UaPkiCertificate Class Reference
[PKI Library Classes]

#include <uapkicertificate.h>

List of all members.

Public Types
enum	Validity {   ValidityGood = 0, ErrorRejected, ErrorUntrusted, ErrorSignatureFailed,   ErrorInvalidCA, ErrorInvalidPurpose, ErrorSelfSigned, ErrorRevoked,   ErrorPathLengthExceeded, ErrorExpired, ErrorExpiredCA, ErrorValidityUnknown }
Public Member Functions
	UaPkiCertificate ()
	UaPkiCertificate (const UaPkiCertificateInfo &info, const UaPkiIdentity &subject, const UaPkiPublicKey &subjectPublicKey, const UaPkiIdentity &issuer, const UaPkiPrivateKey &issuerPrivateKey)
	UaPkiCertificate (const UaPkiCertificate &copy)
	~UaPkiCertificate ()
UaPkiCertificate	operator= (const UaPkiCertificate &copy)
UaPkiPublicKey	publicKey () const
UaString	commonName () const
UaPkiIdentity	subject () const
UaPkiIdentity	issuer () const
UaPkiCertificateInfo	info () const
UaDateTime	validFrom () const
UaDateTime	validTo () const
UaString	serialNumber () const
int	signatureTypeNID () const
UaString	signatureTypeString () const
bool	isValid () const
UaByteArray	toDER () const
int	toDERFile (const char *szFile) const
UaByteArray	thumbPrint () const
Validity	validate (const UaPkiCertificateCollection &trusted, const UaPkiCertificateCollection &untrusted) const
Static Public Member Functions
static UaByteArray	thumbPrint (const UaByteArray &DERData)
static UaPkiCertificate	fromDER (const UaByteArray &DERdata)
static UaPkiCertificate	fromDERFile (const char *szFile)

---

Detailed Description

Class for handling X509 certificates. This class encapsulates OpenSSL X509 functionality and simplifies the certificate handling. The following sample demonstrates how to create a self signed certificate.

  UaPkiIdentity        ident;
  UaPkiCertificateInfo info;
  UaPkiPublicKey       subjectPubKey;
  UaPkiPrivateKey      issuerPrvKey;
  UaPkiRsaKeyPair     *pKeyPair;
  UaPkiCertificate    *pNewCert;
  int                  bits = 2048; 
  ident.commonName = "MyGreatUaApp";
  ident.organization = "ACME";
  ident.organizationUnit = "Development Department";
  ident.locality = "Zell am See";
  ident.state = "Salzburg";
  ident.country = "AT"; 
  info.URI = "opc.tcp://opcua.acme.com/MyGreatUaApp";
  info.IP = ""; // optional IP of no DNS is available
  info.DNS = "opcua.acme.com";
  info.validTime = 3600*24*365*5; // 5 years
  // create new keypair
  pKeyPair = new UaPkiRsaKeyPair(bits);
  subjectPubKey = pKeyPair->publicKey();
  issuerPrvKey  = pKeyPair->privateKey();
  // create new certificate
  pNewCert = new UaPkiCertificate(info, ident, subjectPubKey, ident, issuerPrvKey);
  // store certificate in a DER encoded file
  pNewCert->toDERFile("/path/to/mycert.der");

---

Member Enumeration Documentation

enum UaPkiCertificate::Validity

Validity Enumeration

Enumerator:

ValidityGood	Validity: Good
ErrorRejected	Validity: ErrorRejected
ErrorUntrusted	Validity: ErrorUntrusted
ErrorSignatureFailed	Validity: ErrorSignatureFailed
ErrorInvalidCA	Validity: ErrorInvalidCA
ErrorInvalidPurpose	Validity: ErrorInvalidPurpose
ErrorSelfSigned	Validity: ErrorSelfSigned
ErrorRevoked	Validity: ErrorRevoked
ErrorPathLengthExceeded	Validity: ErrorPathLengthExceeded
ErrorExpired	Validity: ErrorExpired
ErrorExpiredCA	Validity: ErrorExpiredCA
ErrorValidityUnknown	Validity: ErrorValidityUnknown

---

Constructor & Destructor Documentation

UaPkiCertificate::UaPkiCertificate

(

)

construction

UaPkiCertificate::UaPkiCertificate	(	const UaPkiCertificateInfo &	info,
		const UaPkiIdentity &	subject,
		const UaPkiPublicKey &	subjectPublicKey,
		const UaPkiIdentity &	issuer,
		const UaPkiPrivateKey &	issuerPrivateKey
	)

Creates a new certificate.

