pacs_system/signature__types_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2021-2025, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


#pragma once


#include <chrono>

#include <cstdint>

#include <optional>

#include <string>

#include <string_view>

#include <vector>


namespace kcenon::pacs::security {


enum class signature_algorithm {

    rsa_sha256,

    rsa_sha384,

    rsa_sha512,

    ecdsa_sha256,

    ecdsa_sha384

};


constexpr std::string_view to_string(signature_algorithm algo) {

    switch (algo) {

        case signature_algorithm::rsa_sha256: return "RSA-SHA256";

        case signature_algorithm::rsa_sha384: return "RSA-SHA384";

        case signature_algorithm::rsa_sha512: return "RSA-SHA512";

        case signature_algorithm::ecdsa_sha256: return "ECDSA-SHA256";

        case signature_algorithm::ecdsa_sha384: return "ECDSA-SHA384";

    }

    return "Unknown";

}


inline std::optional<signature_algorithm> parse_signature_algorithm(std::string_view str) {

    if (str == "RSA-SHA256") return signature_algorithm::rsa_sha256;

    if (str == "RSA-SHA384") return signature_algorithm::rsa_sha384;

    if (str == "RSA-SHA512") return signature_algorithm::rsa_sha512;

    if (str == "ECDSA-SHA256") return signature_algorithm::ecdsa_sha256;

    if (str == "ECDSA-SHA384") return signature_algorithm::ecdsa_sha384;

    return std::nullopt;

}


enum class signature_status {

    valid,

    invalid,

    expired,

    untrusted_signer,

    revoked,

    no_signature

};


constexpr std::string_view to_string(signature_status status) {

    switch (status) {

        case signature_status::valid: return "Valid";

        case signature_status::invalid: return "Invalid";

        case signature_status::expired: return "Expired";

        case signature_status::untrusted_signer: return "UntrustedSigner";

        case signature_status::revoked: return "Revoked";

        case signature_status::no_signature: return "NoSignature";

    }

    return "Unknown";

}


struct signature_info {

    std::string signature_uid;

    std::string signer_name;

    std::string signer_organization;

    std::chrono::system_clock::time_point timestamp;

    signature_algorithm algorithm;

    std::vector<std::uint32_t> signed_tags;

    std::string certificate_thumbprint;


    bool operator==(const signature_info&) const = default;

};


enum class mac_algorithm {

    sha256,

    sha384,

    sha512

};


constexpr std::string_view to_dicom_uid(mac_algorithm algo) {

    switch (algo) {

        case mac_algorithm::sha256: return "2.16.840.1.101.3.4.2.1";

        case mac_algorithm::sha384: return "2.16.840.1.101.3.4.2.2";

        case mac_algorithm::sha512: return "2.16.840.1.101.3.4.2.3";

    }

    return "";

}


enum class certificate_type {

    x509_certificate,

    x509_certificate_chain

};


constexpr std::string_view to_dicom_term(certificate_type type) {

    switch (type) {

        case certificate_type::x509_certificate: return "X509_1993_SIG";

        case certificate_type::x509_certificate_chain: return "X509_1993_SIG_CHAIN";

    }

    return "";

}


} // namespace kcenon::pacs::security

kcenon::pacs::security
Definition access_control_manager.h:27

kcenon::pacs::security::to_dicom_uid
constexpr std::string_view to_dicom_uid(mac_algorithm algo)
Convert mac_algorithm to DICOM UID string.
Definition signature_types.h:141

kcenon::pacs::security::parse_signature_algorithm
std::optional< signature_algorithm > parse_signature_algorithm(std::string_view str)
Parse signature_algorithm from string.
Definition signature_types.h:69

kcenon::pacs::security::mac_algorithm
mac_algorithm
MAC algorithm identifiers per DICOM PS3.15.
Definition signature_types.h:130

kcenon::pacs::security::mac_algorithm::sha384
@ sha384
SHA-384.

kcenon::pacs::security::mac_algorithm::sha512
@ sha512
SHA-512.

kcenon::pacs::security::mac_algorithm::sha256
@ sha256
SHA-256 (recommended)

kcenon::pacs::security::to_string
constexpr auto to_string(anonymization_profile profile) noexcept -> std::string_view
Convert profile enum to string representation.
Definition anonymization_profile.h:132

kcenon::pacs::security::signature_status
signature_status
Status of signature verification.
Definition signature_types.h:81

kcenon::pacs::security::signature_status::untrusted_signer
@ untrusted_signer
Signer certificate is not trusted.

kcenon::pacs::security::signature_status::no_signature
@ no_signature
No signature present in dataset.

kcenon::pacs::security::signature_status::revoked
@ revoked
Signer certificate has been revoked.

kcenon::pacs::security::signature_status::valid
@ valid
Signature is valid and trusted.

kcenon::pacs::security::signature_status::expired
@ expired
Signer certificate has expired.

kcenon::pacs::security::signature_status::invalid
@ invalid
Signature verification failed (tampered data)

kcenon::pacs::security::signature_algorithm
signature_algorithm
Signature algorithms supported for DICOM digital signatures.
Definition signature_types.h:40

kcenon::pacs::security::signature_algorithm::rsa_sha512
@ rsa_sha512
RSA with SHA-512 (highest security)

kcenon::pacs::security::signature_algorithm::ecdsa_sha256
@ ecdsa_sha256
ECDSA with SHA-256 (compact signatures)

kcenon::pacs::security::signature_algorithm::ecdsa_sha384
@ ecdsa_sha384
ECDSA with SHA-384.

kcenon::pacs::security::signature_algorithm::rsa_sha384
@ rsa_sha384
RSA with SHA-384.

kcenon::pacs::security::signature_algorithm::rsa_sha256
@ rsa_sha256
RSA with SHA-256 (recommended for most use cases)

kcenon::pacs::security::certificate_type
certificate_type
Certificate type for DICOM signatures.
Definition signature_types.h:155

kcenon::pacs::security::certificate_type::x509_certificate
@ x509_certificate
X.509 certificate (most common)

kcenon::pacs::security::certificate_type::x509_certificate_chain
@ x509_certificate_chain
Full X.509 certificate chain.

kcenon::pacs::security::to_dicom_term
constexpr std::string_view to_dicom_term(certificate_type type)
Convert certificate_type to DICOM defined term.
Definition signature_types.h:165

kcenon::pacs::security::signature_info
Information about a digital signature.
Definition signature_types.h:113

kcenon::pacs::security::signature_info::timestamp
std::chrono::system_clock::time_point timestamp
Digital Signature DateTime (0400,0105)
Definition signature_types.h:117

kcenon::pacs::security::signature_info::signature_uid
std::string signature_uid
Digital Signature UID (0400,0100)
Definition signature_types.h:114

kcenon::pacs::security::signature_info::certificate_thumbprint
std::string certificate_thumbprint
SHA-256 thumbprint of signer certificate.
Definition signature_types.h:120

kcenon::pacs::security::signature_info::signer_name
std::string signer_name
Name of the signer (extracted from certificate)
Definition signature_types.h:115

kcenon::pacs::security::signature_info::signed_tags
std::vector< std::uint32_t > signed_tags
List of tags that were signed.
Definition signature_types.h:119

kcenon::pacs::security::signature_info::algorithm
signature_algorithm algorithm
Algorithm used for signing.
Definition signature_types.h:118

kcenon::pacs::security::signature_info::signer_organization
std::string signer_organization
Organization of the signer.
Definition signature_types.h:116

kcenon::pacs::security::signature_info::operator==
bool operator==(const signature_info &) const =default