Difference between revisions of "Unit X.509"

Revision as of 06:01, 19 April 2018

X.509 is a standard that defines the format of public key certificates. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.

This unit currently only provides the basic functionality required to read and parse an X.509 certificate in DER or PEM format and extract basic information such as the issuer, subject, validity, algorithm and public key.

It is expected that this unit will be expanded to incorporate additional functions over time.

Constants

X509 specific constants X509_*

`X509_MAX_NAME_ATTRIBUTES = 20;`
`X509_MAX_SERIAL_NUM_LEN = 20;`

X509 name attribute X509_NAME_ATTR_*

`X509_NAME_ATTR_NONE = 0;`
`X509_NAME_ATTR_DC = 1;`
`X509_NAME_ATTR_CN = 2;`
`X509_NAME_ATTR_C = 3;`
`X509_NAME_ATTR_L = 4;`
`X509_NAME_ATTR_ST = 5;`
`X509_NAME_ATTR_O = 6;`
`X509_NAME_ATTR_OU = 7;`

X509 validate X509_VALIDATE_*

`X509_VALIDATE_OK = 0;`
`X509_VALIDATE_BAD_CERTIFICATE = 1;`
`X509_VALIDATE_UNSUPPORTED_CERTIFICATE = 2;`
`X509_VALIDATE_CERTIFICATE_REVOKED = 3;`
`X509_VALIDATE_CERTIFICATE_EXPIRED = 4;`
`X509_VALIDATE_CERTIFICATE_UNKNOWN = 5;`
`X509_VALIDATE_UNKNOWN_CA = 6;`

X509 certificate version X509_CERT_V*

`X509_CERT_V1 = 0;`
`X509_CERT_V2 = 1;`
`X509_CERT_V3 = 2;`

X509 certificate extension X509_EXT_*

`X509_EXT_BASIC_CONSTRAINTS = (1 shl 0);`
`X509_EXT_PATH_LEN_CONSTRAINT = (1 shl 1);`
`X509_EXT_KEY_USAGE = (1 shl 2);`
`X509_EXT_SUBJECT_ALT_NAME = (1 shl 3);`
`X509_EXT_ISSUER_ALT_NAME = (1 shl 4);`
`X509_EXT_EXT_KEY_USAGE = (1 shl 5);`

X509 certificate key usage X509_KEY_USAGE_*

`X509_KEY_USAGE_DIGITAL_SIGNATURE = (1 shl 0);`
`X509_KEY_USAGE_NON_REPUDIATION = (1 shl 1);`
`X509_KEY_USAGE_KEY_ENCIPHERMENT = (1 shl 2);`
`X509_KEY_USAGE_DATA_ENCIPHERMENT = (1 shl 3);`
`X509_KEY_USAGE_KEY_AGREEMENT = (1 shl 4);`
`X509_KEY_USAGE_KEY_CERT_SIGN = (1 shl 5);`
`X509_KEY_USAGE_CRL_SIGN = (1 shl 6);`
`X509_KEY_USAGE_ENCIPHER_ONLY = (1 shl 7);`
`X509_KEY_USAGE_DECIPHER_ONLY = (1 shl 8);`

X509 certificate extended key usage X509_EXT_KEY_USAGE_*

`X509_EXT_KEY_USAGE_ANY = (1 shl 0);`
`X509_EXT_KEY_USAGE_SERVER_AUTH = (1 shl 1);`
`X509_EXT_KEY_USAGE_CLIENT_AUTH = (1 shl 2);`
`X509_EXT_KEY_USAGE_OCSP = (1 shl 3);`

Type definitions

X509 serial number

PX509SerialNumber = ^TX509SerialNumber;

TX509SerialNumber = record

`Value:array[0..X509_MAX_SERIAL_NUM_LEN - 1] of Byte;`
`Length:Integer;`

`function ToString:String;`

X509 name attribute

PX509NameAttribute = ^TX509NameAttribute;

