mirror of
https://github.com/stefanocasazza/ULib.git
synced 2025-09-28 19:05:55 +08:00
256 lines
5.6 KiB
C++
256 lines
5.6 KiB
C++
// ============================================================================
|
|
//
|
|
// = LIBRARY
|
|
// ULib - c++ library
|
|
//
|
|
// = FILENAME
|
|
// crl.h - interface to a X509_CRL_CRL structure
|
|
//
|
|
// = AUTHOR
|
|
// Stefano Casazza
|
|
//
|
|
// ============================================================================
|
|
|
|
#ifndef ULIB_CRL_H
|
|
#define ULIB_CRL_H 1
|
|
|
|
#include <ulib/date.h>
|
|
#include <ulib/string.h>
|
|
|
|
#include <openssl/x509.h>
|
|
#include <openssl/asn1.h>
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
# define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
|
|
# define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
|
|
#endif
|
|
|
|
class UCertificate;
|
|
|
|
/**
|
|
* This class provides all the services the openssl X509_CRL structure supports. A CRL is a list of certificate revoked.
|
|
* This class contains a openssl X509_CRL structure and basically acts as a wrapper to functions that act on that structure
|
|
*/
|
|
|
|
class U_EXPORT UCrl {
|
|
public:
|
|
|
|
// Check for memory error
|
|
U_MEMORY_TEST
|
|
|
|
// Allocator e Deallocator
|
|
U_MEMORY_ALLOCATOR
|
|
U_MEMORY_DEALLOCATOR
|
|
|
|
/**
|
|
* Constructs this object takes <i>X509_CRL</i> as type
|
|
*/
|
|
|
|
UCrl(X509_CRL* _crl = U_NULLPTR) : crl(_crl)
|
|
{
|
|
U_TRACE_CTOR(0, UCrl, "%p", _crl)
|
|
}
|
|
|
|
/**
|
|
* Constructs this object from the a encoded string.
|
|
* The <i>type</i> specifies the type of encoding the string is in, e.g. DER or PEM
|
|
*
|
|
* @param encoding a string of bytes
|
|
* @param type the CRL's encoding type
|
|
*/
|
|
|
|
static X509_CRL* readCRL(const UString& x, const char* format = U_NULLPTR);
|
|
|
|
UCrl(const UString& x, const char* format = U_NULLPTR)
|
|
{
|
|
U_TRACE_CTOR(0, UCrl, "%V,%S", x.rep, format)
|
|
|
|
crl = readCRL(x, format);
|
|
}
|
|
|
|
/**
|
|
* Deletes this object
|
|
*/
|
|
|
|
void clear()
|
|
{
|
|
U_TRACE_NO_PARAM(1, "UCrl::clear()")
|
|
|
|
U_INTERNAL_ASSERT_POINTER(crl)
|
|
|
|
U_SYSCALL_VOID(X509_CRL_free, "%p", crl);
|
|
|
|
crl = U_NULLPTR;
|
|
}
|
|
|
|
~UCrl()
|
|
{
|
|
U_TRACE_DTOR(0, UCrl)
|
|
|
|
if (crl) clear();
|
|
}
|
|
|
|
bool isValid() const
|
|
{
|
|
U_TRACE_NO_PARAM(0, "UCrl::isValid()")
|
|
|
|
if (crl != U_NULLPTR) U_RETURN(true);
|
|
|
|
U_RETURN(false);
|
|
}
|
|
|
|
void set(X509_CRL* pcrl)
|
|
{
|
|
U_TRACE(0, "UCrl::set(%p)", pcrl)
|
|
|
|
if (isValid()) clear();
|
|
|
|
if (pcrl) crl = X509_CRL_dup(pcrl);
|
|
}
|
|
|
|
bool set(const UString& x, const char* format = U_NULLPTR)
|
|
{
|
|
U_TRACE(0, "UCrl::set(%V,%S)", x.rep, format)
|
|
|
|
set(readCRL(x, format));
|
|
|
|
return isValid();
|
|
}
|
|
|
|
X509_CRL* getCrl() const { return crl; }
|
|
|
|
bool isUpToDate() const;
|
|
|
|
static unsigned getRevokedSerials(X509_CRL* crl, long* revoked, unsigned sz);
|
|
unsigned getRevokedSerials( long* revoked, unsigned sz) { return getRevokedSerials(crl, revoked, sz); }
