|
|
| Line 641: |
Line 641: |
| | | | | | |
| | |- | | |- |
| − | | <code>function ImportPEM(ABuffer:Pointer; ASize:Integer):TX509Certificate; virtual;</code> | + | | <code>function ImportPEM(ABuffer:Pointer; var ASize:Integer):TX509Certificate; virtual;</code> |
| | + | | |
| | + | |- |
| | + | |colspan="2"| |
| | + | |- |
| | + | | <code>function ExportDER(ABuffer:Pointer; var ASize:Integer; ACertificate:TX509Certificate):Boolean; virtual;</code> |
| | + | | |
| | + | |- |
| | + | | <code>function ExportPEM(ABuffer:Pointer; var ASize:Integer; AStart:TX509Certificate):Boolean; virtual;</code> |
| | | | | | |
| | |- | | |- |
| Line 734: |
Line 742: |
| | | | | | |
| | |- | | |- |
| − | | <code>function ImportPEM(ABuffer:Pointer; ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;</code> | + | | <code>function ImportPEM(ABuffer:Pointer; var ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;</code> |
| | + | | |
| | + | |- |
| | + | |colspan="2"| |
| | + | |- |
| | + | | <code>function ExportDER(ABuffer:Pointer; var ASize:Integer; ACertificate:TX509Certificate):Boolean; virtual;</code> |
| | + | | |
| | + | |- |
| | + | | <code>function ExportPEM(ABuffer:Pointer; var ASize:Integer; AStart:TX509Certificate):Boolean; virtual;</code> |
| | | | | | |
| | |- | | |- |
| Line 778: |
Line 794: |
| | | <code>FData:PByte;</code> | | | <code>FData:PByte;</code> |
| | | Copy of certificate data from import | | | Copy of certificate data from import |
| | + | |- |
| | + | | <code>FSize:LongWord;</code> |
| | + | | Total size of certificate data |
| | |- | | |- |
| | |colspan="2"| | | |colspan="2"| |
| Line 960: |
Line 979: |
| | | | | | |
| | |- | | |- |
| − | | <code>function ImportPEM(ABuffer:Pointer; ASize:Integer):Boolean; virtual;</code> | + | | <code>function ImportPEM(ABuffer:Pointer; var ASize:Integer):Boolean; virtual;</code> |
| | + | | |
| | + | |- |
| | + | |colspan="2"| |
| | + | |- |
| | + | | <code>function ExportDER(ABuffer:Pointer; var ASize:Integer):Boolean; virtual;</code> |
| | + | | |
| | + | |- |
| | + | | <code>function ExportPEM(ABuffer:Pointer; var ASize:Integer):Boolean; virtual;</code> |
| | | | | | |
| | |- | | |- |
Revision as of 05:36, 5 May 2018
Return to Unit Reference
Description
Ultibo X.509 interface unit
X.509 is a standard that defines the format of public key certificates. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
This unit currently only provides the basic functionality required to read and parse an X.509 certificate in DER or PEM format and extract basic information such as the issuer, subject, validity, algorithm and public key.
It is expected that this unit will be expanded to incorporate additional functions over time.
Constants
[Expand]
X509 specific constants X509_*
X509_MAX_NAME_ATTRIBUTES = 20;
|
|
X509_MAX_SERIAL_NUM_LEN = 20;
|
|
[Expand]
X509 name attribute X509_NAME_ATTR_*
X509_NAME_ATTR_NONE = 0;
|
|
X509_NAME_ATTR_DC = 1;
|
|
X509_NAME_ATTR_CN = 2;
|
|
X509_NAME_ATTR_C = 3;
|
|
X509_NAME_ATTR_L = 4;
|
|
X509_NAME_ATTR_ST = 5;
|
|
X509_NAME_ATTR_O = 6;
|
|
X509_NAME_ATTR_OU = 7;
|
|
[Expand]
X509 validate X509_VALIDATE_*
X509_VALIDATE_OK = 0;
|
|
X509_VALIDATE_BAD_CERTIFICATE = 1;
|
|
X509_VALIDATE_UNSUPPORTED_CERTIFICATE = 2;
|
|
X509_VALIDATE_CERTIFICATE_REVOKED = 3;
|
|
X509_VALIDATE_CERTIFICATE_EXPIRED = 4;
|
|
X509_VALIDATE_CERTIFICATE_UNKNOWN = 5;
|
|
X509_VALIDATE_UNKNOWN_CA = 6;
|
|
[Expand]
X509 certificate version X509_CERT_V*
X509_CERT_V1 = 0;
|
|
X509_CERT_V2 = 1;
|
|
X509_CERT_V3 = 2;
|
|
[Expand]
X509 certificate extension X509_EXT_*
X509_EXT_BASIC_CONSTRAINTS = (1 shl 0);
|
|
