mod_servlet
C++Servlets
|
Abstract class holding available information regarding client or server security certificate. More...
#include <ssl.h>
Public Types | |
typedef std::chrono::time_point < std::chrono::system_clock, typename std::chrono::system_clock::duration > | time_type |
time_point type to be used for date representation in this class | |
Public Member Functions | |
virtual | ~certificate () noexcept |
Destructor. | |
virtual int | version () const =0 |
Gets the version (version number) value from the certificate. More... | |
virtual string_view | serial_number () const =0 |
Gets the serialNumber value from the certificate. More... | |
virtual time_type | valid_since () const =0 |
Gets the notBefore date from the validity period of the certificate. More... | |
virtual time_type | valid_until () const =0 |
Gets the notAfter date from the validity period of the certificate. More... | |
virtual bool | check_valid () const =0 |
Checks that the certificate is currently valid. More... | |
virtual bool | check_valid (time_type time) const =0 |
Checks that the given date is within the certificate's validity period. More... | |
virtual string_view | signature_algorithm_name () const =0 |
Gets the signature algorithm name for the certificate signature algorithm. More... | |
virtual string_view | key_algorithm_name () const =0 |
Gets the public key algorithm name. More... | |
virtual string_view | subject_DN () const =0 |
Returns the subject (subject distinguished name) value from the certificate. More... | |
virtual const std::map < string_view, string_view, std::less<> > & | subject_DN_components () const =0 |
Returns components of the subject (subject distinguished name) value from the certificate. More... | |
virtual string_view | issuer_DN () const =0 |
Returns the issuer (subject distinguished name) value from the certificate. More... | |
virtual const std::map < string_view, string_view, std::less<> > & | issuer_DN_components () const =0 |
Returns components of the issuer (subject distinguished name) value from the certificate. More... | |
virtual const std::map < string_view, std::vector < string_view >, std::less<> > & | subject_alternative_names () const =0 |
Gets an immutable collection of subject alternative names from the SubjectAltName extension, (OID = 2.5.29.17). More... | |
virtual string_view | certificate_exact_assertion () const =0 |
Serial number and issuer of the certificate. More... | |
virtual const std::vector < string_view > & | certificate_chain () const =0 |
Returns PEM (Privacy Enhanced Mail) encoded certificates in client certificate chain. More... | |
virtual string_view | PEM_encoded () const =0 |
Returns PEM (Privacy Enhanced Mail) encoded certificate string. More... | |
Abstract class holding available information regarding client or server security certificate.
|
pure virtual |
Returns PEM (Privacy Enhanced Mail) encoded certificates in client certificate chain.
|
pure virtual |
Serial number and issuer of the certificate.
The format matches that of the CertificateExactAssertion in RFC4523
|
pure virtual |
Checks that the certificate is currently valid.
It is if the current date and time are within the validity period given in the certificate.
The validity period consists of two date/time values: the first and last dates (and times) on which the certificate is valid. It is defined in ASN.1 as:
validity Validity
Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate }
CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
true
if certificate is valid
|
pure virtual |
Checks that the given date is within the certificate's validity period.
In other words, this determines whether the certificate would be valid at the given date/time.
time | the Date to check against to see if this certificate is valid at that date/time. |
|
pure virtual |
Returns the issuer (subject distinguished name) value from the certificate.
string_view
representing the issuer distinguished name
|
pure virtual |
Returns components of the issuer (subject distinguished name) value from the certificate.
std::map
containing the issuer distinguished name components
|
pure virtual |
Gets the public key algorithm name.
|
pure virtual |
Returns PEM (Privacy Enhanced Mail) encoded certificate string.
|
pure virtual |
Gets the serialNumber
value from the certificate.
The serial number is an integer assigned by the certification authority to each certificate. It must be unique for each certificate issued by a given CA (i.e., the issuer name and serial number identify a unique certificate). The ASN.1 definition for this is:
serialNumber CertificateSerialNumber
CertificateSerialNumber ::= INTEGER
|
pure virtual |
Gets the signature algorithm name for the certificate signature algorithm.
An example is the string "SHA-1/DSA". The ASN.1 definition for this is:
signatureAlgorithm AlgorithmIdentifier
AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } -- contains a value of the type -- registered for use with the -- algorithm object identifier value
The algorithm name is determined from the algorithm
OID string.
|
pure virtual |
Gets an immutable collection of subject alternative names from the SubjectAltName
extension, (OID = 2.5.29.17).
The ASN.1 definition of the SubjectAltName
extension is:
SubjectAltName ::= GeneralNames
GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER}
If this certificate does not contain a SubjectAltName
extension, null
is returned. Otherwise, a Collection
is returned with an entry representing each GeneralName
included in the extension. Each entry is a List
whose first entry is an Integer
(the name type, 0-8) and whose second entry is a String
or a byte array (the name, in string or ASN.1 DER encoded form, respectively).
RFC 822, DNS, and URI names are returned as String
s, using the well-established string formats for those types (subject to the restrictions included in RFC 2459). IPv4 address names are returned using dotted quad notation. IPv6 address names are returned in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values representing the eight 16-bit pieces of the address. OID names are returned as String
s represented as a series of nonnegative integers separated by periods. And directory names (distinguished names) are returned in RFC 2253 string format. No standard string format is defined for otherNames, X.400 names, EDI party names, or any other type of names. They are returned as byte arrays containing the ASN.1 DER encoded form of the name.
Note that the Collection
returned may contain more than one name of the same type. Also, note that the returned Collection
is immutable and any entries containing byte arrays are cloned to protect against subsequent modifications.
This method was added to version 1.4 of the Java 2 Platform Standard Edition. In order to maintain backwards compatibility with existing service providers, this method is not abstract
and it provides a default implementation. Subclasses should override this method with a correct implementation.
std::map
of subject alternative names
|
pure virtual |
Returns the subject (subject distinguished name) value from the certificate.
string_view
representing the subject distinguished name
|
pure virtual |
Returns components of the subject (subject distinguished name) value from the certificate.
std::map
containing the subject distinguished name components
|
pure virtual |
Gets the notBefore
date from the validity period of the certificate.
The relevant ASN.1 definitions are:
validity Validity
Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate }
CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
|
pure virtual |
Gets the notAfter
date from the validity period of the certificate.
The relevant ASN.1 definitions are:
validity Validity
Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate }
CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
|
pure virtual |
Gets the version
(version number) value from the certificate.
The ASN.1 definition for this is:
version [0] EXPLICIT Version DEFAULT v1
Version ::= INTEGER { v1(0), v2(1), v3(2) }