jens@17: // jens@21: // MYCertificateInfo.h jens@17: // MYCrypto jens@17: // jens@17: // Created by Jens Alfke on 6/2/09. jens@17: // Copyright 2009 Jens Alfke. All rights reserved. jens@17: // jens@17: jens@17: #import jens@21: @class MYCertificateName, MYCertificate, MYIdentity, MYPublicKey, MYPrivateKey, MYOID; jens@17: jens@21: /** A parsed X.509 certificate; provides access to the names and metadata. */ jens@21: @interface MYCertificateInfo : NSObject jens@17: { jens@19: @private jens@19: NSArray *_root; jens@24: NSData *_data; jens@17: } jens@17: jens@21: /** Initialize by parsing X.509 certificate data. jens@21: (More commonly you'll get an instance via MYCertificate's 'info' property.) */ jens@17: - (id) initWithCertificateData: (NSData*)data error: (NSError**)outError; jens@17: jens@19: /** The date/time at which the certificate first becomes valid. */ jens@21: @property (retain, readonly) NSDate *validFrom; jens@19: jens@19: /** The date/time at which the certificate expires. */ jens@21: @property (retain, readonly) NSDate *validTo; jens@19: jens@20: /** Information about the identity of the owner of this certificate. */ jens@20: @property (readonly) MYCertificateName *subject; jens@19: jens@20: /** Information about the identity that signed/authorized this certificate. */ jens@20: @property (readonly) MYCertificateName *issuer; jens@19: jens@20: /** Returns YES if the issuer is the same as the subject. (Aka a "self-signed" certificate.) */ jens@20: @property (readonly) BOOL isRoot; jens@19: jens@24: /** Verifies the certificate's signature, using the given public key. jens@24: If the certificate is root/self-signed, use the cert's own subject public key. */ jens@24: - (BOOL) verifySignatureWithKey: (MYPublicKey*)issuerPublicKey; jens@24: jens@21: @end jens@19: jens@17: jens@19: jens@22: /** A mutable, unsigned certificate that can be filled out and then signed by the issuer. jens@22: Used to generate an identity certificate for a key-pair. */ jens@21: @interface MYCertificateRequest : MYCertificateInfo jens@21: { jens@21: @private jens@21: MYPublicKey *_publicKey; jens@21: } jens@19: jens@19: /** Initializes a blank instance which can be used to create a new certificate. jens@19: The certificate will not contain anything yet other than the public key. jens@19: The desired attributes should be set, and then the -selfSignWithPrivateKey:error method called. */ jens@19: - (id) initWithPublicKey: (MYPublicKey*)pubKey; jens@19: jens@21: /** The date/time at which the certificate first becomes valid. Settable. */ jens@21: @property (retain) NSDate *validFrom; jens@21: jens@21: /** The date/time at which the certificate expires. Settable */ jens@21: @property (retain) NSDate *validTo; jens@21: jens@21: /** Encodes the certificate request in X.509 format -- this is NOT a certificate! jens@21: It has to be sent to a Certificate Authority to be signed. jens@21: If you want to generate a self-signed certificate, use one of the self-signing methods instead. */ jens@21: - (NSData*) requestData: (NSError**)outError; jens@19: jens@19: /** Signs the certificate using the given private key, which must be the counterpart of the jens@21: public key stored in the certificate, and returns the encoded certificate data. jens@19: The subject attributes will be copied to the issuer attributes. jens@19: If no valid date range has been set yet, it will be set to a range of one year starting from jens@19: the current time. jens@21: A unique serial number based on the current time will be set. */ jens@21: - (NSData*) selfSignWithPrivateKey: (MYPrivateKey*)privateKey error: (NSError**)outError; jens@19: jens@21: /** Signs the certificate using the given private key, which must be the counterpart of the jens@21: public key stored in the certificate; adds the certificate to the keychain; jens@21: and returns a MYIdentity representing the paired certificate and private key. */ jens@21: - (MYIdentity*) createSelfSignedIdentityWithPrivateKey: (MYPrivateKey*)privateKey jens@21: error: (NSError**)outError; jens@17: @end jens@20: jens@20: jens@20: jens@20: /** An X.509 Name structure, describing the subject or issuer of a certificate. jens@21: The properties are settable only if this instance belongs to a MYCertificateRequest; jens@21: otherwise trying to set them will raise an exception. */ jens@20: @interface MYCertificateName : NSObject jens@20: { jens@20: @private jens@20: NSArray *_components; jens@20: } jens@20: jens@20: /** The "common name" (nickname, whatever). */ jens@20: @property (copy) NSString *commonName; jens@20: jens@20: /** The given/first name. */ jens@20: @property (copy) NSString *givenName; jens@20: jens@20: /** The surname / last name / family name. */ jens@20: @property (copy) NSString *surname; jens@20: jens@20: /** A description. */ jens@20: @property (copy) NSString *nameDescription; jens@20: jens@20: /** The raw email address. */ jens@20: @property (copy) NSString *emailAddress; jens@20: jens@20: /** Lower-level accessor that returns the value associated with the given OID. */ jens@20: - (NSString*) stringForOID: (MYOID*)oid; jens@20: jens@20: /** Lower-level accessor that sets the value associated with the given OID. */ jens@20: - (void) setString: (NSString*)value forOID: (MYOID*)oid; jens@20: jens@20: @end