#include <icy/crypto/x509certificate.h>RAII wrapper for an OpenSSL X509 certificate with PEM loading and inspection.
| Return | Name | Description |
|---|---|---|
X509Certificate explicit | Constructs an X509Certificate by parsing a PEM-encoded certificate from memory. | |
X509Certificate explicit | Constructs an X509Certificate by reading a PEM-encoded certificate from a file. | |
X509Certificate explicit | Constructs an X509Certificate taking ownership of an existing OpenSSL X509 object. | |
X509Certificate | Constructs an X509Certificate from an existing OpenSSL X509 object, optionally sharing ownership via reference count increment. | |
X509Certificate | Copy-constructs an X509Certificate by duplicating the underlying X509 object. | |
X509Certificate | Move-constructs an X509Certificate, transferring ownership from cert. | |
X509Certificate & | operator= | Copy-assigns a certificate, duplicating the underlying X509 object. |
X509Certificate & | operator= | Move-assigns a certificate, transferring ownership from cert. |
void | swap | Swaps this certificate with cert. |
~X509Certificate | Destroys the X509Certificate and releases the underlying OpenSSL X509 object. | |
const std::string & | issuerName const | Returns the full distinguished name of the certificate issuer. |
std::string | issuerName const | Extracts a single field from the certificate issuer's distinguished name. |
const std::string & | subjectName const | Returns the full distinguished name of the certificate subject. |
std::string | subjectName const | Extracts a single field from the certificate subject's distinguished name. |
std::string | commonName const | Returns the common name (CN) from the certificate subject. |
void | extractNames const | Extracts the common name and the set of Subject Alternative Name (SAN) DNS entries from the certificate. |
DateTime | validFrom const | Returns the date and time from which the certificate is valid. |
DateTime | expiresOn const | Returns the date and time at which the certificate expires. |
void | save const | Writes the certificate in PEM format to an output stream. |
void | save const | Writes the certificate in PEM format to a file. |
bool | issuedBy const | Verifies whether this certificate was signed by the given issuer. |
const X509 * | certificate const | Returns a const pointer to the underlying OpenSSL X509 object. |
X509 * | certificate | Returns a mutable pointer to the underlying OpenSSL X509 object. |
explicit
explicit X509Certificate(const char * data, size_t length)Constructs an X509Certificate by parsing a PEM-encoded certificate from memory.
data Pointer to a buffer containing the PEM-encoded certificate.
length Number of bytes in data.
std::runtime_error if the BIO cannot be created or PEM parsing fails.explicit
explicit X509Certificate(const std::string & path)Constructs an X509Certificate by reading a PEM-encoded certificate from a file.
path Filesystem path to the PEM certificate file.std::runtime_error if the file cannot be opened or PEM parsing fails.explicit
explicit X509Certificate(X509 * pCert)Constructs an X509Certificate taking ownership of an existing OpenSSL X509 object.
pCert Non-null pointer to an OpenSSL X509 certificate. This object takes ownership and will call X509_free on destruction.std::runtime_error if pCert is null.X509Certificate(X509 * pCert, bool shared)Constructs an X509Certificate from an existing OpenSSL X509 object, optionally sharing ownership via reference count increment.
pCert Non-null pointer to an OpenSSL X509 certificate. Ownership is always taken (X509_free called on destruction).
shared If true, increments the certificate's reference count via X509_up_ref before taking ownership, so the original pointer remains valid after this object is destroyed.
std::runtime_error if pCert is null.X509Certificate(const X509Certificate & cert)Copy-constructs an X509Certificate by duplicating the underlying X509 object.
cert The certificate to copy.X509Certificate(X509Certificate && cert) noexceptMove-constructs an X509Certificate, transferring ownership from cert.
cert The certificate to move from; left in a valid but empty state.X509Certificate & operator=(const X509Certificate & cert)Copy-assigns a certificate, duplicating the underlying X509 object.
cert The certificate to copy.Reference to this object.
X509Certificate & operator=(X509Certificate && cert) noexceptMove-assigns a certificate, transferring ownership from cert.
cert The certificate to move from; left in a valid but empty state.Reference to this object.
void swap(X509Certificate & cert)Swaps this certificate with cert.
cert The certificate to swap with.~X509Certificate()Destroys the X509Certificate and releases the underlying OpenSSL X509 object.
const
const std::string & issuerName() constReturns the full distinguished name of the certificate issuer.
