Struct
struct DerBlob
public struct DerBlob <: Equatable<DerBlob> & Hashable {
public init(content: Array<Byte>)
}
Description: Crypto supports the configuration of binary certificate streams. After a user reads binary certificate data and creates a DerBlob object, the object can be parsed into one X509Certificate, X509CertificateRequest, PublicKey, or PrivateKey object.
Parent Type:
prop body
public prop body: Array<Byte>
Description: Obtains the character sequence in the DerBlob object.
prop size
public prop size: Int64
Description: Obtains the size of the character sequence in a DerBlob object.
Type: Int64
init(Array)
public init(content: Array<Byte>)
Description: Constructs a DerBlob object.
Parameters:
func hashCode()
public override func hashCode(): Int64
Description: Returns the hash value of a DerBlob object.
Returns:
operator func !=(DerBlob)
public override operator func !=(other: DerBlob): Bool
Description: Checks whether two DerBlob objects are different.
Parameters:
Returns:
- Bool: If the objects are different, true is returned. Otherwise, false is returned.
operator func ==(DerBlob)
public override operator func ==(other: DerBlob): Bool
Description: Checks whether two DerBlob objects are the same.
Parameters:
Returns:
- Bool: If the objects are the same, true is returned. Otherwise, false is returned.
struct ExtKeyUsage
public struct ExtKeyUsage <: ToString {
public static let AnyKey = 0u16
public static let ServerAuth = 1u16
public static let ClientAuth = 2u16
public static let EmailProtection = 3u16
public static let CodeSigning = 4u16
public static let OCSPSigning = 5u16
public static let TimeStamping = 6u16
public init(keys: Array<UInt16>)
public override func toString(): String
}
Description: A digital certificate extension field usually contains the usage description of the extended key carried. Currently, ServerAuth, ClientAuth, EmailProtection, CodeSigning, OCSPSigning, and TimeStamping.are supported
Parent Type:
static let AnyKey
public static let AnyKey = 0u16
Description: Indicates that a key can be used for any purpose.
Type: UInt16
static let ClientAuth
public static let ClientAuth = 2u16
Description: Indicates that a key is used for SSL client authentication.
Type: UInt16
static let CodeSigning
public static let CodeSigning = 4u16
Description: Indicates that a key is used for code signing
Type: UInt16
static let EmailProtection
public static let EmailProtection = 3u16
Function: used for email encryption, decryption, and signature.
Type: UInt16
static let OCSPSigning
public static let OCSPSigning = 5u16
Description: Indicates that a key is used for OCSP response packet signing.
Type: UInt16
static let ServerAuth
public static let ServerAuth = 1u16
Description: Indicates that a key is used for SSL server authentication.
Type: UInt16
static let TimeStamping
public static let TimeStamping = 6u16
Description: Indicates that a key is used for binding an object digest value to a time.
Type: UInt16
init(Array<UInt16>)
public init(keys: Array<UInt16>)
Description: Constructs extended key usage for a specified purpose. Note that a key can be used for multiple purposes.
Parameters:
func toString()
public override func toString(): String
Description: Generates an extended key usage string.
Returns:
- String: extended key usage string of the certificate
struct KeyUsage
public struct KeyUsage <: ToString {
public static let DigitalSignature = 0x0080u16
public static let NonRepudiation = 0x0040u16
public static let KeyEncipherment = 0x0020u16
public static let DataEncipherment = 0x0010u16
public static let KeyAgreement = 0x0008u16
public static let CertSign = 0x0004u16
public static let CRLSign = 0x0002u16
public static let EncipherOnly = 0x0001u16
public static let DecipherOnly = 0x0100u16
public init(keys: UInt16)
public override func toString(): String
}
Description: A digital certificate extension field usually contains the usage description of the public key carried. Currently, DigitalSignature, NonRepudiation, KeyEncipherment, DataEncipherment, KeyAgreement, CertSign, CRLSign, EncipherOnly, and DecipherOnly are supported.
Parent Type:
static let CRLSign
public static let CRLSign = 0x0002u16
Description: Indicates that the private key can be used to sign a CRL and the public key can be used to verify the CRL signature.
