Async 1.8.0
AsyncSslX509_demo.cpp

An example of how to use the SslCertSigningReq class

#include <AsyncSslContext.h>
#include <AsyncSslKeypair.h>
#include <AsyncSslCertSigningReq.h>
#include <AsyncSslX509.h>
int main(void)
{
// Create a key pair for the CA
Async::SslKeypair ca_pkey;
if (!ca_pkey.generate(2048))
{
std::cout << "*** ERROR: Failed to generate CA key" << std::endl;
return 1;
}
if (!ca_pkey.writePrivateKeyFile("demo_ca.key"))
{
std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
}
// Create a CA certificate and sign it with the key above
Async::SslX509 ca_cert;
ca_cert.setSerialNumber(1);
ca_cert.setVersion(Async::SslX509::VERSION_3);
ca_cert.addIssuerName("CN", "Demo Root CA");
ca_cert.addIssuerName("L", "My City");
ca_cert.addIssuerName("C", "XX");
ca_cert.setSubjectName(ca_cert.issuerName());
Async::SslX509Extensions ca_exts;
ca_exts.addBasicConstraints("critical, CA:TRUE");
ca_exts.addKeyUsage("critical, cRLSign, digitalSignature, keyCertSign");
ca_exts.addSubjectAltNames("email:ca@example.org");
ca_cert.addExtensions(ca_exts);
time_t t = time(nullptr);
ca_cert.setNotBefore(t);
ca_cert.setNotAfter(t + 24*3600);
ca_cert.setPublicKey(ca_pkey);
ca_cert.sign(ca_pkey);
std::cout << "--------------- CA Certificate ----------------" << std::endl;
ca_cert.print();
std::cout << "-----------------------------------------------" << std::endl;
if (!ca_cert.writePemFile("demo_ca.crt"))
{
std::cout << "*** WARNING: Failed to write CA certificate file"
<< std::endl;
}
// Create a key pair for the server certificate
Async::SslKeypair cert_pkey;
if (!cert_pkey.generate(2048))
{
std::cout << "*** ERROR: Failed to generate server certificate key"
<< std::endl;
return 1;
}
if (!cert_pkey.writePrivateKeyFile("demo.key"))
{
std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
}
// Create a Certificate Signing Request
Async::SslCertSigningReq csr;
csr.setVersion(Async::SslCertSigningReq::VERSION_1);
csr.addSubjectName("CN", "hostname.example.org");
csr.addSubjectName("L", "My City");
csr.addSubjectName("C", "XX");
Async::SslX509Extensions csr_exts;
csr_exts.addSubjectAltNames(
"DNS:hostname.example.org"
", DNS:alias.example.org"
", DNS:localhost"
", IP:127.0.0.1"
", email:admin@example.org"
", URI:https://www.example.org"
", otherName:msUPN;UTF8:sb@sb.local");
csr.addExtensions(csr_exts);
csr.setPublicKey(cert_pkey);
csr.sign(cert_pkey);
std::cout << "--------- Certificate Signing Request ---------" << std::endl;
csr.print();
std::cout << "-----------------------------------------------" << std::endl;
if (!csr.writePemFile("demo.csr"))
{
std::cout << "*** WARNING: Failed to write CSR file" << std::endl;
}
std::cout << "The CSR verification "
<< (csr.verify(cert_pkey) ? "PASSED" : "FAILED")
<< std::endl;
// Create the certificate using the CSR then sign it using the CA cert
Async::SslX509 cert;
cert.setSerialNumber(2);
cert.setVersion(Async::SslX509::VERSION_3);
cert.setIssuerName(ca_cert.subjectName());
cert.setSubjectName(csr.subjectName());
cert.setNotBefore(t);
cert.setNotAfter(t + 3600);
const Async::SslX509Extensions exts(csr.extensions());
Async::SslX509Extensions cert_exts;
cert_exts.addBasicConstraints("critical, CA:FALSE");
cert_exts.addKeyUsage("critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement");
cert_exts.addExtKeyUsage("serverAuth");
Async::SslX509ExtSubjectAltName san(exts.subjectAltName());
cert_exts.addExtension(san);
cert.addExtensions(cert_exts);
Async::SslKeypair csr_pkey(csr.publicKey());
cert.setPublicKey(csr_pkey);
cert.sign(ca_pkey);
std::cout << "------------- Server Certificate --------------" << std::endl;
cert.print();
std::cout << "-----------------------------------------------" << std::endl;
if (!cert.writePemFile("demo.crt"))
{
std::cout << "*** WARNING: Failed to write certificate file"
<< std::endl;
}
std::cout << "The certificate verification "
<< (cert.verify(ca_pkey) ? "PASSED" : "FAILED")
<< std::endl;
return 0;
}
AsyncSslContext.h
SSL context meant to be used with TcpConnection and friends.
AsyncSslKeypair.h
Represent private and public keys.
AsyncSslX509.h
Implements a representation of a X.509 certificate.
Async::SslCertSigningReq
A class representing a certificate signing request.
Definition AsyncSslCertSigningReq.h:124
Async::SslCertSigningReq::addExtensions
void addExtensions(SslX509Extensions &exts)
Add extensions to this CSR.
Definition AsyncSslCertSigningReq.h:418
Async::SslCertSigningReq::subjectName
const X509_NAME * subjectName(void) const
Return the subject name as a X509_NAME pointer.
Definition AsyncSslCertSigningReq.h:324
Async::SslCertSigningReq::setPublicKey
bool setPublicKey(SslKeypair &pubkey)
Set the public key.
