Async::SslX509Extensions Class Reference
A class representing X.509 extensions. More...
#include <AsyncSslX509Extensions.h>
Public Member Functions | |
| SslX509Extensions (void) | |
| Default constructor. | |
| SslX509Extensions (STACK_OF(X509_EXTENSION) *exts) | |
| Constructor. | |
| SslX509Extensions (SslX509Extensions &&other) | |
| Move Constructor. | |
| SslX509Extensions (const SslX509Extensions &other) | |
| Copy constructor. | |
| SslX509Extensions & | operator= (const SslX509Extensions &)=delete |
| Disallow copy assignment. | |
| ~SslX509Extensions (void) | |
| Destructor. | |
| bool | addBasicConstraints (const std::string &bc) |
| Add basic constraints extension. | |
| bool | addKeyUsage (const std::string &ku) |
| Add key usage. | |
| bool | addExtKeyUsage (const std::string &eku) |
| Add extended key usage. | |
| bool | addSubjectAltNames (const std::string &san) |
| Add subject alternative names. | |
| SslX509ExtSubjectAltName | subjectAltName (void) const |
| Get the subject alternative names extension. | |
| bool | addExtension (const SslX509ExtSubjectAltName &san) |
| Add a subject alternative names object. | |
| operator const STACK_OF (X509_EXTENSION) *() const | |
| Cast to a pointer to a stack of X509_EXTENSION objects. | |
Detailed Description
A class representing X.509 extensions.
- Date
- 2022-05-22
#include <AsyncSslContext.h>
#include <AsyncSslKeypair.h>
#include <AsyncSslCertSigningReq.h>
#include <AsyncSslX509.h>
int main(void)
{
// Create a key pair for the CA
Async::SslKeypair ca_pkey;
if (!ca_pkey.generate(2048))
{
std::cout << "*** ERROR: Failed to generate CA key" << std::endl;
return 1;
}
{
std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
}
// Create a CA certificate and sign it with the key above
Async::SslX509 ca_cert;
ca_cert.setSerialNumber(1);
ca_cert.setVersion(Async::SslX509::VERSION_3);
ca_cert.setSubjectName(ca_cert.issuerName());
Async::SslX509Extensions ca_exts;
ca_exts.addBasicConstraints("critical, CA:TRUE");
ca_exts.addKeyUsage("critical, cRLSign, digitalSignature, keyCertSign");
ca_exts.addSubjectAltNames("email:ca@example.org");
ca_cert.addExtensions(ca_exts);
time_t t = time(nullptr);
ca_cert.setNotBefore(t);
ca_cert.setNotAfter(t + 24*3600);
ca_cert.setPublicKey(ca_pkey);
ca_cert.sign(ca_pkey);
std::cout << "--------------- CA Certificate ----------------" << std::endl;
ca_cert.print();
std::cout << "-----------------------------------------------" << std::endl;
{
std::cout << "*** WARNING: Failed to write CA certificate file"
<< std::endl;
}
// Create a key pair for the server certificate
Async::SslKeypair cert_pkey;
if (!cert_pkey.generate(2048))
{
std::cout << "*** ERROR: Failed to generate server certificate key"
<< std::endl;
return 1;
}
{
std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
}
// Create a Certificate Signing Request
Async::SslX509Extensions csr_exts;
csr_exts.addSubjectAltNames(
"DNS:hostname.example.org"
", DNS:alias.example.org"
", DNS:localhost"
", IP:127.0.0.1"
", email:admin@example.org"
", URI:https://www.example.org"
", otherName:msUPN;UTF8:sb@sb.local");
csr.addExtensions(csr_exts);
csr.setPublicKey(cert_pkey);
csr.sign(cert_pkey);
std::cout << "--------- Certificate Signing Request ---------" << std::endl;
csr.print();
std::cout << "-----------------------------------------------" << std::endl;
{
std::cout << "*** WARNING: Failed to write CSR file" << std::endl;
}
std::cout << "The CSR verification "
<< std::endl;
// Create the certificate using the CSR then sign it using the CA cert
