X509Certificate Class Reference

Inheritance diagram for X509Certificate:

Inheritance graph
[legend]
Collaboration diagram for X509Certificate:

Collaboration graph
[legend]
List of all members.

Detailed Description

This class is the basic class representing all of the certificates on the card. It set's all of the Cryptoki attributes that are known the exist at the X509 Certificate level.


Public Member Functions

virtual ~X509Certificate (void)
 X509Certificate (unsigned char *dataToSearch, int dataLen)
 X509Certificate (const char *certPath)
string getOid ()
string getSerialNumber ()
virtual const char * getDescription ()=0
virtual CK_OBJECT_CLASS getClass ()

Protected Member Functions

 X509Certificate (const char *oid, const char *desc, Token *thisToken, Session *session)

Protected Attributes

Key * privKey
X509 * myData
int cka_id

Static Protected Attributes

CK_KEY_TYPE CERT_TYPE = CKC_X_509
CK_OBJECT_CLASS CLASS = CKO_CERTIFICATE
int _CKA_ID = 1


Constructor & Destructor Documentation

X509Certificate::~X509Certificate void   )  [virtual]
 

Cleans up private members

X509Certificate::X509Certificate unsigned char *  dataToSearch,
int  dataLen
 

This constructor attempts to create 'this' object based on dataToSearch. Because the start position of the X509 object from the card has not shown itself to be in the same position everytime the byte stream is scanned and the X509 data is 'aligned'

X509Certificate::X509Certificate const char *  certPath  ) 
 

Lods this X509 cert from a file path #

Parameters:
certPath the path to the file to load

X509Certificate::X509Certificate const char *  oid,
const char *  desc,
Token *  thisToken,
Session *  session
[protected]
 

Constructs this object from subclasses. The oid is essential to loading the object from the card. Any failure to load the card results in a Pkcs11Exception

Parameters:
oid the oid for this object on the card
thisToken the token with which this object exists within. This certificate will add itself to the available objects on the token and pass the token handle to the public and private key objects so they may do the same
session contains an active session to the card so the data can be read and thus this object created


Member Function Documentation

string X509Certificate::getOid  )  [virtual]
 

In order to access an object on the card you must have the OID. As a result, it is required by all subclasses.

Returns:
a dotted decimal OID

Implements PivObject.

string X509Certificate::getSerialNumber  ) 
 

Returns:
returns the serialNumber from the certificate on the card.

virtual const char* X509Certificate::getDescription  )  [pure virtual]
 

returns the description of this certificate -- distinguishing it from other X509 instances

Implements CryptoObject.

Implemented in X509ForCardAuth, X509ForDigitalSig, X509ForKeyMan, and X509ForPivAuth.

CK_OBJECT_CLASS X509Certificate::getClass  )  [virtual]
 

returns the object class type as defined by Cryptoki. In the case it's CKO_CERTIFICATE

Returns:
CKO_CERTIFICATE;

Reimplemented from GenericCryptoObject.


Member Data Documentation

CK_KEY_TYPE X509Certificate::CERT_TYPE = CKC_X_509 [static, protected]
 

a constant defining our certType for Cryptoki which is always CKC_X_509

CK_OBJECT_CLASS X509Certificate::CLASS = CKO_CERTIFICATE [static, protected]
 

a constant defining our class type for Cryptoki. This is always CKO_CERTIFICATE

Key* X509Certificate::privKey [protected]
 

a handle to the private key. Hey, you never know if you're gonna need it

X509* X509Certificate::myData [protected]
 

a handle to the X509 data structure as represented on the card. It IS the model behind 'this' object

int X509Certificate::_CKA_ID = 1 [static, protected]
 

Cryptoki doesn't require, but strongly recommends, that you have a CKA_ID that can tie a pubkey/privkey/X509 cert together, while still allowing for a serial number that may nor may not be the same In our case, we do implement it, and I have thought about making it equal to the serial number for consistency sake. But I never got around to it. This object is incremented with every construction. Think of it as a unique id that ties the 3 parts of the cert together

int X509Certificate::cka_id [protected]
 

The member value of the CKA_ID. This is the one that will be saved as an attribute


Generated on Fri Jan 12 15:48:46 2007 for NIST_PKCS11 by doxygen 1.3.1 using KingsTools