TX509NameAttribute = record

`Value:String;`
`_Type:LongWord;`

`function ToString:String;`

X509 name attributes

PX509NameAttributes = ^TX509NameAttributes;

TX509NameAttributes = array[0..X509_MAX_NAME_ATTRIBUTES - 1] of TX509NameAttribute;

X509 algorithm identifier

PX509AlgorithmIdentifier = ^TX509AlgorithmIdentifier;

TX509AlgorithmIdentifier = record

`OID:TASN1OID;`

`function ToString:String;`

X509 public key

PX509PublicKey = ^TX509PublicKey;

TX509PublicKey = record

`Algorithm:TX509AlgorithmIdentifier;`
`Key:PByte;`
`Length:Integer;`

`procedure Release;`

`function ToString:String;`

X509 signature

PX509Signature = ^TX509Signature;

TX509Signature = record

`Algorithm:TX509AlgorithmIdentifier;`
`Value:PByte;`
`Length:Integer;`

`procedure Release;`

X509 RSA public key

PX509RSAPublicKey = ^TX509RSAPublicKey;

TX509RSAPublicKey = record

`Modulus:PByte;`	M
`PublicExponent:PByte;`	E

`ModulusLen:Integer;`
`PublicExponentLen:Integer;`

`function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;`
`procedure Release;`

X509 RSA private key

PX509RSAPrivateKey = ^TX509RSAPrivateKey;

TX509RSAPrivateKey = record

`Version:Integer;`
`Modulus:PByte;`	M
`PublicExponent:PByte;`	E
`PrivateExponent:PByte;`	D
`Prime1:PByte;`	P
`Prime2:PByte;`	Q
`Exponent1:PByte;`	D mod (P - 1)
`Exponent2:PByte;`	D mod (Q - 1)
`Coefficient:PByte;`	(Inverse of Q) mod P

`ModulusLen:Integer;`
`PublicExponentLen:Integer;`
`PrivateExponentLen:Integer;`
`Prime1Len:Integer;`
`Prime2Len:Integer;`
`Exponent1Len:Integer;`
`Exponent2Len:Integer;`
`CoefficientLen:Integer;`

`function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;`
`procedure Release;`

X509 ECDSA public key

PX509ECDSAPublicKey = ^TX509ECDSAPublicKey;

TX509ECDSAPublicKey = record

`function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;`
`procedure Release;`

X509 ECDSA private key

PX509ECDSAPrivateKey = ^TX509ECDSAPrivateKey;

TX509ECDSAPrivateKey = record

`function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;`
`procedure Release;`

Class definitions

X509 name

TX509Name = class(TObject)

private
`function StringCompare(const AValue1,AValue2:String):Integer;`
public
`NameAttributes:TX509NameAttributes;`
`NameAttributeCount:LongWord;`

`Email:String;`	emailAddress
From subjectAltName extension
`AltEmail:String;`	rfc822Name
`DNS:String;`	dNSName
`URI:String;`	uniformResourceIdentifier
`IP:PByte;`	iPAddress
`IPLen:Longword;`	IPv4 = 4,IPv6 = 16
`RegisteredID:TASN1OID;`	registeredID

`destructor Destroy; override;`

`function GetCN:String;`
`function GetDN:String;`

`function Compare(AName:TX509Name):Integer;`

X509 certificate

TX509Certificate = class;

private

public

X509 certificate list

TX509CertificateList = class(TObject)

protected
`FList:TList;`
`FLock: TCriticalSectionHandle;`

`procedure Clear;`

`function AcquireLock:Boolean;`
`function ReleaseLock:Boolean;`
public
`constructor Create;`
`destructor Destroy; override;`

`function First:TX509Certificate; virtual;`
`function Last:TX509Certificate; virtual;`

`function Prev(ACertificate:TX509Certificate):TX509Certificate; virtual;`
`function Next(ACertificate:TX509Certificate):TX509Certificate; virtual;`