X509_EXT_PATH_LEN_CONSTRAINT = (1 shl 1);
|
|
X509_EXT_KEY_USAGE = (1 shl 2);
|
|
X509_EXT_SUBJECT_ALT_NAME = (1 shl 3);
|
|
X509_EXT_ISSUER_ALT_NAME = (1 shl 4);
|
|
X509_EXT_EXT_KEY_USAGE = (1 shl 5);
|
|
[Expand]
X509 certificate key usage X509_KEY_USAGE_*
X509_KEY_USAGE_DIGITAL_SIGNATURE = (1 shl 0);
|
|
X509_KEY_USAGE_NON_REPUDIATION = (1 shl 1);
|
|
X509_KEY_USAGE_KEY_ENCIPHERMENT = (1 shl 2);
|
|
X509_KEY_USAGE_DATA_ENCIPHERMENT = (1 shl 3);
|
|
X509_KEY_USAGE_KEY_AGREEMENT = (1 shl 4);
|
|
X509_KEY_USAGE_KEY_CERT_SIGN = (1 shl 5);
|
|
X509_KEY_USAGE_CRL_SIGN = (1 shl 6);
|
|
X509_KEY_USAGE_ENCIPHER_ONLY = (1 shl 7);
|
|
X509_KEY_USAGE_DECIPHER_ONLY = (1 shl 8);
|
|
[Expand]
X509 certificate extended key usage X509_EXT_KEY_USAGE_*
X509_EXT_KEY_USAGE_ANY = (1 shl 0);
|
|
X509_EXT_KEY_USAGE_SERVER_AUTH = (1 shl 1);
|
|
X509_EXT_KEY_USAGE_CLIENT_AUTH = (1 shl 2);
|
|
X509_EXT_KEY_USAGE_OCSP = (1 shl 3);
|
|
Type definitions
X509 serial number
[Expand]
PX509SerialNumber = ^TX509SerialNumber;
TX509SerialNumber = record
Value:array[0..X509_MAX_SERIAL_NUM_LEN - 1] of Byte;
|
|
Length:Integer;
|
|
|
|
function ToString:String;
|
|
X509 name attribute
[Expand]
PX509NameAttribute = ^TX509NameAttribute;
TX509NameAttribute = record
Value:String;
|
|
_Type:LongWord;
|
|
|
|
function ToString:String;
|
|
X509 name attributes
[Expand]
PX509NameAttributes = ^TX509NameAttributes;
TX509NameAttributes = array[0..X509_MAX_NAME_ATTRIBUTES - 1] of TX509NameAttribute;
X509 algorithm identifier
[Expand]
PX509AlgorithmIdentifier = ^TX509AlgorithmIdentifier;
TX509AlgorithmIdentifier = record
OID:TASN1OID;
|
|
|
|
function ToString:String;
|
|
X509 public key
[Expand]
PX509PublicKey = ^TX509PublicKey;
TX509PublicKey = record
Algorithm:TX509AlgorithmIdentifier;
|
|
Key:PByte;
|
|
Length:Integer;
|
|
|
|
procedure Release;
|
|
|
|
function ToString:String;
|
|
X509 signature
[Expand]
PX509Signature = ^TX509Signature;
TX509Signature = record
Algorithm:TX509AlgorithmIdentifier;
|
|
Value:PByte;
|
|
Length:Integer;
|
|
|
|
procedure Release;
|
|
X509 RSA public key
[Expand]
PX509RSAPublicKey = ^TX509RSAPublicKey;
TX509RSAPublicKey = record
Modulus:PByte;
|
M
|
PublicExponent:PByte;
|
E
|
|
|
ModulusLen:Integer;
|
|
PublicExponentLen:Integer;
|
|
|
|
function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;
|
|
procedure Release;
|
|
X509 RSA private key
[Expand]
PX509RSAPrivateKey = ^TX509RSAPrivateKey;
TX509RSAPrivateKey = record
Version:Integer;
|
|
Modulus:PByte;
|
M
|
PublicExponent:PByte;
|
E
|
PrivateExponent:PByte;
|
D
|
Prime1:PByte;
|
P
|
Prime2:PByte;
|
Q
|
Exponent1:PByte;
|
D mod (P - 1)
|
Exponent2:PByte;
|
D mod (Q - 1)
|
Coefficient:PByte;
|
(Inverse of Q) mod P
|
|
|
ModulusLen:Integer;
|
|
PublicExponentLen:Integer;
|
|
PrivateExponentLen:Integer;
|
|
Prime1Len:Integer;
|
|
Prime2Len:Integer;
|
|
Exponent1Len:Integer;
|
|
Exponent2Len:Integer;
|
|
CoefficientLen:Integer;
|
|
|
|
function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;
|
|
procedure Release;
|
|
X509 ECDSA public key
[Expand]
PX509ECDSAPublicKey = ^TX509ECDSAPublicKey;
TX509ECDSAPublicKey = record
function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;
|
|
procedure Release;
|
|
X509 ECDSA private key
[Expand]
PX509ECDSAPrivateKey = ^TX509ECDSAPrivateKey;
TX509ECDSAPrivateKey = record
function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;
|
|
procedure Release;
|
|
Class definitions
X509 name
[Expand]
TX509Name = class(TObject)
private
|
function StringCompare(const AValue1,AValue2:String):Integer;
|
|
public
|
NameAttributes:TX509NameAttributes;
|
|
NameAttributeCount:LongWord;
|
|
|
|
Email:String;
