x509 Package

class X509Certificate

public class X509Certificate <: Equatable<X509Certificate> & Hashable & ToString {
    public init(
        certificateInfo: X509CertificateInfo,
        parent!: X509Certificate,
        publicKey!: PublicKey,
        privateKey!: PrivateKey,
        signatureAlgorithm!: ?SignatureAlgorithm = None
    )

    public func encodeToDer(): DerBlob
    public func encodeToPem(): PemEntry
    public static func decodeFromDer(der: DerBlob): X509Certificate
    public static func decodeFromPem(pem: String): Array<X509Certificate>
    public static func systemRootCerts(): Array<X509Certificate>

    public prop serialNumber: SerialNumber
    public prop signatureAlgorithm: SignatureAlgorithm
    public prop signature: Signature
    public prop issuer: X509Name
    public prop subject: X509Name
    public prop notBefore: DateTime
    public prop notAfter: DateTime
    public prop publicKeyAlgorithm: PublicKeyAlgorithm
    public prop publicKey: PublicKey
    public prop dnsNames: Array<String>
    public prop emailAddresses: Array<String>
    public prop IPAddresses: Array<IP>
    public prop keyUsage: KeyUsage
    public prop extKeyUsage: ExtKeyUsage

    public func verify(verifyOption: VerifyOption): Bool

    public override func toString(): String
    public override operator func ==(other: X509Certificate): Bool
    public override operator func !=(other: X509Certificate): Bool
    public override func hashCode(): Int64
}

Description: The x509 digital certificate is a digital certificate used for encrypted communication. It is one of the core components of the public key infrastructure (PKI). An x509 digital certificate contains the public key and identity information of an entity. It is used to verify the identity of the entity and ensure communication security.

Parent Type:

• Equatable<X509Certificate>
• Hashable
• ToString

prop dnsNames

public prop dnsNames: Array<String>

Description: Parses the domain name in the alternative name of a digital certificate.

Type: Array<String>

prop emailAddresses

public prop emailAddresses: Array<String>

Description: Parses the email address in the alternative name of a digital certificate.

Type: Array<String>

prop extKeyUsage

public prop extKeyUsage: ExtKeyUsage

Description: Parses the usage of the extended key in a digital certificate.

Type: ExtKeyUsage

prop issuer

public prop issuer: X509Name

Description: Parses the issuer information in a digital certificate.

Type: X509Name

prop IPAddresses

public prop IPAddresses: Array<IP>

Description: Parses the IP address in the alternative name of a digital certificate.

Type: Array<IP>

prop keyUsage

public prop keyUsage: KeyUsage

Description: Parses the usage of a key in a digital certificate.

Type: KeyUsage

prop notAfter

public prop notAfter: DateTime

Description: Parses the expiration time of a digital certificate.

Type: DateTime

prop notBefore

public prop notBefore: DateTime

Description: Parses the effective time of a digital certificate.

Type: DateTime

prop publicKey

public prop publicKey: PublicKey

Description: Parses the public key of a digital certificate.

Type: PublicKey

prop publicKeyAlgorithm

public prop publicKeyAlgorithm: PublicKeyAlgorithm

Description: Parses the public key algorithm of a digital certificate.

Type: PublicKeyAlgorithm

prop serialNumber

public prop serialNumber: SerialNumber

Description: Parses the sequence number of a digital certificate.

Type: SerialNumber

prop signature

public prop signature: Signature

Description: Parses the signature of a digital certificate.

Type: Signature

prop signatureAlgorithm

public prop signatureAlgorithm: SignatureAlgorithm

Description: Parses the signature algorithm of a digital certificate.

Type: SignatureAlgorithm

prop subject

public prop subject: X509Name

Description: Parses the user information in a digital certificate.

Type: X509Name

init(X509CertificateInfo, X509Certificate, PublicKey, PrivateKey, ?SignatureAlgorithm)

public init(
    certificateInfo: X509CertificateInfo,
    parent!: X509Certificate,
    publicKey!: PublicKey,
    privateKey!: PrivateKey,
    signatureAlgorithm!: ?SignatureAlgorithm = None
)

Description: Creates a digital certificate object.

Parameters:

• certificateInfo: X509CertificateInfo: digital certificate configuration information
• parent!: X509Certificate: issuer certificate
• publicKey!: PublicKey: applicant public key. Only public keys of RSA, ECDSA, and DSA are supported.
• privateKey!: PrivateKey: issuer private key. Only private keys of RSA, ECDSA, and DSA are supported.
• signatureAlgorithm!: ?SignatureAlgorithm: certificate signature algorithm; default value: None. When the default value is used, the default digest type is SHA256.

Throws:

• X509Exception](./x509_package_exceptions.md#class-x509exception): When the public or private key type is not supported, the private key type does not match the private key type in the certificate signature algorithm, or the digital certificate information fails to be set, this exception is thrown.

static func decodeFromDer(DerBlob)

public static func decodeFromDer(der: DerBlob): X509Certificate

Description: Decodes a digital certificate in DER format.

