Factored out the name accessors of MYParsedCertificate into a new class MYCertificateName, so that both subject and issuer can be accessed. A bit of other cleanup too.
2 // MYParsedCertificate.h
5 // Created by Jens Alfke on 6/2/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import <Foundation/Foundation.h>
10 @class MYCertificateName, MYCertificate, MYPublicKey, MYPrivateKey, MYOID;
12 /** A parsed X.509 certificate. Can be used to get more info about an existing cert,
13 to modify and regenerate a self-signed cert, or to create a new self-signed cert. */
14 @interface MYParsedCertificate : NSObject
19 MYCertificate *_issuerCertificate;
22 /** Initializes an instance by parsing an existing X.509 certificate's data. */
23 - (id) initWithCertificateData: (NSData*)data error: (NSError**)outError;
25 /** The raw data of the certificate. */
26 @property (readonly) NSData* certificateData;
28 /** The date/time at which the certificate first becomes valid. */
29 @property (retain) NSDate *validFrom;
31 /** The date/time at which the certificate expires. */
32 @property (retain) NSDate *validTo;
34 /** Information about the identity of the owner of this certificate. */
35 @property (readonly) MYCertificateName *subject;
37 /** Information about the identity that signed/authorized this certificate. */
38 @property (readonly) MYCertificateName *issuer;
40 /** Returns YES if the issuer is the same as the subject. (Aka a "self-signed" certificate.) */
41 @property (readonly) BOOL isRoot;
43 /** The public key of the subject of the certificate. */
44 @property (readonly) MYPublicKey *subjectPublicKey;
46 /** Associates the certificate to its issuer.
47 If the cert is not self-signed, you must manually set this property before validating. */
48 @property (retain) MYCertificate* issuerCertificate;
50 /** Checks that the issuer's signature is valid and hasn't been tampered with.
51 If the certificate is root/self-signed, the subjectPublicKey is used to check the signature;
52 otherwise, the issuer property needs to have been set and its publicKey will be used. */
53 - (BOOL) validateSignature;
56 // Generating certificates:
58 /** Initializes a blank instance which can be used to create a new certificate.
59 The certificate will not contain anything yet other than the public key.
60 The desired attributes should be set, and then the -selfSignWithPrivateKey:error method called. */
61 - (id) initWithPublicKey: (MYPublicKey*)pubKey;
63 /** Has the certificate been signed yet? */
64 @property (readonly) BOOL isSigned;
66 /** Signs the certificate using the given private key, which must be the counterpart of the
67 public key stored in the certificate.
68 The subject attributes will be copied to the issuer attributes.
69 If no valid date range has been set yet, it will be set to a range of one year starting from
71 A unique serial number based on the current time will be set.
72 After this method returns successfully, access the certificateData property to get the
73 encoded certificate. */
74 - (BOOL) selfSignWithPrivateKey: (MYPrivateKey*)privateKey error: (NSError**)outError;
80 /** An X.509 Name structure, describing the subject or issuer of a certificate.
81 Changing a property value of an instance associated with an already-signed certificate will
82 raise an exception. */
83 @interface MYCertificateName : NSObject
89 /** The "common name" (nickname, whatever). */
90 @property (copy) NSString *commonName;
92 /** The given/first name. */
93 @property (copy) NSString *givenName;
95 /** The surname / last name / family name. */
96 @property (copy) NSString *surname;
99 @property (copy) NSString *nameDescription;
101 /** The raw email address. */
102 @property (copy) NSString *emailAddress;
104 /** Lower-level accessor that returns the value associated with the given OID. */
105 - (NSString*) stringForOID: (MYOID*)oid;
107 /** Lower-level accessor that sets the value associated with the given OID. */
108 - (void) setString: (NSString*)value forOID: (MYOID*)oid;