`function Add(ACertificate:TX509Certificate):Boolean; virtual;`
`function Remove(ACertificate:TX509Certificate):Boolean; virtual;`

`function FindByIssuer(AName:TX509Name):TX509Certificate; virtual;`
`function FindBySubject(AName:TX509Name):TX509Certificate; virtual;`

`function ImportDER(ABuffer:Pointer; ASize:Integer):TX509Certificate; virtual;`
`function ImportPEM(ABuffer:Pointer; ASize:Integer):TX509Certificate; virtual;`

X509 certificate chain

TX509CertificateChain = class(TObject)

protected
`FRoot:TX509Certificate;`
`FLock: TCriticalSectionHandle;`

`procedure Clear; virtual;`

`function AcquireLock:Boolean;`
`function ReleaseLock:Boolean;`
public
`property Root:TX509Certificate read FRoot;`

`constructor Create(ARoot:TX509Certificate); virtual;`
`destructor Destroy; override;`

`function Last:TX509Certificate; virtual;`

`function Prev(ACertificate:TX509Certificate):TX509Certificate; virtual;`
`function Next(ACertificate:TX509Certificate):TX509Certificate; virtual;`

`function InsertAfter(AParent,ACertificate:TX509Certificate):Boolean; virtual;`
`function InsertBefore(AChild,ACertificate:TX509Certificate):Boolean; virtual;`
`function Remove(ACertificate:TX509Certificate):Boolean; virtual;`

`function FindByIssuer(AName:TX509Name):TX509Certificate; virtual;`
`function FindBySubject(AName:TX509Name):TX509Certificate; virtual;`

`function FindBySubjectCN(const AName:String):TX509Certificate; virtual;`
`function FindBySubjectDN(const AName:String):TX509Certificate; virtual;`

`function ImportDER(ABuffer:Pointer;ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;`
`function ImportPEM(ABuffer:Pointer;ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;`

`function GetPathLength(ACertificate:TX509Certificate):LongWord; virtual;`

`function ValidateChain(ATrust:TX509CertificateList):Integer; virtual;`

X509 certificate

TX509Certificate = class(TObject)

protected
`FList:TX509CertificateList;`
`FChain:TX509CertificateChain;`

`FParent:TX509Certificate;`
`FChild:TX509Certificate;`

`FData:PByte;`	Copy of certificate data from import

`FTBSData:PByte;`	Pointer to start of TBS (To Be Signed) data
`FTBSSize:LongWord;`	Length of TBS (To Be Signed) data

`function ImportTime(ABuffer:PByte; ASize:Integer; ATag:LongWord ADateTime:TDateTime):Boolean;`

`function ImportName(ABuffer:PByte; ASize:Integer; AName:TX509Name; var ANext:PByte):Boolean;`
`function ImportExtensionAltName(ABuffer:PByte; ASize:Integer; AName:TX509Name):Boolean;`

`function ImportAlgorithmIdentifier(ABuffer:PByte; ASize:Integer; var AIdentifier:TX509AlgorithmIdentifier; var ANext:PByte):Boolean;`

`function ImportValidity(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;`

`function ImportPublicKey(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;`

`function ImportExtension(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;`
`function ImportExtensionData(ABuffer:PByte; ASize:Integer; const AOID:TASN1OID):Boolean;`
`function ImportExtensionKeyUsage(ABuffer:PByte; ASize:Integer):Boolean;`
`function ImportExtensionSubjectAltName(ABuffer:PByte; ASize:Integer):Boolean;`
`function ImportExtensionIssuerAltName(ABuffer:PByte; ASize:Integer):Boolean;`
`function ImportExtensionBasicContraints(ABuffer:PByte; ASize:Integer):Boolean;`
`function ImportExtensionExtKeyUsage(ABuffer:PByte; ASize:Integer):Boolean;`