Async::SslX509 cert;
cert.setSerialNumber(2);
cert.setIssuerName(ca_cert.subjectName());
cert.setSubjectName(csr.subjectName());
cert.setNotBefore(t);
cert.setNotAfter(t + 3600);
Async::SslX509Extensions cert_exts;
cert_exts.addBasicConstraints("critical, CA:FALSE");
cert_exts.addKeyUsage("critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement");
cert_exts.addExtKeyUsage("serverAuth");
Async::SslX509ExtSubjectAltName san(exts.subjectAltName());
cert_exts.addExtension(san);
cert.addExtensions(cert_exts);
Async::SslKeypair csr_pkey(csr.publicKey());
cert.setPublicKey(csr_pkey);
cert.sign(ca_pkey);
std::cout << "------------- Server Certificate --------------" << std::endl;
cert.print();
std::cout << "-----------------------------------------------" << std::endl;
{
std::cout << "*** WARNING: Failed to write certificate file"
<< std::endl;
}
std::cout << "The certificate verification "
<< std::endl;
return 0;
}
SSL context meant to be used with TcpConnection and friends.
Represent private and public keys.
Implements a representation of a X.509 certificate.
A class representing a certificate signing request.
Definition AsyncSslCertSigningReq.h:124
void addExtensions(SslX509Extensions &exts)
Add extensions to this CSR.
Definition AsyncSslCertSigningReq.h:418
const X509_NAME * subjectName(void) const
Return the subject name as a X509_NAME pointer.
Definition AsyncSslCertSigningReq.h:324
void print(const std::string &prefix="") const
Print the info in this CSR to std::cout.
Definition AsyncSslCertSigningReq.h:616
SslX509Extensions extensions(void) const
Get the extensions in this CSR.
Definition AsyncSslCertSigningReq.h:434
bool verify(SslKeypair &pubkey) const
Verify the signature of this CSR.
Definition AsyncSslCertSigningReq.h:482
bool sign(SslKeypair &privkey)
Sign the CSR using the given private key.
Definition AsyncSslCertSigningReq.h:466
bool addSubjectName(const std::string &field, const std::string &value)
Add a subject name component.
Definition AsyncSslCertSigningReq.h:292
bool writePrivateKeyFile(const std::string &filename)
Write key data to file on PEM format.
Definition AsyncSslKeypair.h:330
A class representing the X.509 Subject Alternative Name extension.
Definition AsyncSslX509ExtSubjectAltName.h:116
A class representing X.509 extensions.
Definition AsyncSslX509Extensions.h:120
bool addExtKeyUsage(const std::string &eku)
Add extended key usage.
Definition AsyncSslX509Extensions.h:213
bool addSubjectAltNames(const std::string &san)
Add subject alternative names.
Definition AsyncSslX509Extensions.h:225
bool addExtension(const SslX509ExtSubjectAltName &san)
Add a subject alternative names object.
Definition AsyncSslX509Extensions.h:249
bool addBasicConstraints(const std::string &bc)
Add basic constraints extension.
Definition AsyncSslX509Extensions.h:187
void addIssuerName(const std::string &field, const std::string &value)
Add a name to the issuer distinguished name.
Definition AsyncSslX509.h:711
void print(const std::string &prefix="") const
Print this certificate to std::cout.
Definition AsyncSslX509.h:910
void setSerialNumber(long serial_number=-1)
Set the serial number of the certificate.
Definition AsyncSslX509.h:657
bool setPublicKey(SslKeypair &pkey)
Set the public key for this certificate.
Definition AsyncSslX509.h:838
bool verify(SslKeypair &keypair)
Verify that this certificate is signed by the given key.
Definition AsyncSslX509.h:369
const X509_NAME * subjectName(void) const
Get the subject distinguished name.
