X509Certificate
X509Certificate
#include <icy/crypto/x509certificate.h>class X509CertificateDefined in src/crypto/include/icy/crypto/x509certificate.h:33
RAII wrapper for an OpenSSL X509 certificate with PEM loading and inspection.
List of all members
| Name | Kind | Owner |
|---|---|---|
X509Certificate | function | Declared here |
X509Certificate | function | Declared here |
X509Certificate | function | Declared here |
X509Certificate | function | Declared here |
X509Certificate | function | Declared here |
X509Certificate | function | Declared here |
operator= | function | Declared here |
operator= | function | Declared here |
swap | function | Declared here |
~X509Certificate | function | Declared here |
issuerName | function | Declared here |
issuerName | function | Declared here |
subjectName | function | Declared here |
subjectName | function | Declared here |
commonName | function | Declared here |
extractNames | function | Declared here |
validFrom | function | Declared here |
expiresOn | function | Declared here |
save | function | Declared here |
save | function | Declared here |
issuedBy | function | Declared here |
certificate | function | Declared here |
certificate | function | Declared here |
load | function | Declared here |
load | function | Declared here |
init | function | Declared here |
NID | enum | Declared here |
_issuerName | variable | Declared here |
_subjectName | variable | Declared here |
_certificate | variable | Declared here |
Public Methods
| Return | Name | Description |
|---|---|---|
X509Certificate explicit | Constructs an X509Certificate by parsing a PEM-encoded certificate from memory. | |
X509Certificate explicit | Constructs an X509Certificate by reading a PEM-encoded certificate from a file. | |
X509Certificate explicit | Constructs an X509Certificate taking ownership of an existing OpenSSL X509 object. | |
X509Certificate | Constructs an X509Certificate from an existing OpenSSL X509 object, optionally sharing ownership via reference count increment. | |
X509Certificate | Copy-constructs an X509Certificate by duplicating the underlying X509 object. | |
X509Certificate noexcept | Move-constructs an X509Certificate, transferring ownership from cert. | |
X509Certificate & | operator= | Copy-assigns a certificate, duplicating the underlying X509 object. |
X509Certificate & | operator= noexcept | Move-assigns a certificate, transferring ownership from cert. |
void | swap | Swaps this certificate with cert. |
~X509Certificate | Destroys the X509Certificate and releases the underlying OpenSSL X509 object. | |
const std::string & | issuerName const | Returns the full distinguished name of the certificate issuer. |
std::string | issuerName const | Extracts a single field from the certificate issuer's distinguished name. |
const std::string & | subjectName const | Returns the full distinguished name of the certificate subject. |
std::string | subjectName const | Extracts a single field from the certificate subject's distinguished name. |
std::string | commonName const | Returns the common name (CN) from the certificate subject. |
void | extractNames const | Extracts the common name and the set of Subject Alternative Name (SAN) DNS entries from the certificate. |
DateTime | validFrom const | Returns the date and time from which the certificate is valid. |
DateTime | expiresOn const | Returns the date and time at which the certificate expires. |
void | save const | Writes the certificate in PEM format to an output stream. |
void | save const | Writes the certificate in PEM format to a file. |
bool | issuedBy const | Verifies whether this certificate was signed by the given issuer. |
const X509 * | certificate const | Returns a const pointer to the underlying OpenSSL X509 object. |
X509 * | certificate | Returns a mutable pointer to the underlying OpenSSL X509 object. |
X509Certificate
explicit
explicit X509Certificate(const char * data, size_t length)Defined in src/crypto/include/icy/crypto/x509certificate.h:55
Constructs an X509Certificate by parsing a PEM-encoded certificate from memory.
Parameters
dataPointer to a buffer containing the PEM-encoded certificate.lengthNumber of bytes indata.
Exceptions
std::runtime_errorif the BIO cannot be created or PEM parsing fails.
X509Certificate
explicit
explicit X509Certificate(const std::string & path)Defined in src/crypto/include/icy/crypto/x509certificate.h:61
Constructs an X509Certificate by reading a PEM-encoded certificate from a file.
Parameters
pathFilesystem path to the PEM certificate file.
Exceptions
std::runtime_errorif the file cannot be opened or PEM parsing fails.
X509Certificate
explicit
explicit X509Certificate(X509 * pCert)Defined in src/crypto/include/icy/crypto/x509certificate.h:68
Constructs an X509Certificate taking ownership of an existing OpenSSL X509 object.
