3.7/cpp11/IceSSL_2Plugin_8h_source.html

//

// Copyright (c) ZeroC, Inc. All rights reserved.

//


#ifndef ICESSL_PLUGIN_H

#define ICESSL_PLUGIN_H


#include <Ice/Plugin.h>

#include <IceSSL/Config.h>

#include <IceSSL/ConnectionInfoF.h>


#ifdef ICE_CPP11_MAPPING

#   include <chrono>

#else

#   include <IceUtil/Time.h>

#endif


#include <vector>

#include <list>


#ifndef ICESSL_API

#   if defined(ICE_STATIC_LIBS)

#       define ICESSL_API

#   elif defined(ICESSL_API_EXPORTS)

#       define ICESSL_API ICE_DECLSPEC_EXPORT

#   else

#       define ICESSL_API ICE_DECLSPEC_IMPORT

#   endif

#endif


namespace IceSSL

{


#ifdef ICE_CPP11_MAPPING

enum class TrustError : unsigned char

#else

enum TrustError

#endif

{

    NoError = 0,

    ChainTooLong,

    HasExcludedNameConstraint,

    HasNonDefinedNameConstraint,

    HasNonPermittedNameConstraint,

    HasNonSupportedCriticalExtension,

    HasNonSupportedNameConstraint,

    HostNameMismatch,

    InvalidBasicConstraints,

    InvalidExtension,

    InvalidNameConstraints,

    InvalidPolicyConstraints,

    InvalidPurpose,

    InvalidSignature,

    InvalidTime,

    NotTrusted,

    PartialChain,

    RevocationStatusUnknown,

    Revoked,

    UntrustedRoot,

    UnknownTrustFailure,

};


ICESSL_API TrustError getTrustError(const IceSSL::ConnectionInfoPtr&);

ICESSL_API std::string getTrustErrorDescription(TrustError);

ICESSL_API std::string getHost(const IceSSL::ConnectionInfoPtr&);


const unsigned int KEY_USAGE_DIGITAL_SIGNATURE = 1u << 0;

const unsigned int KEY_USAGE_NON_REPUDIATION = 1u << 1;

const unsigned int KEY_USAGE_KEY_ENCIPHERMENT = 1u << 2;

const unsigned int KEY_USAGE_DATA_ENCIPHERMENT = 1u << 3;

const unsigned int KEY_USAGE_KEY_AGREEMENT = 1u << 4;

const unsigned int KEY_USAGE_KEY_CERT_SIGN = 1u << 5;

const unsigned int KEY_USAGE_CRL_SIGN = 1u << 6;

const unsigned int KEY_USAGE_ENCIPHER_ONLY = 1u << 7;

const unsigned int KEY_USAGE_DECIPHER_ONLY = 1u << 8;


const unsigned int EXTENDED_KEY_USAGE_ANY_KEY_USAGE = 1u << 0;

const unsigned int EXTENDED_KEY_USAGE_SERVER_AUTH = 1u << 1;

const unsigned int EXTENDED_KEY_USAGE_CLIENT_AUTH = 1u << 2;

const unsigned int EXTENDED_KEY_USAGE_CODE_SIGNING = 1u << 3;

const unsigned int EXTENDED_KEY_USAGE_EMAIL_PROTECTION = 1u << 4;

const unsigned int EXTENDED_KEY_USAGE_TIME_STAMPING = 1u << 5;

const unsigned int EXTENDED_KEY_USAGE_OCSP_SIGNING = 1u << 6;


class ICESSL_API CertificateReadException : public IceUtil::ExceptionHelper<CertificateReadException>

{

public:


    CertificateReadException(const char*, int, const std::string&);


#ifndef ICE_CPP11_COMPILER

    virtual ~CertificateReadException() throw();

#endif


    virtual std::string ice_id() const;


#ifndef ICE_CPP11_MAPPING


    virtual CertificateReadException* ice_clone() const;

#endif


    std::string reason;


private:


    static const char* _name;

};


class ICESSL_API CertificateEncodingException : public IceUtil::ExceptionHelper<CertificateEncodingException>

{

public:


    CertificateEncodingException(const char*, int, const std::string&);


#ifndef ICE_CPP11_COMPILER

    virtual ~CertificateEncodingException() throw();

#endif


    virtual std::string ice_id() const;


#ifndef ICE_CPP11_MAPPING


    virtual CertificateEncodingException* ice_clone() const;

#endif


    std::string reason;


private:


    static const char* _name;

};


class ICESSL_API ParseException : public IceUtil::ExceptionHelper<ParseException>

{

public:


    ParseException(const char*, int, const std::string&);


#ifndef ICE_CPP11_COMPILER

    virtual ~ParseException() throw();

#endif


    virtual std::string ice_id() const;


#ifndef ICE_CPP11_MAPPING


    virtual ParseException* ice_clone() const;

#endif


    std::string reason;


private:


    static const char* _name;