Parameters:

	info	UA Application information.
	subject	The identity of the certificate owner.
	subjectPublicKey	The public key of the certificate.
	issuer	The identity of the certificate issuer. If subject == issuer a self signed certificate is created.
	issuerPrivateKey	The private key of the certificate issuer. This is needed to sign the certificate.

UaPkiCertificate::UaPkiCertificate

(

const UaPkiCertificate &

copy

)

construction

UaPkiCertificate::~UaPkiCertificate

(

)

destruction

---

Member Function Documentation

UaPkiCertificate UaPkiCertificate::operator=

(

const UaPkiCertificate &

copy

)

ToDoDoc

Parameters:

copy

an exisitng UaPkiCertificate structure.

Returns:

ToDoDoc

UaPkiPublicKey UaPkiCertificate::publicKey

(

)

const

ToDoDoc

Returns:

ToDoDoc

UaString UaPkiCertificate::commonName

(

)

const

Returns the certificates commonName field. This functions is provided for convenience and returns the same as UaPkiCertificate::subject().commonName.

UaPkiIdentity UaPkiCertificate::subject

(

)

const

Returns the certificate identity.

UaPkiIdentity UaPkiCertificate::issuer

(

)

const

Returns the certificate issuer identity.

UaPkiCertificateInfo UaPkiCertificate::info

(

)

const

Returns information from X509v3 Extension subjectAltName. This function does not fill UaPkiCertificateInfo::validTime, use validFrom() and validTo() functions instead.

UaDateTime UaPkiCertificate::validFrom

(

)

const

Returns the start date from the certificates valid time period.

UaDateTime UaPkiCertificate::validTo

(

)

const

Returns the end date from the certificates valid time period.

UaString UaPkiCertificate::serialNumber

(

)

const

Returns the certificates serial number as hex encoded string.

int UaPkiCertificate::signatureTypeNID

(

)

const

ToDoDoc

Returns:

ToDoDoc

UaString UaPkiCertificate::signatureTypeString

(

)

const

ToDoDoc

Returns:

ToDoDoc

bool UaPkiCertificate::isValid

(

)

const

Returns true if the the certificate is still valid and not expired.

UaByteArray UaPkiCertificate::toDER

(

)

const

Encodes the certificate into a DER format. This is used to send a certificate over OPC UA.

Returns:

UaByteArray with DER data.

int UaPkiCertificate::toDERFile

(

const char *

szFile

)

const

Stores the certificate into DER encoded file. This is used for certificate management.

Parameters:

szFile

Filename.

UaByteArray UaPkiCertificate::thumbPrint

(

)

const

Creates the SHA1 thumbprint of the certificate.

UaByteArray UaPkiCertificate::thumbPrint

(

const UaByteArray &

DERData

)

[static]

Creates the SHA1 thumbprint of the DER encoded certificate data. This method is provided for convienence but behaves like the funtion above. This avoid the temporary creation of an UaPkiCertificate instance if you have already DER encoded data.

UaPkiCertificate::Validity UaPkiCertificate::validate	(	const UaPkiCertificateCollection &	trusted,
		const UaPkiCertificateCollection &	untrusted
	)			const

ToDoDoc

Parameters:

	trusted	ToDoDoc
	untrusted	ToDoDoc

Returns:

ToDoDoc

UaPkiCertificate UaPkiCertificate::fromDER

(

const UaByteArray &

DERdata

)

[static]

Loads a certificate from a DER encoded byte array.

Parameters:

DERdata

The DER data typically received from the OPC UA protocol.

Returns:

A new UaPkiCertificate instance.

UaPkiCertificate UaPkiCertificate::fromDERFile

(

const char *

szFile

)

[static]

Loads a certificate from a DER encoded file.

Parameters:

szFile

The file name (local 8 bit encoding).

Returns:

A new UaPkiCertificate instance.

---

The documentation for this class was generated from the following files:

• src/uabase/uapkicpp/uapkicertificate.h
• src/uabase/uapkicpp/uapkicertificate.cpp