1 | // |
2 | // X509Certificate.h |
3 | // |
4 | // Library: NetSSL_OpenSSL |
5 | // Package: SSLCore |
6 | // Module: X509Certificate |
7 | // |
8 | // Definition of the X509Certificate class. |
9 | // |
10 | // Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH. |
11 | // and Contributors. |
12 | // |
13 | // SPDX-License-Identifier: BSL-1.0 |
14 | // |
15 | |
16 | |
17 | #ifndef NetSSL_X509Certificate_INCLUDED |
18 | #define NetSSL_X509Certificate_INCLUDED |
19 | |
20 | |
21 | #include "Poco/Net/NetSSL.h" |
22 | #include "Poco/Net/SocketDefs.h" |
23 | #include "Poco/Crypto/X509Certificate.h" |
24 | #include "Poco/DateTime.h" |
25 | #include "Poco/SharedPtr.h" |
26 | #include <set> |
27 | |
28 | |
29 | namespace Poco { |
30 | namespace Net { |
31 | |
32 | |
33 | class HostEntry; |
34 | |
35 | |
36 | class NetSSL_API X509Certificate: public Poco::Crypto::X509Certificate |
37 | /// This class extends Poco::Crypto::X509Certificate with the |
38 | /// feature to validate a certificate. |
39 | { |
40 | public: |
41 | explicit X509Certificate(std::istream& istr); |
42 | /// Creates the X509Certificate object by reading |
43 | /// a certificate in PEM format from a stream. |
44 | |
45 | explicit X509Certificate(const std::string& path); |
46 | /// Creates the X509Certificate object by reading |
47 | /// a certificate in PEM format from a file. |
48 | |
49 | explicit X509Certificate(X509* pCert); |
50 | /// Creates the X509Certificate from an existing |
51 | /// OpenSSL certificate. Ownership is taken of |
52 | /// the certificate. |
53 | |
54 | X509Certificate(X509* pCert, bool shared); |
55 | /// Creates the X509Certificate from an existing |
56 | /// OpenSSL certificate. Ownership is taken of |
57 | /// the certificate. If shared is true, the |
58 | /// certificate's reference count is incremented. |
59 | |
60 | X509Certificate(const Poco::Crypto::X509Certificate& cert); |
61 | /// Creates the certificate by copying another one. |
62 | |
63 | X509Certificate& operator = (const Poco::Crypto::X509Certificate& cert); |
64 | /// Assigns a certificate. |
65 | |
66 | ~X509Certificate(); |
67 | /// Destroys the X509Certificate. |
68 | |
69 | bool verify(const std::string& hostName) const; |
70 | /// Verifies the validity of the certificate against the host name. |
71 | /// |
72 | /// For this check to be successful, the certificate must contain |
73 | /// a domain name that matches the domain name |
74 | /// of the host. |
75 | /// |
76 | /// Returns true if verification succeeded, or false otherwise. |
77 | |
78 | static bool verify(const Poco::Crypto::X509Certificate& cert, const std::string& hostName); |
79 | /// Verifies the validity of the certificate against the host name. |
80 | /// |
81 | /// For this check to be successful, the certificate must contain |
82 | /// a domain name that matches the domain name |
83 | /// of the host. |
84 | /// |
85 | /// Returns true if verification succeeded, or false otherwise. |
86 | |
87 | protected: |
88 | static bool containsWildcards(const std::string& commonName); |
89 | static bool matchWildcard(const std::string& alias, const std::string& hostName); |
90 | |
91 | private: |
92 | enum |
93 | { |
94 | NAME_BUFFER_SIZE = 256 |
95 | }; |
96 | }; |
97 | |
98 | |
99 | } } // namespace Poco::Net |
100 | |
101 | |
102 | #endif // NetSSL_X509Certificate_INCLUDED |
103 | |