Parameters
pCertNon-null pointer to an OpenSSL X509 certificate. This object takes ownership and will call X509_free on destruction.
Exceptions
std::runtime_errorifpCertis null.
X509Certificate
X509Certificate(X509 * pCert, bool shared)Defined in src/crypto/include/icy/crypto/x509certificate.h:79
Constructs an X509Certificate from an existing OpenSSL X509 object, optionally sharing ownership via reference count increment.
Parameters
pCertNon-null pointer to an OpenSSL X509 certificate. Ownership is always taken (X509_free called on destruction).sharedIf true, increments the certificate's reference count via X509_up_ref before taking ownership, so the original pointer remains valid after this object is destroyed.
Exceptions
std::runtime_errorifpCertis null.
X509Certificate
X509Certificate(const X509Certificate & cert)Defined in src/crypto/include/icy/crypto/x509certificate.h:84
Copy-constructs an X509Certificate by duplicating the underlying X509 object.
Parameters
certThe certificate to copy.
X509Certificate
noexcept
X509Certificate(X509Certificate && cert) noexceptDefined in src/crypto/include/icy/crypto/x509certificate.h:89
Move-constructs an X509Certificate, transferring ownership from cert.
Parameters
certThe certificate to move from; left in a valid but empty state.
operator=
X509Certificate & operator=(const X509Certificate & cert)Defined in src/crypto/include/icy/crypto/x509certificate.h:95
Copy-assigns a certificate, duplicating the underlying X509 object.
Parameters
certThe certificate to copy.
Returns
Reference to this object.
operator=
noexcept
X509Certificate & operator=(X509Certificate && cert) noexceptDefined in src/crypto/include/icy/crypto/x509certificate.h:101
Move-assigns a certificate, transferring ownership from cert.
Parameters
certThe certificate to move from; left in a valid but empty state.
Returns
Reference to this object.
swap
void swap(X509Certificate & cert)Defined in src/crypto/include/icy/crypto/x509certificate.h:106
Swaps this certificate with cert.
Parameters
certThe certificate to swap with.
~X509Certificate
~X509Certificate()Defined in src/crypto/include/icy/crypto/x509certificate.h:109
Destroys the X509Certificate and releases the underlying OpenSSL X509 object.
issuerName
const
const std::string & issuerName() constDefined in src/crypto/include/icy/crypto/x509certificate.h:114
Returns the full distinguished name of the certificate issuer.
Returns
One-line string representation produced by X509_NAME_oneline.
issuerName
const
std::string issuerName(NID nid) constDefined in src/crypto/include/icy/crypto/x509certificate.h:120
Extracts a single field from the certificate issuer's distinguished name.
Parameters
nidThe field to extract (e.g. NID_COMMON_NAME).
Returns
Field value, or an empty string if the field is absent.
subjectName
const
const std::string & subjectName() constDefined in src/crypto/include/icy/crypto/x509certificate.h:125
Returns the full distinguished name of the certificate subject.
Returns
One-line string representation produced by X509_NAME_oneline.
subjectName
const
std::string subjectName(NID nid) constDefined in src/crypto/include/icy/crypto/x509certificate.h:131
Extracts a single field from the certificate subject's distinguished name.
Parameters
nidThe field to extract (e.g. NID_ORGANIZATION_NAME).
Returns
Field value, or an empty string if the field is absent.
commonName
const
std::string commonName() constDefined in src/crypto/include/icy/crypto/x509certificate.h:138
Returns the common name (CN) from the certificate subject.
Convenience wrapper for subjectName(NID_COMMON_NAME).
Returns
Common name string, or empty if absent.
extractNames
const
void extractNames(std::string & commonName, std::set< std::string > & domainNames) constDefined in src/crypto/include/icy/crypto/x509certificate.h:148
Extracts the common name and the set of Subject Alternative Name (SAN) DNS entries from the certificate.
If no SAN DNS entries are present and the common name is non-empty, the common name is added to domainNames as a fallback.
Parameters
commonNameReceives the certificate's common name.domainNamesReceives all DNS SAN entries (cleared before population).
validFrom
const
DateTime validFrom() constDefined in src/crypto/include/icy/crypto/x509certificate.h:156
Returns the date and time from which the certificate is valid.
Parsed from the X509 notBefore field.
