Seed7 Library: X.509

X.509

Constant Summary

certAndKey

stdCertificate
	Self signed X509 certificate.

certAndKey

stdEccCertificate
	Self signed X509 certificate.

Function Summary

x509Cert

getX509Cert (in string: asn1)
	Read a X.509 public key certificate from stri.

boolean

validateSignature (in x509Cert: cert, in subjectPublicKeyInfoType: publicKey)
	Validate the signature of a X.509 certificate cert with publicKey.

x509Cert

createX509Cert (in rsaKey: publicRsaKey, in bigInteger: serialNumber, in x509Name: issuer, in x509Name: subject, in x509Validity: validity)
	Create a X509 certificate that can be used for signing by the issuer.

x509Cert

createX509Cert (in rsaKey: publicRsaKey, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)
	Create a X509 certificate that can be used for self signing.

x509Cert

createX509Cert (in ellipticCurve: curve, in ecPoint: publicEccKey, in bigInteger: serialNumber, in x509Name: issuer, in x509Name: subject, in x509Validity: validity)
	Create a X509 certificate that can is signed by the issuer.

x509Cert

createX509Cert (in ellipticCurve: curve, in ecPoint: publicEccKey, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)
	Create a X509 certificate that can be used for self signing.

x509Extension

x509KeyUsage (in bitset: keyUsage)
	Create a KeyUsage X509 certificate extension from a bitset.

x509Extension

x509BasicConstraints (in integer: pathLenConstraint)
	Create a BasicConstraints X509 certificate extension from a path length.

x509Extension

x509BasicConstraints (in boolean: cA)
	Create a BasicConstraints X509 certificate extension from a cA flag.

void

addExtension (inout x509Cert: cert, in boolean: isCritical, in var x509Extension: extension)
	Add the given extension to the X509 certificate cert.

certAndKey

selfSignedX509Cert (in rsaKeyPair: keyPair, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)
	Create a self signed X509 certificate from a RSA key pair.

certAndKey

selfSignedX509Cert (in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit)
	Create a self signed X509 certificate.

certAndKey

selfSignedX509Cert (in eccKeyPair: keyPair, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)
	Create a self signed X509 certificate from an ECC key pair.

Constant Detail

stdCertificate

const certAndKey: stdCertificate

Self signed X509 certificate.

stdEccCertificate

const certAndKey: stdEccCertificate

Self signed X509 certificate.

Function Detail

getX509Cert

const func x509Cert: getX509Cert (in string: asn1)

Read a X.509 public key certificate from stri.

Returns:: the X.509 public key certificate.

validateSignature

const func boolean: validateSignature (in x509Cert: cert, in subjectPublicKeyInfoType: publicKey)

Validate the signature of a X.509 certificate cert with publicKey.

Returns:: TRUE if the certificate can be validated, FALSE otherwise.

createX509Cert

const func x509Cert: createX509Cert (in rsaKey: publicRsaKey, in bigInteger: serialNumber, in x509Name: issuer, in x509Name: subject, in x509Validity: validity)

Create a X509 certificate that can be used for signing by the issuer.

Parameters:: publicRsaKey - Public RSA key to be entered to the certificate.; serialNumber - Serial number of certificate.; issuer - Common name, country, locality, organization, etc. of issuer.; subject - Common name, country, locality, organization, etc. of subject.; validity - Validity of the certificate.

createX509Cert

const func x509Cert: createX509Cert (in rsaKey: publicRsaKey, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)

Create a X509 certificate that can be used for self signing.

Parameters:: publicRsaKey - Public RSA key to be entered to the certificate.; serialNumber - Serial number of certificate.; commonName - Common name of issuer and subject.; country - Country of issuer and subject (e.g. "AT" for Austria).; locality - Locality of issuer and subject (e.g. "Vienna").; organization - Organization of issuer and subject.; organizationUnit - Organization unit of issuer and subject.; validity - Validity of the certificate.

createX509Cert

const func x509Cert: createX509Cert (in ellipticCurve: curve, in ecPoint: publicEccKey, in bigInteger: serialNumber, in x509Name: issuer, in x509Name: subject, in x509Validity: validity)

Create a X509 certificate that can is signed by the issuer.