Parameters:

• der: DerBlob: binary data in DER format

Returns:

• X509Certificate: digital certificate decoded from the DER format

Throws:

• X509Exception: When the data is empty or the data is not in valid digital certificate DER format, this exception is thrown.

static func decodeFromPem(String)

public static func decodeFromPem(pem: String): Array<X509Certificate>

Description: Decodes a digital certificate from the PEM format.

Parameters:

• pem: String: digital certificate character stream in PEM format

Returns:

• Array<X509Certificate>: digital certificate array decoded from the PEM format

Throws:

• X509Exception: When the character stream does not comply with the PEM format or the file header does not comply with the digital certificate header standard, this exception is thrown.

func encodeToDer()

public func encodeToDer(): DerBlob

Description: Encodes a digital certificate into the DER format.

Returns:

• DerBlob: encoded digital certificate in DER format

func encodeToPem()

public func encodeToPem(): PemEntry

Description: Encodes a digital certificate into the PEM format.

Returns:

• PemEntry: encoded digital certificate in PEM format

func hashCode()

public override func hashCode(): Int64

Description: Returns the hash value of a certificate.

Returns:

• Int64: result obtained after hash calculation is performed on a certificate object

static func systemRootCerts()

public static func systemRootCerts(): Array<X509Certificate>

Description: Returns the root certificate of the operating system. Linux, MacOS, and Windows are supported.

Returns:

• Array<X509Certificate>: root certificate chain of the operating system

func toString()

public override func toString(): String

Description: Generates a certificate name string, which contains the user, validity period, and issuer information of the certificate.

Returns:

• String: certificate name string

func verify(VerifyOption)

public func verify(verifyOption: VerifyOption): Bool

Description: Verifies the validity of the current certificate according to the verification option.

Verification priority:

1. Preferentially verify the validity period.
2. (Optional) Verify the DNS domain name.
3. Verifies the validity of the certificate according to the root and intermediate certificates.

Parameters:

• verifyOption: VerifyOption: certificate verification option

Returns:

• Bool: If the certificate is valid, true is returned. Otherwise, false is returned.

Throws:

• X509Exception: When the verification fails, for example, an internal error such as memory allocation exception, this exception is thrown.

operator func !=(X509Certificate)

public override operator func !=(other: X509Certificate): Bool

Description: Checks whether two certificates are different.

Parameters:

• other: X509Certificate: certificate to be compared

Returns:

• Bool: If the certificates are different, true is returned. Otherwise, false is returned.

operator func ==(X509Certificate)

public override operator func ==(other: X509Certificate): Bool

Description: Checks whether two certificates are the same.

Parameters:

• other: X509Certificate: certificate to be compared

Returns:

• Bool: If the certificates are the same, true is returned. Otherwise, false is returned.

class X509CertificateRequest

public class X509CertificateRequest <: Hashable & ToString {
    public init(
        privateKey: PrivateKey,
        certificateRequestInfo!: ?X509CertificateRequestInfo = None,
        signatureAlgorithm!: ?SignatureAlgorithm = None
    )
    public func encodeToDer(): DerBlob
    public func encodeToPem(): PemEntry
    public static func decodeFromDer(der: DerBlob): X509CertificateRequest
    public static func decodeFromPem(pem: String): Array<X509CertificateRequest>
    public prop signatureAlgorithm: SignatureAlgorithm
    public prop signature: Signature
    public prop publicKeyAlgorithm: PublicKeyAlgorithm
    public prop publicKey: PublicKey
    public prop subject: X509Name
    public prop dnsNames: Array<String>
    public prop emailAddresses: Array<String>
    public prop IPAddresses: Array<IP>
    public override func toString(): String
    public override func hashCode(): Int64
}

Description: Indicates the digital certificate signature request.

Parent Type:

• Hashable
• ToString

prop IPAddresses

public prop IPAddresses: Array<IP>

Description: Parses the IP address in the alternative name of a digital certificate signature request.

Type: Array<IP>

prop dnsNames

public prop dnsNames: Array<String>

Description: Parses the domain name in the alternative name of a digital certificate signature request.

Type: Array<String>

prop emailAddresses

public prop emailAddresses: Array<String>

Description: Parses the email address in the alternative name of a digital certificate signature request.

Type: Array<String>

prop publicKey

public prop publicKey: PublicKey

Description: Parses the public key in a digital certificate signature request.

Type: PublicKey

prop publicKeyAlgorithm

public prop publicKeyAlgorithm: PublicKeyAlgorithm

Description: Parses the public key algorithm in a digital certificate signature request.

Type: PublicKeyAlgorithm

prop signature

public prop signature: Signature

Description: Parses the signature in a digital certificate signature request.

Type: Signature

prop signatureAlgorithm

public prop signatureAlgorithm: SignatureAlgorithm

Description: Parses the signature algorithm in a digital certificate signature request.

Type: SignatureAlgorithm

prop subject

public prop subject: X509Name

Description: Parses the user information in a digital certificate signature request.

Type: X509Name

init(PrivateKey, ?X509CertificateRequestInfo, ?SignatureAlgorithm)

public init(
    privateKey: PrivateKey,
    certificateRequestInfo!: ?X509CertificateRequestInfo = None,
    signatureAlgorithm!: ?SignatureAlgorithm = None
)

Description: Creates a digital certificate signature request object.

