1.1 --- a/MYParsedCertificate.h Wed Jun 03 17:20:53 2009 -0700
1.2 +++ b/MYParsedCertificate.h Thu Jun 04 18:36:30 2009 -0700
1.3 @@ -7,23 +7,79 @@
1.4 //
1.5
1.6 #import <Foundation/Foundation.h>
1.7 -@class MYCertificate, MYOID;
1.8 +@class MYCertificate, MYPublicKey, MYPrivateKey, MYOID;
1.9
1.10 /** A parsed X.509 certificate. Can be used to get more info about an existing cert,
1.11 or to modify a self-signed cert and regenerate it. */
1.12 @interface MYParsedCertificate : NSObject
1.13 {
1.14 + @private
1.15 NSData *_data;
1.16 - id _root;
1.17 + NSArray *_root;
1.18 MYCertificate *_issuer;
1.19 }
1.20
1.21 -+ (MYOID*) RSAWithSHA1AlgorithmID;
1.22 -
1.23 +/** Initializes an instance by parsing an existing X.509 certificate's data. */
1.24 - (id) initWithCertificateData: (NSData*)data error: (NSError**)outError;
1.25
1.26 +/** The raw data of the certificate. */
1.27 +@property (readonly) NSData* certificateData;
1.28 +
1.29 +/** The date/time at which the certificate first becomes valid. */
1.30 +@property (retain) NSDate *validFrom;
1.31 +
1.32 +/** The date/time at which the certificate expires. */
1.33 +@property (retain) NSDate *validTo;
1.34 +
1.35 +/** The "common name" (nickname, whatever) of the subject/owner of the certificate. */
1.36 +@property (copy) NSString *commonName;
1.37 +
1.38 +/** The given/first name of the subject/owner of the certificate. */
1.39 +@property (copy) NSString *givenName;
1.40 +
1.41 +/** The surname / last name / family name of the subject/owner of the certificate. */
1.42 +@property (copy) NSString *surname;
1.43 +
1.44 +/** A description of the subject/owner of the certificate. */
1.45 +@property (copy) NSString *description;
1.46 +
1.47 +/** The raw email address of the subject of the certificate. */
1.48 +@property (copy) NSString *emailAddress;
1.49 +
1.50 +/** The public key of the subject of the certificate. */
1.51 +@property (readonly) MYPublicKey *subjectPublicKey;
1.52 +
1.53 +/** Returns YES if the issuer is the same as the subject. (Aka a "self-signed" certificate.) */
1.54 +@property (readonly) BOOL isRoot;
1.55 +
1.56 /** Associates the certificate to its issuer.
1.57 - If the cert is not self-signed, you must manually set this property before verifying. */
1.58 + If the cert is not self-signed, you must manually set this property before validating. */
1.59 @property (retain) MYCertificate* issuer;
1.60
1.61 +/** Checks that the issuer's signature is valid and hasn't been tampered with.
1.62 + If the certificate is root/self-signed, the subjectPublicKey is used to check the signature;
1.63 + otherwise, the issuer property needs to have been set and its publicKey will be used. */
1.64 +- (BOOL) validateSignature;
1.65 +
1.66 +
1.67 +// Generating certificates:
1.68 +
1.69 +/** Initializes a blank instance which can be used to create a new certificate.
1.70 + The certificate will not contain anything yet other than the public key.
1.71 + The desired attributes should be set, and then the -selfSignWithPrivateKey:error method called. */
1.72 +- (id) initWithPublicKey: (MYPublicKey*)pubKey;
1.73 +
1.74 +/** Has the certificate been signed yet? */
1.75 +@property (readonly) BOOL isSigned;
1.76 +
1.77 +/** Signs the certificate using the given private key, which must be the counterpart of the
1.78 + public key stored in the certificate.
1.79 + The subject attributes will be copied to the issuer attributes.
1.80 + If no valid date range has been set yet, it will be set to a range of one year starting from
1.81 + the current time.
1.82 + A unique serial number based on the current time will be set.
1.83 + After this method returns successfully, access the certificateData property to get the
1.84 + encoded certificate. */
1.85 +- (BOOL) selfSignWithPrivateKey: (MYPrivateKey*)privateKey error: (NSError**)outError;
1.86 +
1.87 @end