) DC domainComponent (0.9.2342.19200300.100.1.25) UID userId (0.9.2342.19200300.100.1.1)

These attribute types are described in [RFC4519]. Implementations MAY recognize other DN string representations. However, as there is no requirement that alternative DN string representations be recognized (and, if so, how), implementations SHOULD only generate DN strings in accordance with Section 2 of this document.

Parameters
issuername
Returns
0 if equal, otherwise a number different from 0 is returned
Exceptions
IOExceptionif error

Definition at line 543 of file X509Cert.cpp.

References i.

Referenced by digidoc::SignatureBES::checkKeyInfo().

Here is the caller graph for this function:

X509 * digidoc::X509Cert::copyX509 ( X509 *  cert) throw (IOException)
static

Creates a copy of the X509 certificate.

Parameters
certX509 certificate to be copied.
Returns
returns copy of X509.
Exceptions
IOExceptionthrows exception if the X509 cert structure copy fails.

Definition at line 123 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::X509CertStore::getCert().

Here is the caller graph for this function:

std::vector< unsigned char > digidoc::X509Cert::encodeDER ( ) const throw (IOException)

Encodes the X509 certificate using DER encoding.

Returns
returns X509 certificate encoded in DER encoding.
Exceptions
IOExceptionthrows exception if encoding failed.

Definition at line 171 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::SignatureTM::addCertificateValue(), digidoc::SignatureBES::checkKeyInfo(), digidoc::SignatureTM::setOCSPCertificate(), and digidoc::Signature::setSigningCertificate().

Here is the caller graph for this function:

std::vector< std::string > digidoc::X509Cert::getCertificatePolicies ( ) const throw (IOException)

Returns current certificate policies

Returns
certificate policies

Definition at line 288 of file X509Cert.cpp.

References i.

Referenced by digidoc::CNGSigner::type(), and digidoc::EstEIDSigner::type().

Here is the caller graph for this function:

std::string digidoc::X509Cert::getIssuerName ( const std::string &  obj = "") const throw (IOException)

Converts X.509 issuer name to string.

Returns
issuer name converted to string.
Exceptions
IOExceptionexception is throws if the conversion failed.

Definition at line 253 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::SignatureBES::checkKeyInfo(), digidoc::SignatureTM::notarize(), digidoc::SignatureTM::setOCSPCertificate(), digidoc::Signature::setSigningCertificate(), and digidoc::SignatureBES::validateOnline().

Here is the caller graph for this function:

X509_NAME * digidoc::X509Cert::getIssuerNameAsn1 ( ) const
Returns
returns X.509 certificate issuer name. Can also return NULL pointer if the issuer name is missing.

Definition at line 242 of file X509Cert.cpp.

Referenced by digidoc::SignatureBES::validateOnline().

Here is the caller graph for this function:

std::vector< digidoc::X509Cert::KeyUsage > digidoc::X509Cert::getKeyUsage ( ) const throw (IOException)

Returns current certificate key usage bits

Returns
key usage bits

Definition at line 267 of file X509Cert.cpp.

Referenced by digidoc::CNGSignerPrivate::CertFilter(), and digidoc::SignatureBES::checkSigningCertificate().

Here is the caller graph for this function:

int digidoc::X509Cert::getPaddingSize ( ) const throw (IOException)
Returns
returns padding size.
Exceptions
IOExceptionexception is thrown when failed to get padding size.

Definition at line 198 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::DDoc::sign(), digidoc::CNGSigner::type(), and digidoc::EstEIDSigner::type().

Here is the caller graph for this function:

EVP_PKEY * digidoc::X509Cert::getPublicKey ( ) const throw (IOException)
private
Returns
returns X.509 certificates public key.
Exceptions
IOExceptionthrows exception if public key is missing.

Definition at line 379 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

std::vector< unsigned char > digidoc::X509Cert::getRsaExponent ( ) const throw (IOException)
Returns
Extracts RSA exponent from X.509 certificate and returns it.
Exceptions
IOExceptionthrows exception if the RSA exponent extraction failed.

Definition at line 425 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::Signature::setSigningCertificate().

Here is the caller graph for this function:

std::vector< unsigned char > digidoc::X509Cert::getRsaModulus ( ) const throw (IOException)
Returns
Extracts RSA modulus from X.509 certificate and returns it.
Exceptions
IOExceptionthrows exception if the RSA modulus extraction failed.

Definition at line 394 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::Signature::setSigningCertificate().

