Class for handling X509 certificates. More...

#include <uapkicertificate.h>

Public Types
enum	Extension
	Extensions Enumeration.

Public Member Functions
	UaPkiCertificate ()
	construction

	UaPkiCertificate (const UaPkiCertificateInfo &info, const UaPkiIdentity &subject, const UaPkiPublicKey &subjectPublicKey, const UaPkiIdentity &issuer, const UaPkiPrivateKey &issuerPrivateKey)
	Creates a new certificate. More...

	UaPkiCertificate (const UaPkiCertificate &copy)
	construction

	UaPkiCertificate (X509 *pCert)
	construction

	~UaPkiCertificate ()
	destruction

UaPkiCertificate	operator= (const UaPkiCertificate &copy)
	Assigns another UaPkiCertificate to the current instance. More...

bool	operator== (const UaPkiCertificate &other)
	Compares the current instance to another certificate. More...

UaPkiPublicKey	publicKey () const
	Returns the public key of the certificate. More...

UaString	commonName () const
	Returns the certificates commonName field. More...

UaPkiIdentity	subject () const
	Returns the certificate identity. More...

UaPkiIdentity	issuer () const
	Returns the certificate issuer identity. More...

UaPkiCertificateInfo	info () const
	Returns information from X509v3 Extension subjectAltName. More...

UaDateTime	validFrom () const
	Returns the start date from the certificates valid time period. More...

UaDateTime	validTo () const
	Returns the end date from the certificates valid time period. More...

UaString	serialNumber () const
	Returns the certificates serial number. More...

int	signatureTypeNID () const
	ToDoDoc. More...

UaString	signatureTypeString () const
	ToDoDoc. More...

bool	isValid () const
	Returns true if the the certificate is still valid and not expired. More...

UaByteArray	toDER () const
	Encodes the certificate into a DER format. More...

int	toDERFile (const char *szFile) const
	Stores the certificate into DER encoded file. More...

int	toDERFile (const UaString &sFile) const
	Stores the certificate into DER encoded file. More...

int	toPEMFile (const char *szFile) const
	Stores the certificate into PEM encoded file. More...

int	toPEMFile (const UaString &sFile) const
	Stores the certificate into PEM encoded file. More...

UaByteArray	thumbPrint () const
	Creates the SHA1 thumb print of the certificate. More...

int	toWindowsStore (WindowsStoreLocation location, const UaString &sStoreName) const
	Stores the certificate in the given windows certificate store. More...

int	toWindowsStoreWithPrivateKey (WindowsStoreLocation location, const UaString &sStoreName, const UaPkiRsaKeyPair &subjectKeyPair) const
	Stores the certificate and it's private key in the given windows certificate store. More...

Static Public Member Functions
static UaByteArray	thumbPrint (const UaByteArray &DERData)
	Creates the SHA1 thumb print of the DER encoded certificate data. More...

static UaPkiCertificate	fromDER (const UaByteArray &DERdata)
	Loads a certificate from a DER encoded byte array. More...

static UaPkiCertificate	fromDERFile (const char *szFile)
	Loads a certificate from a DER encoded file. More...

static UaPkiCertificate	fromDERFile (const UaString &sFile)
	Loads a certificate from a DER encoded file. More...

static UaPkiCertificate	fromPEMFile (const char *szFile)
	Loads a certificate from a PEM encoded file. More...

static UaPkiCertificate	fromWindowsStore (WindowsStoreLocation location, const UaString &sStoreName, const UaByteArray &baThumbprint)
	Gets a certificate from the given windows certificate store. More...

static UaPkiCertificate	fromWindowsStoreWithPrivateKey (WindowsStoreLocation location, const UaString &sStoreName, const UaByteArray &baThumbprint, UaPkiRsaKeyPair &subjectKeyPair)
	Gets a certificate and it's private key from the given windows certificate store. More...

static int	deleteFromWindowsStore (WindowsStoreLocation location, const UaString &sStoreName, const UaByteArray &baThumbprint)
	Deletes a certificate from the given windows certificate store. More...

static UaPkiCertificate	nextCertInWindowsStore (WindowsStoreLocation location, const UaString &sStoreName, const UaPkiCertificate &previous=UaPkiCertificate())
	Iterates over the certificates in a windows certificate store. More...

static UaDateTime	convertAsn1UtcTimeToDateTime (const char szAsn1UtcTime, bool pbOK=0)
	Converts an ASN.1 UTC Time String to a OPC UA DateTime. More...

static UaDateTime	convertAsn1GeneralizedTimeToDateTime (const char szAsn1GeneralizedTime, bool pbOK=0)
	Converts an ASN.1 Generalized Time String to a OPC UA DateTime. More...

