Ark Server API (ASE) - Wiki
Loading...
Searching...
No Matches
X509Certificate.h
Go to the documentation of this file.
1//
2// X509Certificate.h
3//
4// Library: Crypto
5// Package: Certificate
6// Module: X509Certificate
7//
8// Definition of the X509Certificate class.
9//
10// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
11// and Contributors.
12//
13// SPDX-License-Identifier: BSL-1.0
14//
15
16
17#ifndef Crypto_X509Certificate_INCLUDED
18#define Crypto_X509Certificate_INCLUDED
19
20
21#include "Poco/Crypto/Crypto.h"
22#include "Poco/Crypto/OpenSSLInitializer.h"
23#include "Poco/DigestEngine.h"
24#include "Poco/DateTime.h"
25#include "Poco/SharedPtr.h"
26#include <vector>
27#include <set>
28#include <istream>
29#include <openssl/ssl.h>
30
31
32namespace Poco {
33namespace Crypto {
34
35
37 /// This class represents a X509 Certificate.
38{
39public:
40 using List = std::vector<X509Certificate>;
41
42 enum NID
43 /// Name identifier for extracting information from
44 /// a certificate subject's or issuer's distinguished name.
45 {
54 };
55
56 explicit X509Certificate(std::istream& istr);
57 /// Creates the X509Certificate object by reading
58 /// a certificate in PEM format from a stream.
59
60 explicit X509Certificate(const std::string& path);
61 /// Creates the X509Certificate object by reading
62 /// a certificate in PEM format from a file.
63
64 explicit X509Certificate(X509* pCert);
65 /// Creates the X509Certificate from an existing
66 /// OpenSSL certificate. Ownership is taken of
67 /// the certificate.
68
69 X509Certificate(X509* pCert, bool shared);
70 /// Creates the X509Certificate from an existing
71 /// OpenSSL certificate. Ownership is taken of
72 /// the certificate. If shared is true, the
73 /// certificate's reference count is incremented.
74
76 /// Creates the certificate by copying another one.
77
79 /// Creates the certificate by moving another one.
80
82 /// Assigns a certificate.
83
85 /// Move assignment.
86
87 void swap(X509Certificate& cert);
88 /// Exchanges the certificate with another one.
89
91 /// Destroys the X509Certificate.
92
93 long version() const;
94 /// Returns the version of the certificate.
95
96 const std::string& serialNumber() const;
97 /// Returns the certificate serial number as a
98 /// string in decimal encoding.
99
100 const std::string& issuerName() const;
101 /// Returns the certificate issuer's distinguished name.
102
103 std::string issuerName(NID nid) const;
104 /// Extracts the information specified by the given
105 /// NID (name identifier) from the certificate issuer's
106 /// distinguished name.
107
108 const std::string& subjectName() const;
109 /// Returns the certificate subject's distinguished name.
110
111 std::string subjectName(NID nid) const;
112 /// Extracts the information specified by the given
113 /// NID (name identifier) from the certificate subject's
114 /// distinguished name.
115
116 std::string commonName() const;
117 /// Returns the common name stored in the certificate
118 /// subject's distinguished name.
119
120 void extractNames(std::string& commonName, std::set<std::string>& domainNames) const;
121 /// Extracts the common name and the alias domain names from the
122 /// certificate.
123
125 /// Returns the date and time the certificate is valid from.
126
128 /// Returns the date and time the certificate expires.
129
130 Poco::DigestEngine::Digest fingerprint(const std::string& algorithm = "SHA1") const;
131 /// Computes and returns the fingerprint of the certificate,
132 /// using the given algorithm. The algorithm must be supported
133 /// by OpenSSL, e.g., "SHA1" or "SHA256".
134
135 void save(std::ostream& stream) const;
136 /// Writes the certificate to the given stream.
137 /// The certificate is written in PEM format.
138
139 void save(const std::string& path) const;
140 /// Writes the certificate to the file given by path.
141 /// The certificate is written in PEM format.
142
143 bool issuedBy(const X509Certificate& issuerCertificate) const;
144 /// Checks whether the certificate has been issued by
145 /// the issuer given by issuerCertificate. This can be
146 /// used to validate a certificate chain.
147 ///
148 /// Verifies if the certificate has been signed with the
149 /// issuer's private key, using the public key from the issuer
150 /// certificate.
