#include <uapkicertificate.h>
Class for handling X509 certificates.
This class encapsulates OpenSSL X509 functionality and simplifies the certificate handling.
The following sample code demonstrates how to create a self signed certificate.
UaPkiIdentity ident; UaPkiCertificateInfo info; UaPkiPublicKey subjectPubKey; UaPkiPrivateKey issuerPrvKey; UaPkiRsaKeyPair *pKeyPair; UaPkiCertificate *pNewCert; int bits = 2048; ident.commonName = "MyGreatUaApp"; ident.organization = "ACME"; ident.organizationUnit = "Development Department"; ident.locality = "Zell am See"; ident.state = "Salzburg"; ident.country = "AT"; info.URI = "opc.tcp://opcua.acme.com/MyGreatUaApp"; info.IP = ""; // optional IP of no DNS is available info.DNS = "opcua.acme.com"; info.validTime = 3600*24*365*5; // 5 years // create new keypair pKeyPair = new UaPkiRsaKeyPair(bits); subjectPubKey = pKeyPair->publicKey(); issuerPrvKey = pKeyPair->privateKey(); // create new certificate pNewCert = new UaPkiCertificate(info, ident, subjectPubKey, ident, issuerPrvKey); // store certificate in a DER encoded file pNewCert->toDERFile("/path/to/mycert.der");
The following sample code demonstrates how to store a certificate as file e.g. in the application trust list.
void storeTrustedCertificate(const UaByteString& trustedCertificate, const UaString& sTrustListLocation) { // Assign certificate byte string to UaPkiCertificate class UaPkiCertificate cert; UaByteArray derCertificate(*(const OpcUa_ByteString*)trustedCertificate); cert = cert.fromDER(derCertificate); // Create file name for the certificate // Use the thump print as file name UaString sThumbPrint = cert.thumbPrint().toHex(); UaString sFileName = sTrustListLocation; sFileName += "/"; sFileName += sThumbPrint; sFileName += ".der"; // Store certificate cert.toDERFile(sFileName.toUtf8()); }
Validity Enumeration
UaPkiCertificate::UaPkiCertificate | ( | ) |
construction
UaPkiCertificate::UaPkiCertificate | ( | const UaPkiCertificateInfo & | info, |
const UaPkiIdentity & | subject, | ||
const UaPkiPublicKey & | subjectPublicKey, | ||
const UaPkiIdentity & | issuer, | ||
const UaPkiPrivateKey & | issuerPrivateKey | ||
) |
Creates a new certificate.
[in] | info | UA Application information. |
[in] | subject | The identity of the certificate owner. |
[in] | subjectPublicKey | The public key of the certificate. |
[in] | issuer | The identity of the certificate issuer. If subject == issuer a self signed certificate is created. |
[in] | issuerPrivateKey | The private key of the certificate issuer. This is needed to sign the certificate. |
UaPkiCertificate::UaPkiCertificate | ( | const UaPkiCertificate & | copy ) |
construction
UaPkiCertificate::~UaPkiCertificate | ( | ) |
destruction
UaString UaPkiCertificate::commonName | ( | ) | const |
Returns the certificates commonName field. This functions is provided for convenience and returns the same as UaPkiCertificate::subject().commonName.
UaPkiCertificate UaPkiCertificate::fromDER | ( | const UaByteArray & | DERdata ) | [static] |
Loads a certificate from a DER encoded byte array.
[in] | DERdata | The DER data typically received from the OPC UA protocol. |
UaPkiCertificate UaPkiCertificate::fromDERFile | ( | const char * | szFile ) | [static] |
Loads a certificate from a DER encoded file.
[in] | szFile | The file name (local 8 bit encoding). |
UaPkiCertificateInfo UaPkiCertificate::info | ( | ) | const |
Returns information from X509v3 Extension subjectAltName. This function does not fill UaPkiCertificateInfo::validTime, use validFrom() and validTo() functions instead.
UaPkiIdentity UaPkiCertificate::issuer | ( | ) | const |
Returns the certificate issuer identity.
bool UaPkiCertificate::isValid | ( | ) | const |
Returns true if the the certificate is still valid and not expired.
UaPkiCertificate UaPkiCertificate::operator= | ( | const UaPkiCertificate & | copy ) |
UaPkiPublicKey UaPkiCertificate::publicKey | ( | ) | const |
Returns the public key of the certificate.
UaString UaPkiCertificate::serialNumber | ( | ) | const |
Returns the certificates serial number
int UaPkiCertificate::signatureTypeNID | ( | ) | const |
ToDoDoc
UaString UaPkiCertificate::signatureTypeString | ( | ) | const |
ToDoDoc
UaPkiIdentity UaPkiCertificate::subject | ( | ) | const |
Returns the certificate identity.
UaByteArray UaPkiCertificate::thumbPrint | ( | const UaByteArray & | DERData ) | [static] |
Creates the SHA1 thumbprint of the DER encoded certificate data. This method is provided for convienence but behaves like the funtion above. This avoid the temporary creation of an UaPkiCertificate instance if you have already DER encoded data.
[in] | DERData | The DER encoded certificate. |
UaByteArray UaPkiCertificate::thumbPrint | ( | ) | const |
Creates the SHA1 thumbprint of the certificate.
UaByteArray UaPkiCertificate::toDER | ( | ) | const |
Encodes the certificate into a DER format. This is used to send a certificate over OPC UA.
int UaPkiCertificate::toDERFile | ( | const char * | szFile ) | const |
< [in] The file name of the DER encoded file to create.
Stores the certificate into DER encoded file. This is used for certificate management.
UaPkiCertificate::Validity UaPkiCertificate::validate | ( | const UaPkiCertificateCollection & | trusted, |
const UaPkiCertificateCollection & | untrusted | ||
) | const |
Validates the certificate against a list of trusted certificates
[in] | trusted | A list of certificates that are trusted. |
[in] | untrusted | A list of certificates that may be used to build the trust chain for validation. |
UaDateTime UaPkiCertificate::validFrom | ( | ) | const |
Returns the start date from the certificates valid time period.
UaDateTime UaPkiCertificate::validTo | ( | ) | const |
Returns the end date from the certificates valid time period.