libdigidocpp 4.4.0
Public Types | Public Member Functions | Static Public Attributes | List of all members
digidoc::X509Cert Class Reference

Wrapper for OpenSSL X509 certificate structure. More...

#include <X509Cert.h>

Public Types

enum  Format { Der , Pem }
 
enum  KeyUsage {
  DigitalSignature = 0 , NonRepudiation , KeyEncipherment , DataEncipherment ,
  KeyAgreement , KeyCertificateSign , CRLSign , EncipherOnly ,
  DecipherOnly
}
 

Public Member Functions

 X509Cert (X509 *cert=nullptr)
 
 X509Cert (const unsigned char *bytes, size_t size, Format format=Der)
 
 X509Cert (const std::vector< unsigned char > &bytes, Format format=Der)
 
 X509Cert (std::initializer_list< unsigned char > bytes, Format format=Der)
 
 X509Cert (const std::string &path, Format format=Pem)
 
 X509Cert (X509Cert &&other) noexcept
 
 X509Cert (const X509Cert &other)
 
 ~X509Cert ()
 
std::string serial () const
 
std::string issuerName (const std::string &obj=std::string()) const
 
std::string subjectName (const std::string &obj=std::string()) const
 
std::vector< KeyUsagekeyUsage () const
 
std::vector< std::string > certificatePolicies () const
 
std::vector< std::string > qcStatements () const
 
bool isCA () const
 
bool isValid (time_t *t=nullptr) const
 
bool verify (bool noqscd, tm validation_time={}) const
 
X509 * handle () const
 
 operator std::vector< unsigned char > () const
 
X509Certoperator= (const X509Cert &other)
 
X509Certoperator= (X509Cert &&other) noexcept
 
 operator bool () const
 
bool operator! () const
 
bool operator== (X509 *other) const
 
bool operator== (const X509Cert &other) const
 
bool operator!= (const X509Cert &other) const
 
template<auto Func>
string toString (const string &obj) const
 

Static Public Attributes

static const std::string QC_COMPLIANT = "0.4.0.1862.1.1"
 
static const std::string QC_SSCD = "0.4.0.1862.1.4"
 
static const std::string QC_QCP = "0.4.0.1862.1.5"
 
static const std::string QC_QCT = "0.4.0.1862.1.6"
 
static const std::string QC_SYNTAX1 = "1.3.6.1.5.5.7.11.1"
 
static const std::string QC_SYNTAX2 = "1.3.6.1.5.5.7.11.2"
 
static const std::string QCS_NATURAL = "0.4.0.194121.1.1"
 
static const std::string QCS_LEGAL = "0.4.0.194121.1.2"
 
static const std::string QCT_ESIGN = "0.4.0.1862.1.6.1"
 
static const std::string QCT_ESEAL = "0.4.0.1862.1.6.2"
 
static const std::string QCT_WEB = "0.4.0.1862.1.6.3"
 
static const std::string QCP_PUBLIC_WITH_SSCD = "0.4.0.1456.1.1"
 
static const std::string QCP_PUBLIC = "0.4.0.1456.1.2"
 
static const std::string QCP_NATURAL = "0.4.0.194112.1.0"
 
static const std::string QCP_LEGAL = "0.4.0.194112.1.1"
 
static const std::string QCP_NATURAL_QSCD = "0.4.0.194112.1.2"
 
static const std::string QCP_LEGAL_QSCD = "0.4.0.194112.1.3"
 
static const std::string QCP_WEB = "0.4.0.194112.1.4"
 

Detailed Description

Wrapper for OpenSSL X509 certificate structure.

Member Enumeration Documentation

◆ Format

enum digidoc::X509Cert::Format

Binary encoding format

Enumerator
Der 

ASN.1 syntax

Pem 

Base64 encoded ASN.1 syntax

◆ KeyUsage

enum digidoc::X509Cert::KeyUsage

Key usage bits defined in certificate

Enumerator
DigitalSignature 

Key used for verifying digital signatures, other than signatures on certificates and CRLs.

