a class representing X.509 public key certificates.
More...
|
X509_STORE * | x509store |
| OpenSSL X.509 certificate store.
|
|
stack_st_X509 * | x509untrusted |
| OpenSSL X.509 stack of untrusted intermediate certificates.
|
|
OFBool | enableCRLverification |
| flag indicating whether CRL verification should be enabled
|
|
long | errorCode |
| OpenSSL X.509 certificate verification error code for the last operation.
|
|
a class representing X.509 public key certificates.
◆ addCertificateRevocationList()
virtual OFCondition SiCertificateVerifier::addCertificateRevocationList |
( |
const char * |
fileName, |
|
|
int |
fileType |
|
) |
| |
|
virtual |
loads a certificate revocation list (CRL) in X.509 format from a file and adds it to the pool of trusted certificates and CRLs.
- Parameters
-
fileName | path to the CRL file |
fileType | file format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1 |
- Returns
- SI_EC_Normal if successful, an error code otherwise
◆ addTrustedCertificateDir()
virtual OFCondition SiCertificateVerifier::addTrustedCertificateDir |
( |
const char * |
pathName, |
|
|
int |
fileType |
|
) |
| |
|
virtual |
loads all files as certificates from the specified directory and adds them to the pool of trusted certificates.
- Parameters
-
pathName | path to the directory containing certificate files |
fileType | file format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1 |
- Returns
- SI_EC_Normal if successful, an error code otherwise
◆ addTrustedCertificateFile()
virtual OFCondition SiCertificateVerifier::addTrustedCertificateFile |
( |
const char * |
fileName, |
|
|
int |
fileType |
|
) |
| |
|
virtual |
loads a certificate from a file and adds it to the pool of trusted certificates.
- Parameters
-
fileName | path to the certificate file |
fileType | file format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1 |
- Returns
- SI_EC_Normal if successful, an error code otherwise
◆ addUntrustedCertificateFile()
virtual OFCondition SiCertificateVerifier::addUntrustedCertificateFile |
( |
const char * |
fileName, |
|
|
int |
fileType |
|
) |
| |
|
virtual |
loads an untrusted certificate from a file and adds it to the pool of untrusted certificates.
During certificate verification these will only be accepted as intermediate CAs (not as root CA) and will undergo additional scrutiny (e.g. check of the purpose extension, if present).
- Parameters
-
fileName | path to the certificate file |
filetype | file format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1 |
- Returns
- SI_EC_Normal if successful, an error code otherwise
◆ getTrustedCertStore()
virtual X509_STORE* SiCertificateVerifier::getTrustedCertStore |
( |
| ) |
|
|
virtual |
returns a pointer to the trusted certificate store managed by this object.
- Returns
- pointer to trusted certificate store
◆ getUntrustedCerts()
virtual stack_st_X509* SiCertificateVerifier::getUntrustedCerts |
( |
| ) |
|
|
virtual |
returns a pointer to the stack of untrusted certificates managed by this object.
Note that the return type is equivalent to OpenSSL's STACK_OF(X509).
- Returns
- pointer to stack of untrusted certificates
◆ lastError()
virtual const char* SiCertificateVerifier::lastError |
( |
| ) |
const |
|
virtual |
returns an error string containing a textual description of the result of the last call to verifyCertificate() if that call returned SI_EC_VerificationFailed_NoTrust.
- Returns
- text string
◆ lastErrorIsCertExpiry()
virtual OFBool SiCertificateVerifier::lastErrorIsCertExpiry |
( |
| ) |
const |
|
virtual |
returns true if the result of the last call to verifyCertificate() was the status code indicating that the certificate has expired, false otherwise
- Returns
- true if verifyCertificate() reported certificate expiry.
◆ setCRLverification()
virtual void SiCertificateVerifier::setCRLverification |
( |
OFBool |
enabled | ) |
|
|
virtual |
enable or disable the verification of certificate revocation lists.
When enabled, a CRL is expected to be present for every CA certificate, and certificate verification will fail if no CRL is found.
- Parameters
-
enabled | OFTrue to enable verification, OFFalse to disable |
◆ verifyCallback()
virtual int SiCertificateVerifier::verifyCallback |
( |
int |
deflt, |
|
|
X509_STORE_CTX * |
ctx |
|
) |
| |
|
virtual |
Callback function for certificate verification operations.
This method can be used by derived classes to examine and modify the result of a certificate verification.
- Parameters
-
deflt | default return code that should be returned if the callback does not modify the result of the verification |
ctx | certificate verification context object |
- Returns
- result of the verification, 0 for error, 1 for no error, 2 for "policy checking complete".
◆ verifyCertificate()
verifies a certificate against the known trusted CA certificates and certificate revocation lists.
Returns a status flag and stores a detailed error description that can be retrieved with lastError().
- Parameters
-
certificate | the certificate to verify |
- Returns
- SI_EC_Normal if successful, an error code otherwise. If the certificate could not be verified, returns SI_EC_VerificationFailed_NoTrust.
The documentation for this class was generated from the following file:
- dcmsign/include/dcmtk/dcmsign/sicertvf.h