2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
22 #ifndef _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_H_
23 #define _WRT_ENGINE_SRC_INSTALLER_CORE_VALIDATION_CORE_CERTIFICATE_H_
31 #include <openssl/x509.h>
33 #include <dpl/exception.h>
34 #include <dpl/noncopyable.h>
35 #include <dpl/shared_ptr.h>
36 #include <dpl/enable_shared_from_this.h>
37 #include <dpl/optional.h>
38 #include <dpl/optional_typedefs.h>
39 #include <dpl/string.h>
41 #include <cert-service.h>
43 namespace ValidationCore {
45 // from OpenSSL asn1/a_utctm.c code
46 int asn1TimeToTimeT(ASN1_TIME *t,
50 int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm,
55 typedef DPL::SharedPtr<Certificate> CertificatePtr;
56 typedef std::list<CertificatePtr> CertificateList;
58 class Certificate : public DPL::EnableSharedFromThis<Certificate>
61 typedef std::vector<unsigned char> Fingerprint;
62 typedef DPL::String AltName;
63 typedef std::set<AltName> AltNameSet;
85 DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
86 DECLARE_EXCEPTION_TYPE(Base, OpensslInternalError)
89 explicit Certificate(X509 *cert);
91 explicit Certificate(cert_svc_mem_buff &buffer);
93 explicit Certificate(const std::string &der,
94 FormType form = FORM_DER);
98 // It returns pointer to internal structure!
99 // Do not free this pointer!
100 X509 *getX509(void) const;
102 std::string getDER(void) const;
104 std::string getBase64(void) const;
106 // This const is cheating here because you have no
107 // guarantee that X509_get_subject_name will not
108 // change X509 object.
109 bool isSignedBy(const CertificatePtr &parent) const;
111 Fingerprint getFingerprint(FingerprintType type) const;
113 DPL::OptionalString getCommonName(FieldType type = FIELD_SUBJECT) const;
114 DPL::OptionalString getCountryName(FieldType type = FIELD_SUBJECT) const;
115 DPL::OptionalString getStateOrProvinceName(
116 FieldType type = FIELD_SUBJECT) const;
117 DPL::OptionalString getLocalityName(FieldType type = FIELD_SUBJECT) const;
118 DPL::OptionalString getOrganizationName(
119 FieldType type = FIELD_SUBJECT) const;
120 DPL::OptionalString getOrganizationalUnitName(
121 FieldType type = FIELD_SUBJECT) const;
122 DPL::OptionalString getOCSPURL() const;
124 // Openssl supports 9 types of alternative name filed.
125 // 4 of them are "string similar" types so it is possible
126 // to create more generic function.
127 AltNameSet getAlternativeNameDNS() const;
129 time_t getNotAfter() const;
132 * @brief This is convenient function.
134 * @details It can't be const function (however it doesn't change internal
135 * object). For details see #isSignedBy() function description.
140 * @brief Gets list of CRL distribution's points URIs
142 std::list<std::string> getCrlUris() const;
145 DPL::OptionalString getField(FieldType type,
150 } // namespace ValidationCore