Type: UInt16
static let CertSign
public static let CertSign = 0x0004u16
Description: Indicates that the private key is used to sign a certificate, and the public key is used to verify the certificate signature. This constant is specific to CA certificates.
Type: UInt16
static let DataEncipherment
public static let DataEncipherment = 0x0010u16
Description: Indicates that a public key is used to directly encrypt data.
Type: UInt16
static let DecipherOnly
public static let DecipherOnly = 0x0100u16
Description: Indicates that the public key in a certificate is used only for decryption calculation during key negotiation. This constant is meaningful only when used together with the key Agreement.
Type: UInt16
static let DigitalSignature
public static let DigitalSignature = 0x0080u16
Description: Indicates that the private key can be used for various digital signature operations except issuing certificates, issuing CRLs, and non-repudiation services, and the public key is used to verify the signatures.
Type: UInt16
static let EncipherOnly
public static let EncipherOnly = 0x0001u16
Description: Indicates that the public key in a certificate is used only for encryption calculation during key negotiation. This constant is meaningful only when used together with the key Agreement.
Type: UInt16
static let KeyAgreement
public static let KeyAgreement = 0x0008u16
Description: Indicates that a key is used for key negotiation.
Type: UInt16
static let KeyEncipherment
public static let KeyEncipherment = 0x0020u16
Description: Indicates that a key is used to encrypt other keys.
Type: UInt16
static let NonRepudiation
public static let NonRepudiation = 0x0040u16
Description: Indicates that the private key can be used for signature in non-repudiation services, and the public key is used for signature verification.
Type: UInt16
init(UInt16)
public init(keys: UInt16)
Description: Constructs the usage of an extended key for a specified purpose. Note that a key can be used for multiple purposes.
Parameters:
- keys: UInt16: key usage. It is advised to use the key usage variables provided in this structure to transfer parameters in the bitwise OR mode.
func toString()
public override func toString(): String
Description: Generates a key usage string.
Returns:
- String: certificate key usage string
struct Pem
public struct Pem <: Collection<PemEntry> & ToString {
public Pem(private let items: Array<PemEntry>)
}
Description: The Pem struct is an entry sequence that can contain more than one PemEntry.
Parent Type:
prop size
public override prop size: Int64
Description: Obtains the number of entry sequences.
Type: Int64
Pem(Array<PemEntry>)
public Pem(private let items: Array<PemEntry>)
Description: Constructs a Pem object.
Parameters:
static func decode(String)
public static func decode(text: String): Pem
Description: Decodes PEM text into an entry sequence.
Parameters:
- text: String: PEM string
Returns:
- Pem: PEM entry sequence
func encode()
public func encode(): String
Description: Returns a string in PEM format. The line ending character is generated according to the current operating system.
Returns:
- String: string in PEM format
func isEmpty()
public override func isEmpty(): Bool
Description: Checks whether the entry sequence decoded from the PEM text is empty.
Returns:
- Bool: When the entry sequence decoded from the PEM text is empty, true is returned. Otherwise, false is returned.
func iterator()
public override func iterator(): Iterator<PemEntry>
Description: Generates the iterator of the entry sequence decoded from the PEM text.
Returns:
func toString()
public override func toString(): String
Description: Returns a string which contains the label of each entry sequence.
Returns:
- String: string containing the label of each entry sequence
struct PemEntry
public struct PemEntry <: ToString {
public PemEntry(
public let label: String,
public let headers: Array<(String, String)>,
public let body: ?DerBlob
)
public init(label: String, body: DerBlob)
}
Description: The PEM text format is often used to store certificates and keys. In the PEM encoding structure:
The first line is a UTF-8-encoded string consisting of "-----BEGIN", the label, and "-----". The middle part is the body, which is a printable string encoded using Base64 from binary content. For details about PEM encoding specifications, see RFC 7468. The last line is a UTF-8-encoded string consisting of -----END, the label, and -----. For details, see RFC 1421. In the old PEM encoding standard, an entry header is included between the first line and the body.
To support different user scenarios, the PemEntry and Pem types are provided. PemEntry is used to store a single PEM infrastructure.