|
emailAddress
|
| From subjectAltName extension
|
AltEmail:String;
|
rfc822Name
|
DNS:String;
|
dNSName
|
URI:String;
|
uniformResourceIdentifier
|
IP:PByte;
|
iPAddress
|
IPLen:Longword;
|
IPv4 = 4,IPv6 = 16
|
RegisteredID:TASN1OID;
|
registeredID
|
|
|
destructor Destroy; override;
|
|
|
|
function GetCN:String;
|
|
function GetDN:String;
|
|
|
|
function Compare(AName:TX509Name):Integer;
|
|
X509 certificate
[Expand]
TX509Certificate = class;
X509 certificate list
[Expand]
TX509CertificateList = class(TObject)
protected
|
FList:TList;
|
|
FLock: TCriticalSectionHandle;
|
|
|
|
procedure Clear;
|
|
|
|
function AcquireLock:Boolean;
|
|
function ReleaseLock:Boolean;
|
|
public
|
constructor Create;
|
|
destructor Destroy; override;
|
|
|
|
function First:TX509Certificate; virtual;
|
|
function Last:TX509Certificate; virtual;
|
|
|
|
function Prev(ACertificate:TX509Certificate):TX509Certificate; virtual;
|
|
function Next(ACertificate:TX509Certificate):TX509Certificate; virtual;
|
|
|
|
function Add(ACertificate:TX509Certificate):Boolean; virtual;
|
|
function Remove(ACertificate:TX509Certificate):Boolean; virtual;
|
|
|
|
function FindByIssuer(AName:TX509Name):TX509Certificate; virtual;
|
|
function FindBySubject(AName:TX509Name):TX509Certificate; virtual;
|
|
|
|
function ImportDER(ABuffer:Pointer; ASize:Integer):TX509Certificate; virtual;
|
|
function ImportPEM(ABuffer:Pointer; var ASize:Integer):TX509Certificate; virtual;
|
|
|
|
function ExportDER(ABuffer:Pointer; var ASize:Integer; ACertificate:TX509Certificate):Boolean; virtual;
|
|
function ExportPEM(ABuffer:Pointer; var ASize:Integer; AStart:TX509Certificate):Boolean; virtual;
|
|
X509 certificate chain
[Expand]
TX509CertificateChain = class(TObject)
protected
|
FRoot:TX509Certificate;
|
|
FLock: TCriticalSectionHandle;
|
|
|
|
procedure Clear; virtual;
|
|
|
|
function AcquireLock:Boolean;
|
|
function ReleaseLock:Boolean;
|
|
public
|
property Root:TX509Certificate read FRoot;
|
|
|
|
constructor Create(ARoot:TX509Certificate); virtual;
|
|
destructor Destroy; override;
|
|
|
|
function Last:TX509Certificate; virtual;
|
|
|
|
function Prev(ACertificate:TX509Certificate):TX509Certificate; virtual;
|
|
function Next(ACertificate:TX509Certificate):TX509Certificate; virtual;
|
|
|
|
function InsertAfter(AParent,ACertificate:TX509Certificate):Boolean; virtual;
|
|
function InsertBefore(AChild,ACertificate:TX509Certificate):Boolean; virtual;
|
|
function Remove(ACertificate:TX509Certificate):Boolean; virtual;
|
|
|
|
function FindByIssuer(AName:TX509Name):TX509Certificate; virtual;
|
|
function FindBySubject(AName:TX509Name):TX509Certificate; virtual;
|
|
|
|
function FindBySubjectCN(const AName:String):TX509Certificate; virtual;
|
|
function FindBySubjectDN(const AName:String):TX509Certificate; virtual;
|
|
|
|
function ImportDER(ABuffer:Pointer; ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;
|
|
function ImportPEM(ABuffer:Pointer; var ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;
|
|
|
|
function ExportDER(ABuffer:Pointer; var ASize:Integer; ACertificate:TX509Certificate):Boolean; virtual;
|
|
function ExportPEM(ABuffer:Pointer; var ASize:Integer; AStart:TX509Certificate):Boolean; virtual;
|
|
|
|
function GetPathLength(ACertificate:TX509Certificate):LongWord; virtual;
|
|
|
|
function ValidateChain(ATrust:TX509CertificateList):Integer; virtual;
|
|
X509 certificate
[Expand]
TX509Certificate = class(TObject)
protected
|
FList:TX509CertificateList;
|
|
FChain:TX509CertificateChain;
|
|
|
|
FParent:TX509Certificate;
|
|
FChild:TX509Certificate;
|
|
|
|
FData:PByte;
|
Copy of certificate data from import
