#import <MumbleKit/MKCertificate.h>
MKCertificate is a helper class for creating, reading and exporting X.509 certificates.
+ (MKCertificate *) certificateWithCertificate: |
|
(NSData *) |
cert |
privateKey: |
|
(NSData *) |
privkey |
|
|
| |
Returns a new MKCertificate object from the given certificate and private key.
- Parameters
-
cert | A DER-encoded X.509 certificate |
privkey | The private key corresponding to the certificate passed in via cert. |
- Returns
- A MKCertificate object with the given certificate data and optionally the given private key. Passing in a private key is mostly used in situations where one wants to export the certificate in another format (for example PKCS12).
+ (MKCertificate *) certificateWithPKCS12: |
|
(NSData *) |
pkcs12 |
password: |
|
(NSString *) |
password |
|
|
| |
Import a certificate from a PKCS12 file with the given password.
- Parameters
-
pkcs12 | A PKCS12-encoded certificate with a public and private keypair. |
password | The password to decode the given PKCS12-encoded file. May be nil if no password, or a blank password should be used for decoding the given PKCS12 data. |
- Returns
- A MKCertificate backed by the certificate and public and private keypair from the given PKCS12 data.
- (NSString *) commonName |
|
|
|
Returns the CN (Common Name) value of subject of the X.509 certificate.
- Returns
- An NSString with the Common Name.
Returns a SHA1 digest of the raw DER-data backing the certificate and the public key of the receiving MKCertificate object.
- Returns
- An NSData object that holds the calculated SHA1 digest.
- (NSData *) digestOfKind: |
|
(NSString *) |
digestKind |
|
Returns a digest of the given kind of the raw DER-data backing the certificate and the public key of the receiving MKCertificate object.
- Parameters
-
A | digest kind (currently supports "sha1" and @"sha256". |
- Returns
- An NSData object that holds the calculated digest.
- (NSString *) emailAddress |
|
|
|
Returns the first email address listed in the X.509 certificate. (This email is looked after in Subject Alt. Names.)
- Returns
- An NSString with the email address.
+ (NSData *) exportCertificateChainAsPKCS12: |
|
(NSArray *) |
chain |
withPassword: |
|
(NSString *) |
password |
|
|
| |
Export a chain of certificates presented an array of MKCertificate objects to a PKCS12 data blob. The PKCS12 blob will be encrypted and password protected with the given password.
The leaf certificate (which is the MKCertificate object at index 0) may have a private key. If this is the case, the private key will also be exported along with the public parts of the certificate.
Only the private key (if any) of the leaf certificate will be marshalled. The private keys of any other certificates in the chain will not.
- Parameters
-
chain | An NSArray of MKCertificate objects to be exported. |
password | The password needed to decode the generated PKCS12 blob. |
- Returns
- Returns an NSData object that holds the PKCS12 encoded version of the passed-in certificate chain.
- (NSData *) exportPKCS12WithPassword: |
|
(NSString *) |
password |
|
Export a MKCertificate object to a PKCS12 data blob using the given password. The method will export both the certificate and its corresponding private key (if available) to the PKCS12 data blob.
Invoking this method is equivalent to calling the class method exportCertificateChainAsPKCS12:withPassword: with a lone MKCertificate in the chain array.
- Parameters
-
password | The password needed to decode the generated PKCS12 blob. |
- Returns
- Returns a NSData object that holds the PKCS12 encoded version of the receiver MKCertificate's certificate, public key and (if available) private key.
Determine whether the certificate has a certificate (and public key)
- Returns
- Returns YES if the MKCertificate object has a certificate and public key. Otherwise, returns NO.
Determine whether the MKCertficiate object has private key data.
- Returns
- Returns YES if the MKCertificate object has a private key. Otherwise, returns NO.
Returns a hex-encoded SHA1 digest of the raw DER-data backing the certifiate and the public key of the receiving MKCertificate object.
- Returns
- A NSString with the (lowercase) hex-encoded SHA1 digest.