Parent Type:
static let LABEL_CERTIFICATE
public static let LABEL_CERTIFICATE = "CERTIFICATE"
Description: Records the entry type as certificate.
Type: String
static let LABEL_CERTIFICATE_REQUEST
public static let LABEL_CERTIFICATE_REQUEST = "CERTIFICATE REQUEST"
Description: Records the entry type as certificate signature request.
Type: String
static let LABEL_DH_PARAMETERS
public static let LABEL_DH_PARAMETERS = "DH PARAMETERS"
Description: Records the entry type as DH key parameter.
Type: String
static let LABEL_EC_PARAMETERS
public static let LABEL_EC_PARAMETERS = "EC PARAMETERS"
Description: Records the entry type as elliptic curve parameter.
Type: String
static let LABEL_EC_PRIVATE_KEY
public static let LABEL_EC_PRIVATE_KEY = "EC PRIVATE KEY"
Description: Records the entry type as elliptic curve private key.
Type: String
static let LABEL_ENCRYPTED_PRIVATE_KEY
public static let LABEL_ENCRYPTED_PRIVATE_KEY = "ENCRYPTED PRIVATE KEY"
Description: Records the entry type as private key encrypted according to the PKCS #8 standard.
Type: String
static let LABEL_PRIVATE_KEY
public static let LABEL_PRIVATE_KEY = "PRIVATE KEY"
Description: Records the entry type as private key not encrypted according to the PKCS #8 standard.
Type: String
static let LABEL_PUBLIC_KEY
public static let LABEL_PUBLIC_KEY = "PUBLIC KEY"
Description: Records the entry type as public key.
Type: String
static let LABEL_RSA_PRIVATE_KEY
public static let LABEL_RSA_PRIVATE_KEY = "RSA PRIVATE KEY"
Description: Records the entry type as RSA private key.
Type: String
static let LABEL_SM2_PRIVATE_KEY
public static let LABEL_SM2_PRIVATE_KEY = "SM2 PRIVATE KEY"
Description: Records the entry type as SM2 private key.
Type: String
static let LABEL_X509_CRL
public static let LABEL_X509_CRL = "X509 CRL"
Description: Records the entry type as certificate revocation list.
Type: String
PemEntry(String, Array<(String, String)>, ?DerBlob)
public PemEntry(
public let label: String,
public let headers: Array<(String, String)>,
public let body: ?DerBlob
)
Description: Constructs a PemEntry object.
Parameters:
body
public let body: ?DerBlob
Description: Obtains the binary content of a PemEntry instance.
Type: ?DerBlob
headers
public let headers: Array<(String, String)>
Description: Obtains the entry header of a PemEntry instance.
label
public let label: String
Description: Obtains the label of a PemEntry instance.
Type: String
init(String, DerBlob)
public init(label: String, body: DerBlob)
Description: Constructs a PemEntry object.
Parameters:
func encode()
public func encode(): String
Description: Returns a string in PEM format. The line ending character is generated according to the current operating system.
Returns:
- String: string in PEM format
func header(String)
public func header(name: String): Iterator<String>
Description: Finds the corresponding entry content by entry header name.
Parameters:
- name: String: entry header name
Returns:
func toString()
public override func toString(): String
Description: Returns the length of the label and binary content of the PEM object.
Returns:
- String: length of the label and binary content of the PEM object
struct SerialNumber
public struct SerialNumber <: Equatable<SerialNumber> & Hashable & ToString {
public init(length!: UInt8 = 16)
}
Description: The SerialNumber struct is the sequence number of a digital certificate. A sequence number is the unique identifier of a digital certificate. According to the specifications, the length of a certificate sequence number cannot exceed 20 bytes. For details, see rfc5280.
Parent Type:
init(UInt8)
public init(length!: UInt8 = 16)
Description: Generates a random sequence number of a specified length.
Parameters:
Throws:
- X509Exception: When the value of length is 0 or greater than 20, this exception is thrown.
func hashCode()
public override func hashCode(): Int64
Description: Returns the hash value of a certificate sequence number.
Returns:
- Int64: result obtained after hash calculation is performed on a certificate sequence number object
func toString()
public override func toString(): String
Description: Generates a certificate sequence number string in hexadecimal format.
