Poco::Crypto

class X509Certificate

File Information

Library: Crypto
Package: Certificate
Header: Poco/Crypto/X509Certificate.h

Description

This class represents a X509 Certificate.

Member Summary

Member Functions: certificate, commonName, dup, equals, expiresOn, extractNames, fingerprint, init, issuedBy, issuerName, load, operator =, print, readPEM, save, serialNumber, signatureAlgorithm, subjectName, swap, validFrom, version, writePEM

Types Aliases

List

using List = std::vector < X509Certificate >;

Enumerations

NID

Name identifier for extracting information from a certificate subject's or issuer's distinguished name.

NID_COMMON_NAME = 13

NID_COUNTRY = 14

NID_LOCALITY_NAME = 15

NID_STATE_OR_PROVINCE = 16

NID_ORGANIZATION_NAME = 17

NID_ORGANIZATION_UNIT_NAME = 18

NID_PKCS9_EMAIL_ADDRESS = 48

NID_SERIAL_NUMBER = 105

Constructors

X509Certificate

explicit X509Certificate(
    std::istream & istr
);

Creates the X509Certificate object by reading a certificate in PEM format from a stream.

X509Certificate

explicit X509Certificate(
    const std::string & path
);

Creates the X509Certificate object by reading a certificate in PEM format from a file.

X509Certificate

explicit X509Certificate(
    X509 * pCert
);

Creates the X509Certificate from an existing OpenSSL certificate. Ownership is taken of the certificate.

X509Certificate

X509Certificate(
    const X509Certificate & cert
);

Creates the certificate by copying another one.

X509Certificate

X509Certificate(
    X509Certificate && cert
) noexcept;

Creates the certificate by moving another one.

X509Certificate

X509Certificate(
    X509 * pCert,
    bool shared
);

Creates the X509Certificate from an existing OpenSSL certificate. Ownership is taken of the certificate. If shared is true, the certificate's reference count is incremented.

Destructor

~X509Certificate

~X509Certificate();

Destroys the X509Certificate.

Member Functions

certificate inline

const X509 * certificate() const;

Returns the underlying OpenSSL certificate.

commonName

std::string commonName() const;

Returns the common name stored in the certificate subject's distinguished name.

dup inline

X509 * dup() const;

Duplicates and returns the underlying OpenSSL certificate. Note that the caller assumes responsibility for the lifecycle of the created certificate.

equals

bool equals(
    const X509Certificate & otherCertificate
) const;

Checks whether the certificate is equal to the other certificate, by comparing the hashes of both certificates.

Returns true if both certificates are identical, otherwise false.

expiresOn

Poco::DateTime expiresOn() const;

Returns the date and time the certificate expires.

extractNames

void extractNames(
    std::string & commonName,
    std::set < std::string > & domainNames
) const;

Extracts the common name and the alias domain names from the certificate.

fingerprint

Poco::DigestEngine::Digest fingerprint(
    const std::string & algorithm = "SHA1"
) const;

Computes and returns the fingerprint of the certificate, using the given algorithm. The algorithm must be supported by OpenSSL, e.g., "SHA1" or "SHA256".

issuedBy

bool issuedBy(
    const X509Certificate & issuerCertificate
) const;

Checks whether the certificate has been issued by the issuer given by issuerCertificate. This can be used to validate a certificate chain.

Verifies if the certificate has been signed with the issuer's private key, using the public key from the issuer certificate.

Returns true if verification against the issuer certificate was successful, false otherwise.

issuerName inline

const std::string & issuerName() const;

Returns the certificate issuer's distinguished name.

issuerName

std::string issuerName(
    NID nid
) const;

Extracts the information specified by the given NID (name identifier) from the certificate issuer's distinguished name.

operator =

X509Certificate & operator = (
    const X509Certificate & cert
);

Assigns a certificate.

operator =

X509Certificate & operator = (
    X509Certificate && cert
) noexcept;

Move assignment.

print

void print(
    std::ostream & out
) const;

Prints the certificate information to ostream.

readPEM static

static List readPEM(
    const std::string & pemFileName
);

Reads and returns a list of certificates from the specified PEM file.

save

void save(
    std::ostream & stream
) const;

Writes the certificate to the given stream. The certificate is written in PEM format.

save

void save(
    const std::string & path
) const;

Writes the certificate to the file given by path. The certificate is written in PEM format.

serialNumber inline

const std::string & serialNumber() const;

Returns the certificate serial number as a string in decimal encoding.

signatureAlgorithm

std::string signatureAlgorithm() const;

Returns the certificate signature algorithm long name.

subjectName inline

const std::string & subjectName() const;

Returns the certificate subject's distinguished name.

subjectName

std::string subjectName(
    NID nid
) const;

Extracts the information specified by the given NID (name identifier) from the certificate subject's distinguished name.

swap

void swap(
    X509Certificate & cert
);

Exchanges the certificate with another one.

validFrom

Poco::DateTime validFrom() const;

Returns the date and time the certificate is valid from.

version inline

long version() const;

Returns the version of the certificate.

writePEM static

static void writePEM(
    const std::string & pemFileName,
    const List & list
);

Writes the list of certificates to the specified PEM file.

init protected

void init();

Extracts issuer and subject name from the certificate.

load protected

void load(
    std::istream & stream
);

Loads the certificate from the given stream. The certificate must be in PEM format.

load protected

void load(
    const std::string & path
);

Loads the certificate from the given file. The certificate must be in PEM format.

Securely control IoT edge devices from anywhere   Connect a Device