151 ///
152 /// Returns true if verification against the issuer certificate
153 /// was successful, false otherwise.
154
155 bool equals(const X509Certificate& otherCertificate) const;
156 /// Checks whether the certificate is equal to
157 /// the other certificate, by comparing the hashes
158 /// of both certificates.
159 ///
160 /// Returns true if both certificates are identical,
161 /// otherwise false.
162
163 const X509* certificate() const;
164 /// Returns the underlying OpenSSL certificate.
165
166 X509* dup() const;
167 /// Duplicates and returns the underlying OpenSSL certificate. Note that
168 /// the caller assumes responsibility for the lifecycle of the created
169 /// certificate.
170
171 std::string signatureAlgorithm() const;
172 /// Returns the certificate signature algorithm long name.
173
174 void print(std::ostream& out) const;
175 /// Prints the certificate information to ostream.
176
177 static List readPEM(const std::string& pemFileName);
178 /// Reads and returns a list of certificates from
179 /// the specified PEM file.
180
181 static void writePEM(const std::string& pemFileName, const List& list);
182 /// Writes the list of certificates to the specified PEM file.
183
184protected:
185 void load(std::istream& stream);
186 /// Loads the certificate from the given stream. The
187 /// certificate must be in PEM format.
188
189 void load(const std::string& path);
190 /// Loads the certificate from the given file. The
191 /// certificate must be in PEM format.
192
193 void init();
194 /// Extracts issuer and subject name from the certificate.
195
196private:
197 enum
198 {
199 NAME_BUFFER_SIZE = 256
200 };
201
207};
208
209
210//
211// inlines
212//
213
214
215inline long X509Certificate::version() const
216{
217 // This is defined by standards (X.509 et al) to be
218 // one less than the certificate version.
219 // So, eg. a version 3 certificate will return 2.
220 return X509_get_version(_pCert) + 1;
221}
222
223
224inline const std::string& X509Certificate::serialNumber() const
225{
226 return _serialNumber;
227}
228
229
230inline const std::string& X509Certificate::issuerName() const
231{
232 return _issuerName;
233}
234
235
236inline const std::string& X509Certificate::subjectName() const
237{
238 return _subjectName;
239}
240
241
242inline const X509* X509Certificate::certificate() const
243{
244 return _pCert;
245}
246
247
248inline X509* X509Certificate::dup() const
249{
250 return X509_dup(_pCert);
251}
252
253
254} } // namespace Poco::Crypto
255
256
257#endif // Crypto_X509Certificate_INCLUDED
#define ARK_API
Definition Base.h:9
#define POCO_EXTERNAL_OPENSSL
Definition Config.h:189
#define POCO_NO_SOO
Definition Config.h:82
#define POCO_DO_JOIN2(X, Y)
Definition Foundation.h:134
#define POCO_DO_JOIN(X, Y)
Definition Foundation.h:133
#define Foundation_API
Definition Foundation.h:60
#define POCO_JOIN(X, Y)
Definition Foundation.h:132
#define POCO_HAVE_IPv6
Definition Net.h:64
#define Net_API
Definition Net.h:47
#define NetSSL_API
Definition NetSSL.h:48
#define POCO_OS_IRIX
Definition Platform.h:35
#define POCO_OS_TRU64
Definition Platform.h:30
#define POCO_OS_WINDOWS_NT
Definition Platform.h:43
#define POCO_OS_HPUX
Definition Platform.h:29
#define POCO_OS_CYGWIN
Definition Platform.h:39
#define POCO_OS_WINDOWS_CE
Definition Platform.h:44
#define POCO_UNUSED
Definition Platform.h:274
#define POCO_OS_VXWORKS
Definition Platform.h:38
#define POCO_OS_ANDROID
Definition Platform.h:41
#define POCO_OS_QNX
Definition Platform.h:37
#define POCO_OS_AIX
Definition Platform.h:28
#define POCO_OS_LINUX
Definition Platform.h:31
#define POCO_OS_SOLARIS
Definition Platform.h:36
#define POCO_ARCH_AMD64
Definition Platform.h:129
#define OPENSSL_VERSION_PREREQ(maj, min)
Definition Crypto.h:36
#define Crypto_API
Definition Crypto.h:82
RSAPaddingMode
The padding mode used for RSA public key encryption.
Definition Crypto.h:44
@ RSA_PADDING_PKCS1_OAEP
PKCS #1 v1.5 padding. This currently is the most widely used mode.
Definition Crypto.h:48
@ RSA_PADDING_NONE
Definition Crypto.h:52
@ RSA_PADDING_PKCS1
Definition Crypto.h:45
#define POCO_EXTERNAL_OPENSSL_SLPRO
Definition Crypto.h:24
#define poco_ntoh_32(x)
Definition SocketDefs.h:328
#define INADDR_NONE
Definition SocketDefs.h:291
#define INADDR_BROADCAST
Definition SocketDefs.h:299
#define INADDR_ANY
Definition SocketDefs.h:295
#define poco_ntoh_16(x)
Definition SocketDefs.h:326
#define INADDR_LOOPBACK
Definition SocketDefs.h:303
virtual std::unique_ptr< ArkApi::ICommands > & GetCommands()=0
std::mutex RequestMutex_
Definition Requests.cpp:47
void WriteRequest(std::function< void(bool, std::string)> callback, bool success, std::string result)
Definition Requests.cpp:73
std::string GetResponse(Poco::Net::HTTPClientSession *session, Poco::Net::HTTPResponse &response)
Definition Requests.cpp:107
Poco::Net::HTTPRequest ConstructRequest(const std::string &url, Poco::Net::HTTPClientSession *&session, const std::vector< std::string > &headers, const std::string &request_type)
Definition Requests.cpp:79
std::vector< RequestData > RequestsVec_
Definition Requests.cpp:46
Requests(Requests &&)=delete
ARK_API bool CreateGetRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, std::vector< std::string > headers={})
Creates an async GET Request that runs in another thread but calls the callback from the main thread.
Definition Requests.cpp:129
ARK_API bool CreatePostRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, const std::vector< std::string > &post_ids, const std::vector< std::string > &post_data, std::vector< std::string > headers={})
Creates an async POST Request that runs in another thread but calls the callback from the main thread...
Definition Requests.cpp:238
Requests & operator=(Requests &&)=delete
ARK_API bool CreateDeleteRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, std::vector< std::string > headers={})
Creates an async DELETE Request that runs in another thread but calls the callback from the main thre...
Definition Requests.cpp:292
Requests & operator=(const Requests &)=delete
ARK_API bool CreatePostRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, const std::string &post_data, std::vector< std::string > headers={})
Creates an async POST Request with application/x-www-form-urlencoded content type that runs in anothe...
Definition Requests.cpp:162
static ARK_API Requests & Get()
Definition Requests.cpp:67
ARK_API bool CreatePostRequest(const std::string &url, const std::function< void(bool, std::string)> &callback, const std::string &post_data, const std::string &content_type, std::vector< std::string > headers={})
Creates an async POST Request that runs in another thread but calls the callback from the main thread...
Definition Requests.cpp:200
std::unique_ptr< impl > pimpl
Definition Requests.h:84
Requests(const Requests &)=delete
virtual void AddOnTickCallback(const FString &id, const std::function< void(float)> &callback)=0
Added function will be called every frame.
virtual bool RemoveOnTickCallback(const FString &id)=0
Removes a on-tick callback.
Definition Logger.h:9
static std::shared_ptr< spdlog::logger > & GetLog()
Definition Logger.h:22
static std::string what(const char *msg, const char *file, int line, const char *text=0)
static void bugcheck(const char *msg, const char *file, int line)
static void nullPointer(const char *ptr, const char *file, int line)
static void debugger(const char *msg, const char *file, int line)
static void debugger(const char *file, int line)
static void bugcheck(const char *file, int line)
static void assertion(const char *cond, const char *file, int line, const char *text=0)
static void unexpected(const char *file, int line)
This class represents a X509 Certificate.
void swap(X509Certificate &cert)
Move assignment.
std::string subjectName(NID nid) const
Returns the certificate subject's distinguished name.
bool equals(const X509Certificate &otherCertificate) const
const X509 * certificate() const
Poco::DateTime expiresOn() const
Returns the date and time the certificate is valid from.
X509Certificate(X509 *pCert, bool shared)
std::string issuerName(NID nid) const
Returns the certificate issuer's distinguished name.
const std::string & subjectName() const
X509Certificate(const X509Certificate &cert)
const std::string & serialNumber() const
Returns the version of the certificate.