Returns:
- String: certificate sequence number string
operator func !=(SerialNumber)
public override operator func !=(other: SerialNumber): Bool
Description: Checks whether two certificate sequence numbers are different.
Parameters:
- other: SerialNumber: certificate sequence number to be compared
Returns:
- Bool: If the certificate sequence numbers are different, true is returned. Otherwise, false is returned.
operator func ==(SerialNumber)
public override operator func ==(other: SerialNumber): Bool
Description: Checks whether two certificate sequence numbers are the same.
Parameters:
- other: SerialNumber: certificate sequence number to be compared
Returns:
- Bool: If the certificate sequence numbers are the same, true is returned. Otherwise, false is returned.
struct Signature
public struct Signature <: Equatable<Signature> & Hashable {
}
Description: Indicates the signature of a digital certificate used to verify the identity.
Parent Type:
prop signatureValue
public prop signatureValue: DerBlob
Description: Returns a certificate signature in the binary format.
Type: DerBlob
func hashCode()
public override func hashCode(): Int64
Description: Returns the hash value of a certificate signature.
Returns:
- Int64: result obtained after hash calculation is performed on a certificate signature object
operator func !=(Signature)
public override operator func !=(other: Signature): Bool
Description: Checks whether two certificate signatures are different.
Parameters:
- other: Signature: certificate signature to be compared
Returns:
- Bool: If the certificate signatures are different, true is returned. Otherwise, false is returned.
operator func ==(Signature)
public override operator func ==(other: Signature): Bool
Description: Checks whether two certificate signatures are the same.
Parameters:
- other: Signature: certificate signature to be compared
Returns:
- Bool: If the certificate signatures are the same, true is returned. Otherwise, false is returned.
struct VerifyOption
public struct VerifyOption {
public var time: DateTime = DateTime.now()
public var dnsName: String = ""
public var roots: Array<X509Certificate> = X509Certificate.systemRootCerts()
public var intermediates: Array<X509Certificate> = Array<X509Certificate>()
}
dnsName
public var dnsName: String = ""
Description: Verifies the domain name. The domain name is empty by default. The verification is performed only when a domain name is set.
Type: String
intermediates
public var intermediates: Array<X509Certificate> = Array<X509Certificate>()
Description: Obtains and sets an intermediate certificate chain which is empty by default.
Type: Array<X509Certificate>
roots
public var roots: Array<X509Certificate> = X509Certificate.systemRootCerts()
Description: Obtains and sets a root certificate chain. The system root certificate chain is used by default.
Type: Array<X509Certificate>
time
public var time: DateTime = DateTime.now()
Description: Obtains and sets the verification time. The time when the option is created is used by default.
Type: DateTime
struct X509CertificateInfo
public struct X509CertificateInfo {
public var serialNumber: SerialNumber
public var notBefore: DateTime
public var notAfter: DateTime
public var subject: ?X509Name
public var dnsNames: Array<String>
public var emailAddresses: Array<String>
public var IPAddresses: Array<IP>
public var keyUsage: ?KeyUsage
public var extKeyUsage: ?ExtKeyUsage
public init(
serialNumber!: ?SerialNumber = None,
notBefore!: ?DateTime = None,
notAfter!: ?DateTime = None,
subject!: ?X509Name = None,
dnsNames!: Array<String> = Array<String>(),
emailAddresses!: Array<String> = Array<String>(),
IPAddresses!: Array<IP> = Array<IP>(),
keyUsage!: ?KeyUsage = None,
extKeyUsage!: ?ExtKeyUsage = None
)
}
Description: The X509CertificateInfo struct contains certificate information, including the certificate sequence number, validity period, recognizable name of the entity, domain name, email address, IP address, key usage, and extended key usage.
IPAddresses
public var IPAddresses: Array<IP>
Description: Records the IP address of a certificate.
dnsNames
public var dnsNames: Array<String>
Description: Records the DNS domain name of a certificate.
emailAddresses
public var emailAddresses: Array<String>
Description: Records the email address of a certificate.
extKeyUsage
public var extKeyUsage: ?ExtKeyUsage
Description: Records the extended key usage of a certificate.