Detailed Description

Class for handling X509 certificates.

This class encapsulates OpenSSL X509 functionality and simplifies the certificate handling.

The following sample code demonstrates how to create a self signed certificate.

UaPkiIdentity        ident;
UaPkiCertificateInfo info;
UaPkiPublicKey       subjectPubKey;
UaPkiPrivateKey      issuerPrvKey;
UaPkiRsaKeyPair     *pKeyPair;
UaPkiCertificate    *pNewCert;
int                  bits = 2048;
ident.commonName = "MyGreatUaApp";
ident.organization = "ACME";
ident.organizationUnit = "Development Department";
ident.locality = "Schwabach";
ident.state = "Bavaria";
ident.country = "DE";
info.URI = "opc.tcp://opcua.acme.com/MyGreatUaApp";
info.IP = ""; // optional IP of no DNS is available
info.DNS = "opcua.acme.com";
info.validTime = 3600*24*365*5; // 5 years
// create new keypair
pKeyPair = new UaPkiRsaKeyPair(bits);
subjectPubKey = pKeyPair->publicKey();
issuerPrvKey  = pKeyPair->privateKey();
// create new certificate
pNewCert = new UaPkiCertificate(info, ident, subjectPubKey, ident, issuerPrvKey);
// store certificate in a DER encoded file
pNewCert->toDERFile("/path/to/mycert.der");

The following sample code demonstrates how to store a certificate as file e.g. in the application trust list.

void storeTrustedCertificate(const UaByteString& trustedCertificate, const UaString& sTrustListLocation)
{
    // Assign certificate byte string to UaPkiCertificate class
    UaPkiCertificate cert;
    UaByteArray      derCertificate(*(const OpcUa_ByteString*)trustedCertificate);
    cert = cert.fromDER(derCertificate);
    // Create file name for the certificate
    // Use the thump print as file name
    UaString sThumbPrint = cert.thumbPrint().toHex();
    UaString sFileName = sTrustListLocation;
    sFileName += "/";
    sFileName += sThumbPrint;
    sFileName += ".der";
    // Store certificate
    cert.toDERFile(sFileName.toUtf8());
}

Constructor & Destructor Documentation

UaPkiCertificate::UaPkiCertificate	(	const UaPkiCertificateInfo &	info,
		const UaPkiIdentity &	subject,
		const UaPkiPublicKey &	subjectPublicKey,
		const UaPkiIdentity &	issuer,
		const UaPkiPrivateKey &	issuerPrivateKey
	)

Creates a new certificate.

Parameters

[in]	info	UA Application information.
[in]	subject	The identity of the certificate owner.
[in]	subjectPublicKey	The public key of the certificate.
[in]	issuer	The identity of the certificate issuer. If subject == issuer a self signed certificate is created.
[in]	issuerPrivateKey	The private key of the certificate issuer. This is needed to sign the certificate.

Member Function Documentation

UaString UaPkiCertificate::commonName ( ) const

Returns the certificates commonName field.

This functions is provided for convenience and returns the same as UaPkiCertificate::subject().commonName.

UaDateTime UaPkiCertificate::convertAsn1GeneralizedTimeToDateTime	(	const char *	szAsn1GeneralizedTime,
		bool *	pbOK = `0`
	)

static

Converts an ASN.1 Generalized Time String to a OPC UA DateTime.

This is done by converting the ASN.1 Generalized Format (YYYYMMDDHHMMSS.fffZ) to an ISO8601 String ("YYYY-MM-DDThh:mm:ssZ") and then calling OpcUa_DateTime_GetDateTimeFromString().

