libdigidocpp
OCSP.h
Go to the documentation of this file.
1 /*
2  * libdigidocpp
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  *
18  */
19 
20 #pragma once
21 
22 #include "OCSPException.h"
23 
24 #include <openssl/ocsp.h>
25 #include <openssl/x509.h>
26 #include <openssl/ssl.h>
27 
28 #ifdef WIN32 //hack for win32 build
29 #undef OCSP_REQUEST
30 #undef OCSP_RESPONSE
31 #include <openssl/ocsp.h>
32 #endif
33 
34 namespace digidoc
35 {
49  class OCSP
50  {
51 
52  public:
54 
55  OCSP();
56  ~OCSP();
57  void setUrl( const std::string& url ) throw(IOException);
58  void setOCSPCerts(STACK_OF(X509)* ocspCerts);
59  void setCertStore(X509_STORE* certStore);
60  void setSignCert(X509* signCert, EVP_PKEY* signKey);
61  void setSkew(long skew);
62  void setMaxAge(long maxAge);
63  CertStatus checkCert(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce) throw(IOException, OCSPException);
64  CertStatus checkCert(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce,
65  std::vector<unsigned char>& ocspResponseDER, tm& producedAt) throw(IOException, OCSPException);
66 
67  void verifyResponse(const std::vector<unsigned char> &ocspResponseDER) const throw(IOException);
68  std::vector<unsigned char> getNonce(const std::vector<unsigned char> &ocspResponseDER) const;
69  tm getProducedAt(const std::vector<unsigned char> &ocspResponseDER) const;
70 
71  private:
72  CertStatus checkCert(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce,
73  OCSP_REQUEST** req, OCSP_RESPONSE** resp) throw(IOException, OCSPException);
74  void connect() throw(IOException);
75  void connectNoSSL() throw(IOException);
76  void connectSSL() throw(IOException);
77  OCSP_REQUEST* createRequest(X509* cert, X509* issuer, const std::vector<unsigned char>& nonce) throw(IOException);
78  OCSP_RESPONSE* sendRequest(OCSP_REQUEST* req) throw(IOException);
79  CertStatus validateResponse(OCSP_REQUEST* req, OCSP_RESPONSE* resp, X509* cert, X509* issuer) throw(OCSPException);
80 
81  tm convert(ASN1_GENERALIZEDTIME* time) const throw(IOException);
82 
83  std::string url, host, connhost, connport;
84  bool ssl;
85 
86  long skew;
87  long maxAge;
88 
89  BIO *connection;
90  SSL_CTX *ctx;
91  X509* ocspCert;
92  STACK_OF(X509)* ocspCerts;
93  X509_STORE* certStore;
94  X509* signCert;
95  EVP_PKEY* signKey;
96  };
97 }