`function ImportExtensions(ABuffer:PByte; ASize:Integer):Boolean;`

`function ImportTBSCertificate(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;`

`function VerifyRSASignature(AIssuer:TX509Certificate):Boolean;`

`function VerifyMD5Digest(ABuffer:PByte; ASize:Integer):Boolean;`
`function VerifySHA1Digest(ABuffer:PByte; ASize:Integer):Boolean;`
`function VerifySHA256Digest(ABuffer:PByte; ASize:Integer):Boolean;`
`function VerifySHA384Digest(ABuffer:PByte; ASize:Integer):Boolean;`
`function VerifySHA512Digest(ABuffer:PByte; ASize:Integer):Boolean;`
public
Properties
`Version:LongWord;`
`SerialNumber:TX509SerialNumber;`
`SignatureAlgorithm:TX509AlgorithmIdentifier;`

`Issuer:TX509Name;`
`Subject:TX509Name;`
`SubjectDN:String;`

`NotBefore:TDateTime;`
`NotAfter:TDateTime;`

`PublicKey:TX509PublicKey;`

`Signature:TX509Signature;`
Extensions
`ExtensionsPresent:LongWord;`

`CA:Boolean;`
`PathLenConstraint:LongWord;`

`KeyUsage:LongWord;`
`ExtendedKeyUsage:LongWord;`

`property List:TX509CertificateList read FList;`
`property Chain:TX509CertificateChain read FChain;`
`property Parent:TX509Certificate read FParent;`
`property Child:TX509Certificate read FChild;`

`constructor Create(AChain:TX509CertificateChain; AParent:TX509Certificate); virtual;`
`destructor Destroy; override;`

`function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean; virtual;`
`function ImportPEM(ABuffer:Pointer; ASize:Integer):Boolean; virtual;`

`function IsValidIssuer:Boolean; virtual;`
`function IsSelfSigned:Boolean; virtual;`

`function VerifySignature(AIssuer:TX509Certificate):Boolean; virtual;`
`function ValidateCertificate(AIssuer:TX509Certificate):Integer; virtual;`

Public variables

None defined

Function declarations

X509 helper functions

function X509NameAttributeTypeToString(AType:LongWord):String;

Description: To be documented

Note	None documented

Return to Unit Reference

Difference between revisions of "Unit X.509"