UaDateTime UaPkiCertificate::convertAsn1UtcTimeToDateTime	(	const char *	szAsn1UtcTime,
		bool *	pbOK = `0`
	)

static

Converts an ASN.1 UTC Time String to a OPC UA DateTime.

This is done by converting the ASN.1 UTC Format (YYMMDDHHMMSSZ) to an ISO8601 String ("YYYY-MM-DDThh:mm:ssZ") and then calling OpcUa_DateTime_GetDateTimeFromString().

int UaPkiCertificate::deleteFromWindowsStore	(	WindowsStoreLocation	location,
		const UaString &	sStoreName,
		const UaByteArray &	baThumbprint
	)

static

Deletes a certificate from the given windows certificate store.

Returns: Returns 0 if the method succeeded, otherwise -1.

Parameters

[in]	location	The system store location.
[in]	sStoreName	The name of the certificate store to search in.
[in]	baThumbprint	The thumb print of the certificate to delete.

UaPkiCertificate UaPkiCertificate::fromDER ( const UaByteArray & DERdata )

static

Loads a certificate from a DER encoded byte array.

Returns: A new UaPkiCertificate instance.

Parameters

[in] DERdata The DER data typically received from the OPC UA protocol.

UaPkiCertificate UaPkiCertificate::fromDERFile ( const char * szFile )

static

Loads a certificate from a DER encoded file.

Returns: A new UaPkiCertificate instance.

Parameters

[in] szFile The file name (local 8 bit encoding).

UaPkiCertificate UaPkiCertificate::fromDERFile ( const UaString & sFile )

static

Loads a certificate from a DER encoded file.

Returns: A new UaPkiCertificate instance.

Parameters

[in] sFile The file name (UTF8 encoding).

UaPkiCertificate UaPkiCertificate::fromPEMFile ( const char * szFile )

static

Loads a certificate from a PEM encoded file.

Returns: A new UaPkiCertificate instance.

Parameters

[in] szFile The file name (local 8 bit encoding).

UaPkiCertificate UaPkiCertificate::fromWindowsStore	(	WindowsStoreLocation	location,
		const UaString &	sStoreName,
		const UaByteArray &	baThumbprint
	)

static

Gets a certificate from the given windows certificate store.

Returns: The certificate if it has been found. Else, a NULL certificate is returned.

Parameters

[in]	location	The system store location.
[in]	sStoreName	The name of the certificate store to search in.
[in]	baThumbprint	The thumb print of the certificate to load.

UaPkiCertificate UaPkiCertificate::fromWindowsStoreWithPrivateKey	(	WindowsStoreLocation	location,
		const UaString &	sStoreName,
		const UaByteArray &	baThumbprint,
		UaPkiRsaKeyPair &	subjectKeyPair
	)

static

Gets a certificate and it's private key from the given windows certificate store.

Returns: The certificate if it has been found. Else, a NULL certificate is returned.

Parameters

[in]	location	The system store location.
[in]	sStoreName	The name of the certificate store to search in.
[in]	baThumbprint	The thumb print of the certificate to load.
[out]	subjectKeyPair	This will contain the certificate's private key on success.

UaPkiCertificateInfo UaPkiCertificate::info ( ) const

Returns information from X509v3 Extension subjectAltName.

This function does not fill UaPkiCertificateInfo::validTime, use validFrom() and validTo() functions instead.

UaPkiIdentity UaPkiCertificate::issuer ( ) const

Returns the certificate issuer identity.

bool UaPkiCertificate::isValid ( ) const

Returns true if the the certificate is still valid and not expired.

UaPkiCertificate UaPkiCertificate::nextCertInWindowsStore	(	WindowsStoreLocation	location,
		const UaString &	sStoreName,
		const UaPkiCertificate &	previous = `UaPkiCertificate()`
	)

static

Iterates over the certificates in a windows certificate store.

Returns: The certificate if one has been found. Else, a NULL certificate is returned.

Parameters

[in]	location	The system store location.
[in]	sStoreName	The name of the certificate store to get the certificate from.
[in]	previous	This parameter must be an empty UaPkiCertificate on the first call of the function. Set this parameter to the certificate returned by the last call of this function to get the next certificate in the store.