Definition AsyncSslCertSigningReq.h:455
Async::SslCertSigningReq::print
void print(const std::string &prefix="") const
Print the info in this CSR to std::cout.
Definition AsyncSslCertSigningReq.h:616
Async::SslCertSigningReq::publicKey
SslKeypair publicKey(void) const
Get the public key.
Definition AsyncSslCertSigningReq.h:444
Async::SslCertSigningReq::extensions
SslX509Extensions extensions(void) const
Get the extensions in this CSR.
Definition AsyncSslCertSigningReq.h:434
Async::SslCertSigningReq::writePemFile
bool writePemFile(FILE *f)
Write the CSR data to a PEM file.
Definition AsyncSslCertSigningReq.h:563
Async::SslCertSigningReq::verify
bool verify(SslKeypair &pubkey) const
Verify the signature of this CSR.
Definition AsyncSslCertSigningReq.h:482
Async::SslCertSigningReq::sign
bool sign(SslKeypair &privkey)
Sign the CSR using the given private key.
Definition AsyncSslCertSigningReq.h:466
Async::SslCertSigningReq::addSubjectName
bool addSubjectName(const std::string &field, const std::string &value)
Add a subject name component.
Definition AsyncSslCertSigningReq.h:292
Async::SslCertSigningReq::setVersion
bool setVersion(long version)
Set the version of the request.
Definition AsyncSslCertSigningReq.h:273
Async::SslKeypair
A class representing private and public keys.
Definition AsyncSslKeypair.h:124
Async::SslKeypair::writePrivateKeyFile
bool writePrivateKeyFile(const std::string &filename)
Write key data to file on PEM format.
Definition AsyncSslKeypair.h:330
Async::SslKeypair::generate
bool generate(unsigned int bits)
Generate a new RSA keypair.
Definition AsyncSslKeypair.h:192
Async::SslX509ExtSubjectAltName
A class representing the X.509 Subject Alternative Name extension.
Definition AsyncSslX509ExtSubjectAltName.h:116
Async::SslX509Extensions
A class representing X.509 extensions.
Definition AsyncSslX509Extensions.h:120
Async::SslX509Extensions::addExtKeyUsage
bool addExtKeyUsage(const std::string &eku)
Add extended key usage.
Definition AsyncSslX509Extensions.h:213
Async::SslX509Extensions::subjectAltName
SslX509ExtSubjectAltName subjectAltName(void) const
Get the subject alternative names extension.
Definition AsyncSslX509Extensions.h:234
Async::SslX509Extensions::addSubjectAltNames
bool addSubjectAltNames(const std::string &san)
Add subject alternative names.
Definition AsyncSslX509Extensions.h:225
Async::SslX509Extensions::addExtension
bool addExtension(const SslX509ExtSubjectAltName &san)
Add a subject alternative names object.
Definition AsyncSslX509Extensions.h:249
Async::SslX509Extensions::addBasicConstraints
bool addBasicConstraints(const std::string &bc)
Add basic constraints extension.
Definition AsyncSslX509Extensions.h:187
Async::SslX509Extensions::addKeyUsage
bool addKeyUsage(const std::string &ku)
Add key usage.
Definition AsyncSslX509Extensions.h:201
Async::SslX509
A class representing an X.509 certificate.
Definition AsyncSslX509.h:124
Async::SslX509::addIssuerName
void addIssuerName(const std::string &field, const std::string &value)
Add a name to the issuer distinguished name.
Definition AsyncSslX509.h:711
Async::SslX509::print
void print(const std::string &prefix="") const
Print this certificate to std::cout.
Definition AsyncSslX509.h:910
Async::SslX509::setSerialNumber
void setSerialNumber(long serial_number=-1)
Set the serial number of the certificate.
Definition AsyncSslX509.h:657
Async::SslX509::setPublicKey
bool setPublicKey(SslKeypair &pkey)
Set the public key for this certificate.
Definition AsyncSslX509.h:838
Async::SslX509::verify
bool verify(SslKeypair &keypair)
Verify that this certificate is signed by the given key.
Definition AsyncSslX509.h:369
Async::SslX509::subjectName
const X509_NAME * subjectName(void) const
Get the subject distinguished name.
Definition AsyncSslX509.h:321
Async::SslX509::setSubjectName
bool setSubjectName(const X509_NAME *name)
Set the subject distinguished name.
Definition AsyncSslX509.h:304
Async::SslX509::writePemFile
bool writePemFile(FILE *f)
Write this certificate to file in PEM format.
Definition AsyncSslX509.h:438
Async::SslX509::setIssuerName
bool setIssuerName(const X509_NAME *name)
Set the issuer distinguished name.
Definition AsyncSslX509.h:276
Async::SslX509::addExtensions
void addExtensions(const SslX509Extensions &exts)
Add v3 extensions to this certificate.
Definition AsyncSslX509.h:814
Async::SslX509::sign
bool sign(SslKeypair &pkey)
Sign this certificate using the given key.
Definition AsyncSslX509.h:848
Async::SslX509::issuerName
const X509_NAME * issuerName(void) const
Get the issuer distinguished name.
Definition AsyncSslX509.h:293
Async::SslX509::setNotBefore
void setNotBefore(std::time_t in_time)
Set the date and time from which this certificate is valid.
Definition AsyncSslX509.h:494
Async::SslX509::setNotAfter
void setNotAfter(std::time_t in_time)
Set the date and time up to which this certificate is valid.
Definition AsyncSslX509.h:545
Async::SslX509::setVersion
bool setVersion(long version)
Set the version of this certificate.
Definition AsyncSslX509.h:479
Generated on Sun May 4 2025 14:24:10 for Async by doxygen 1.12.0