blob: 8b5b7491772ee4d84734a34b4cba5705e0912247 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/* cert_wrapper.hpp
*
* Copyright (C) 2003 Sawtooth Consulting Ltd.
*
* This file is part of yaSSL.
*
* yaSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* There are special exceptions to the terms and conditions of the GPL as it
* is applied to yaSSL. View the full text of the exception in the file
* FLOSS-EXCEPTIONS in the directory of this software distribution.
*
* yaSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* The certificate wrapper header defines certificate management functions
*
*/
#ifndef yaSSL_CERT_WRAPPER_HPP
#define yaSSL_CERT_WRAPPER_HPP
#ifdef _MSC_VER
// disable truncated debug symbols
#pragma warning(disable:4786)
#endif
#include "yassl_types.hpp" // SignatureAlgorithm
#include "buffer.hpp" // input_buffer
#include "asn.hpp" // SignerList
#include "list.hpp" // mySTL::list
#include "algorithm.hpp" // mySTL::for_each
namespace yaSSL {
typedef unsigned char opaque;
class X509; // forward openSSL type
using TaoCrypt::SignerList;
// an x509 version 3 certificate
class x509 {
uint length_;
opaque* buffer_;
public:
explicit x509(uint sz);
~x509();
uint get_length() const;
const opaque* get_buffer() const;
opaque* use_buffer();
x509(const x509&);
x509& operator=(const x509&);
private:
void Swap(x509&);
};
// Certificate Manager keeps a list of the cert chain and public key
class CertManager {
typedef mySTL::list<x509*> CertList;
CertList list_; // self
input_buffer privateKey_;
CertList peerList_; // peer
input_buffer peerPublicKey_;
X509* peerX509_; // peer's openSSL X509
SignatureAlgorithm keyType_; // self key type
SignatureAlgorithm peerKeyType_; // peer's key type
SignerList signers_; // decoded CA keys and names
// plus verified chained certs
bool verifyPeer_;
bool verifyNone_; // no error if verify fails
bool failNoCert_;
bool sendVerify_;
public:
CertManager();
~CertManager();
void AddPeerCert(x509* x); // take ownership
void CopySelfCert(const x509* x);
int CopyCaCert(const x509* x);
int Validate();
int SetPrivateKey(const x509&);
const x509* get_cert() const;
const opaque* get_peerKey() const;
const opaque* get_privateKey() const;
X509* get_peerX509() const;
SignatureAlgorithm get_keyType() const;
SignatureAlgorithm get_peerKeyType() const;
uint get_peerKeyLength() const;
uint get_privateKeyLength() const;
bool verifyPeer() const;
bool verifyNone() const;
bool failNoCert() const;
bool sendVerify() const;
void setVerifyPeer();
void setVerifyNone();
void setFailNoCert();
void setSendVerify();
private:
CertManager(const CertManager&); // hide copy
CertManager& operator=(const CertManager&); // and assign
};
} // naemspace
#endif // yaSSL_CERT_WRAPPER_HPP
|