Returns
UTC DateTime representing the start of the validity period.
expiresOn
const
DateTime expiresOn() constDefined in src/crypto/include/icy/crypto/x509certificate.h:163
Returns the date and time at which the certificate expires.
Parsed from the X509 notAfter field.
Returns
UTC DateTime representing the end of the validity period.
save
const
void save(std::ostream & stream) constDefined in src/crypto/include/icy/crypto/x509certificate.h:169
Writes the certificate in PEM format to an output stream.
Parameters
streamDestination stream to write to.
Exceptions
std::runtime_errorif the BIO cannot be created or write fails.
save
const
void save(const std::string & path) constDefined in src/crypto/include/icy/crypto/x509certificate.h:175
Writes the certificate in PEM format to a file.
Parameters
pathFilesystem path of the output file (created or truncated).
Exceptions
std::runtime_errorif the file cannot be opened or write fails.
issuedBy
const
bool issuedBy(const X509Certificate & issuerCertificate) constDefined in src/crypto/include/icy/crypto/x509certificate.h:186
Verifies whether this certificate was signed by the given issuer.
Extracts the public key from issuerCertificate and calls X509_verify. Use this to validate links in a certificate chain.
Parameters
issuerCertificateThe certificate of the purported issuer.
Returns
true if this certificate's signature verifies against the issuer's public key, false otherwise.
Exceptions
std::invalid_argumentif the issuer certificate has no public key.
certificate
const
const X509 * certificate() constDefined in src/crypto/include/icy/crypto/x509certificate.h:191
Returns a const pointer to the underlying OpenSSL X509 object.
Returns
Pointer valid for the lifetime of this X509Certificate.
certificate
X509 * certificate()Defined in src/crypto/include/icy/crypto/x509certificate.h:196
Returns a mutable pointer to the underlying OpenSSL X509 object.
Returns
Pointer valid for the lifetime of this X509Certificate.
Protected Methods
| Return | Name | Description |
|---|---|---|
void | load | Parses a PEM-encoded certificate from a memory buffer and stores it. |
void | load | Reads a PEM-encoded certificate from a file and stores it. |
void | init | Populates _issuerName and _subjectName from the loaded certificate. |
load
void load(const char * data, size_t length)Defined in src/crypto/include/icy/crypto/x509certificate.h:205
Parses a PEM-encoded certificate from a memory buffer and stores it.
Parameters
dataPointer to PEM data.lengthNumber of bytes indata.
Exceptions
std::logic_errorif a certificate is already loaded.std::runtime_errorif BIO creation or PEM parsing fails.
load
void load(const std::string & path)Defined in src/crypto/include/icy/crypto/x509certificate.h:212
Reads a PEM-encoded certificate from a file and stores it.
Parameters
pathFilesystem path to the PEM certificate file.
Exceptions
std::logic_errorif a certificate is already loaded.std::runtime_errorif the file cannot be opened or PEM parsing fails.
init
void init()Defined in src/crypto/include/icy/crypto/x509certificate.h:217
Populates _issuerName and _subjectName from the loaded certificate.
Called after each successful load or construction from an X509 pointer.
Public Types
| Name | Description |
|---|---|
NID | Name identifier for extracting fields from a certificate's distinguished name. |
NID
enum NIDDefined in src/crypto/include/icy/crypto/x509certificate.h:40
Name identifier for extracting fields from a certificate's distinguished name.
Values correspond to OpenSSL NID constants used with X509_NAME_get_text_by_NID.
| Value | Description |
|---|---|
NID_COMMON_NAME | Common name (CN field). |
NID_COUNTRY | Country code (C field). |
NID_LOCALITY_NAME | Locality / city (L field). |
NID_STATE_OR_PROVINCE | State or province (ST field). |
NID_ORGANIZATION_NAME | Organization name (O field). |
NID_ORGANIZATION_UNIT_NAME | Organizational unit (OU field). |
Private Attributes
| Return | Name | Description |
|---|---|---|
std::string | _issuerName | |
std::string | _subjectName | |
X509Ptr | _certificate |
_issuerName
std::string _issuerNameDefined in src/crypto/include/icy/crypto/x509certificate.h:225
_subjectName
std::string _subjectNameDefined in src/crypto/include/icy/crypto/x509certificate.h:226
_certificate
X509Ptr _certificateDefined in src/crypto/include/icy/crypto/x509certificate.h:227