Definition AsyncSslX509.h:321
bool setSubjectName(const X509_NAME *name)
Set the subject distinguished name.
Definition AsyncSslX509.h:304
bool writePemFile(FILE *f)
Write this certificate to file in PEM format.
Definition AsyncSslX509.h:438
bool setIssuerName(const X509_NAME *name)
Set the issuer distinguished name.
Definition AsyncSslX509.h:276
void addExtensions(const SslX509Extensions &exts)
Add v3 extensions to this certificate.
Definition AsyncSslX509.h:814
const X509_NAME * issuerName(void) const
Get the issuer distinguished name.
Definition AsyncSslX509.h:293
void setNotBefore(std::time_t in_time)
Set the date and time from which this certificate is valid.
Definition AsyncSslX509.h:494
void setNotAfter(std::time_t in_time)
Set the date and time up to which this certificate is valid.
Definition AsyncSslX509.h:545
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 119 of file AsyncSslX509Extensions.h.
Constructor & Destructor Documentation
◆ SslX509Extensions() [1/4]
|
inline |
Default constructor.
Definition at line 125 of file AsyncSslX509Extensions.h.
◆ SslX509Extensions() [2/4]
|
inlineexplicit |
Constructor.
- Parameters
-
exts Pointer to a stack of X509_EXTENSION objects
Definition at line 134 of file AsyncSslX509Extensions.h.
◆ SslX509Extensions() [3/4]
|
inline |
Move Constructor.
- Parameters
-
other The object to move from
Definition at line 143 of file AsyncSslX509Extensions.h.
◆ SslX509Extensions() [4/4]
|
inlineexplicit |
Copy constructor.
- Parameters
-
other The object to copy from
Definition at line 153 of file AsyncSslX509Extensions.h.
◆ ~SslX509Extensions()
|
inline |
Destructor.
Definition at line 171 of file AsyncSslX509Extensions.h.
Member Function Documentation
◆ addBasicConstraints()
|
inline |
Add basic constraints extension.
- Parameters
-
bc Basic constraints string
- Returns
- Return true on success
Ex: addBasicConstraints("critical, CA:FALSE");
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 187 of file AsyncSslX509Extensions.h.
◆ addExtension()
|
inline |
Add a subject alternative names object.
- Parameters
-
san A subject alternative names object containing names to add
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 249 of file AsyncSslX509Extensions.h.
◆ addExtKeyUsage()
|
inline |
Add extended key usage.
- Parameters
-
eku Extended key usage string
- Returns
- Return true on success
Ex: addExtKeyUsage("serverAuth");
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 213 of file AsyncSslX509Extensions.h.
◆ addKeyUsage()
|
inline |
Add key usage.
- Parameters
-
ku Key usage string
- Returns
- Return true on success
Ex: addKeyUsage( "critical, digitalSignature, keyEncipherment, keyAgreement" );
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 201 of file AsyncSslX509Extensions.h.
◆ addSubjectAltNames()
|
inline |
Add subject alternative names.
- Parameters
-
Subject alternative names string
- Returns
- Return true on success
Ex: addSUbjectAltNames("DNS:dom.org,IP:1.2.3.4,email:user@dom.org")
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 225 of file AsyncSslX509Extensions.h.
◆ operator const STACK_OF()
|
inline |
Cast to a pointer to a stack of X509_EXTENSION objects.
Definition at line 263 of file AsyncSslX509Extensions.h.
◆ operator=()
|
delete |
Disallow copy assignment.
◆ subjectAltName()
|
inline |
Get the subject alternative names extension.
- Returns
- Returns an object representing the SAN
- Examples
- AsyncSslX509_demo.cpp.
Definition at line 234 of file AsyncSslX509Extensions.h.
Referenced by Async::SslCertSigningReq::print().
The documentation for this class was generated from the following file:
Generated on Sun May 4 2025 14:24:10 for Async by
1.12.0