Revision as of 06:01, 19 April 2018

Contents

Description

Constants

Type definitions

Class definitions

Public variables

Function declarations

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

@@ Line 16: / Line 16: @@
 ----
-''To be documented''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 specific constants''' <code> X509_* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_MAX_NAME_ATTRIBUTES = 20;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_MAX_SERIAL_NUM_LEN = 20;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 name attribute''' <code> X509_NAME_ATTR_* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_NAME_ATTR_NONE = 0;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_NAME_ATTR_DC = 1;</code>
+| &nbsp;
+|-
+| <code>X509_NAME_ATTR_CN = 2;</code>
+| &nbsp;
+|-
+| <code>X509_NAME_ATTR_C = 3;</code>
+| &nbsp;
+|-
+| <code>X509_NAME_ATTR_L = 4;</code>
+| &nbsp;
+|-
+| <code>X509_NAME_ATTR_ST = 5;</code>
+| &nbsp;
+|-
+| <code>X509_NAME_ATTR_O = 6;</code>
+| &nbsp;
+|-
+| <code>X509_NAME_ATTR_OU = 7;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 validate''' <code> X509_VALIDATE_* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_VALIDATE_OK = 0;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_VALIDATE_BAD_CERTIFICATE = 1;</code>
+| &nbsp;
+|-
+| <code>X509_VALIDATE_UNSUPPORTED_CERTIFICATE = 2;</code>
+| &nbsp;
+|-
+| <code>X509_VALIDATE_CERTIFICATE_REVOKED = 3;</code>
+| &nbsp;
+|-
+| <code>X509_VALIDATE_CERTIFICATE_EXPIRED = 4;</code>
+| &nbsp;
+|-
+| <code>X509_VALIDATE_CERTIFICATE_UNKNOWN = 5;</code>
+| &nbsp;
+|-
+| <code>X509_VALIDATE_UNKNOWN_CA = 6;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 certificate version''' <code> X509_CERT_V* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_CERT_V1 = 0;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_CERT_V2 = 1;</code>
+| &nbsp;
+|-
+| <code>X509_CERT_V3 = 2;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 certificate extension''' <code> X509_EXT_* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_EXT_BASIC_CONSTRAINTS = (1 shl 0);</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_EXT_PATH_LEN_CONSTRAINT = (1 shl 1);</code>
+| &nbsp;
+|-
+| <code>X509_EXT_KEY_USAGE = (1 shl 2);</code>
+| &nbsp;
+|-
+| <code>X509_EXT_SUBJECT_ALT_NAME = (1 shl 3);</code>
+| &nbsp;
+|-
+| <code>X509_EXT_ISSUER_ALT_NAME = (1 shl 4);</code>
+| &nbsp;
+|-
+| <code>X509_EXT_EXT_KEY_USAGE = (1 shl 5);</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 certificate key usage''' <code> X509_KEY_USAGE_* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_KEY_USAGE_DIGITAL_SIGNATURE = (1 shl 0);</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_KEY_USAGE_NON_REPUDIATION = (1 shl 1);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_KEY_ENCIPHERMENT = (1 shl 2);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_DATA_ENCIPHERMENT = (1 shl 3);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_KEY_AGREEMENT = (1 shl 4);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_KEY_CERT_SIGN = (1 shl 5);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_CRL_SIGN = (1 shl 6);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_ENCIPHER_ONLY = (1 shl 7);</code>
+| &nbsp;
+|-
+| <code>X509_KEY_USAGE_DECIPHER_ONLY = (1 shl 8);</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
+<div style="font-size: 14px; padding-left: 12px;">'''X509 certificate extended key usage''' <code> X509_EXT_KEY_USAGE_* </code></div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>X509_EXT_KEY_USAGE_ANY	= (1 shl 0);</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>X509_EXT_KEY_USAGE_SERVER_AUTH = (1 shl 1);</code>
+| &nbsp;
+|-
+| <code>X509_EXT_KEY_USAGE_CLIENT_AUTH = (1 shl 2);</code>
+| &nbsp;
+|-
+| <code>X509_EXT_KEY_USAGE_OCSP = (1 shl 3);</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
 === Type definitions ===
 ----
-''To be documented''
+'''X509 serial number'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509SerialNumber = ^TX509SerialNumber;</code>
+<code>TX509SerialNumber = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>Value:array[0..X509_MAX_SERIAL_NUM_LEN - 1] of Byte;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>Length:Integer;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ToString:String;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 name attribute'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509NameAttribute = ^TX509NameAttribute;</code>
+<code>TX509NameAttribute = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>Value:String;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>_Type:LongWord;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ToString:String;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 name attributes'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509NameAttributes = ^TX509NameAttributes;</code>
+<code>TX509NameAttributes = array[0..X509_MAX_NAME_ATTRIBUTES - 1] of TX509NameAttribute;</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| &nbsp;