Type: ?ExtKeyUsage
keyUsage
public var keyUsage: ?KeyUsage
Description: Records the key usage of a certificate.
Type: ?KeyUsage
notAfter
public var notAfter: DateTime
Description: Records the expiration date of a certificate.
Type: DateTime
notBefore
public var notBefore: DateTime
Description: Records the effective date of a certificate.
Type: DateTime
serialNumber
public var serialNumber: SerialNumber
Description: Records the sequence number of a certificate.
Type: SerialNumber
subject
public var subject: ?X509Name
Description: Records the recognizable name of a certificate entity.
Type: ?X509Name
init(?SerialNumber, ?DateTime, ?DateTime, ?X509Name, Array<String>, Array<String>, Array<IP>, ?KeyUsage, ?ExtKeyUsage)
public init(
serialNumber!: ?SerialNumber = None,
notBefore!: ?DateTime = None,
notAfter!: ?DateTime = None,
subject!: ?X509Name = None,
dnsNames!: Array<String> = Array<String>(),
emailAddresses!: Array<String> = Array<String>(),
IPAddresses!: Array<IP> = Array<IP>(),
keyUsage!: ?KeyUsage = None,
extKeyUsage!: ?ExtKeyUsage = None
)
Description: Constructs an X509CertificateInfo object.
Parameters:
- serialNumber!: ?SerialNumber: digital certificate sequence number; default value: None. When this parameter is used but not set, the default sequence number length is 128 bits.
- notBefore!: ?DateTime: effective time of the digital certificate; default value: None. When this field is used but not set, the default effective time is the time when X509CertificateInfo is created.
- notAfter!: ?DateTime: expiration time of the digital certificate; default value: None. When this field is used but not set, the default expiration time is one year later than notBefore.
- subject!: ?X509Name: user information of the digital certificate; default value: None
- dnsNames!: Array<String>: domain name list; default value: empty string array. The domain name entered must be valid.
- emailAddresses!: Array<String>: email address list; default value: empty string array. The email address entered must be valid.
- IPAddresses!: Array<IP>: IP address list; default value: empty IP array
- keyUsage!: ?KeyUsage: key usage; default value: None
- extKeyUsage!: ?ExtKeyUsage: the extended key usage; default value: None
Throws:
- X509Exception: When the entered IP address list contains an invalid IP address, this exception is thrown.
struct X509CertificateRequestInfo
public struct X509CertificateRequestInfo {
public var subject: ?X509Name
public var dnsNames: Array<String>
public var emailAddresses: Array<String>
public var IPAddresses: Array<IP>
public init(
subject!: ?X509Name = None,
dnsNames!: Array<String> = Array<String>(),
emailAddresses!: Array<String> = Array<String>(),
IPAddresses!: Array<IP> = Array<IP>()
)
}
The X509CertificateRequestInfo struct contains certificate request information, including recognizable the name of the certificate entity, domain name, email address, and IP address.
IPAddresses
public var IPAddresses: Array<IP>
Description: Records the IP address of a certificate signature request.
dnsNames
public var dnsNames: Array<String>
Description: Records the DNS domain name of a certificate signature request.
emailAddresses
public var emailAddresses: Array<String>
Description: Records the email address of a certificate signature request.
subject
public var subject: ?X509Name
Description: Records the recognizable name of the entity in a certificate signature request.
init(?X509Name, Array<String>, Array<String>, Array<IP>)
public init(
subject!: ?X509Name = None,
dnsNames!: Array<String> = Array<String>(),
emailAddresses!: Array<String> = Array<String>(),
IPAddresses!: Array<IP> = Array<IP>()
)
Description: Constructs an X509CertificateRequestInfo object.
Parameters:
- subject!: ?X509Name: user information of the digital certificate; default value: None
- dnsNames!: Array<String>: domain name list; default value: empty string array. The domain name entered must be valid.
- emailAddresses!: Array<String>: email address list;default value: empty string array. The email address entered must be valid.
- IPAddresses!: Array<IP>: IP address list; default value: empty IP array
Throws:
- X509Exception: When the entered IP address list contains an invalid IP address, this exception is thrown.