DCMTK Version 3.6.8
OFFIS DICOM Toolkit
Public Member Functions | Private Member Functions | Private Attributes | List of all members
SiCertificateVerifier Class Reference

a class representing X.509 public key certificates. More...

Public Member Functions

 SiCertificateVerifier ()
 default constructor
 
virtual ~SiCertificateVerifier ()
 destructor
 
virtual OFCondition addTrustedCertificateFile (const char *fileName, int fileType)
 loads a certificate from a file and adds it to the pool of trusted certificates. More...
 
virtual OFCondition addUntrustedCertificateFile (const char *fileName, int fileType)
 loads an untrusted certificate from a file and adds it to the pool of untrusted certificates. More...
 
virtual OFCondition addTrustedCertificateDir (const char *pathName, int fileType)
 loads all files as certificates from the specified directory and adds them to the pool of trusted certificates. More...
 
virtual OFCondition addCertificateRevocationList (const char *fileName, int fileType)
 loads a certificate revocation list (CRL) in X.509 format from a file and adds it to the pool of trusted certificates and CRLs. More...
 
virtual OFCondition verifyCertificate (SiCertificate &certificate)
 verifies a certificate against the known trusted CA certificates and certificate revocation lists. More...
 
virtual const char * lastError () const
 returns an error string containing a textual description of the result of the last call to verifyCertificate() if that call returned SI_EC_VerificationFailed_NoTrust. More...
 
virtual OFBool lastErrorIsCertExpiry () const
 returns true if the result of the last call to verifyCertificate() was the status code indicating that the certificate has expired, false otherwise More...
 
virtual X509_STORE * getTrustedCertStore ()
 returns a pointer to the trusted certificate store managed by this object. More...
 
virtual stack_st_X509 * getUntrustedCerts ()
 returns a pointer to the stack of untrusted certificates managed by this object. More...
 
virtual void setCRLverification (OFBool enabled)
 enable or disable the verification of certificate revocation lists. More...
 
virtual int verifyCallback (int deflt, X509_STORE_CTX *ctx)
 Callback function for certificate verification operations. More...
 

Private Member Functions

 SiCertificateVerifier (SiCertificateVerifier &arg)
 private undefined copy constructor
 
SiCertificateVerifieroperator= (SiCertificateVerifier &arg)
 private undefined copy assignment operator
 

Private Attributes

X509_STORE * x509store
 OpenSSL X.509 certificate store.
 
stack_st_X509 * x509untrusted
 OpenSSL X.509 stack of untrusted intermediate certificates.
 
OFBool enableCRLverification
 flag indicating whether CRL verification should be enabled
 
long errorCode
 OpenSSL X.509 certificate verification error code for the last operation.
 

Detailed Description

a class representing X.509 public key certificates.

Remarks
this class is only available if DCMTK is compiled with OpenSSL support enabled.

Member Function Documentation

◆ addCertificateRevocationList()

virtual OFCondition SiCertificateVerifier::addCertificateRevocationList ( const char *  fileName,
int  fileType 
)
virtual

loads a certificate revocation list (CRL) in X.509 format from a file and adds it to the pool of trusted certificates and CRLs.

Parameters
fileNamepath to the CRL file
fileTypefile format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1
Returns
SI_EC_Normal if successful, an error code otherwise

◆ addTrustedCertificateDir()

virtual OFCondition SiCertificateVerifier::addTrustedCertificateDir ( const char *  pathName,
int  fileType 
)
virtual

loads all files as certificates from the specified directory and adds them to the pool of trusted certificates.

Parameters
pathNamepath to the directory containing certificate files
fileTypefile format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1
Returns
SI_EC_Normal if successful, an error code otherwise

◆ addTrustedCertificateFile()

virtual OFCondition SiCertificateVerifier::addTrustedCertificateFile ( const char *  fileName,
int  fileType 
)
virtual

loads a certificate from a file and adds it to the pool of trusted certificates.

Parameters
fileNamepath to the certificate file
fileTypefile format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1
Returns
SI_EC_Normal if successful, an error code otherwise

◆ addUntrustedCertificateFile()

virtual OFCondition SiCertificateVerifier::addUntrustedCertificateFile ( const char *  fileName,
int  fileType 
)
virtual

loads an untrusted certificate from a file and adds it to the pool of untrusted certificates.

During certificate verification these will only be accepted as intermediate CAs (not as root CA) and will undergo additional scrutiny (e.g. check of the purpose extension, if present).

Parameters
fileNamepath to the certificate file
filetypefile format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1
Returns
SI_EC_Normal if successful, an error code otherwise

◆ getTrustedCertStore()

virtual X509_STORE * SiCertificateVerifier::getTrustedCertStore ( )
virtual

returns a pointer to the trusted certificate store managed by this object.

Returns
pointer to trusted certificate store

◆ getUntrustedCerts()

virtual stack_st_X509 * SiCertificateVerifier::getUntrustedCerts ( )
virtual

returns a pointer to the stack of untrusted certificates managed by this object.

Note that the return type is equivalent to OpenSSL's STACK_OF(X509).

Returns
pointer to stack of untrusted certificates

◆ lastError()

virtual const char * SiCertificateVerifier::lastError ( ) const
virtual

returns an error string containing a textual description of the result of the last call to verifyCertificate() if that call returned SI_EC_VerificationFailed_NoTrust.

Returns
text string

◆ lastErrorIsCertExpiry()

virtual OFBool SiCertificateVerifier::lastErrorIsCertExpiry ( ) const
virtual

returns true if the result of the last call to verifyCertificate() was the status code indicating that the certificate has expired, false otherwise

Returns
true if verifyCertificate() reported certificate expiry.

◆ setCRLverification()

virtual void SiCertificateVerifier::setCRLverification ( OFBool  enabled)
virtual

enable or disable the verification of certificate revocation lists.

When enabled, a CRL is expected to be present for every CA certificate, and certificate verification will fail if no CRL is found.

Parameters
enabledOFTrue to enable verification, OFFalse to disable

◆ verifyCallback()

virtual int SiCertificateVerifier::verifyCallback ( int  deflt,
X509_STORE_CTX *  ctx 
)
virtual

Callback function for certificate verification operations.

This method can be used by derived classes to examine and modify the result of a certificate verification.

Parameters
defltdefault return code that should be returned if the callback does not modify the result of the verification
ctxcertificate verification context object
Returns
result of the verification, 0 for error, 1 for no error, 2 for "policy checking complete".

◆ verifyCertificate()

virtual OFCondition SiCertificateVerifier::verifyCertificate ( SiCertificate certificate)
virtual

verifies a certificate against the known trusted CA certificates and certificate revocation lists.

Returns a status flag and stores a detailed error description that can be retrieved with lastError().

Parameters
certificatethe certificate to verify
Returns
SI_EC_Normal if successful, an error code otherwise. If the certificate could not be verified, returns SI_EC_VerificationFailed_NoTrust.

The documentation for this class was generated from the following file:


Generated on Tue Dec 19 2023 for DCMTK Version 3.6.8 by Doxygen 1.9.4