UaPkiCertificate UaPkiCertificate::operator= ( const UaPkiCertificate & copy )

Assigns another UaPkiCertificate to the current instance.

Parameters

copy	An existing UaPkiCertificate structure.

Returns: The current instance

bool UaPkiCertificate::operator== ( const UaPkiCertificate & other )

Compares the current instance to another certificate.

Returns: True if no certificate is NULL and both have the same content

UaPkiPublicKey UaPkiCertificate::publicKey ( ) const

Returns the public key of the certificate.

UaString UaPkiCertificate::serialNumber ( ) const

Returns the certificates serial number.

Returns: The serial number as hex encoded string.

int UaPkiCertificate::signatureTypeNID ( ) const

ToDoDoc.

Returns: ToDoDoc

UaString UaPkiCertificate::signatureTypeString ( ) const

ToDoDoc.

Returns: ToDoDoc

UaPkiIdentity UaPkiCertificate::subject ( ) const

Returns the certificate identity.

UaByteArray UaPkiCertificate::thumbPrint ( ) const

Creates the SHA1 thumb print of the certificate.

Returns: A UaByteArray containing the thumb print of the certificate.

UaByteArray UaPkiCertificate::thumbPrint ( const UaByteArray & DERData )

static

Creates the SHA1 thumb print of the DER encoded certificate data.

This method is provided for convenience but behaves like the function above. This avoid the temporary creation of an UaPkiCertificate instance if you have already DER encoded data.

Returns: A UaByteArray containing the thumb print of the certificate.

Parameters

[in] DERData The DER encoded certificate.

UaByteArray UaPkiCertificate::toDER ( ) const

Encodes the certificate into a DER format.

This is used to send a certificate over OPC UA.

Returns: UaByteArray with DER data.

int UaPkiCertificate::toDERFile ( const char * szFile ) const

Stores the certificate into DER encoded file.

This is used for certificate management.

Returns: error code

Parameters

[in] szFile The file name of the DER encoded file to create (local 8 bit encoding).

int UaPkiCertificate::toDERFile ( const UaString & sFile ) const

Stores the certificate into DER encoded file.

This is used for certificate management.

Returns: error code

Parameters

[in] sFile The file name of the DER encoded file to create (UTF8 encoding).

int UaPkiCertificate::toPEMFile ( const char * szFile ) const

Stores the certificate into PEM encoded file.

This is used for certificate management.

Returns: error code

Parameters

[in] szFile The file name of the PEM encoded file to create (local 8 bit encoding).

int UaPkiCertificate::toPEMFile ( const UaString & sFile ) const

Stores the certificate into PEM encoded file.

This is used for certificate management.

Returns: error code

Parameters

[in] sFile The file name of the PEM encoded file to create (UTF8 encoding).

int UaPkiCertificate::toWindowsStore	(	WindowsStoreLocation	location,
		const UaString &	sStoreName
	)		const

Stores the certificate in the given windows certificate store.

The windows certificate store identifies the certificate by all it's information, so no name parameter is needed.

Returns: Returns 0 if the method succeeded, otherwise -1.

Parameters

[in]	location	The system store location.
[in]	sStoreName	The name of the certificate store to use.

int UaPkiCertificate::toWindowsStoreWithPrivateKey	(	WindowsStoreLocation	location,
		const UaString &	sStoreName,
		const UaPkiRsaKeyPair &	subjectKeyPair
	)		const

Stores the certificate and it's private key in the given windows certificate store.

The windows certificate store identifies the certificate by all it's information, so no name parameter is needed. If the store does not exist it will be created.

Returns: Returns 0 if the method succeeded, otherwise -1.

Parameters

[in]	location	The system store location.
[in]	sStoreName	The name of the certificate store to use.
[in]	subjectKeyPair	The key pair of the certificate subject to store with the certificate.

UaDateTime UaPkiCertificate::validFrom ( ) const

Returns the start date from the certificates valid time period.

UaDateTime UaPkiCertificate::validTo ( ) const

Returns the end date from the certificates valid time period.

The documentation for this class was generated from the following files:

D:/work/uasdkcpp/src/uabase/uapkicpp/uapkicertificate.h
D:/work/uasdkcpp/src/uabase/uapkicpp/uapkicertificate.cpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation