MYCrypto: MYCertificateInfo.h@38c3c3923e1f (annotated)

jens@17	1	//
jens@21	2	// MYCertificateInfo.h
jens@17	3	// MYCrypto
jens@17	4	//
jens@17	5	// Created by Jens Alfke on 6/2/09.
jens@17	6	// Copyright 2009 Jens Alfke. All rights reserved.
jens@17	7	//
jens@17	8
jens@17	9	#import <Foundation/Foundation.h>
jens@21	10	@class MYCertificateName, MYCertificate, MYIdentity, MYPublicKey, MYPrivateKey, MYOID;
jens@17	11
jens@21	12	/** A parsed X.509 certificate; provides access to the names and metadata. */
jens@21	13	@interface MYCertificateInfo : NSObject
jens@17	14	{
jens@19	15	@private
jens@19	16	NSArray *_root;
jens@24	17	NSData *_data;
jens@17	18	}
jens@17	19
jens@21	20	/** Initialize by parsing X.509 certificate data.
jens@21	21	(More commonly you'll get an instance via MYCertificate's 'info' property.) */
jens@17	22	- (id) initWithCertificateData: (NSData)data error: (NSError*)outError;
jens@17	23
jens@19	24	/** The date/time at which the certificate first becomes valid. */
jens@21	25	@property (retain, readonly) NSDate *validFrom;
jens@19	26
jens@19	27	/** The date/time at which the certificate expires. */
jens@21	28	@property (retain, readonly) NSDate *validTo;
jens@19	29
jens@20	30	/** Information about the identity of the owner of this certificate. */
jens@20	31	@property (readonly) MYCertificateName *subject;
jens@19	32
jens@20	33	/** Information about the identity that signed/authorized this certificate. */
jens@20	34	@property (readonly) MYCertificateName *issuer;
jens@19	35
jens@20	36	/** Returns YES if the issuer is the same as the subject. (Aka a "self-signed" certificate.) */
jens@20	37	@property (readonly) BOOL isRoot;
jens@19	38
jens@24	39	/** Verifies the certificate's signature, using the given public key.
jens@24	40	If the certificate is root/self-signed, use the cert's own subject public key. */
jens@24	41	- (BOOL) verifySignatureWithKey: (MYPublicKey*)issuerPublicKey;
jens@24	42
jens@21	43	@end
jens@19	44
jens@17	45
jens@19	46
jens@22	47	/** A mutable, unsigned certificate that can be filled out and then signed by the issuer.
jens@22	48	Used to generate an identity certificate for a key-pair. */
jens@21	49	@interface MYCertificateRequest : MYCertificateInfo
jens@21	50	{
jens@21	51	@private
jens@21	52	MYPublicKey *_publicKey;
jens@21	53	}
jens@19	54
jens@19	55	/** Initializes a blank instance which can be used to create a new certificate.
jens@19	56	The certificate will not contain anything yet other than the public key.
jens@19	57	The desired attributes should be set, and then the -selfSignWithPrivateKey:error method called. */
jens@19	58	- (id) initWithPublicKey: (MYPublicKey*)pubKey;
jens@19	59
jens@21	60	/** The date/time at which the certificate first becomes valid. Settable. */
jens@21	61	@property (retain) NSDate *validFrom;
jens@21	62
jens@21	63	/** The date/time at which the certificate expires. Settable */
jens@21	64	@property (retain) NSDate *validTo;
jens@21	65
jens@21	66	/** Encodes the certificate request in X.509 format -- this is NOT a certificate!
jens@21	67	It has to be sent to a Certificate Authority to be signed.
jens@21	68	If you want to generate a self-signed certificate, use one of the self-signing methods instead. */
jens@21	69	- (NSData) requestData: (NSError*)outError;
jens@19	70
jens@19	71	/** Signs the certificate using the given private key, which must be the counterpart of the
jens@21	72	public key stored in the certificate, and returns the encoded certificate data.
jens@19	73	The subject attributes will be copied to the issuer attributes.
jens@19	74	If no valid date range has been set yet, it will be set to a range of one year starting from
jens@19	75	the current time.
jens@21	76	A unique serial number based on the current time will be set. */
jens@21	77	- (NSData) selfSignWithPrivateKey: (MYPrivateKey)privateKey error: (NSError**)outError;
jens@19	78
jens@21	79	/** Signs the certificate using the given private key, which must be the counterpart of the
jens@21	80	public key stored in the certificate; adds the certificate to the keychain;
jens@21	81	and returns a MYIdentity representing the paired certificate and private key. */
jens@21	82	- (MYIdentity) createSelfSignedIdentityWithPrivateKey: (MYPrivateKey)privateKey
jens@21	83	error: (NSError**)outError;
jens@17	84	@end
jens@20	85
jens@20	86
jens@20	87
jens@20	88	/** An X.509 Name structure, describing the subject or issuer of a certificate.
jens@21	89	The properties are settable only if this instance belongs to a MYCertificateRequest;
jens@21	90	otherwise trying to set them will raise an exception. */
jens@20	91	@interface MYCertificateName : NSObject
jens@20	92	{
jens@20	93	@private
jens@20	94	NSArray *_components;
jens@20	95	}
jens@20	96
jens@20	97	/** The "common name" (nickname, whatever). */
jens@20	98	@property (copy) NSString *commonName;
jens@20	99
jens@20	100	/** The given/first name. */
jens@20	101	@property (copy) NSString *givenName;
jens@20	102
jens@20	103	/** The surname / last name / family name. */
jens@20	104	@property (copy) NSString *surname;
jens@20	105
jens@20	106	/** A description. */
jens@20	107	@property (copy) NSString *nameDescription;
jens@20	108
jens@20	109	/** The raw email address. */
jens@20	110	@property (copy) NSString *emailAddress;
jens@20	111
jens@20	112	/** Lower-level accessor that returns the value associated with the given OID. */
jens@20	113	- (NSString) stringForOID: (MYOID)oid;
jens@20	114
jens@20	115	/** Lower-level accessor that sets the value associated with the given OID. */
jens@20	116	- (void) setString: (NSString)value forOID: (MYOID)oid;
jens@20	117
jens@20	118	@end

author	Jens Alfke <jens@mooseyard.com>
	Wed Jun 10 09:02:18 2009 -0700 (2009-06-10)
changeset 25	38c3c3923e1f
parent 22	058394513f33
permissions	-rw-r--r--