+| style="width: 50%;"|&nbsp;
+|-
+|}
+</div></div>
+'''X509 algorithm identifier'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509AlgorithmIdentifier = ^TX509AlgorithmIdentifier;</code>
+<code>TX509AlgorithmIdentifier = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>OID:TASN1OID;</code>
+| style="width: 50%;"|&nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ToString:String;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 public key'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509PublicKey = ^TX509PublicKey;</code>
+<code>TX509PublicKey = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>Algorithm:TX509AlgorithmIdentifier;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>Key:PByte;</code>
+| &nbsp;
+|-
+| <code>Length:Integer;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>procedure Release;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ToString:String;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 signature'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509Signature = ^TX509Signature;</code>
+<code>TX509Signature = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>Algorithm:TX509AlgorithmIdentifier;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>Value:PByte;</code>
+| &nbsp;
+|-
+| <code>Length:Integer;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>procedure Release;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 RSA public key'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509RSAPublicKey = ^TX509RSAPublicKey;</code>
+<code>TX509RSAPublicKey = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>Modulus:PByte;</code>
+| M
+|-
+| <code>PublicExponent:PByte;</code>
+| E
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>ModulusLen:Integer;</code>
+| &nbsp;
+|-
+| <code>PublicExponentLen:Integer;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>procedure Release;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 RSA private key'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509RSAPrivateKey = ^TX509RSAPrivateKey;</code>
+<code>TX509RSAPrivateKey = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>Version:Integer;</code>
+| &nbsp;
+|-
+| <code>Modulus:PByte;</code>
+| M
+|-
+| <code>PublicExponent:PByte;</code>
+| E
+|-
+| <code>PrivateExponent:PByte;</code>
+| D
+|-
+| <code>Prime1:PByte;</code>
+| P
+|-
+| <code>Prime2:PByte;</code>
+| Q
+|-
+| <code>Exponent1:PByte;</code>
+| D mod (P - 1)
+|-
+| <code>Exponent2:PByte;</code>
+| D mod (Q - 1)
+|-
+| <code>Coefficient:PByte;</code>
+| (Inverse of Q) mod P
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>ModulusLen:Integer;</code>
+| &nbsp;
+|-
+| <code>PublicExponentLen:Integer;</code>
+| &nbsp;
+|-
+| <code>PrivateExponentLen:Integer;</code>
+| &nbsp;
+|-
+| <code>Prime1Len:Integer;</code>
+| &nbsp;
+|-
+| <code>Prime2Len:Integer;</code>
+| &nbsp;
+|-
+| <code>Exponent1Len:Integer;</code>
+| &nbsp;
+|-
+| <code>Exponent2Len:Integer;</code>
+| &nbsp;
+|-
+| <code>CoefficientLen:Integer;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>procedure Release;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 ECDSA public key'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509ECDSAPublicKey = ^TX509ECDSAPublicKey;</code>
+<code>TX509ECDSAPublicKey = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>procedure Release;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 ECDSA private key'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>PX509ECDSAPrivateKey = ^TX509ECDSAPrivateKey;</code>
+<code>TX509ECDSAPrivateKey = record</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+| <code>function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>procedure Release;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
 === Class definitions ===
 ----
-''To be documented''
+'''X509 name'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>TX509Name = class(TObject)</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''private'''</div>
+|-
+| <code>function StringCompare(const AValue1,AValue2:String):Integer;</code>
+| &nbsp;
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''public'''</div>
+|-
+| <code>NameAttributes:TX509NameAttributes;</code>
+| &nbsp;
+|-
+| <code>NameAttributeCount:LongWord;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>Email:String;</code>
+| emailAddress
+|-
+|colspan="2"|''From subjectAltName extension''
+|-
+| <code>AltEmail:String;</code>
+| rfc822Name
+|-
+| <code>DNS:String;</code>
+| dNSName
+|-
+| <code>URI:String;</code>
+| uniformResourceIdentifier
+|-
+| <code>IP:PByte;</code>
+| iPAddress
+|-
+| <code>IPLen:Longword;</code>
+| IPv4 = 4,IPv6 = 16
+|-
+| <code>RegisteredID:TASN1OID;</code>
+| registeredID
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>destructor Destroy; override;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function GetCN:String;</code>
+| &nbsp;
+|-