Parameters:

• privateKey!: PrivateKey: private key. Only private keys of RSA, ECDSA, and DSA are supported.
• certificateRequestInfo!: ?X509CertificateRequestInfo: digital certificate signature; default value: None
• signatureAlgorithm!: ?SignatureAlgorithm: certificate signature algorithm; default value: None. When the default value is used, the default digest type is SHA256.

Throws:

• X509Exception: When the private key type is not supported, the private key type does not match the private key type in the certificate signature algorithm, or the digital certificate signature information fails to be set, this exception is thrown.

static func decodeFromDer(DerBlob)

public static func decodeFromDer(der: DerBlob): X509CertificateRequest

Description: Decodes a digital certificate signature request in DER format.

Parameters:

• der: DerBlob: binary data in DER format

Returns:

• X509CertificateRequest: digital certificate signature request decoded from the DER format

Throws:

• X509Exception: When the data is empty or the data is not in valid digital certificate signature request DER format, this exception is thrown.

static func decodeFromPem(String)

public static func decodeFromPem(pem: String): Array<X509CertificateRequest>

Description: Decodes a digital certificate signature request from the PEM format.

Parameters:

• pem: String: digital certificate signature request character stream in PEM format

Returns:

• Array<X509CertificateRequest>: digital certificate signature request array decoded from the PEM format

Throws:

• X509Exception: When the character stream does not comply with the PEM format or the file header does not comply with the digital certificate signature request header standard, this exception is thrown.

func encodeToDer()

public func encodeToDer(): DerBlob

Description: Encodes a digital certificate signature request into the DER format.

Returns:

• DerBlob: encoded digital certificate signature request in DER format

func encodeToPem()

public func encodeToPem(): PemEntry

Description: Encodes a digital certificate signature request into the PEM format.

Returns:

• PemEntry: encoded digital certificate signature request in PEM format

func hashCode()

public override func hashCode(): Int64

Description: Returns the hash value of a certificate signature request.

Returns:

• Int64: result obtained after hash calculation is performed on a certificate signature request object

func toString()

public override func toString(): String

Description: Generates a certificate signature request name string, which contains the user information of the certificate signature request.

Returns:

• String: certificate signature request name string

class X509Name

public class X509Name <: ToString {
    public init(
        countryName!: ?String = None,
        provinceName!: ?String = None,
        localityName!: ?String = None,
        organizationName!: ?String = None,
        organizationalUnitName!: ?String = None,
        commonName!: ?String = None,
        email!: ?String = None
    )
    public prop countryName: ?String
    public prop provinceName: ?String
    public prop localityName: ?String
    public prop organizationName: ?String
    public prop organizationalUnitName: ?String
    public prop commonName: ?String
    public prop email: ?String
    public override func toString(): String
}

Description: The recognizable name (Distinguished Name) of a certificate entity is an important part of a digital certificate. It ensures the authenticity and credibility of the identity of the certificate holder and is an important basis for digital certificate verification.

X509Name contains the country or region name (Country Name), state or province name (State or Province Name), city name (Locality Name), organization name (Organization Name), organization unit name (Organizational Unit Name), and common name (Common Name) of a certificate entity. Sometimes, an email address is also included.

Parent Type:

• ToString

prop commonName

public prop commonName: ?String

Description: Returns the common name of a certificate entity.

Type: ?String

prop countryName

public prop countryName: ?String

Description: Returns the country or region name of a certificate entity.

Type: ?String

prop email

public prop email: ?String

Description: Returns the email address of a certificate entity.

Type: ?String

prop localityName

public prop localityName: ?String

Description: Returns the city name of a certificate entity.

Type: ?String

prop organizationName

public prop organizationName: ?String

Description: Returns the organization name of a certificate entity.

Type: ?String

prop organizationalUnitName

public prop organizationalUnitName: ?String

Description: Returns the organization unit name of a certificate entity.

Type: ?String

prop provinceName

public prop provinceName: ?String

Description: Returns the state or province name of a certificate entity.

Type: ?String

init(?String, ?String, ?String, ?String, ?String, ?String, ?String)

    public init(
        countryName!: ?String = None,
        provinceName!: ?String = None,
        localityName!: ?String = None,
        organizationName!: ?String = None,
        organizationalUnitName!: ?String = None,
        commonName!: ?String = None,
        email!: ?String = None
    )

Description: Constructs an X509Name object.

Parameters:

• countryName!: ?String: country or region name; default value: None
• provinceName!: ?String: state or province name; default value: None
• localityName!: ?String: city name; default value: None
• organizationName!: ?String: organization name; default value: None
• organizationalUnitName!: ?String: organization unit name; default value: None
• commonName!: ?String: common name; default value: None
• email!: ?String: email address; default value: None

Throws:

• X509Exception: When the recognizable name of the certificate entity fails to be set, for example, an internal error such as memory allocation exception, this exception is thrown.

func toString()

public override func toString(): String

Description: Generates a certificate entity name string.

Returns:

• String: certificate entity name string. It contains information of the fields in the entity name.