#include <uapkicertificate.h>

Public Types
enum	Validity { ValidityGood = 0, ErrorRejected, ErrorUntrusted, ErrorSignatureFailed, ErrorInvalidCA, ErrorInvalidPurpose, ErrorSelfSigned, ErrorRevoked, ErrorPathLengthExceeded, ErrorExpired, ErrorExpiredCA, ErrorValidityUnknown }
Public Member Functions
	UaPkiCertificate ()
	UaPkiCertificate (const UaPkiCertificateInfo &info, const UaPkiIdentity &subject, const UaPkiPublicKey &subjectPublicKey, const UaPkiIdentity &issuer, const UaPkiPrivateKey &issuerPrivateKey)
	UaPkiCertificate (const UaPkiCertificate &copy)
	~UaPkiCertificate ()
UaPkiCertificate	operator= (const UaPkiCertificate &copy)
UaPkiPublicKey	publicKey () const
UaString	commonName () const
UaPkiIdentity	subject () const
UaPkiIdentity	issuer () const
UaPkiCertificateInfo	info () const
UaDateTime	validFrom () const
UaDateTime	validTo () const
UaString	serialNumber () const
int	signatureTypeNID () const
UaString	signatureTypeString () const
bool	isValid () const
UaByteArray	toDER () const
int	toDERFile (const char *szFile) const
	< [in] The file name of the DER encoded file to create.
UaByteArray	thumbPrint () const
Validity	validate (const UaPkiCertificateCollection &trusted, const UaPkiCertificateCollection &untrusted) const
Static Public Member Functions
static UaByteArray	thumbPrint (const UaByteArray &DERData)
static UaPkiCertificate	fromDER (const UaByteArray &DERdata)
static UaPkiCertificate	fromDERFile (const char *szFile)

Detailed Description

Class for handling X509 certificates.

This class encapsulates OpenSSL X509 functionality and simplifies the certificate handling.

The following sample code demonstrates how to create a self signed certificate.

  UaPkiIdentity        ident;
  UaPkiCertificateInfo info;
  UaPkiPublicKey       subjectPubKey;
  UaPkiPrivateKey      issuerPrvKey;
  UaPkiRsaKeyPair     *pKeyPair;
  UaPkiCertificate    *pNewCert;
  int                  bits = 2048; 
  ident.commonName = "MyGreatUaApp";
  ident.organization = "ACME";
  ident.organizationUnit = "Development Department";
  ident.locality = "Zell am See";
  ident.state = "Salzburg";
  ident.country = "AT"; 
  info.URI = "opc.tcp://opcua.acme.com/MyGreatUaApp";
  info.IP = ""; // optional IP of no DNS is available
  info.DNS = "opcua.acme.com";
  info.validTime = 3600*24*365*5; // 5 years
  // create new keypair
  pKeyPair = new UaPkiRsaKeyPair(bits);
  subjectPubKey = pKeyPair->publicKey();
  issuerPrvKey  = pKeyPair->privateKey();
  // create new certificate
  pNewCert = new UaPkiCertificate(info, ident, subjectPubKey, ident, issuerPrvKey);
  // store certificate in a DER encoded file
  pNewCert->toDERFile("/path/to/mycert.der");

The following sample code demonstrates how to store a certificate as file e.g. in the application trust list.

void storeTrustedCertificate(const UaByteString& trustedCertificate, const UaString& sTrustListLocation)
{
    // Assign certificate byte string to UaPkiCertificate class
    UaPkiCertificate cert;
    UaByteArray      derCertificate(*(const OpcUa_ByteString*)trustedCertificate);
    cert = cert.fromDER(derCertificate);

    // Create file name for the certificate
    // Use the thump print as file name
    UaString sThumbPrint = cert.thumbPrint().toHex();
    UaString sFileName = sTrustListLocation;
    sFileName += "/";
    sFileName += sThumbPrint;
    sFileName += ".der";

    // Store certificate
    cert.toDERFile(sFileName.toUtf8());
}

Member Enumeration Documentation

enum UaPkiCertificate::Validity

Validity Enumeration

Enumerator:

ValidityGood	Validity: Good
ErrorRejected	Validity: ErrorRejected
ErrorUntrusted	Validity: ErrorUntrusted
ErrorSignatureFailed	Validity: ErrorSignatureFailed
ErrorInvalidCA	Validity: ErrorInvalidCA
ErrorInvalidPurpose	Validity: ErrorInvalidPurpose
ErrorSelfSigned	Validity: ErrorSelfSigned
ErrorRevoked	Validity: ErrorRevoked
ErrorPathLengthExceeded	Validity: ErrorPathLengthExceeded
ErrorExpired	Validity: ErrorExpired
ErrorExpiredCA	Validity: ErrorExpiredCA
ErrorValidityUnknown	Validity: ErrorValidityUnknown

Constructor & Destructor Documentation

UaPkiCertificate::UaPkiCertificate ( )

construction

UaPkiCertificate::UaPkiCertificate	(	const UaPkiCertificateInfo &	info,
		const UaPkiIdentity &	subject,
		const UaPkiPublicKey &	subjectPublicKey,
		const UaPkiIdentity &	issuer,
		const UaPkiPrivateKey &	issuerPrivateKey
	)

Creates a new certificate.