+| <code>function GetDN:String;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function Compare(AName:TX509Name):Integer;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 certificate'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>TX509Certificate = class;</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''private'''</div>
+|-
+|colspan="2"|&nbsp;
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''public'''</div>
+|-
+|colspan="2"|&nbsp;
+|-
+|}
+</div></div>
+'''X509 certificate list'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>TX509CertificateList = class(TObject)</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''protected'''</div>
+|-
+| <code>FList:TList;</code>
+| style="width: 50%;"|&nbsp;
+|-
+| <code>FLock: TCriticalSectionHandle;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>procedure Clear;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function AcquireLock:Boolean;</code>
+| &nbsp;
+|-
+| <code>function ReleaseLock:Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''public'''</div>
+|-
+| <code>constructor Create;</code>
+| &nbsp;
+|-
+| <code>destructor Destroy; override;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function First:TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function Last:TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function Prev(ACertificate:TX509Certificate):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function Next(ACertificate:TX509Certificate):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function Add(ACertificate:TX509Certificate):Boolean; virtual;</code>
+| &nbsp;
+|-
+| <code>function Remove(ACertificate:TX509Certificate):Boolean; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function FindByIssuer(AName:TX509Name):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function FindBySubject(AName:TX509Name):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportDER(ABuffer:Pointer; ASize:Integer):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function ImportPEM(ABuffer:Pointer; ASize:Integer):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 certificate chain'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>TX509CertificateChain = class(TObject)</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''protected'''</div>
+|-
+| <code>FRoot:TX509Certificate;</code>
+|  style="width: 50%;"|&nbsp;
+|-
+| <code>FLock: TCriticalSectionHandle;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>procedure Clear; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function AcquireLock:Boolean;</code>
+| &nbsp;
+|-
+| <code>function ReleaseLock:Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''public'''</div>
+|-
+| <code>property Root:TX509Certificate read FRoot;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>constructor Create(ARoot:TX509Certificate); virtual;</code>
+| &nbsp;
+|-
+| <code>destructor Destroy; override;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function Last:TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function Prev(ACertificate:TX509Certificate):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function Next(ACertificate:TX509Certificate):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function InsertAfter(AParent,ACertificate:TX509Certificate):Boolean; virtual;</code>
+| &nbsp;
+|-
+| <code>function InsertBefore(AChild,ACertificate:TX509Certificate):Boolean; virtual;</code>
+| &nbsp;
+|-
+| <code>function Remove(ACertificate:TX509Certificate):Boolean; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function FindByIssuer(AName:TX509Name):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function FindBySubject(AName:TX509Name):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function FindBySubjectCN(const AName:String):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function FindBySubjectDN(const AName:String):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportDER(ABuffer:Pointer;ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+| <code>function ImportPEM(ABuffer:Pointer;ASize:Integer; AParent:TX509Certificate):TX509Certificate; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function GetPathLength(ACertificate:TX509Certificate):LongWord; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ValidateChain(ATrust:TX509CertificateList):Integer; virtual;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+'''X509 certificate'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial;">
+<code>TX509Certificate = class(TObject)</code>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''protected'''</div>
+|-
+| <code>FList:TX509CertificateList;</code>
+| &nbsp;
+|-
+| <code>FChain:TX509CertificateChain;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>FParent:TX509Certificate;</code>
+| &nbsp;
+|-
+| <code>FChild:TX509Certificate;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>FData:PByte;</code>
+| Copy of certificate data from import
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>FTBSData:PByte;</code>
