1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172 | ------------------------------------------------------------------------------
-- Ada Web Server --
-- --
-- Copyright (C) 2003-2015, AdaCore --
-- --
-- This library is free software; you can redistribute it and/or modify --
-- it under terms of the GNU General Public License as published by the --
-- Free Software Foundation; either version 3, or (at your option) any --
-- later version. This library is distributed in the hope that it will be --
-- useful, but WITHOUT ANY WARRANTY; without even the implied warranty of --
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. --
-- --
-- As a special exception under Section 7 of GPL version 3, you are --
-- granted additional permissions described in the GCC Runtime Library --
-- Exception, version 3.1, as published by the Free Software Foundation. --
-- --
-- You should have received a copy of the GNU General Public License and --
-- a copy of the GCC Runtime Library Exception along with this program; --
-- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see --
-- <http://www.gnu.org/licenses/>. --
-- --
-- As a special exception, if other files instantiate generics from this --
-- unit, or you link this unit with other files to produce an executable, --
-- this unit does not by itself cause the resulting executable to be --
-- covered by the GNU General Public License. This exception does not --
-- however invalidate any other reasons why the executable file might be --
-- covered by the GNU Public License. --
------------------------------------------------------------------------------
pragma Ada_2012;
with Ada.Calendar;
private with Ada.Containers.Indefinite_Holders;
private with Ada.Strings.Unbounded;
private with AWS.Utils;
package AWS.Net.SSL.Certificate is
type Object is private;
Undefined : constant Object;
function Get (Socket : Socket_Type) return Object;
-- Returns the certificate used by the SSL
function Common_Name (Certificate : Object) return String with Inline;
-- Returns the certificate's common name
function Subject (Certificate : Object) return String with Inline;
-- Returns the certificate's subject
function Issuer (Certificate : Object) return String with Inline;
-- Returns the certificate's issuer
function Serial_Number (Certificate : Object) return String with Inline;
-- Returns the certificate's serial number
function DER (Certificate : Object) return Stream_Element_Array with Inline;
-- Returns all certificate's data in DER format
overriding function "=" (Left, Right : Object) return Boolean with Inline;
-- Compare 2 certificates
function Load (Filename : String) return Object;
-- Load certificate from file in PEM format
function Activation_Time (Certificate : Object) return Calendar.Time
with Inline;
-- Certificate validity starting date
function Expiration_Time (Certificate : Object) return Calendar.Time
with Inline;
-- Certificate validity ending date
function Verified (Certificate : Object) return Boolean with Inline;
-- Returns True if the certificate has already been verified, this is
-- mostly interresting when used from the Verify_Callback below. If this
-- routine returns True it means that the certificate has already been
-- properly checked. If checked the certificate can be trusted and the
-- Verify_Callback should return True also. If it is False it is up to
-- the application to check the certificate into the Verify_Callback and
-- returns the appropriate status.
function Status (Certificate : Object) return Long_Integer with Inline;
-- Returns the status for the certificate. This is to be used inside the
-- verify callback to know why the certificate has been rejected.
function Status_Message (Certificate : Object) return String;
-- Returns the error message for the current certificate status (as
-- returned by Status above).
--
-- Client verification support
--
type Verify_Callback is
access function (Cert : SSL.Certificate.Object) return Boolean;
-- Client certificate verification callback, must return True if Cert can
-- be accepted or False otherwise. Such callback should generally return
-- the value returned by Verified above.
procedure Set_Verify_Callback
(Config : in out SSL.Config; Callback : Verify_Callback);
-- Register the callback to use to verify client's certificates
type Password_Callback is
access function (Certificate_Filename : String) return String;
-- Callback to get password for signed server's keys. An empty string
-- must be returned if the password is unknown or the certificate isn't
-- signed.
procedure Set_Password_Callback (Callback : Password_Callback);
-- Set the password callback
function Get_Password (Certificate_Filename : String) return String;
-- Request a password for the giver certificate. The default
-- implementation just returns an empty string.
private
use Ada.Strings.Unbounded;
package Binary_Holders is
new Ada.Containers.Indefinite_Holders (Stream_Element_Array);
type Object is record
Verified : Boolean := False;
Status : Long_Integer := 0;
Common_Name : Unbounded_String;
Subject : Unbounded_String;
Issuer : Unbounded_String;
Serial_Number : Unbounded_String;
DER : Binary_Holders.Holder;
Activation : Calendar.Time := Utils.AWS_Epoch;
Expiration : Calendar.Time := Utils.AWS_Epoch;
end record;
Undefined : constant Object := (others => <>);
function Common_Name (Certificate : Object) return String is
(To_String (Certificate.Common_Name));
function Subject (Certificate : Object) return String is
(To_String (Certificate.Subject));
function Issuer (Certificate : Object) return String is
(To_String (Certificate.Issuer));
function Serial_Number (Certificate : Object) return String is
(To_String (Certificate.Serial_Number));
function Activation_Time (Certificate : Object) return Calendar.Time is
(Certificate.Activation);
function Expiration_Time (Certificate : Object) return Calendar.Time is
(Certificate.Expiration);
function Verified (Certificate : Object) return Boolean is
(Certificate.Verified);
function Status (Certificate : Object) return Long_Integer is
(Certificate.Status);
function DER (Certificate : Object) return Stream_Element_Array is
(if Certificate.DER.Is_Empty then (1 .. 0 => <>)
else Certificate.DER.Element);
overriding function "=" (Left, Right : Object) return Boolean is
(Binary_Holders."=" (Left.DER, Right.DER));
end AWS.Net.SSL.Certificate;
|