NonRepudiation 

Key used to provide a non-repudiation service which protects against the signing entity falsely denying some action. Used for signing certificate selection in the current library.

KeyEncipherment 

Key used for enciphering private or shortcut keys.

DataEncipherment 

Key used for directly enciphering raw user data without the use of an intermediate symmetric cipher.

KeyAgreement 

Key used for key agreement.

KeyCertificateSign 

Key used for verifying signatures on public key certificates.

CRLSign 

Key used for verifying signatures on certificate revocation lists (e.g., CRLs).

EncipherOnly 

In conjunction with KeyAgreement, key used only for enciphering data while performing key agreement.

DecipherOnly 

In conjunction with KeyAgreement, key used only for deciphering data while performing key agreement.

Constructor & Destructor Documentation

◆ X509Cert() [1/7]

X509Cert::X509Cert ( X509 *  cert = nullptr)
explicit

Creates copy of the OpenSSL X509 certificate.

Parameters
certOpenSSL X509 certificate structure to be wrapped.

◆ X509Cert() [2/7]

X509Cert::X509Cert ( const unsigned char *  bytes,
size_t  size,
Format  format = Der 
)
explicit

Creates X509 certificate from raw bytes.

Parameters
bytesPointer to X509 certificate data.
sizeSize of the data in bytes.
formatFormat input bytes format (Der or Pem).
Exceptions
Exceptionif X509 certificate parsing failed.

References Der.

◆ X509Cert() [3/7]

X509Cert::X509Cert ( const std::vector< unsigned char > &  bytes,
Format  format = Der 
)
explicit

Creates X509 certificate from a vector of bytes.

Parameters
bytesX509 certificate data.
formatFormat input bytes format (Der or Pem).
Exceptions
Exceptionif X509 certificate parsing failed.

◆ X509Cert() [4/7]

digidoc::X509Cert::X509Cert ( std::initializer_list< unsigned char >  bytes,
Format  format = Der 
)
inlineexplicit

◆ X509Cert() [5/7]

X509Cert::X509Cert ( const std::string &  path,
Format  format = Pem 
)
explicit

Creates X509 certificate from a file.

Parameters
pathPath to the X509 certificate file.
formatFormat input file format (Der or Pem).
Exceptions
Exceptionif the file cannot be opened or parsing failed.

References Der.

◆ X509Cert() [6/7]

X509Cert::X509Cert ( X509Cert &&  other)
defaultnoexcept

Move constructor.

◆ X509Cert() [7/7]

X509Cert::X509Cert ( const X509Cert other)
default

Copy constructor.

◆ ~X509Cert()

X509Cert::~X509Cert ( )
default

Clean up underlying OpenSSL X509 data.

Member Function Documentation

◆ certificatePolicies()

vector< string > X509Cert::certificatePolicies ( ) const

Returns the certificate's policy OIDs.

Returns
Vector of policy OID strings.

◆ handle()

X509 * X509Cert::handle ( ) const

Returns the internal OpenSSL X509 structure handle.

Returns
Pointer to OpenSSL X509 structure.

Referenced by digidoc::Signer::method().

◆ isCA()

bool X509Cert::isCA ( ) const

Checks if the certificate is a Certificate Authority (CA).

Returns
true if the certificate is a CA.

Referenced by digidoc::PKCS11Signer::cert().

◆ issuerName()

string X509Cert::issuerName ( const std::string &  obj = std::string()) const

Returns issuer name as an RFC 2253 string.

Parameters
objIf empty, returns the full issuer DN. If a short name (e.g., "CN", "O", "C") is provided, returns only that component of the issuer name.
Returns
Issuer name string.
Exceptions
Exceptionif the conversion failed.

◆ isValid()

bool X509Cert::isValid ( time_t *  t = nullptr) const

Validates if the certificate is within its valid time period.

Parameters
tPointer to time_t. If nullptr, the current system time is used.
Returns
true if the certificate is valid at time t.
Exceptions
Exceptionif validation fails.