+| Pointer to start of TBS (To Be Signed) data
+|-
+| <code>FTBSSize:LongWord;</code>
+| Length of TBS (To Be Signed) data
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportTime(ABuffer:PByte; ASize:Integer; ATag:LongWord  ADateTime:TDateTime):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportName(ABuffer:PByte; ASize:Integer; AName:TX509Name; var ANext:PByte):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionAltName(ABuffer:PByte; ASize:Integer; AName:TX509Name):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportAlgorithmIdentifier(ABuffer:PByte; ASize:Integer; var AIdentifier:TX509AlgorithmIdentifier; var ANext:PByte):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportValidity(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportPublicKey(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportExtension(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionData(ABuffer:PByte; ASize:Integer; const AOID:TASN1OID):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionKeyUsage(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionSubjectAltName(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionIssuerAltName(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionBasicContraints(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function ImportExtensionExtKeyUsage(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportExtensions(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportTBSCertificate(ABuffer:PByte; ASize:Integer; var ANext:PByte):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function VerifyRSASignature(AIssuer:TX509Certificate):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function VerifyMD5Digest(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function VerifySHA1Digest(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function VerifySHA256Digest(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function VerifySHA384Digest(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+| <code>function VerifySHA512Digest(ABuffer:PByte; ASize:Integer):Boolean;</code>
+| &nbsp;
+|-
+|colspan="2"|<div style="font-family: monospace,courier;">'''public'''</div>
+|-
+|colspan="2"|''Properties''
+|-
+| <code>Version:LongWord;</code>
+| &nbsp;
+|-
+| <code>SerialNumber:TX509SerialNumber;</code>
+| &nbsp;
+|-
+| <code>SignatureAlgorithm:TX509AlgorithmIdentifier;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>Issuer:TX509Name;</code>
+| &nbsp;
+|-
+| <code>Subject:TX509Name;</code>
+| &nbsp;
+|-
+| <code>SubjectDN:String;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>NotBefore:TDateTime;</code>
+| &nbsp;
+|-
+| <code>NotAfter:TDateTime;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>PublicKey:TX509PublicKey;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>Signature:TX509Signature;</code>
+| &nbsp;
+|-
+|colspan="2"|''Extensions''
+|-
+| <code>ExtensionsPresent:LongWord;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>CA:Boolean;</code>
+| &nbsp;
+|-
+| <code>PathLenConstraint:LongWord;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>KeyUsage:LongWord;</code>
+| &nbsp;
+|-
+| <code>ExtendedKeyUsage:LongWord;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>property List:TX509CertificateList read FList;</code>
+| &nbsp;
+|-
+| <code>property Chain:TX509CertificateChain read FChain;</code>
+| &nbsp;
+|-
+| <code>property Parent:TX509Certificate read FParent;</code>
+| &nbsp;
+|-
+| <code>property Child:TX509Certificate read FChild;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>constructor Create(AChain:TX509CertificateChain; AParent:TX509Certificate); virtual;</code>
+| &nbsp;
+|-
+| <code>destructor Destroy; override;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function ImportDER(ABuffer:Pointer; ASize:Integer):Boolean; virtual;</code>
+| &nbsp;
+|-
+| <code>function ImportPEM(ABuffer:Pointer; ASize:Integer):Boolean; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function IsValidIssuer:Boolean; virtual;</code>
+| &nbsp;
+|-
+| <code>function IsSelfSigned:Boolean; virtual;</code>
+| &nbsp;
+|-
+|colspan="2"|&nbsp;
+|-
+| <code>function VerifySignature(AIssuer:TX509Certificate):Boolean; virtual;</code>
+| &nbsp;
+|-
+| <code>function ValidateCertificate(AIssuer:TX509Certificate):Integer; virtual;</code>
+| &nbsp;
+|-
+|}
+</div></div>
+<br />
 === Public variables ===
@@ Line 36: / Line 991: @@
 ----
-''To be documented''
+'''X509 helper functions'''
+<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 0px; padding-bottom: 15px;">
+<pre style="border: 0; padding-bottom:0px;">function X509NameAttributeTypeToString(AType:LongWord):String;</pre>
+<div style="font-size: 14px; padding-left: 12px;">'''Description:''' To be documented</div>
+<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
+{| class="wikitable" style="font-size: 14px; background: white;"
+|-
+! Note
+| None documented
+|-
+|}
+</div></div>
+<br />
 Return to [[Unit_Reference|Unit Reference]]