One-line string representation produced by X509_NAME_oneline.
const
std::string issuerName(NID nid) constExtracts a single field from the certificate issuer's distinguished name.
nid The field to extract (e.g. NID_COMMON_NAME).Field value, or an empty string if the field is absent.
const
const std::string & subjectName() constReturns the full distinguished name of the certificate subject.
One-line string representation produced by X509_NAME_oneline.
const
std::string subjectName(NID nid) constExtracts a single field from the certificate subject's distinguished name.
nid The field to extract (e.g. NID_ORGANIZATION_NAME).Field value, or an empty string if the field is absent.
const
std::string commonName() constReturns the common name (CN) from the certificate subject.
Convenience wrapper for subjectName(NID_COMMON_NAME).
Common name string, or empty if absent.
const
void extractNames(std::string & commonName, std::set< std::string > & domainNames) constExtracts the common name and the set of Subject Alternative Name (SAN) DNS entries from the certificate.
If no SAN DNS entries are present and the common name is non-empty, the common name is added to domainNames as a fallback.
commonName Receives the certificate's common name.
domainNames Receives all DNS SAN entries (cleared before population).
const
DateTime validFrom() constReturns the date and time from which the certificate is valid.
Parsed from the X509 notBefore field.
UTC DateTime representing the start of the validity period.
const
DateTime expiresOn() constReturns the date and time at which the certificate expires.
Parsed from the X509 notAfter field.
UTC DateTime representing the end of the validity period.
const
void save(std::ostream & stream) constWrites the certificate in PEM format to an output stream.
stream Destination stream to write to.std::runtime_error if the BIO cannot be created or write fails.const
void save(const std::string & path) constWrites the certificate in PEM format to a file.
path Filesystem path of the output file (created or truncated).std::runtime_error if the file cannot be opened or write fails.const
bool issuedBy(const X509Certificate & issuerCertificate) constVerifies whether this certificate was signed by the given issuer.
Extracts the public key from issuerCertificate and calls X509_verify. Use this to validate links in a certificate chain.
issuerCertificate The certificate of the purported issuer.true if this certificate's signature verifies against the issuer's public key, false otherwise.
std::invalid_argument if the issuer certificate has no public key.const
const X509 * certificate() constReturns a const pointer to the underlying OpenSSL X509 object.
Pointer valid for the lifetime of this X509Certificate.
X509 * certificate()Returns a mutable pointer to the underlying OpenSSL X509 object.
Pointer valid for the lifetime of this X509Certificate.
| Return | Name | Description |
|---|---|---|
void | load | Parses a PEM-encoded certificate from a memory buffer and stores it. |
void | load | Reads a PEM-encoded certificate from a file and stores it. |
void | init | Populates _issuerName and _subjectName from the loaded certificate. |
void load(const char * data, size_t length)Parses a PEM-encoded certificate from a memory buffer and stores it.
data Pointer to PEM data.
length Number of bytes in data.
std::logic_error if a certificate is already loaded.
std::runtime_error if BIO creation or PEM parsing fails.
void load(const std::string & path)Reads a PEM-encoded certificate from a file and stores it.
path Filesystem path to the PEM certificate file.std::logic_error if a certificate is already loaded.
std::runtime_error if the file cannot be opened or PEM parsing fails.
void init()Populates _issuerName and _subjectName from the loaded certificate.
Called after each successful load or construction from an X509 pointer.
| Name | Description |
|---|---|
NID | Name identifier for extracting fields from a certificate's distinguished name. |
enum NIDName identifier for extracting fields from a certificate's distinguished name.
Values correspond to OpenSSL NID constants used with X509_NAME_get_text_by_NID.
| Value | Description |
|---|---|
NID_COMMON_NAME | Common name (CN field). |
NID_COUNTRY | Country code (C field). |
NID_LOCALITY_NAME | Locality / city (L field). |
NID_STATE_OR_PROVINCE | State or province (ST field). |
NID_ORGANIZATION_NAME | Organization name (O field). |
NID_ORGANIZATION_UNIT_NAME | Organizational unit (OU field). |
| Return | Name | Description |
|---|---|---|
std::string | _issuerName | |
std::string | _subjectName | |
X509Ptr | _certificate |
std::string _issuerNamestd::string _subjectNameX509Ptr _certificate