Parameters:: curve - Elliptic curve used for the cryptographie.; publicEccKey - Public ECC key to be entered to the certificate.; serialNumber - Serial number of certificate.; issuer - Common name, country, locality, organization, etc. of issuer.; subject - Common name, country, locality, organization, etc. of subject.; validity - Validity of the certificate.

createX509Cert

const func x509Cert: createX509Cert (in ellipticCurve: curve, in ecPoint: publicEccKey, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)

Create a X509 certificate that can be used for self signing.

Parameters:: curve - Elliptic curve used for the cryptographie.; publicEccKey - Public ECC key to be entered to the certificate.; serialNumber - Serial number of certificate.; commonName - Common name of issuer and subject.; country - Country of issuer and subject (e.g. "AT" for Austria).; locality - Locality of issuer and subject (e.g. "Vienna").; organization - Organization of issuer and subject.; organizationUnit - Organization unit of issuer and subject.; validity - Validity of the certificate.

x509KeyUsage

const func x509Extension: x509KeyUsage (in bitset: keyUsage)

Create a KeyUsage X509 certificate extension from a bitset. Elements in the bitset can be KEY_USAGE_DIGITAL_SIGNATURE, KEY_USAGE_NON_REPUDIATION, KEY_USAGE_KEY_ENCIPHERMENT, KEY_USAGE_DATA_ENCIPHERMENT, KEY_USAGE_KEY_AGREEMENT, KEY_USAGE_KEY_CERT_SIGN, KEY_USAGE_CRL_SIGN, KEY_USAGE_ENCIPHER_ONLY and KEY_USAGE_DECIPHER_ONLY.

Parameters:: keyUsage - Set of allowed key usages.

x509BasicConstraints

const func x509Extension: x509BasicConstraints (in integer: pathLenConstraint)

Create a BasicConstraints X509 certificate extension from a path length. The cA flag of this BasicConstraints extension is set to TRUE.

Parameters:: pathLenConstraint - Given path length constraint.

x509BasicConstraints

const func x509Extension: x509BasicConstraints (in boolean: cA)

Create a BasicConstraints X509 certificate extension from a cA flag.

Parameters:: cA - Frag to be set in the constraint.

addExtension

const proc: addExtension (inout x509Cert: cert, in boolean: isCritical, in var x509Extension: extension)

Add the given extension to the X509 certificate cert. The extension field is added to the standard extensions tag (tag 3).

cert := createX509Cert(subjectKey, serial, issuer, subject, validity);
addExtension(cert, TRUE, x509BasicConstraints(0));
addExtension(cert, TRUE,
             x509KeyUsage({KEY_USAGE_CRL_SIGN, KEY_USAGE_KEY_CERT_SIGN}));

Parameters:: cert - Certificat to which the extension is added.; isCritical - TRUE if the extension is critical, FALSE otherwise.; extension - The extension to be added.

selfSignedX509Cert

const func certAndKey: selfSignedX509Cert (in rsaKeyPair: keyPair, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)

Create a self signed X509 certificate from a RSA key pair.

Parameters:: keyPair - Public and private RSA keys.; serialNumber - Serial number of certificate.; commonName - Common name of issuer and subject.; country - Country of issuer and subject (e.g. "AT" for Austria).; locality - Locality of issuer and subject (e.g. "Vienna").; organization - Organization of issuer and subject.; organizationUnit - Organization unit of issuer and subject.

selfSignedX509Cert

const func certAndKey: selfSignedX509Cert (in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit)

Create a self signed X509 certificate.

Parameters:: commonName - Common name of issuer and subject.; country - Country of issuer and subject (e.g. "AT" for Austria).; locality - Locality of issuer and subject (e.g. "Vienna").; organization - Organization of issuer and subject.; organizationUnit - Organization unit of issuer and subject.

selfSignedX509Cert

const func certAndKey: selfSignedX509Cert (in eccKeyPair: keyPair, in bigInteger: serialNumber, in string: commonName, in string: country, in string: locality, in string: organization, in string: organizationUnit, in x509Validity: validity)

Create a self signed X509 certificate from an ECC key pair.

Parameters:: keyPair - Public and private RSA keys.; serialNumber - Serial number of certificate.; commonName - Common name of issuer and subject.; country - Country of issuer and subject (e.g. "AT" for Austria).; locality - Locality of issuer and subject (e.g. "Vienna").; organization - Organization of issuer and subject.; organizationUnit - Organization unit of issuer and subject.