Async::SslX509ExtSubjectAltName Class Reference

A class representing the X.509 Subject Alternative Name extension. More...

#include <AsyncSslX509ExtSubjectAltName.h>

Public Types
using	ForeachFunction = std::function<void(int, std::string)>

Public Member Functions
	SslX509ExtSubjectAltName (const std::string &names)
	Default constructor.
	SslX509ExtSubjectAltName (const X509_EXTENSION *ext)
	Constructor.
	SslX509ExtSubjectAltName (GENERAL_NAMES *names)
	Constructor.
	SslX509ExtSubjectAltName (SslX509ExtSubjectAltName &&other)
	Move Constructor.
	SslX509ExtSubjectAltName (const SslX509ExtSubjectAltName &)=delete
	Disallow copy construction.
SslX509ExtSubjectAltName &	operator= (const SslX509ExtSubjectAltName &)=delete
	Disallow copy assignment.
	~SslX509ExtSubjectAltName (void)
	Destructor.
bool	isNull (void) const
	Check if the object is initialized.
	operator const X509_EXTENSION * () const
	Cast to X509_EXTENSION pointer.
void	forEach (ForeachFunction f, int type=-1) const
	Loop through all names calling the given function for each one.
std::string	toString (int type=-1) const
	Convert all SANs to a string.

Detailed Description

A class representing the X.509 Subject Alternative Name extension.

Author

Tobias Blomberg / SM0SVX

Date

2022-05-27

#include <AsyncSslContext.h>
#include <AsyncSslKeypair.h>
#include <AsyncSslCertSigningReq.h>
#include <AsyncSslX509.h>
 
int main(void)
{
    // Create a key pair for the CA
  Async::SslKeypair ca_pkey;
  if (!ca_pkey.generate(2048))
  {
    std::cout << "*** ERROR: Failed to generate CA key" << std::endl;
    return 1;
  }
  if (!ca_pkey.writePrivateKeyFile("demo_ca.key"))
  {
    std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
  }
 
    // Create a CA certificate and sign it with the key above
  Async::SslX509 ca_cert;
  ca_cert.setSerialNumber(1);
  ca_cert.setVersion(Async::SslX509::VERSION_3);
  ca_cert.addIssuerName("CN", "Demo Root CA");
  ca_cert.addIssuerName("L", "My City");
  ca_cert.addIssuerName("C", "XX");
  ca_cert.setSubjectName(ca_cert.issuerName());
  Async::SslX509Extensions ca_exts;
  ca_exts.addBasicConstraints("critical, CA:TRUE");
  ca_exts.addKeyUsage("critical, cRLSign, digitalSignature, keyCertSign");
  ca_exts.addSubjectAltNames("email:ca@example.org");
  ca_cert.addExtensions(ca_exts);
  time_t t = time(nullptr);
  ca_cert.setNotBefore(t);
  ca_cert.setNotAfter(t + 24*3600);
  ca_cert.setPublicKey(ca_pkey);
  ca_cert.sign(ca_pkey);
  std::cout << "--------------- CA Certificate ----------------" << std::endl;
  ca_cert.print();
  std::cout << "-----------------------------------------------" << std::endl;
  if (!ca_cert.writePemFile("demo_ca.crt"))
  {
    std::cout << "*** WARNING: Failed to write CA certificate file"
              << std::endl;
  }
 
    // Create a key pair for the server certificate
  Async::SslKeypair cert_pkey;
  if (!cert_pkey.generate(2048))
  {
    std::cout << "*** ERROR: Failed to generate server certificate key"
              << std::endl;
    return 1;
  }
  if (!cert_pkey.writePrivateKeyFile("demo.key"))
  {
    std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
  }
 
    // Create a Certificate Signing Request
  Async::SslCertSigningReq csr;
  csr.setVersion(Async::SslCertSigningReq::VERSION_1);
  csr.addSubjectName("CN", "hostname.example.org");
  csr.addSubjectName("L", "My City");
  csr.addSubjectName("C", "XX");
  Async::SslX509Extensions csr_exts;
  csr_exts.addSubjectAltNames(
      "DNS:hostname.example.org"
      ", DNS:alias.example.org"
      ", DNS:localhost"
      ", IP:127.0.0.1"
      ", email:admin@example.org"
      ", URI:https://www.example.org"
      ", otherName:msUPN;UTF8:sb@sb.local");
  csr.addExtensions(csr_exts);
  csr.setPublicKey(cert_pkey);
  csr.sign(cert_pkey);
  std::cout << "--------- Certificate Signing Request ---------" << std::endl;
  csr.print();
  std::cout << "-----------------------------------------------" << std::endl;
  if (!csr.writePemFile("demo.csr"))
  {
    std::cout << "*** WARNING: Failed to write CSR file" << std::endl;
  }
  std::cout << "The CSR verification "
            << (csr.verify(cert_pkey) ? "PASSED" : "FAILED")
            << std::endl;
 
