certificate.h

Go to the documentation of this file.

// BSD 3-Clause License
// Copyright (c) 2021-2025, 🍀☀🌕🌥 🌊
// See the LICENSE file in the project root for full license information.
 
#pragma once
 
#include <kcenon/common/patterns/result.h>
 
#include <chrono>
#include <cstdint>
#include <memory>
#include <span>
#include <string>
#include <string_view>
#include <vector>
 
namespace kcenon::pacs::security {
 
// Forward declarations for PIMPL
class certificate_impl;
class private_key_impl;
 
class certificate {
public:
    certificate();
 
    certificate(const certificate& other);
 
    certificate(certificate&& other) noexcept;
 
    auto operator=(const certificate& other) -> certificate&;
 
    auto operator=(certificate&& other) noexcept -> certificate&;
 
    ~certificate();
 
    // ========================================================================
    // Factory Methods
    // ========================================================================
 
    [[nodiscard]] static auto load_from_pem(std::string_view path)
        -> kcenon::common::Result<certificate>;
 
    [[nodiscard]] static auto load_from_pem_string(std::string_view pem_data)
        -> kcenon::common::Result<certificate>;
 
    [[nodiscard]] static auto load_from_der(std::span<const std::uint8_t> der_data)
        -> kcenon::common::Result<certificate>;
 
    // ========================================================================
    // Certificate Information
    // ========================================================================
 
    [[nodiscard]] auto subject_name() const -> std::string;
 
    [[nodiscard]] auto subject_common_name() const -> std::string;
 
    [[nodiscard]] auto subject_organization() const -> std::string;
 
    [[nodiscard]] auto issuer_name() const -> std::string;
 
    [[nodiscard]] auto serial_number() const -> std::string;
 
    [[nodiscard]] auto thumbprint() const -> std::string;
 
    // ========================================================================
    // Validity
    // ========================================================================
 
    [[nodiscard]] auto not_before() const -> std::chrono::system_clock::time_point;
 
    [[nodiscard]] auto not_after() const -> std::chrono::system_clock::time_point;
 
    [[nodiscard]] auto is_valid() const -> bool;
 
    [[nodiscard]] auto is_expired() const -> bool;
 
    // ========================================================================
    // Export
    // ========================================================================
 
    [[nodiscard]] auto to_pem() const -> std::string;
 
    [[nodiscard]] auto to_der() const -> std::vector<std::uint8_t>;
 
    // ========================================================================
    // Internal Access
    // ========================================================================
 
    [[nodiscard]] auto is_loaded() const noexcept -> bool;
 
    [[nodiscard]] auto impl() const noexcept -> const certificate_impl*;
    [[nodiscard]] auto impl() noexcept -> certificate_impl*;
 
private:
    friend class certificate_chain;  // Allow certificate_chain to access impl_
    std::unique_ptr<certificate_impl> impl_;
};
 
class private_key {
public:
    private_key();
 
    private_key(const private_key&) = delete;
 
    private_key(private_key&& other) noexcept;
 
    auto operator=(const private_key&) -> private_key& = delete;
 
    auto operator=(private_key&& other) noexcept -> private_key&;
 
    ~private_key();
 
    // ========================================================================
    // Factory Methods
    // ========================================================================
 
    [[nodiscard]] static auto load_from_pem(
        std::string_view path,
        std::string_view password = ""
    ) -> kcenon::common::Result<private_key>;
 
    [[nodiscard]] static auto load_from_pem_string(
        std::string_view pem_data,
        std::string_view password = ""
    ) -> kcenon::common::Result<private_key>;
 
    // ========================================================================
    // Key Information
    // ========================================================================
 
    [[nodiscard]] auto algorithm_name() const -> std::string;
 
    [[nodiscard]] auto key_size() const -> int;
 
    [[nodiscard]] auto is_loaded() const noexcept -> bool;
 
    // ========================================================================
    // Internal Access
    // ========================================================================
 
    [[nodiscard]] auto impl() const noexcept -> const private_key_impl*;
    [[nodiscard]] auto impl() noexcept -> private_key_impl*;
 
private:
    std::unique_ptr<private_key_impl> impl_;
};
 
class certificate_chain {
public:
    certificate_chain() = default;
 
    void add(certificate cert);
 
    [[nodiscard]] auto end_entity() const -> const certificate*;
 
    [[nodiscard]] auto certificates() const -> const std::vector<certificate>&;
 
    [[nodiscard]] auto empty() const noexcept -> bool;
 
    [[nodiscard]] auto size() const noexcept -> size_t;
 
    [[nodiscard]] static auto load_from_pem(std::string_view path)
        -> kcenon::common::Result<certificate_chain>;
 
private:
    std::vector<certificate> certs_;
};
 
} // namespace kcenon::pacs::security