Whew! MYParsedCertificate can now generate certs from scratch. Also added improvements and fixes to the BER/DER codecs.
2 // MYParsedCertificate.h
5 // Created by Jens Alfke on 6/2/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import <Foundation/Foundation.h>
10 @class MYCertificate, MYPublicKey, MYPrivateKey, MYOID;
12 /** A parsed X.509 certificate. Can be used to get more info about an existing cert,
13 or to modify a self-signed cert and regenerate it. */
14 @interface MYParsedCertificate : NSObject
19 MYCertificate *_issuer;
22 /** Initializes an instance by parsing an existing X.509 certificate's data. */
23 - (id) initWithCertificateData: (NSData*)data error: (NSError**)outError;
25 /** The raw data of the certificate. */
26 @property (readonly) NSData* certificateData;
28 /** The date/time at which the certificate first becomes valid. */
29 @property (retain) NSDate *validFrom;
31 /** The date/time at which the certificate expires. */
32 @property (retain) NSDate *validTo;
34 /** The "common name" (nickname, whatever) of the subject/owner of the certificate. */
35 @property (copy) NSString *commonName;
37 /** The given/first name of the subject/owner of the certificate. */
38 @property (copy) NSString *givenName;
40 /** The surname / last name / family name of the subject/owner of the certificate. */
41 @property (copy) NSString *surname;
43 /** A description of the subject/owner of the certificate. */
44 @property (copy) NSString *description;
46 /** The raw email address of the subject of the certificate. */
47 @property (copy) NSString *emailAddress;
49 /** The public key of the subject of the certificate. */
50 @property (readonly) MYPublicKey *subjectPublicKey;
52 /** Returns YES if the issuer is the same as the subject. (Aka a "self-signed" certificate.) */
53 @property (readonly) BOOL isRoot;
55 /** Associates the certificate to its issuer.
56 If the cert is not self-signed, you must manually set this property before validating. */
57 @property (retain) MYCertificate* issuer;
59 /** Checks that the issuer's signature is valid and hasn't been tampered with.
60 If the certificate is root/self-signed, the subjectPublicKey is used to check the signature;
61 otherwise, the issuer property needs to have been set and its publicKey will be used. */
62 - (BOOL) validateSignature;
65 // Generating certificates:
67 /** Initializes a blank instance which can be used to create a new certificate.
68 The certificate will not contain anything yet other than the public key.
69 The desired attributes should be set, and then the -selfSignWithPrivateKey:error method called. */
70 - (id) initWithPublicKey: (MYPublicKey*)pubKey;
72 /** Has the certificate been signed yet? */
73 @property (readonly) BOOL isSigned;
75 /** Signs the certificate using the given private key, which must be the counterpart of the
76 public key stored in the certificate.
77 The subject attributes will be copied to the issuer attributes.
78 If no valid date range has been set yet, it will be set to a range of one year starting from
80 A unique serial number based on the current time will be set.
81 After this method returns successfully, access the certificateData property to get the
82 encoded certificate. */
83 - (BOOL) selfSignWithPrivateKey: (MYPrivateKey*)privateKey error: (NSError**)outError;