    // Create the certificate using the CSR then sign it using the CA cert
  Async::SslX509 cert;
  cert.setSerialNumber(2);
  cert.setVersion(Async::SslX509::VERSION_3);
  cert.setIssuerName(ca_cert.subjectName());
  cert.setSubjectName(csr.subjectName());
  cert.setNotBefore(t);
  cert.setNotAfter(t + 3600);
  const Async::SslX509Extensions exts(csr.extensions());
  Async::SslX509Extensions cert_exts;
  cert_exts.addBasicConstraints("critical, CA:FALSE");
  cert_exts.addKeyUsage("critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement");
  cert_exts.addExtKeyUsage("serverAuth");
  Async::SslX509ExtSubjectAltName san(exts.subjectAltName());
  cert_exts.addExtension(san);
  cert.addExtensions(cert_exts);
  Async::SslKeypair csr_pkey(csr.publicKey());
  cert.setPublicKey(csr_pkey);
  cert.sign(ca_pkey);
  std::cout << "------------- Server Certificate --------------" << std::endl;
  cert.print();
  std::cout << "-----------------------------------------------" << std::endl;
  if (!cert.writePemFile("demo.crt"))
  {
    std::cout << "*** WARNING: Failed to write certificate file"
              << std::endl;
  }
  std::cout << "The certificate verification "
            << (cert.verify(ca_pkey) ? "PASSED" : "FAILED")
            << std::endl;
 
  return 0;
}

Examples

AsyncSslX509_demo.cpp.

Definition at line 115 of file AsyncSslX509ExtSubjectAltName.h.

Member Typedef Documentation

ForeachFunction

using Async::SslX509ExtSubjectAltName::ForeachFunction = std::function<void(int, std::string)>

Definition at line 118 of file AsyncSslX509ExtSubjectAltName.h.

Constructor & Destructor Documentation

SslX509ExtSubjectAltName() [1/5]

Async::SslX509ExtSubjectAltName::SslX509ExtSubjectAltName ( const std::string & names )

inlineexplicit

Default constructor.

Constructor

Parameters

names

A string of comma separated names

Names are specified on a tag:value format. For example: DNS:example.org, IP:1.2.3.4, email:user@.nosp@m.exam.nosp@m.ple.o.nosp@m.rg

Definition at line 132 of file AsyncSslX509ExtSubjectAltName.h.

SslX509ExtSubjectAltName() [2/5]

Async::SslX509ExtSubjectAltName::SslX509ExtSubjectAltName ( const X509_EXTENSION * ext )

inline

Constructor.

Parameters

ext	An existing X509_EXTENSION object

Definition at line 142 of file AsyncSslX509ExtSubjectAltName.h.

SslX509ExtSubjectAltName() [3/5]

Async::SslX509ExtSubjectAltName::SslX509ExtSubjectAltName ( GENERAL_NAMES * names )

inlineexplicit

Constructor.

Parameters

names

A pointer to an existing GENERAL_NAMES object

Definition at line 155 of file AsyncSslX509ExtSubjectAltName.h.

SslX509ExtSubjectAltName() [4/5]

Async::SslX509ExtSubjectAltName::SslX509ExtSubjectAltName ( SslX509ExtSubjectAltName && other )

inline

Move Constructor.

Parameters

other

The object to move from

Definition at line 165 of file AsyncSslX509ExtSubjectAltName.h.

SslX509ExtSubjectAltName() [5/5]

Async::SslX509ExtSubjectAltName::SslX509ExtSubjectAltName ( const SslX509ExtSubjectAltName & )

delete

Disallow copy construction.

~SslX509ExtSubjectAltName()

Async::SslX509ExtSubjectAltName::~SslX509ExtSubjectAltName ( void )

inline

Destructor.

Definition at line 185 of file AsyncSslX509ExtSubjectAltName.h.

Member Function Documentation

forEach()

void Async::SslX509ExtSubjectAltName::forEach ( ForeachFunction f, int type = -1 ) const

inline

Loop through all names calling the given function for each one.

Parameters

f	The function to call for each name
type	The name type to call the function for (default: all)

Type can be GEN_DNS, GEN_IPADD or GEN_EMAIL. Other types are ignored.

Definition at line 230 of file AsyncSslX509ExtSubjectAltName.h.

References Async::IpAddress::toString().

Referenced by toString().

isNull()

bool Async::SslX509ExtSubjectAltName::isNull ( void ) const

inline

Check if the object is initialized.

Returns

Returns true if the object is null

Definition at line 198 of file AsyncSslX509ExtSubjectAltName.h.

operator const X509_EXTENSION *()

Async::SslX509ExtSubjectAltName::operator const X509_EXTENSION * ( ) const

inline

Cast to X509_EXTENSION pointer.

Returns

Return a pointer to a X509_EXTENSION, or null if uninitialized

Definition at line 221 of file AsyncSslX509ExtSubjectAltName.h.

operator=()

SslX509ExtSubjectAltName & Async::SslX509ExtSubjectAltName::operator= ( const SslX509ExtSubjectAltName & )

delete

Disallow copy assignment.

toString()

std::string Async::SslX509ExtSubjectAltName::toString ( int type = -1 ) const

inline

Convert all SANs to a string.

Parameters

type	The name type consider (default: all)

Returns

Return a ", " separated string with SANs

Type can be GEN_DNS, GEN_IPADD or GEN_EMAIL.

Definition at line 308 of file AsyncSslX509ExtSubjectAltName.h.

References forEach().

Referenced by Async::SslCertSigningReq::print(), and Async::SslX509::print().

---

The documentation for this class was generated from the following file:

• AsyncSslX509ExtSubjectAltName.h