WvCRLMgr Class Reference

#include <wvcrl.h>

List of all members.


Detailed Description

CRL Class to handle certificates and their related functions.

Definition at line 28 of file wvcrl.h.


Public Types

enum  DumpMode { PEM = 0, DER, TEXT }
 Type for the encode() and decode() methods: CRLPEM = PEM Encoded X.509 CRL CRLDER = DER Encoded X.509 CRL returned in Base64 TEXT = Decoded Human readable format. More...
enum  Valid {
  CRLERROR = -1, VALID, NOT_THIS_CA, NO_VALID_SIGNATURE,
  BEFORE_VALID, AFTER_VALID, REVOKED
}
 Type for validate() method: ERROR = there was an error that happened. More...

Public Member Functions

 WvCRLMgr (X509_CRL *_crl=NULL)
 Initialize a blank CRL Object.
virtual ~WvCRLMgr ()
 Destructor.
X509_CRL * getcrl ()
 Accessor for CRL.
WvString hexify ()
 Given the CRL object crl, return a hexified string useful in a WvConf or UniConf file.
Valid validate (WvX509Mgr *cert)
 Function to verify the validity of a certificate given by cert.
bool signedbyCAindir (WvStringParm certdir)
 Check the CRL in crl against the CA certificates in certdir - returns true if crl was signed by one of the CA certificates.
bool signedbyCAinfile (WvStringParm certfile)
 Check the CRL in crl against the CA certificate in certfile
  • returns true if crl was signed by that CA certificate.

bool signedbyCA (WvX509Mgr *cert)
 Check the CRL in crl against the CA certificate in cacert
  • returns true if CRL was signed by that CA certificate.

bool isok ()
 Do we have any errors.
void setca (WvX509Mgr *cacert)
 Set the CA for this CRL.
WvString encode (const DumpMode mode)
 Return the information requested by mode as a WvString.
void decode (const DumpMode mode, WvStringParm PemEncoded)
 Load the information from the format requested by mode into the class - this overwrites the certificate, and possibly the key - and to enable two stage loading (the certificate first, then the key), it DOES NOT call test() - that will be up to the programmer.
WvString get_issuer ()
 Return the CRL Issuer (usually the CA who signed the certificate).
bool isrevoked (WvX509Mgr *cert)
 Is the certificate in cert revoked?
bool isrevoked (WvStringParm serial_number)
int numcerts ()
 How many certificates in the CRL?
void addcert (WvX509Mgr *cert)
 Add the certificate in cert to the CRL.

Public Attributes

WvError err
 Where errors go when they happen.

Member Enumeration Documentation

enum WvCRLMgr::DumpMode

Type for the encode() and decode() methods: CRLPEM = PEM Encoded X.509 CRL CRLDER = DER Encoded X.509 CRL returned in Base64 TEXT = Decoded Human readable format.

Enumerator:
PEM 
DER 
TEXT 

Definition at line 42 of file wvcrl.h.

enum WvCRLMgr::Valid

Type for validate() method: ERROR = there was an error that happened.

VALID = the certificate is valid NOT_THIS_CA = the certificate is not signed by this CA NO_VALID_SIGNATURE = the certificate claims to be signed by this CA (Issuer is the same), but the signature is invalid. BEFORE_VALID = the certificate has not become valid yet AFTER_VALID = the certificate is past it's validity period REVOKED = the certificate has been revoked (it's serial number is in this CRL)

Enumerator:
CRLERROR 
VALID 
NOT_THIS_CA 
NO_VALID_SIGNATURE 
BEFORE_VALID 
AFTER_VALID 
REVOKED 

Definition at line 56 of file wvcrl.h.


Constructor & Destructor Documentation

WvCRLMgr::WvCRLMgr ( X509_CRL *  _crl = NULL  ) 

Initialize a blank CRL Object.

This either initializes a completely empty object, or takes a pre-allocated _crl - takes ownership.

Definition at line 15 of file wvcrl.cc.

References err, WvErrorBase::noerr(), and WvErrorBase::seterr().


Member Function Documentation

WvCRLMgr::Valid WvCRLMgr::validate ( WvX509Mgr cert  ) 

Function to verify the validity of a certificate given by cert.

This function checks three things: 1: That the certificate has been issued by the same CA that has signed this CRL. 2: That the certificate is within it's validity range 3: That the certificate isn't in the CRL.

Definition at line 53 of file wvcrl.cc.

References AFTER_VALID, BEFORE_VALID, CRLERROR, WvX509Mgr::get_cert(), WvX509Mgr::get_issuer(), WvX509Mgr::get_subject(), isrevoked(), NO_VALID_SIGNATURE, NOT_THIS_CA, REVOKED, signedbyCA(), and VALID.

bool WvCRLMgr::isok (  )  [inline]

Do we have any errors.

.. convenience function..

Definition at line 124 of file wvcrl.h.

References err, and WvErrorBase::isok().

void WvCRLMgr::setca ( WvX509Mgr cacert  ) 

Set the CA for this CRL.

..

Definition at line 98 of file wvcrl.cc.

References WvX509Mgr::get_issuer().

Referenced by WvX509Mgr::signcrl().


The documentation for this class was generated from the following files:
Generated on Fri Oct 5 18:20:36 2007 for WvStreams by  doxygen 1.5.3