};


class ICESSL_API DistinguishedName

{

public:


    explicit DistinguishedName(const std::string& name);


    explicit DistinguishedName(const std::list<std::pair<std::string, std::string> >&);


    friend ICESSL_API bool operator==(const DistinguishedName&, const DistinguishedName&);


    friend ICESSL_API bool operator<(const DistinguishedName&, const DistinguishedName&);


    bool match(const DistinguishedName& dn) const;


    bool match(const std::string& dn) const;


    operator std::string() const;


protected:


    void unescape();


private:


    std::list<std::pair<std::string, std::string> > _rdns;

    std::list<std::pair<std::string, std::string> > _unescaped;

};


inline bool

operator>(const DistinguishedName& lhs, const DistinguishedName& rhs)

{

    return rhs < lhs;

}


inline bool

operator<=(const DistinguishedName& lhs, const DistinguishedName& rhs)

{

    return !(lhs > rhs);

}


inline bool

operator>=(const DistinguishedName& lhs, const DistinguishedName& rhs)

{

    return !(lhs < rhs);

}


inline bool

operator!=(const DistinguishedName& lhs, const DistinguishedName& rhs)

{

    return !(lhs == rhs);

}


class ICESSL_API X509Extension

#ifndef ICE_CPP11_MAPPING

    : public virtual IceUtil::Shared

#endif

{

public:


    virtual bool isCritical() const = 0;


    virtual std::string getOID() const = 0;


    virtual std::vector<Ice::Byte> getData() const = 0;

};

ICE_DEFINE_PTR(X509ExtensionPtr, X509Extension);


class Certificate;

ICE_DEFINE_PTR(CertificatePtr, Certificate);


class ICESSL_API Certificate :

#ifdef ICE_CPP11_MAPPING

    public std::enable_shared_from_this<Certificate>

#else

    public virtual IceUtil::Shared

#endif

{

public:


    virtual bool operator==(const Certificate&) const = 0;


    virtual bool operator!=(const Certificate&) const = 0;


    virtual std::vector<Ice::Byte> getAuthorityKeyIdentifier() const = 0;


    virtual std::vector<Ice::Byte> getSubjectKeyIdentifier() const = 0;


    virtual bool verify(const CertificatePtr& cert) const = 0;


    virtual std::string encode() const = 0;


    virtual bool checkValidity() const = 0;


#ifdef ICE_CPP11_MAPPING

    virtual bool checkValidity(const std::chrono::system_clock::time_point& t) const = 0;

#else

    virtual bool checkValidity(const IceUtil::Time& t) const = 0;

#endif


    unsigned int getKeyUsage() const;


    unsigned int getExtendedKeyUsage() const;


#ifdef ICE_CPP11_MAPPING

    virtual std::chrono::system_clock::time_point getNotAfter() const = 0;

#else

    virtual IceUtil::Time getNotAfter() const = 0;

#endif


#ifdef ICE_CPP11_MAPPING

    virtual std::chrono::system_clock::time_point getNotBefore() const = 0;

#else

    virtual IceUtil::Time getNotBefore() const = 0;

#endif


    virtual std::string getSerialNumber() const = 0;


    virtual DistinguishedName getIssuerDN() const = 0;


    virtual std::vector<std::pair<int, std::string> > getIssuerAlternativeNames() const = 0;


    virtual DistinguishedName getSubjectDN() const = 0;


    virtual std::vector<std::pair<int, std::string> > getSubjectAlternativeNames() const = 0;


    virtual int getVersion() const = 0;


    virtual std::string toString() const = 0;


    virtual std::vector<X509ExtensionPtr> getX509Extensions() const = 0;


    virtual X509ExtensionPtr getX509Extension(const std::string& oid) const = 0;


    static CertificatePtr load(const std::string& file);


    static CertificatePtr decode(const std::string& str);

};


#ifndef ICE_CPP11_MAPPING // C++98 mapping


class ICESSL_API CertificateVerifier : public IceUtil::Shared

{

public:


    virtual ~CertificateVerifier();


    virtual bool verify(const ConnectionInfoPtr& info) = 0;

};

typedef IceUtil::Handle<CertificateVerifier> CertificateVerifierPtr;


class ICESSL_API PasswordPrompt : public IceUtil::Shared

{

public:


    virtual ~PasswordPrompt();


    virtual std::string getPassword() = 0;

};

typedef IceUtil::Handle<PasswordPrompt> PasswordPromptPtr;

#endif


class ICESSL_API Plugin : public Ice::Plugin

{

public:


    virtual ~Plugin();


#ifdef ICE_CPP11_MAPPING

    virtual void setCertificateVerifier(std::function<bool(const std::shared_ptr<ConnectionInfo>&)> v) = 0;

#else

    virtual void setCertificateVerifier(const CertificateVerifierPtr& v) = 0;

#endif


#ifdef ICE_CPP11_MAPPING

    virtual void setPasswordPrompt(std::function<std::string()> p) = 0;

#else

    virtual void setPasswordPrompt(const PasswordPromptPtr& p) = 0;

#endif


    virtual CertificatePtr load(const std::string& file) const = 0;


    virtual CertificatePtr decode(const std::string& str) const = 0;

};

ICE_DEFINE_PTR(PluginPtr, Plugin);


}


#endif