MercurialMYCrypto / file revision
summary | shortlog | changelog | graph | tags | branches | files | changeset | file | latest | revisions | annotate | diff | raw
MYCertificateInfo.h
author Jens Alfke <jens@mooseyard.com>
Tue Jul 21 10:13:08 2009 -0700 (2009-07-21)
changeset 27 d0aadddb9c64
parent 22 058394513f33
permissions -rw-r--r--
MYCertificate now checks validity of self-signed certs loaded from the keychain (because the Security framework doesn't validate self-signed certs.) 
     1 //

     2 //  MYCertificateInfo.h

     3 //  MYCrypto

     4 //

     5 //  Created by Jens Alfke on 6/2/09.

     6 //  Copyright 2009 Jens Alfke. All rights reserved.

     7 //

     8 

     9 #import <Foundation/Foundation.h>

    10 @class MYCertificateName, MYCertificate, MYIdentity, MYPublicKey, MYPrivateKey, MYOID;

    11 

    12 /** A parsed X.509 certificate; provides access to the names and metadata. */

    13 @interface MYCertificateInfo : NSObject 

    14 {

    15     @private

    16     NSArray *_root;

    17     NSData *_data;

    18 }

    19 

    20 /** Initialize by parsing X.509 certificate data.

    21     (More commonly you'll get an instance via MYCertificate's 'info' property.) */

    22 - (id) initWithCertificateData: (NSData*)data error: (NSError**)outError;

    23 

    24 /** The date/time at which the certificate first becomes valid. */

    25 @property (retain, readonly) NSDate *validFrom;

    26 

    27 /** The date/time at which the certificate expires. */

    28 @property (retain, readonly) NSDate *validTo;

    29 

    30 /** Information about the identity of the owner of this certificate. */

    31 @property (readonly) MYCertificateName *subject;

    32 

    33 /** Information about the identity that signed/authorized this certificate. */

    34 @property (readonly) MYCertificateName *issuer;

    35 

    36 /** Returns YES if the issuer is the same as the subject. (Aka a "self-signed" certificate.) */

    37 @property (readonly) BOOL isRoot;

    38 

    39 /** Verifies the certificate's signature, using the given public key.

    40     If the certificate is root/self-signed, use the cert's own subject public key. */

    41 - (BOOL) verifySignatureWithKey: (MYPublicKey*)issuerPublicKey;

    42 

    43 @end

    44 

    45 

    46 

    47 /** A mutable, unsigned certificate that can be filled out and then signed by the issuer.

    48     Used to generate an identity certificate for a key-pair. */

    49 @interface MYCertificateRequest : MYCertificateInfo

    50 {

    51     @private

    52     MYPublicKey *_publicKey;

    53 }

    54 

    55 /** Initializes a blank instance which can be used to create a new certificate.

    56     The certificate will not contain anything yet other than the public key.

    57     The desired attributes should be set, and then the -selfSignWithPrivateKey:error method called. */

    58 - (id) initWithPublicKey: (MYPublicKey*)pubKey;

    59 

    60 /** The date/time at which the certificate first becomes valid. Settable. */

    61 @property (retain) NSDate *validFrom;

    62 

    63 /** The date/time at which the certificate expires. Settable */

    64 @property (retain) NSDate *validTo;

    65 

    66 /** Encodes the certificate request in X.509 format -- this is NOT a certificate!

    67     It has to be sent to a Certificate Authority to be signed.

    68     If you want to generate a self-signed certificate, use one of the self-signing methods instead. */

    69 - (NSData*) requestData: (NSError**)outError;

    70 

    71 /** Signs the certificate using the given private key, which must be the counterpart of the

    72     public key stored in the certificate, and returns the encoded certificate data.

    73     The subject attributes will be copied to the issuer attributes.

    74     If no valid date range has been set yet, it will be set to a range of one year starting from

    75     the current time.

    76     A unique serial number based on the current time will be set. */

    77 - (NSData*) selfSignWithPrivateKey: (MYPrivateKey*)privateKey error: (NSError**)outError;

    78 

    79 /** Signs the certificate using the given private key, which must be the counterpart of the

    80     public key stored in the certificate; adds the certificate to the keychain;

    81     and returns a MYIdentity representing the paired certificate and private key. */

    82 - (MYIdentity*) createSelfSignedIdentityWithPrivateKey: (MYPrivateKey*)privateKey

    83                                                  error: (NSError**)outError;

    84 @end

    85 

    86 

    87 

    88 /** An X.509 Name structure, describing the subject or issuer of a certificate.

    89     The properties are settable only if this instance belongs to a MYCertificateRequest;

    90     otherwise trying to set them will raise an exception. */

    91 @interface MYCertificateName : NSObject

    92 {

    93     @private

    94     NSArray *_components;

    95 }

    96 

    97 /** The "common name" (nickname, whatever). */

    98 @property (copy) NSString *commonName;

    99 

   100 /** The given/first name. */

   101 @property (copy) NSString *givenName;

   102 

   103 /** The surname / last name / family name. */

   104 @property (copy) NSString *surname;

   105 

   106 /** A description. */

   107 @property (copy) NSString *nameDescription;

   108 

   109 /** The raw email address. */

   110 @property (copy) NSString *emailAddress;

   111 

   112 /** Lower-level accessor that returns the value associated with the given OID. */

   113 - (NSString*) stringForOID: (MYOID*)oid;

   114 

   115 /** Lower-level accessor that sets the value associated with the given OID. */

   116 - (void) setString: (NSString*)value forOID: (MYOID*)oid;

   117 

   118 @end
MYCrypto