X509Certificate & operator=(const X509Certificate &cert)
Creates the certificate by moving another one.
X509 * dup() const
Returns the underlying OpenSSL certificate.
~X509Certificate()
Exchanges the certificate with another one.
bool issuedBy(const X509Certificate &issuerCertificate) const
const std::string & issuerName() const
long version() const
Destroys the X509Certificate.
X509Certificate(X509Certificate &&cert) noexcept
Creates the certificate by copying another one.
void load(std::istream &stream)
Writes the list of certificates to the specified PEM file.
std::string signatureAlgorithm() const
void print(std::ostream &out) const
Returns the certificate signature algorithm long name.
Poco::DateTime validFrom() const
X509Certificate(std::istream &istr)
std::string commonName() const
void save(std::ostream &stream) const
OpenSSLInitializer _openSSLInitializer
X509Certificate & operator=(X509Certificate &&cert) noexcept
Assigns a certificate.
std::string displayText() const
Returns the exception code if defined.
void init(const Params &params)
void setSessionCacheSize(std::size_t size)
Returns true iff the session cache is enabled.
std::size_t getSessionCacheSize() const
Context::VerificationMode verificationMode() const
Returns true iff the context is for use by a server.
Definition Context.h:466
void requireMinimumProtocol(Protocols protocol)
void enableExtendedCertificateVerification(bool flag=true)
void setInvalidCertificateHandler(InvalidCertificateHandlerPtr pInvalidCertificageHandler)
Usage _usage
Create a SSL_CTX object according to Context configuration.
Definition Context.h:437
Usage usage() const
Returns the underlying OpenSSL SSL Context object.
Definition Context.h:449
SSL_CTX * sslContext() const
Definition Context.h:472
long getSessionTimeout() const
void usePrivateKey(const Poco::Crypto::RSAKey &key)
Add one trusted certification authority to be used by the Context.
void enableSessionCache(bool flag=true)
Returns the verification mode.
void addCertificateAuthority(const Poco::Crypto::X509Certificate &certificate)
Adds a certificate for certificate chain validation.
void usePrivateKey(const Poco::Crypto::EVPPKey &pkey)
bool extendedCertificateVerificationEnabled() const
Definition Context.h:478
bool isForServerUse() const
Definition Context.h:455
void addChainCertificate(const Poco::Crypto::X509Certificate &certificate)
bool _ocspStaplingResponseVerification
Definition Context.h:441
bool ocspStaplingResponseVerificationEnabled() const
Definition Context.h:484
bool _extendedCertificateVerification
Definition Context.h:440
VerificationMode _mode
Definition Context.h:438
@ SERVER_USE
DEPRECATED. Context is used by a client.
Definition Context.h:71
@ TLSV1_2_CLIENT_USE
DEPRECATED. Context is used by a server requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
Definition Context.h:76
@ TLSV1_CLIENT_USE
DEPRECATED. Context is used by a server.
Definition Context.h:72
@ TLSV1_3_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.3 (OpenSSL 1.1.1 or newer).
Definition Context.h:79
@ CLIENT_USE
Context is used by a client for TLSv1 or higher. Use requireMinimumProtocol() or disableProtocols() t...
Definition Context.h:70
@ TLSV1_2_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
Definition Context.h:77
@ TLSV1_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.
Definition Context.h:73
@ TLSV1_3_CLIENT_USE
DEPRECATED. Context is used by a server requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
Definition Context.h:78
@ TLS_SERVER_USE
Context is used by a client for TLSv1 or higher. Use requireMinimumProtocol() or disableProtocols() t...
Definition Context.h:69
@ TLSV1_1_CLIENT_USE
DEPRECATED. Context is used by a server requiring TLSv1.
Definition Context.h:74
@ TLSV1_1_SERVER_USE
DEPRECATED. Context is used by a client requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
Definition Context.h:75
void useCertificate(const Poco::Crypto::X509Certificate &certificate)
Destroys the Context.
void preferServerCiphers()
Context(Usage usage, const Params &params)
InvalidCertificateHandlerPtr _pInvalidCertificateHandler
Definition Context.h:442
void setSessionTimeout(long seconds)
InvalidCertificateHandlerPtr getInvalidCertificateHandler() const
Definition Context.h:490
void disableStatelessSessionResumption()
bool sessionCacheEnabled() const
void disableProtocols(int protocols)
SSL_CTX * _pSSLContext
Definition Context.h:439
virtual std::istream & receiveResponse(HTTPResponse &response)
virtual std::ostream & sendRequest(HTTPRequest &request)
Returns the connection timeout for HTTP connections.
static const std::string HTTP_1_1
void setContentLength(std::streamsize length)
Returns the HTTP version for this message.