- (NSString *) hexDigestOfKind: |
|
(NSString *) |
digestKind |
|
Returns a hex-encoded digest of the given kind of the raw DER-data backing the certificate and the public key of the receiving MKCertificate object.
- Returns
- A NSString with the (lowercase) hex-encoded digest.
Checks whether the signature of the receiver certificate is signed by the parentCert certificate.
- Parameters
-
parentCert | A certificate that might have signed the receiver certificate. |
- Returns
- YES if a valid signature was found, otherwise returns NO.
- (NSString *) issuerItem: |
|
(NSString *) |
item |
|
The issuerItem: method is used to directly access the issuer items of the X.509 certificate.
- Parameters
-
item | An X.509 subject item key (CN, O, C, etc.) (See the 'MKCertificate accessor items' section for a list of pre-defined symbolic values for the item keys) |
- Returns
- The value of the looked-up issuer item. Returns nil if the issuer item was not found.
- (NSString *) issuerName |
|
|
|
Returns the name of the body that issued the X.509 certificate.
- Returns
- An NSString with the issuer name.
- (BOOL) isValidOnDate: |
|
(NSDate *) |
date |
|
Checks whether the signature of the receiver certificate is valid on the given date.
- Parameters
-
date | The date that is checked against the certificate's notBefore and notAfter dates. |
- Returns
- YES is the certificate is valid on the given date, otherwise returns NO.
Returns the Not After date of the X.509 certificate. This date expresses the moment at which the certificate stops being deemed valid. Note that a X.509 certificates can also be revoked, so the Not After date is not an authoritative method of determining certificate validity.
- Returns
- An NSDate object with the Not After date.
Returns the Not Before date of the X.509 certificate. This determines the date from which the certificate is deemed valid.
- Returns
- An NSDate object with the Not Before date.
+ (MKCertificate *) selfSignedCertificateWithName: |
|
(NSString *) |
name |
email: |
|
(NSString *) |
email |
|
|
| |
Generate a self-signed MKCertificate object using the given name and email address. This generates a public and private keypair, and uses that key pair to create a self- signed X.509 certificate that is compatible with Mumble.
- Parameters
-
name | The name to be used when creating the certificate. This becomes the Subject Name of the X.509 certificate. |
email | The email address to embed in the certificate. This value may be nil if no email address should be included in the generated X.509 certificate. |
- Returns
- A MKCertificate that backs a self-signed X.509 certificate backed by a random public and private keypair.
+ (MKCertificate *) selfSignedCertificateWithName: |
|
(NSString *) |
name |
email: |
|
(NSString *) |
email |
rsaKeyPair: |
|
(MKRSAKeyPair *) |
keyPair |
|
|
| |
Generate a self-signed MKCertificate object using the given name and email address. This method optionally takes a MKRSAKeyPair which it will use for the certificate it generates.
- Parameters
-
name | The name to be used when creating the certificate. This becomes the Subject Name of the X.509 certificate. |
email | The email address to embed in the certificate. This value may be nil if no email address should be included in the generated X.509 certificate. |
keyPair | An optional MKRSAKeyPair to use instead of generating a new key pair. If nil is passed for this parameter, the method will generate its own keypair (by default: 2048 bits). |
- Returns
- A MKCertificate that backs a self-signed X.509 certificate backed by a random public and private keypair.
- (NSString *) subjectItem: |
|
(NSString *) |
item |
|
The subjectItem: method is used to directly access the subject items of the X.509 certificate.
- Parameters
-
item | An X.509 issuer item key (CN, O, C, etc.) (See the 'MKCertificate accessor items' section for a list of pre-defined symbolic values for the item keys) |
- Returns
- The value of the looked-up subject item. Returns nil if the subject item was not found.
- (NSString *) subjectName |
|
|
|
Returns the subject name of the X.509 certificate. This can either be a common name, or an email address, depending on the certificate.
- Returns
- An NSString representing the subject name.
The documentation for this class was generated from the following file:
- /Users/mkrautz/Documents/mumble-iphoneos/MumbleKit/src/MumbleKit/MKCertificate.h