|
FSize:LongWord;
|
Total size of certificate data
|
|
|
FTBSData:PByte;
|
Pointer to start of TBS (To Be Signed) data
|
FTBSSize:LongWord;
|
Length of TBS (To Be Signed) data
|
|
|
function ImportTime(ABuffer:PByte; ASize:Integer; ATag:LongWord ADateTime:TDateTime):Boolean;
|
|
|
|
function ImportName(ABuffer:PByte; ASize:Integer; AName:TX509Name; var ANext:PByte):Boolean;
|
|
function ImportExtensionAltName(ABuffer:PByte; ASize:Integer; AName:TX509Name):Boolean;
|
|
|
|
function ImportAlgorithmIdentifier(ABuffer:PByte; ASize:Integer; var AIdentifier:TX509AlgorithmIdentifier; var ANext:PByte):Boolean;
|
|
|
|
function ImportValidity(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;
|
|
|
|
function ImportPublicKey(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;
|
|
|
|
function ImportExtension(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;
|
|
function ImportExtensionData(ABuffer:PByte; ASize:Integer; const AOID:TASN1OID):Boolean;
|
|
function ImportExtensionKeyUsage(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function ImportExtensionSubjectAltName(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function ImportExtensionIssuerAltName(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function ImportExtensionBasicContraints(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function ImportExtensionExtKeyUsage(ABuffer:PByte; ASize:Integer):Boolean;
|
|
|
|
function ImportExtensions(ABuffer:PByte; ASize:Integer):Boolean;
|
|
|
|
function ImportTBSCertificate(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;
|
|
|
|
function VerifyRSASignature(AIssuer:TX509Certificate):Boolean;
|
|
|
|
function VerifyMD5Digest(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function VerifySHA1Digest(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function VerifySHA256Digest(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function VerifySHA384Digest(ABuffer:PByte; ASize:Integer):Boolean;
|
|
function VerifySHA512Digest(ABuffer:PByte; ASize:Integer):Boolean;
|
|
public
|
| Properties
|
Version:LongWord;
|
|
SerialNumber:TX509SerialNumber;
|
|
SignatureAlgorithm:TX509AlgorithmIdentifier;
|
|
|
|
Issuer:TX509Name;
|
|
Subject:TX509Name;
|
|
SubjectDN:String;
|
|
|
|
NotBefore:TDateTime;
|
|
NotAfter:TDateTime;
|
|
|
|
PublicKey:TX509PublicKey;
|
|
|
|
Signature:TX509Signature;
|
|
| Extensions
|
ExtensionsPresent:LongWord;
|
|
|
|
CA:Boolean;
|
|
PathLenConstraint:LongWord;
|
|
|
|
KeyUsage:LongWord;
|
|
ExtendedKeyUsage:LongWord;
|
|
|
|
property List:TX509CertificateList read FList;
|
|
property Chain:TX509CertificateChain read FChain;
|
|
property Parent:TX509Certificate read FParent;
|
|
property Child:TX509Certificate read FChild;
|
|
|
|
constructor Create(AChain:TX509CertificateChain; AParent:TX509Certificate); virtual;
|
|
destructor Destroy; override;
|
|
|
|
function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean; virtual;
|
|
function ImportPEM(ABuffer:Pointer; var ASize:Integer):Boolean; virtual;
|
|
|
|
function ExportDER(ABuffer:Pointer; var ASize:Integer):Boolean; virtual;
|
|
function ExportPEM(ABuffer:Pointer; var ASize:Integer):Boolean; virtual;
|
|
|
|
function IsValidIssuer:Boolean; virtual;
|
|
function IsSelfSigned:Boolean; virtual;
|
|
|
|
function VerifySignature(AIssuer:TX509Certificate):Boolean; virtual;
|
|
function ValidateCertificate(AIssuer:TX509Certificate):Integer; virtual;
|
|
Public variables
None defined
Function declarations
X509 helper functions
[Expand]
function X509NameAttributeTypeToString(AType:LongWord):String;
Description: To be documented
Return to Unit Reference