Referenced by digidoc::PKCS11Signer::cert().

◆ keyUsage()

vector< X509Cert::KeyUsage > X509Cert::keyUsage ( ) const

Returns the certificate's key usage bits.

Returns
Vector of KeyUsage enums.

Referenced by digidoc::PKCS11Signer::cert().

◆ operator bool()

X509Cert::operator bool ( ) const

Checks if the certificate object holds a valid OpenSSL handle.

Returns
true if handle is valid.

◆ operator std::vector< unsigned char >()

X509Cert::operator std::vector< unsigned char > ( ) const

Encodes the X509 certificate using DER encoding.

Returns
DER encoded certificate bytes.

◆ operator!()

bool X509Cert::operator! ( ) const

Checks if the certificate object is invalid (holds no handle).

Returns
true if the certificate is invalid.

◆ operator!=()

bool X509Cert::operator!= ( const X509Cert other) const

Compares two X509Cert objects for inequality.

Parameters
otherAnother X509Cert object.
Returns
true if the certificates are different.

References operator==().

◆ operator=() [1/2]

X509Cert & X509Cert::operator= ( const X509Cert other)
default

Assignment operator.

◆ operator=() [2/2]

X509Cert & X509Cert::operator= ( X509Cert &&  other)
defaultnoexcept

Move assignment operator.

◆ operator==() [1/2]

bool X509Cert::operator== ( const X509Cert other) const

Compares two X509Cert objects.

Parameters
otherAnother X509Cert object.
Returns
true if both refer to the same certificate.

References operator==().

◆ operator==() [2/2]

bool X509Cert::operator== ( X509 *  other) const

Compares the certificate with an OpenSSL X509 pointer.

Parameters
otherPointer to OpenSSL X509 structure.
Returns
true if both refer to the same certificate.

Referenced by operator!=(), and operator==().

◆ qcStatements()

vector< string > X509Cert::qcStatements ( ) const

Returns Qualified Certificate (QC) statements as defined in RFC 3739 and ETSI EN 319 412-5.

Since
3.13.0
Returns
Vector of OID strings representing QC statements.

References QC_QCT, and QC_SYNTAX2.

◆ serial()

string X509Cert::serial ( ) const

Returns X.509 certificate serial number in decimal string format.

Returns
Decimal serial number string.
Exceptions
Exceptionif the serial number cannot be retrieved.

◆ subjectName()

string X509Cert::subjectName ( const std::string &  obj = std::string()) const

Returns subject name as an RFC 2253 string.

Parameters
objIf empty, returns the full subject DN. If a short name (e.g., "CN", "SN", "GN") is provided, returns only that component of the subject name.
Returns
Subject name string.
Exceptions
Exceptionif the conversion failed.

Referenced by digidoc::Signature::signedBy().

◆ toString()

template<auto Func>
string digidoc::X509Cert::toString ( const string &  obj) const

Converts OpenSSL X509_NAME struct to string.

Parameters
objOptional parameter to extract a specific component (e.g., "CN").
Returns
String representation of the name.
Exceptions
Exceptionif conversion failed.

◆ verify()

bool X509Cert::verify ( bool  noqscd,
tm  validation_time = {} 
) const

Verifies if the certificate is signed by a trusted issuer.

Since
4.4.0
Parameters
noqscdIf true, QSCD (Qualified Signature Creation Device) requirements are not checked.
validation_timeTime at which the validation is performed.
Returns
true if the certificate is verified as trusted.
Exceptions
Exceptionif verification error occurs.

Member Data Documentation

◆ QC_COMPLIANT

const string X509Cert::QC_COMPLIANT = "0.4.0.1862.1.1"
static

https://www.ietf.org/rfc/rfc3739.txt - id-etsi-qcs-QcCompliance

Since
3.13.0

◆ QC_QCP

const string X509Cert::QC_QCP = "0.4.0.1862.1.5"
static

https://www.ietf.org/rfc/rfc3739.txt - id-etsi-qcs-QcPDS

Since
3.13.0

◆ QC_QCT

const string X509Cert::QC_QCT = "0.4.0.1862.1.6"
static

https://www.ietf.org/rfc/rfc3739.txt - id-etsi-qcs-QcType

Since
3.13.0

Referenced by qcStatements().

