GDPKICertificate Class Reference

X.509 Public Key Certificate. More...

#import <BlackBerryDynamics/GD/GDPKI.h>

Inheritance diagram for GDPKICertificate:

Description

Objects of this class are used to represent X.509 public key certificates in the BlackBerry Dynamics secure store. Certificates in the store could be used as part of integration with an enterprise public key infrastructure.

The properties of this class correspond to the standard fields of an X.509 public key certificate.

See also

RFC 3280 and RFC 5280 on the ietf.org website.

Public Key Infrastructure Integration

BlackBerry Dynamics can be integrated into a public key infrastructure (PKI) implementation. BlackBerry Dynamics has a number of capabilities for handling the X.509 public key certificates that would be associated with an end user within an enterprise PKI implementation.

Certificate Store Notifications

The BlackBerry Dynamics runtime maintains a secure certificate store on the device. The application code can be notified when certificates are added to, and removed from, the secure certificate store.

The typical usage of the notification interface is as follows.

1. The application code implements and adds a notification observer, using the native NSNotificationCenter programming interface.
   1. When the BlackBerry Dynamics runtime adds an X.509 certificate to its store, a notification is dispatched to the observer. The notification includes a reference to an object that represents the certificate.
2. The application code in the observer extracts the certificate object from the notification.
3. The application code can read the object properties to determine the characteristics of the certificate.

The available notifications are:

• GDPKINotificationCertificateAdded for when a certificate is added to the BlackBerry Dynamics certificate store.
• GDPKINotificationCertificateRemoved for when a certificate is removed from the BlackBerry Dynamics certificate store.

In all cases, the object of the notification will be an instance of this class that represents the certificate.

See also

NSNotificationCenter class reference on the apple.com developer website.

Certificate Credential Import documentation for a related interface.

Code Snippets

The following code snippets illustrate some common tasks.

Certificate Notification Observer

- (void)addCertificateObservers {
    [[NSNotificationCenter defaultCenter] addObserver:self
                                             selector:@selector(certificateAdded:)
                                                 name:GDPKINotificationCertificateAdded
                                               object:nil];
    [[NSNotificationCenter defaultCenter] addObserver:self
                                             selector:@selector(certificateRemoved:)
                                                 name:GDPKINotificationCertificateRemoved
                                               object:nil];
}
 
- (void)certificateAdded:(NSNotification *)nsNotification {
    GDPKICertificate *gdPKICertificate = nsNotification.object;
    SecCertificateRef secCertificate =
        SecCertificateCreateWithData(NULL, gdPKICertificate.binaryX509DER);
    CFStringRef secCertificateSummary =
        SecCertificateCopySubjectSummary(secCertificate);
    NSLog(@"Certificate added. Serial Number: \"%s\", Summary:\"%s\".\n",
          gdPKICertificate.serialNumber, (NSString*)secCertificateSummary);
    CFRelease(secCertificateSummary);
    CFRelease(secCertificate);
}
 
- (void)certificateRemoved:(NSNotification *)nsNotification {
    GDPKICertificate *gdPKICertificate = nsNotification.object;
  
    NSLog(@"Certificate removed. Serial Number: \"%@\".\n",
          gdPKICertificate.serialNumber );
}

The above snippet shows:

• Registration for notification of certificate addition and removal. The observer code is specified by selector.
• Dummy implementation of the certificate added listener that:
  • Logs one field directly from the notification object, which is a BlackBerry Dynamics representation of a certificate.
  • Creates a native representation of the same certificate, and logs another field from it.
• Dummy implementation of the certificate removed listener that logs one X.509 field.

See also

Certificates reference documentation on the apple.com developer website.

Instance Methods
(instancetype)	- initWithData:
	Initialize from binary DER encoded X.509 certificate data. More...

Properties
NSData *	binaryX509DER
	Binary DER encoded certificate data. More...
NSInteger	version
	X.509 version. More...
NSString *	serialNumber
	X.509 Serial Number field. More...
NSString *	subjectName
	X.509 Subject field. More...
NSString *	subjectAlternativeName
	X.509 Subject Alternative Name field. More...
NSString *	issuer
	X.509 Issuer field. More...
NSDate *	notBeforeDate
	X.509 Validity: Not Before date and time. More...
NSDate *	notAfterDate
	X.509 Validity: Not After date and time. More...
NSString *	keyUsage
	X.509 Key Usage field. More...

Method Documentation

initWithData:

- (instancetype) initWithData:

(NSData *)

x509

Call this function to initialize a new object from binary DER encoded X.509 certificate data.

Parameters

x509	NSData containing the binary DER encoded X.509 data.

Property Documentation

binaryX509DER

- (NSData*) binaryX509DER

readatomicassign

Binary DER encoded representation of the X.509 certificate data.

version

- (NSInteger) version

readatomicassign

The X.509 version of the certificate.

serialNumber

- (NSString*) serialNumber

readatomicassign

Value of the X.509 Serial Number field of the certificate.

subjectName

- (NSString*) subjectName

readatomicassign

Value of the X.509 Subject field of the certificate.

subjectAlternativeName

- (NSString*) subjectAlternativeName

readatomicassign

Value of the X.509 Subject Alternative Name field of the certificate.

issuer

- (NSString*) issuer

readatomicassign

Value of the X.509 Issuer field of the certificate.

notBeforeDate

- (NSDate*) notBeforeDate

readatomicassign

Value of the X.509 Validity: Not Before date and time of the certificate.

notAfterDate

- (NSDate*) notAfterDate

readatomicassign

Value of the X.509 Validity: Not After date and time of the certificate.

keyUsage

- (NSString*) keyUsage

readatomicassign

Value of the X.509 Key Usage field of the certificate.

---

The documentation for this class was generated from the following file:

• platform/apple/ios/build/BlackBerryDynamics.framework/Headers/GDPKI.h