1//
2// X509Certificate.h
3//
4// Library: NetSSL_OpenSSL
5// Package: SSLCore
6// Module: X509Certificate
7//
8// Definition of the X509Certificate class.
9//
10// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
11// and Contributors.
12//
13// SPDX-License-Identifier: BSL-1.0
14//
15
16
17#ifndef NetSSL_X509Certificate_INCLUDED
18#define NetSSL_X509Certificate_INCLUDED
19
20
21#include "Poco/Net/NetSSL.h"
22#include "Poco/Net/SocketDefs.h"
23#include "Poco/Crypto/X509Certificate.h"
24#include "Poco/DateTime.h"
25#include "Poco/SharedPtr.h"
26#include <set>
27
28
29namespace Poco {
30namespace Net {
31
32
33class HostEntry;
34
35
36class NetSSL_API X509Certificate: public Poco::Crypto::X509Certificate
37 /// This class extends Poco::Crypto::X509Certificate with the
38 /// feature to validate a certificate.
39{
40public:
41 explicit X509Certificate(std::istream& istr);
42 /// Creates the X509Certificate object by reading
43 /// a certificate in PEM format from a stream.
44
45 explicit X509Certificate(const std::string& path);
46 /// Creates the X509Certificate object by reading
47 /// a certificate in PEM format from a file.
48
49 explicit X509Certificate(X509* pCert);
50 /// Creates the X509Certificate from an existing
51 /// OpenSSL certificate. Ownership is taken of
52 /// the certificate.
53
54 X509Certificate(X509* pCert, bool shared);
55 /// Creates the X509Certificate from an existing
56 /// OpenSSL certificate. Ownership is taken of
57 /// the certificate. If shared is true, the
58 /// certificate's reference count is incremented.
59
60 X509Certificate(const Poco::Crypto::X509Certificate& cert);
61 /// Creates the certificate by copying another one.
62
63 X509Certificate& operator = (const Poco::Crypto::X509Certificate& cert);
64 /// Assigns a certificate.
65
66 ~X509Certificate();
67 /// Destroys the X509Certificate.
68
69 bool verify(const std::string& hostName) const;
70 /// Verifies the validity of the certificate against the host name.
71 ///
72 /// For this check to be successful, the certificate must contain
73 /// a domain name that matches the domain name
74 /// of the host.
75 ///
76 /// Returns true if verification succeeded, or false otherwise.
77
78 static bool verify(const Poco::Crypto::X509Certificate& cert, const std::string& hostName);
79 /// Verifies the validity of the certificate against the host name.
80 ///
81 /// For this check to be successful, the certificate must contain
82 /// a domain name that matches the domain name
83 /// of the host.
84 ///
85 /// Returns true if verification succeeded, or false otherwise.
86
87protected:
88 static bool containsWildcards(const std::string& commonName);
89 static bool matchWildcard(const std::string& alias, const std::string& hostName);
90
91private:
92 enum
93 {
94 NAME_BUFFER_SIZE = 256
95 };
96};
97
98
99} } // namespace Poco::Net
100
101
102#endif // NetSSL_X509Certificate_INCLUDED
103