HTTPRequest(const std::string &method, const std::string &uri, const std::string &version)
Creates a HTTP/1.0 request with the given method and URI.
static const std::string HTTP_GET
static const std::string HTTP_DELETE
static const std::string HTTP_POST
const std::string & getReason() const
Sets the HTTP reason phrase.
HTTPResponse(HTTPStatus status)
HTTPStatus getStatus() const
HTTPSClientSession(const std::string &host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession)
std::string proxyRequestPrefix() const
Sends the given HTTPRequest over an existing connection.
HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession)
HTTPSClientSession(Context::Ptr pContext)
Creates a HTTPSClientSession using the given host and port.
void proxyAuthenticate(HTTPRequest &request)
Checks if we can reuse a persistent connection.
int read(char *buffer, std::streamsize length)
HTTPSClientSession(const HTTPSClientSession &)
void connect(const SocketAddress &address)
Refills the internal buffer.
HTTPSClientSession(const SecureStreamSocket &socket, Session::Ptr pSession)
X509Certificate serverCertificate()
HTTPSClientSession & operator=(const HTTPSClientSession &)
HTTPSClientSession(const std::string &host, Poco::UInt16 port=HTTPS_PORT)
HTTPSClientSession(const SecureStreamSocket &socket)
Creates an unconnected HTTPSClientSession.
HTTPSClientSession(const std::string &host, Poco::UInt16 port, Context::Ptr pContext)
InvalidCertificateHandler(bool handleErrorsOnServerSide)
virtual void onInvalidCertificate(const void *pSender, VerificationErrorArgs &errorCert)=0
Destroys the InvalidCertificateHandler.
RejectCertificateHandler(bool handleErrorsOnServerSide)
void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext)
static SSLManager & instance()
static std::string convertCertificateError(long errCode)
static std::string getLastError()
Converts an SSL certificate handling error code into an error message.
static void clearErrorStack()
Returns the last error from the error stack.
A utility class for certificate error handling.
This stream discards all characters written to it.
Definition NullStream.h:77
static std::streamsize copyStream(std::istream &istr, std::ostream &ostr, std::size_t bufferSize=8192)
const std::string & getHost() const
Sets the user-info part of the URI.
Definition URI.h:385
const std::string & getScheme() const
Definition URI.h:373
URI(const std::string &uri)
Creates an empty URI.
unsigned short getPort() const
Sets the host part of the URI.
std::string getPathAndQuery() const
Returns the encoded path, query and fragment parts of the URI.
void error(const T &)
Definition IBaseApi.h:9
std::unique_ptr< IBaseApi > game_api
Definition IBaseApi.h:25
void Crypto_API uninitializeCrypto()
void Crypto_API initializeCrypto()
std::vector< SocketBuf > SocketBufVec
Definition SocketDefs.h:365
void NetSSL_API initializeSSL()
void Net_API uninitializeNetwork()
void Net_API initializeNetwork()
void NetSSL_API uninitializeSSL()
Definition format.h:408
Definition json.hpp:4518
#define OPENSSL_VERSION_NUMBER
Definition opensslv.h:42
struct ssl_ctx_st SSL_CTX
Definition ossl_typ.h:149
struct x509_st X509
Definition ossl_typ.h:121
#define SSL_VERIFY_NONE
Definition ssl.h:1099
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT
Definition ssl.h:1101
#define SSL_VERIFY_PEER
Definition ssl.h:1100
#define SSL_VERIFY_CLIENT_ONCE
Definition ssl.h:1102
std::function< void(bool, std::string)> callback
Definition Requests.cpp:41
Family
Possible address families for socket addresses.
Definition SocketDefs.h:373
std::string privateKeyFile
Initializes the struct with default values.
Definition Context.h:134
std::string certificateFile
Definition Context.h:138
VerificationMode verificationMode
Definition Context.h:149
static std::string escape(const std::string &s, bool strictJSON=false)