Here is the caller graph for this function:

std::string digidoc::X509Cert::getSerial ( ) const throw (IOException)
Returns
returns X.509 certificate serial number.
Exceptions
IOExceptionexception is thrown if the serial is incorrect.

Definition at line 217 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::SignatureTM::addCertificateValue(), digidoc::SignatureBES::checkKeyInfo(), digidoc::SignatureTM::setOCSPCertificate(), digidoc::Signature::setSigningCertificate(), and testShowCertInfo().

Here is the caller graph for this function:

std::string digidoc::X509Cert::getSubjectName ( const std::string &  obj = "") const throw (IOException)

Converts X.509 subject to string.

Returns
issuer name converted to string.
Exceptions
IOExceptionexception is throws if the conversion failed.

Definition at line 314 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::SignatureTM::addCertificateValue(), digidoc::PKCS11SignerPrivate::createPKCS11Cert(), and open().

Here is the caller graph for this function:

X509 * digidoc::X509Cert::getX509 ( ) const throw (IOException)
Returns
returns copy of OpenSSL X509 struct pointer that is being wrapped. NB! This struct must be freed using X509_free() function from OpenSSL or X509_scope(X509**) macro
Exceptions
IOExceptionthrows exception if the X509 cert structure copy fails.

Definition at line 111 of file X509Cert.cpp.

Referenced by digidoc::SignatureBES::validateOnline().

Here is the caller graph for this function:

X509 * digidoc::X509Cert::handle ( ) const

Definition at line 452 of file X509Cert.cpp.

Referenced by digidoc::SignatureBES::checkSignatureValue(), digidoc::CNGSigner::getCert(), and digidoc::PKCS11Signer::getCert().

Here is the caller graph for this function:

bool digidoc::X509Cert::isValid ( ) const throw (IOException)

Definition at line 457 of file X509Cert.cpp.

References THROW_IOEXCEPTION.

Referenced by digidoc::PKCS11Signer::getCert().

Here is the caller graph for this function:

X509 * digidoc::X509Cert::loadX509 ( const std::string &  path) throw (IOException)
static

Parses X.509 PEM formatted certificate from file. NB! This struct must be freed using X509_free() function from OpenSSL or with X509_scope struct.

Parameters
pathPEM formatted X.509 certificate file path.
Returns
returns certificate parsed from file.
Exceptions
IOExceptionthrows exception if the file does not contain X.509 PEM formatted certificate.

Definition at line 143 of file X509Cert.cpp.

References file, and THROW_IOEXCEPTION.

Referenced by digidoc::DirectoryX509CertStore::loadCerts(), and testRSASigner().

Here is the caller graph for this function:

digidoc::X509Cert & digidoc::X509Cert::operator= ( const X509Cert copy) throw (IOException)

Assignment operator.

Parameters
copyinstance of X509Cert class to be assigned.
Returns
copies parameters from the copy instance.
Exceptions
IOExceptionthrows exception if the X509 cert structure copy fails.

Definition at line 100 of file X509Cert.cpp.

bool digidoc::X509Cert::operator== ( const X509Cert other) const

Definition at line 466 of file X509Cert.cpp.

References cert.

std::string digidoc::X509Cert::toString ( X509_NAME *  name,
const std::string &  obj 
) const throw (IOException)
private

Converts X509_NAME struct to string.

Parameters
nameX509_NAME struct that is converted to string.
Returns
converted value of X509_NAME.
Exceptions
IOExceptionthrows exception if conversion failed.

Definition at line 330 of file X509Cert.cpp.

References e, i, and THROW_IOEXCEPTION.

bool digidoc::X509Cert::verify ( ) const throw (IOException)

Check if X509Cert is signed by trusted issuer

Returns
0 or openssl error_code. Get human readable cause with X509_verify_cert_error_string(code)
Exceptions
IOExceptionif error

Definition at line 480 of file X509Cert.cpp.

References digidoc::Exception::CertificateIssuerMissing, DECLARE_OPENSSL_RELEASE_STRUCT, e, digidoc::X509CertStore::getCertStore(), digidoc::X509CertStore::getInstance(), and THROW_IOEXCEPTION.

Referenced by digidoc::SignatureBES::checkSigningCertificate(), and testX509Verify().

Here is the call graph for this function:

Here is the caller graph for this function:

Member Data Documentation

X509* digidoc::X509Cert::cert
private

Definition at line 84 of file X509Cert.h.

Referenced by digidoc::PKCS11Signer::getCert(), and operator==().


The documentation for this class was generated from the following files: