/src/wt/src/Wt/WSslCertificate.h

Source
// This may look like C code, but it's really -*- C++ -*-
/*
 * Copyright (C) 2012 Emweb bv, Herent, Belgium.
 *
 * See the LICENSE file for terms of use.
 */
#ifndef WT_WSSL_CERTIFICATE_H_
#define WT_WSSL_CERTIFICATE_H_

#include <Wt/WDllDefs.h>
#include <Wt/WDateTime.h>

#include <string>
#include <vector>

#ifndef WT_TARGET_JAVA

namespace Wt {

/*! \class WSslCertificate Wt/WSslCertificate.h Wt/WSslCertificate.h.C
 *  \brief An interface to an SSL certificate
 *
 * This class provides an interface to an X.509 certificate, as used
 * by SSL (server and client cert). The certificates are usually
 * obtained by calling methods of class WSslInfo.
 *
 * This class offers you an interface to the raw (PEM/DER) certificate,
 * as well as a convenient interface to the most common attribute fields.
 * The attributes interpreted by %Wt are limited to those listed in
 * enum DnAttributeName.
 *
 * The raw certificate can be queried in PEM/DER format, and a function
 * is provided to convert PEM (textual format) to DER (binary format).
 *
 * This class is only available when %Wt was compiled with SSL support.
 */
class WT_API WSslCertificate
{
 public:
  /*! \brief Distinguished name's attribute name
   *
   * Note: The values of this enum have no relation with the numerical ID
   * used in the X.509 certificate.
   *
   * \sa DnAttribute
   */
  enum DnAttributeName {
    CountryName,            //!< Country name
    CommonName,             //!< Common name
    LocalityName,           //!< Locality name
    Surname,                //!< Surname
    GivenName,              //!< Given name
    SerialNumber,           //!< Serial number
    Title,                  //!< Title
    Initials,               //!< Initials
    OrganizationName,       //!< Name of the organization
    OrganizationalUnitName, //!< Name of the organizational unit
    StateOrProvinceName,    //!< Name of the state or province
    Pseudonym,              //!< Pseudonym
    DnAttributeNameCount
  };

  /*! \brief Distinguished name attribute (also known as relative
   *  distinguished name)
   *
   * \sa WSslCertificate::subjectDn()
   * \sa WSslCertificate::issuerDn()
   */
  class WT_API DnAttribute {
  public:
    DnAttribute(DnAttributeName name, std::string value)
      : name_(name),
        value_(value) { }

    /*! \brief Returns the attribute name as an enum */
    DnAttributeName name() const { return name_; }

    /*! \brief Returns the attribute's value
     */
    const std::string &value() const { return value_; }

    /*! \brief Returns the attribute's long name.
     */
    std::string longName() const;

    /*! \brief Returns the attribute's short name.
     */
    std::string shortName() const;

  private:
    DnAttributeName name_;
    std::string     value_;
  };

  /*
   * WSslCertificates are for now always constructed in Wt's connectors.
   */
  WSslCertificate(const std::vector<DnAttribute> &subjectDn,
           const std::vector<DnAttribute> &issuerDn,
           const Wt::WDateTime &validityStart,
           const Wt::WDateTime &validityEnd,
           const std::string &pemCert);

  /*! \brief Returns the distinguished name attributes of the subject.
   *
   * A distinguished name (DN) defining the entity associated with this
   * certificate. Only the fields listed in enum DnAttributeName are
   * decoded from the certificate.
   */
  const std::vector<DnAttribute> &subjectDn() const {
    return subjectDn_;
  }

  /*! \brief Returns the distinguished name of the subject in
   *   string format.
   *
   * For example: CN=Pietje Puk,OU=Development,O=Emweb
   */
  std::string subjectDnString() const;

  /*! \brief Returns the distinguished name attributes of the issuer.
   *
   * The distinguished name (DN) of the authority that signed and therefore
   * issued the certificate. This is the Certification Authority (CA),
   * unless a certificate chain is used.
   */
  const std::vector<DnAttribute> &issuerDn() const {
    return issuerDn_;
  }

  /*! \brief Returns the distinguished name of the issuer in
   *   string format.
   *
   * An example: CN=Pietje Puk,OU=Development,O=Emweb
   */
  std::string issuerDnString() const;

  /*! \brief Returns the start time of the validity period of the certificate.
   *
   * The returned date may be invalid if not provided in the certificate.
   *
   * \sa validityEnd()
   */
  const Wt::WDateTime &validityStart() const {
    return validityStart_;
  }

  /*! \brief Returns the end time of the validity period of the certificate.
   *
   * The returned date may be invalid if not provided in the certificate.
   *
   * \sa validityStart()
   */
  const Wt::WDateTime &validityEnd() const {
    return validityEnd_;
  }

  /*! \brief Returns the textual PEM-encoded certificate.
   *
   * \sa pemToDer()
   */
  const std::string &toPem() const {
    return pemCert_;
  }

  /*! \brief Returns the binary DER-encoded certificate.
   *
   * This function returns WSslCertificate::pemToDer(toPem()). It will therefore throw a
   * WException if the conversion fails.
   *
   * \sa pemToDer()
   */
  std::string toDer() const {
    return pemToDer(pemCert_);
  }

  /*! \brief Convert a certificate from PEM encoding (textual) to
   * DER encoding (binary).
   *
   * This function throws an WException when the input string is
   * not in the expected format.
   */
  static std::string pemToDer(const std::string &pem);

  std::string gdb() const;

  static std::vector<DnAttribute> dnFromString(const std::string &dnStr);

 private:
  std::vector<DnAttribute>                 subjectDn_;
  std::vector<DnAttribute>                 issuerDn_;
  Wt::WDateTime                            validityStart_;
  Wt::WDateTime                            validityEnd_;
  std::string                              pemCert_;
};

}

#endif

#endif //WT_WSSL_CERTIFICATE_H_

Coverage Report

Created: 2026-04-12 06:32

Line	Count	Source
1		// This may look like C code, but it's really -- C++ --
2		/*
3		* Copyright (C) 2012 Emweb bv, Herent, Belgium.
4		*
5		* See the LICENSE file for terms of use.
6		*/
7		#ifndef WT_WSSL_CERTIFICATE_H_
8		#define WT_WSSL_CERTIFICATE_H_
9
10		#include <Wt/WDllDefs.h>
11		#include <Wt/WDateTime.h>
12
13		#include <string>
14		#include <vector>
15
16		#ifndef WT_TARGET_JAVA
17
18		namespace Wt {
19
20		/*! \class WSslCertificate Wt/WSslCertificate.h Wt/WSslCertificate.h.C
21		* \brief An interface to an SSL certificate
22		*
23		* This class provides an interface to an X.509 certificate, as used
24		* by SSL (server and client cert). The certificates are usually
25		* obtained by calling methods of class WSslInfo.
26		*
27		* This class offers you an interface to the raw (PEM/DER) certificate,
28		* as well as a convenient interface to the most common attribute fields.
29		* The attributes interpreted by %Wt are limited to those listed in
30		* enum DnAttributeName.
31		*
32		* The raw certificate can be queried in PEM/DER format, and a function
33		* is provided to convert PEM (textual format) to DER (binary format).
34		*
35		* This class is only available when %Wt was compiled with SSL support.
36		*/
37		class WT_API WSslCertificate
38		{
39		public:
40		/*! \brief Distinguished name's attribute name
41		*
42		* Note: The values of this enum have no relation with the numerical ID
43		* used in the X.509 certificate.
44		*
45		* \sa DnAttribute
46		*/
47		enum DnAttributeName {
48		CountryName, //!< Country name
49		CommonName, //!< Common name
50		LocalityName, //!< Locality name
51		Surname, //!< Surname
52		GivenName, //!< Given name
53		SerialNumber, //!< Serial number
54		Title, //!< Title
55		Initials, //!< Initials
56		OrganizationName, //!< Name of the organization
57		OrganizationalUnitName, //!< Name of the organizational unit
58		StateOrProvinceName, //!< Name of the state or province
59		Pseudonym, //!< Pseudonym
60		DnAttributeNameCount
61		};
62
63		/*! \brief Distinguished name attribute (also known as relative
64		* distinguished name)
65		*
66		* \sa WSslCertificate::subjectDn()
67		* \sa WSslCertificate::issuerDn()
68		*/
69		class WT_API DnAttribute {
70		public:
71		DnAttribute(DnAttributeName name, std::string value)
72		: name_(name),
73	0	value_(value) { }
74
75		/! \brief Returns the attribute name as an enum /
76	0	DnAttributeName name() const { return name_; }
77
78		/*! \brief Returns the attribute's value
79		*/
80	0	const std::string &value() const { return value_; }
81
82		/*! \brief Returns the attribute's long name.
83		*/
84		std::string longName() const;
85
86		/*! \brief Returns the attribute's short name.
87		*/
88		std::string shortName() const;
89
90		private:
91		DnAttributeName name_;
92		std::string value_;
93		};
94
95		/*
96		* WSslCertificates are for now always constructed in Wt's connectors.
97		*/
98		WSslCertificate(const std::vector<DnAttribute> &subjectDn,
99		const std::vector<DnAttribute> &issuerDn,
100		const Wt::WDateTime &validityStart,
101		const Wt::WDateTime &validityEnd,
102		const std::string &pemCert);
103
104		/*! \brief Returns the distinguished name attributes of the subject.
105		*
106		* A distinguished name (DN) defining the entity associated with this
107		* certificate. Only the fields listed in enum DnAttributeName are
108		* decoded from the certificate.
109		*/
110	0	const std::vector<DnAttribute> &subjectDn() const {
111	0	return subjectDn_;
112	0	}
113
114		/*! \brief Returns the distinguished name of the subject in
115		* string format.
116		*
117		* For example: CN=Pietje Puk,OU=Development,O=Emweb
118		*/
119		std::string subjectDnString() const;
120
121		/*! \brief Returns the distinguished name attributes of the issuer.
122		*
123		* The distinguished name (DN) of the authority that signed and therefore
124		* issued the certificate. This is the Certification Authority (CA),
125		* unless a certificate chain is used.
126		*/
127	0	const std::vector<DnAttribute> &issuerDn() const {
128	0	return issuerDn_;
129	0	}
130
131		/*! \brief Returns the distinguished name of the issuer in
132		* string format.
133		*
134		* An example: CN=Pietje Puk,OU=Development,O=Emweb
135		*/
136		std::string issuerDnString() const;
137
138		/*! \brief Returns the start time of the validity period of the certificate.
139		*
140		* The returned date may be invalid if not provided in the certificate.
141		*
142		* \sa validityEnd()
143		*/
144	0	const Wt::WDateTime &validityStart() const {
145	0	return validityStart_;
146	0	}
147
148		/*! \brief Returns the end time of the validity period of the certificate.
149		*
150		* The returned date may be invalid if not provided in the certificate.
151		*
152		* \sa validityStart()
153		*/
154	0	const Wt::WDateTime &validityEnd() const {
155	0	return validityEnd_;
156	0	}
157
158		/*! \brief Returns the textual PEM-encoded certificate.
159		*
160		* \sa pemToDer()
161		*/
162	0	const std::string &toPem() const {
163	0	return pemCert_;
164	0	}
165
166		/*! \brief Returns the binary DER-encoded certificate.
167		*
168		* This function returns WSslCertificate::pemToDer(toPem()). It will therefore throw a
169		* WException if the conversion fails.
170		*
171		* \sa pemToDer()
172		*/
173	0	std::string toDer() const {
174	0	return pemToDer(pemCert_);
175	0	}
176
177		/*! \brief Convert a certificate from PEM encoding (textual) to
178		* DER encoding (binary).
179		*
180		* This function throws an WException when the input string is
181		* not in the expected format.
182		*/
183		static std::string pemToDer(const std::string &pem);
184
185		std::string gdb() const;
186
187		static std::vector<DnAttribute> dnFromString(const std::string &dnStr);
188
189		private:
190		std::vector<DnAttribute> subjectDn_;
191		std::vector<DnAttribute> issuerDn_;
192		Wt::WDateTime validityStart_;
193		Wt::WDateTime validityEnd_;
194		std::string pemCert_;
195		};
196
197		}
198
199		#endif
200
201		#endif //WT_WSSL_CERTIFICATE_H_