1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#ifndef VMIME_SECURITY_CERT_X509CERTIFICATE_HPP_INCLUDED
#define VMIME_SECURITY_CERT_X509CERTIFICATE_HPP_INCLUDED
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
#include "vmime/security/cert/certificate.hpp"
#include "vmime/utility/stream.hpp"
#include "vmime/base.hpp"
#include "vmime/types.hpp"
#include "vmime/dateTime.hpp"
namespace vmime {
namespace security {
namespace cert {
/** Identity certificate based on X.509 standard.
*/
class VMIME_EXPORT X509Certificate : public certificate {
public:
~X509Certificate();
/** Supported encodings for X.509 certificates. */
enum Format {
FORMAT_DER, /**< DER encoding */
FORMAT_PEM /**< PEM encoding */
};
/** Supported digest algorithms (used for fingerprint). */
enum DigestAlgorithm {
DIGEST_MD5, /**< MD5 digest */
DIGEST_SHA1 /**< SHA1 digest */
};
/** Imports a DER or PEM encoded X.509 certificate.
*
* @param is input stream to read data from
* @return a X.509 certificate, or NULL if the given data does not
* represent a valid certificate
*/
static shared_ptr <X509Certificate> import(utility::inputStream& is);
/** Imports a DER or PEM encoded X.509 certificate.
*
* @param data points to raw data
* @param length size of data
* @return a X.509 certificate, or NULL if the given data does not
* represent a valid certificate
*/
static shared_ptr <X509Certificate> import(const byte_t* data, const size_t length);
/** Import sveral DER or PEM encoded X.509 certificates.
*
* @param is input stream to read data from
* @param certs the resulting list of certificates
*/
static void import(
utility::inputStream& is,
std::vector <shared_ptr <X509Certificate> >& certs
);
/** Import several DER or PEM encoded X.509 certificates.
*
* @param data points to raw data
* @param length size of data
* @param certs the resulting list of certificates
*/
static void import(
const byte_t* data,
const size_t length,
std::vector <shared_ptr <X509Certificate> >& certs
);
/** Exports this X.509 certificate to the specified format.
*
* @param os output stream into which write data
* @param format output format
*/
virtual void write(utility::outputStream& os, const Format format) const = 0;
/** Returns the X.509 certificate's serial number. This is obtained
* by the X.509 Certificate 'serialNumber' field. Serial is not
* always a 32 or 64bit number. Some CAs use large serial numbers,
* thus it may be wise to handle it as something opaque.
*
* @return serial number of this certificate
*/
virtual const byteArray getSerialNumber() const = 0;
/** Returns the distinguished name of the issuer of this certificate.
* Eg. "C=US,O=VeriSign\, Inc.,OU=Class 1 Public Primary Certification Authority"
*
* @return distinguished name of the certificate issuer, as a string
*/
virtual const string getIssuerString() const = 0;
/** Checks if this certificate has the given issuer.
*
* @param issuer certificate of a possible issuer
* @return true if this certificate was issued by the given issuer,
* false otherwise
*/
virtual bool checkIssuer(const shared_ptr <const X509Certificate>& issuer) const = 0;
/** Verifies this certificate against a given trusted one.
*
* @param caCert a certificate that is considered to be trusted one
* @return true if the verification succeeded, false otherwise
*/
virtual bool verify(const shared_ptr <const X509Certificate>& caCert) const = 0;
/** Verify certificate's subject name against the given hostname.
*
* @param hostname DNS name of the server
* @param nonMatchingNames if not NULL, will contain the names that do
* not match the identities in the certificate
* @return true if the match is successful, false otherwise
*/
virtual bool verifyHostName(
const string& hostname,
std::vector <std::string>* nonMatchingNames = NULL
) const = 0;
/** Gets the expiration date of this certificate. This is the date
* at which this certificate will not be valid anymore.
*
* @return expiration date of this certificate
*/
virtual const datetime getExpirationDate() const = 0;
/** Gets the activation date of this certificate. This is the date
* at which this certificate will be valid.
*
* @return activation date of this certificate
*/
virtual const datetime getActivationDate() const = 0;
/** Returns the fingerprint of this certificate.
*
* @return the fingerprint of this certificate
*/
virtual const byteArray getFingerprint(const DigestAlgorithm algo) const = 0;
/** Checks that the certificate is currently valid. For the certificate
* to be valid, the current date and time must be in the validity period
* specified in the certificate.
*
* @throw certificateExpiredException if the certificate has expired
* @throw certificateNotYetValidException if the certificate is not yet valid
*/
virtual void checkValidity();
};
} // cert
} // security
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
#endif // VMIME_SECURITY_CERT_X509CERTIFICATE_HPP_INCLUDED
|