◆ QC_SSCD

const string X509Cert::QC_SSCD = "0.4.0.1862.1.4"
static

https://www.ietf.org/rfc/rfc3739.txt - id-etsi-qcs-QcSSCD

Since
3.13.0

◆ QC_SYNTAX1

const string X509Cert::QC_SYNTAX1 = "1.3.6.1.5.5.7.11.1"
static

https://www.ietf.org/rfc/rfc3739.txt - id-qcs-pkixQCSyntax-v1

Since
3.13.0

◆ QC_SYNTAX2

const string X509Cert::QC_SYNTAX2 = "1.3.6.1.5.5.7.11.2"
static

https://www.ietf.org/rfc/rfc3739.txt - id-qcs-pkixQCSyntax-v2

Since
3.13.0

Referenced by qcStatements().

◆ QCP_LEGAL

const string X509Cert::QCP_LEGAL = "0.4.0.194112.1.1"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.01.01_60/en_31941102v020101p.pdf

Since
3.13.0

◆ QCP_LEGAL_QSCD

const string X509Cert::QCP_LEGAL_QSCD = "0.4.0.194112.1.3"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.01.01_60/en_31941102v020101p.pdf

Since
3.13.0

◆ QCP_NATURAL

const string X509Cert::QCP_NATURAL = "0.4.0.194112.1.0"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.01.01_60/en_31941102v020101p.pdf

Since
3.13.0

◆ QCP_NATURAL_QSCD

const string X509Cert::QCP_NATURAL_QSCD = "0.4.0.194112.1.2"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.01.01_60/en_31941102v020101p.pdf

Since
3.13.0

◆ QCP_PUBLIC

const string X509Cert::QCP_PUBLIC = "0.4.0.1456.1.2"
static

http://www.etsi.org/deliver/etsi_ts/101400_101499/101456/01.04.03_60/ts_101456v010403p.pdf

Since
3.13.0

◆ QCP_PUBLIC_WITH_SSCD

const string X509Cert::QCP_PUBLIC_WITH_SSCD = "0.4.0.1456.1.1"
static

http://www.etsi.org/deliver/etsi_ts/101400_101499/101456/01.04.03_60/ts_101456v010403p.pdf

Since
3.13.0

◆ QCP_WEB

const string X509Cert::QCP_WEB = "0.4.0.194112.1.4"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.01.01_60/en_31941102v020101p.pdf

Since
3.13.0

◆ QCS_LEGAL

const string X509Cert::QCS_LEGAL = "0.4.0.194121.1.2"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf - id-etsi-qcs-semanticsId-legal

Since
3.13.0

◆ QCS_NATURAL

const string X509Cert::QCS_NATURAL = "0.4.0.194121.1.1"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.01.01_60/en_31941201v010101p.pdf - id-etsi-qcs-semanticsId-natural

Since
3.13.0

◆ QCT_ESEAL

const string X509Cert::QCT_ESEAL = "0.4.0.1862.1.6.2"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941205/02.01.01_60/en_31941205v020101p.pdf - id-etsi-qct-eseal

Since
3.13.0

◆ QCT_ESIGN

const string X509Cert::QCT_ESIGN = "0.4.0.1862.1.6.1"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941205/02.01.01_60/en_31941205v020101p.pdf - id-etsi-qct-esign

Since
3.13.0

◆ QCT_WEB

const string X509Cert::QCT_WEB = "0.4.0.1862.1.6.3"
static

http://www.etsi.org/deliver/etsi_en/319400_319499/31941205/02.01.01_60/en_31941205v020101p.pdf - id-etsi-qct-web

Since
3.13.0
The documentation for this class was generated from the following files: