Library: Crypto
Package: Certificate
Header: Poco/Crypto/X509Certificate.h
Description
This class represents a X509 Certificate.
Member Summary
Member Functions: certificate, commonName, dup, equals, expiresOn, extractNames, fingerprint, init, issuedBy, issuerName, load, operator =, print, readPEM, save, serialNumber, signatureAlgorithm, subjectName, swap, validFrom, version, writePEM
Types Aliases
List
using List = std::vector < X509Certificate >;
Enumerations
NID
Name identifier for extracting information from a certificate subject's or issuer's distinguished name.
NID_COMMON_NAME = 13
NID_COUNTRY = 14
NID_LOCALITY_NAME = 15
NID_ORGANIZATION_UNIT_NAME = 18
NID_SERIAL_NUMBER = 105
Constructors
X509Certificate
explicit X509Certificate(
std::istream & istr
);
Creates the X509Certificate object by reading a certificate in PEM format from a stream.
X509Certificate
explicit X509Certificate(
const std::string & path
);
Creates the X509Certificate object by reading a certificate in PEM format from a file.
X509Certificate
explicit X509Certificate(
X509 * pCert
);
Creates the X509Certificate from an existing OpenSSL certificate. Ownership is taken of the certificate.
X509Certificate
X509Certificate(
const X509Certificate & cert
);
Creates the certificate by copying another one.
X509Certificate
X509Certificate(
X509Certificate && cert
) noexcept;
Creates the certificate by moving another one.
X509Certificate
X509Certificate(
X509 * pCert,
bool shared
);
Creates the X509Certificate from an existing OpenSSL certificate. Ownership is taken of the certificate. If shared is true, the certificate's reference count is incremented.
Destructor
~X509Certificate
~X509Certificate();
Destroys the X509Certificate.
Member Functions
certificate
const X509 * certificate() const;
Returns the underlying OpenSSL certificate.
commonName
std::string commonName() const;
Returns the common name stored in the certificate subject's distinguished name.
dup
X509 * dup() const;
Duplicates and returns the underlying OpenSSL certificate. Note that the caller assumes responsibility for the lifecycle of the created certificate.
equals
bool equals(
const X509Certificate & otherCertificate
) const;
Checks whether the certificate is equal to the other certificate, by comparing the hashes of both certificates.
Returns true if both certificates are identical, otherwise false.
expiresOn
Poco::DateTime expiresOn() const;
Returns the date and time the certificate expires.
extractNames
void extractNames(
std::string & commonName,
std::set < std::string > & domainNames
) const;
Extracts the common name and the alias domain names from the certificate.
fingerprint
Poco::DigestEngine::Digest fingerprint(
const std::string & algorithm = "SHA1"
) const;
Computes and returns the fingerprint of the certificate, using the given algorithm. The algorithm must be supported by OpenSSL, e.g., "SHA1" or "SHA256".
issuedBy
bool issuedBy(
const X509Certificate & issuerCertificate
) const;
Checks whether the certificate has been issued by the issuer given by issuerCertificate. This can be used to validate a certificate chain.
Verifies if the certificate has been signed with the issuer's private key, using the public key from the issuer certificate.
Returns true if verification against the issuer certificate was successful, false otherwise.
issuerName
const std::string & issuerName() const;
Returns the certificate issuer's distinguished name.
issuerName
std::string issuerName(
NID nid
) const;
Extracts the information specified by the given NID (name identifier) from the certificate issuer's distinguished name.
operator =
X509Certificate & operator = (
const X509Certificate & cert
);
Assigns a certificate.
operator =
X509Certificate & operator = (
X509Certificate && cert
) noexcept;
Move assignment.
void print(
std::ostream & out
) const;
Prints the certificate information to ostream.
readPEM
static List readPEM(
const std::string & pemFileName
);
Reads and returns a list of certificates from the specified PEM file.
save
void save(
std::ostream & stream
) const;
Writes the certificate to the given stream. The certificate is written in PEM format.
save
void save(
const std::string & path
) const;
Writes the certificate to the file given by path. The certificate is written in PEM format.
serialNumber
const std::string & serialNumber() const;
Returns the certificate serial number as a string in decimal encoding.
signatureAlgorithm
std::string signatureAlgorithm() const;
Returns the certificate signature algorithm long name.
subjectName
const std::string & subjectName() const;
Returns the certificate subject's distinguished name.
subjectName
std::string subjectName(
NID nid
) const;
Extracts the information specified by the given NID (name identifier) from the certificate subject's distinguished name.
swap
void swap(
X509Certificate & cert
) noexcept;
Exchanges the certificate with another one.
validFrom
Poco::DateTime validFrom() const;
Returns the date and time the certificate is valid from.
version
long version() const;
Returns the version of the certificate.
writePEM
static void writePEM(
const std::string & pemFileName,
const List & list
);
Writes the list of certificates to the specified PEM file.
init
void init();
Extracts issuer and subject name from the certificate.
load
void load(
std::istream & stream
);
Loads the certificate from the given stream. The certificate must be in PEM format.
load
void load(
const std::string & path
);
Loads the certificate from the given file. The certificate must be in PEM format.