Parameters:

[in]	info	UA Application information.
[in]	subject	The identity of the certificate owner.
[in]	subjectPublicKey	The public key of the certificate.
[in]	issuer	The identity of the certificate issuer. If subject == issuer a self signed certificate is created.
[in]	issuerPrivateKey	The private key of the certificate issuer. This is needed to sign the certificate.

UaPkiCertificate::UaPkiCertificate ( const UaPkiCertificate & copy )

construction

UaPkiCertificate::~UaPkiCertificate ( )

destruction

Member Function Documentation

UaString UaPkiCertificate::commonName ( ) const

Returns the certificates commonName field. This functions is provided for convenience and returns the same as UaPkiCertificate::subject().commonName.

UaPkiCertificate UaPkiCertificate::fromDER ( const UaByteArray & DERdata ) [static]

Loads a certificate from a DER encoded byte array.

Returns:: A new UaPkiCertificate instance.

Parameters:

[in] DERdata The DER data typically received from the OPC UA protocol.

UaPkiCertificate UaPkiCertificate::fromDERFile ( const char * szFile ) [static]

Loads a certificate from a DER encoded file.

Returns:: A new UaPkiCertificate instance.

Parameters:

[in] szFile The file name (local 8 bit encoding).

UaPkiCertificateInfo UaPkiCertificate::info ( ) const

Returns information from X509v3 Extension subjectAltName. This function does not fill UaPkiCertificateInfo::validTime, use validFrom() and validTo() functions instead.

UaPkiIdentity UaPkiCertificate::issuer ( ) const

Returns the certificate issuer identity.

bool UaPkiCertificate::isValid ( ) const

Returns true if the the certificate is still valid and not expired.

UaPkiCertificate UaPkiCertificate::operator= ( const UaPkiCertificate & copy )

ToDoDoc

Parameters:

copy	An existing UaPkiCertificate structure.

Returns:: ToDoDoc

UaPkiPublicKey UaPkiCertificate::publicKey ( ) const

Returns the public key of the certificate.

UaString UaPkiCertificate::serialNumber ( ) const

Returns the certificates serial number

Returns:: The serial number as hex encoded string.

int UaPkiCertificate::signatureTypeNID ( ) const

ToDoDoc

Returns:: ToDoDoc

UaString UaPkiCertificate::signatureTypeString ( ) const

ToDoDoc

Returns:: ToDoDoc

UaPkiIdentity UaPkiCertificate::subject ( ) const

Returns the certificate identity.

UaByteArray UaPkiCertificate::thumbPrint ( const UaByteArray & DERData ) [static]

Creates the SHA1 thumbprint of the DER encoded certificate data. This method is provided for convienence but behaves like the funtion above. This avoid the temporary creation of an UaPkiCertificate instance if you have already DER encoded data.

Returns:: A UaByteArray containing the thumbprint of the certificate.

Parameters:

[in] DERData The DER encoded certificate.

UaByteArray UaPkiCertificate::thumbPrint ( ) const

Creates the SHA1 thumbprint of the certificate.

Returns:: A UaByteArray containing the thumbprint of the certificate.

UaByteArray UaPkiCertificate::toDER ( ) const

Encodes the certificate into a DER format. This is used to send a certificate over OPC UA.

Returns:: UaByteArray with DER data.

int UaPkiCertificate::toDERFile ( const char * szFile ) const

< [in] The file name of the DER encoded file to create.

Stores the certificate into DER encoded file. This is used for certificate management.

Returns:: error code

UaPkiCertificate::Validity UaPkiCertificate::validate	(	const UaPkiCertificateCollection &	trusted,
		const UaPkiCertificateCollection &	untrusted
	)		const

Validates the certificate against a list of trusted certificates

Returns:: The validity of the certificate.

Parameters:

[in]	trusted	A list of certificates that are trusted.
[in]	untrusted	A list of certificates that may be used to build the trust chain for validation.

UaDateTime UaPkiCertificate::validFrom ( ) const

Returns the start date from the certificates valid time period.

UaDateTime UaPkiCertificate::validTo ( ) const

Returns the end date from the certificates valid time period.

The documentation for this class was generated from the following files:

/home/buildbot/work/uasdkcpp/src/uabase/uapkicpp/uapkicertificate.h
/home/buildbot/work/uasdkcpp/src/uabase/uapkicpp/uapkicertificate.cpp

UaPkiCertificate Class Reference [PKI Library Classes]

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Enumeration Documentation

Constructor & Destructor Documentation

Member Function Documentation

UaPkiCertificate Class Reference
[PKI Library Classes]