1 | // |
2 | // InvalidCertificateHandler.h |
3 | // |
4 | // Library: NetSSL_OpenSSL |
5 | // Package: SSLCore |
6 | // Module: InvalidCertificateHandler |
7 | // |
8 | // Definition of the InvalidCertificateHandler class. |
9 | // |
10 | // Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. |
11 | // and Contributors. |
12 | // |
13 | // SPDX-License-Identifier: BSL-1.0 |
14 | // |
15 | |
16 | |
17 | #ifndef NetSSL_InvalidCertificateHandler_INCLUDED |
18 | #define NetSSL_InvalidCertificateHandler_INCLUDED |
19 | |
20 | |
21 | #include "Poco/Net/NetSSL.h" |
22 | #include "Poco/Net/VerificationErrorArgs.h" |
23 | |
24 | |
25 | namespace Poco { |
26 | namespace Net { |
27 | |
28 | |
29 | class NetSSL_API InvalidCertificateHandler |
30 | /// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user |
31 | /// to inspect and accept/reject the certificate. |
32 | /// One can install one's own InvalidCertificateHandler by implementing this interface. Note that |
33 | /// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API |
34 | /// and the name of your handler class is MyGuiHandler): |
35 | /// |
36 | /// #include "Poco/Net/CertificateHandlerFactory.h" |
37 | /// ... |
38 | /// POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler) |
39 | /// |
40 | /// One can either set the handler directly in the startup code of the main method of ones application by calling |
41 | /// |
42 | /// SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext) |
43 | /// |
44 | /// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry |
45 | /// under the path openSSL.invalidCertificateHandler: |
46 | /// |
47 | /// <invalidCertificateHandler> |
48 | /// <name>MyGuiHandler<name> |
49 | /// <options> |
50 | /// [...] // Put optional config params for the handler here |
51 | /// </options> |
52 | /// </invalidCertificateHandler> |
53 | /// |
54 | /// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro. |
55 | { |
56 | public: |
57 | InvalidCertificateHandler(bool handleErrorsOnServerSide); |
58 | /// Creates the InvalidCertificateHandler. |
59 | /// |
60 | /// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side. |
61 | /// Automatically registers at one of the SSLManager::VerificationError events. |
62 | |
63 | virtual ~InvalidCertificateHandler(); |
64 | /// Destroys the InvalidCertificateHandler. |
65 | |
66 | virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0; |
67 | /// Receives the questionable certificate in parameter errorCert. If one wants to accept the |
68 | /// certificate, call errorCert.setIgnoreError(true). |
69 | |
70 | protected: |
71 | bool _handleErrorsOnServerSide; |
72 | /// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong) |
73 | /// or the client (a server certificate is wrong) |
74 | }; |
75 | |
76 | |
77 | } } // namespace Poco::Net |
78 | |
79 | |
80 | #endif // NetSSL_InvalidCertificateHandler_INCLUDED |
81 | |