|
|
|
|
long hashCode() const
|
|
{
|
|
U_TRACE_NO_PARAM(0, "UCrl::hashCode()")
|
|
|
|
U_INTERNAL_ASSERT_POINTER(crl)
|
|
|
|
long hash = X509_NAME_hash(X509_CRL_get_issuer(crl));
|
|
|
|
U_RETURN(hash);
|
|
}
|
|
|
|
static long getNumber(X509_CRL* crl);
|
|
long getNumber() const { return getNumber(crl); }
|
|
|
|
/**
|
|
* Returns the file name from CApath
|
|
*/
|
|
|
|
static UString getFileName(X509_CRL* crl);
|
|
|
|
UString getFileName() const { return getFileName(crl); }
|
|
|
|
/**
|
|
* Returns the <i>versionNumber</i> of this CRL
|
|
*/
|
|
|
|
long getVersionNumber() const
|
|
{
|
|
U_TRACE_NO_PARAM(1, "UCrl::getVersionNumber()")
|
|
|
|
U_INTERNAL_ASSERT_POINTER(crl)
|
|
|
|
long version = U_SYSCALL(X509_CRL_get_version, "%p", crl);
|
|
|
|
U_RETURN(version);
|
|
}
|
|
|
|
/**
|
|
* Returns the last update of this CRL
|
|
*/
|
|
|
|
const char* getLastUpdate() const __pure
|
|
{
|
|
U_TRACE_NO_PARAM(0, "UCrl::getLastUpdate()")
|
|
|
|
U_INTERNAL_ASSERT_POINTER(crl)
|
|
|
|
const ASN1_UTCTIME* utctime = X509_CRL_get_lastUpdate(crl);
|
|
|
|
U_RETURN((const char*)utctime->data);
|
|
}
|
|
|
|
static time_t getIssueTime(X509_CRL* crl);
|
|
time_t getIssueTime() const { return getIssueTime(crl); }
|
|
|
|
/**
|
|
* Returns the next update for this CRL
|
|
*/
|
|
|
|
const char* getNextUpdate() const __pure
|
|
{
|
|
U_TRACE_NO_PARAM(0, "UCrl::getNextUpdate()")
|
|
|
|
U_INTERNAL_ASSERT_POINTER(crl)
|
|
|
|
const ASN1_UTCTIME* utctime = X509_CRL_get_nextUpdate(crl);
|
|
|
|
U_RETURN((const char*)utctime->data);
|
|
}
|
|
|
|
/**
|
|
* Returns the issuer for this CRL
|
|
*/
|
|
|
|
static UString getIssuer(X509_CRL* crl, bool ldap = false);
|
|
|
|
UString getIssuer(bool ldap = false) const { return getIssuer(crl, ldap); }
|
|
|
|
UString getIssuerForLDAP() const { return getIssuer(true); }
|
|
|
|
/**
|
|
* Indicate if the crl has been issued by a CA
|
|
*
|
|
* @param ca the certificate we want to know if it has issued the crl
|
|
* @return true if ca has issued the crl, else false
|
|
*/
|
|
|
|
bool isIssued(UCertificate& ca) const;
|
|
|
|
/**
|
|
* Returns either the DER or PEM or BASE64 encoding of the crl depending on the value of format
|
|
*/
|
|
|
|
UString getEncoded(const char* format = "PEM") const;
|
|
|
|
static bool isEqual(X509_CRL* a, X509_CRL* b)
|
|
{
|
|
U_TRACE(0, "UCrl::isEqual(%p,%p)", a, b)
|
|
|
|
int rc = U_SYSCALL(X509_CRL_cmp, "%p,%p", a, b);
|
|
|
|
if (rc == 0) U_RETURN(true);
|
|
|
|
U_RETURN(false);
|
|
}
|
|
|
|
bool operator==(const UCrl& c) const { return isEqual(crl, c.crl); }
|
|
bool operator!=(const UCrl& c) const { return !isEqual(crl, c.crl); }
|
|
|
|
// STREAM
|
|
|
|
UString print() const;
|
|
|
|
#ifdef U_STDCPP_ENABLE
|
|
friend U_EXPORT ostream& operator<<(ostream& os, const UCrl& c);
|
|
|
|
# ifdef DEBUG
|
|
const char* dump(bool reset) const;
|
|
# endif
|
|
#endif
|
|
|
|
protected:
|
|
X509_CRL* crl;
|
|
|
|
private:
|
|
U_DISALLOW_COPY_AND_ASSIGN(UCrl)
|
|
};
|
|
|
|
#endif
|