1 /*
2  *
3  *  Copyright (C) 1998-2019, OFFIS e.V.
4  *  All rights reserved.  See COPYRIGHT file for details.
5  *
6  *  This software and supporting documentation were developed by
7  *
8  *    OFFIS e.V.
9  *    R&D Division Health
10  *    Escherweg 2
11  *    D-26121 Oldenburg, Germany
12  *
13  *
14  *  Module: dcmsign
15  *
16  *  Author: Norbert Loxen, Marco Eichelberg
17  *
18  *  Purpose:
19  *    classes: SiPrivateKey
20  *
21  */
22 
23 #ifndef SIPRIVAT_H
24 #define SIPRIVAT_H
25 
26 #include "dcmtk/config/osconfig.h"
27 
28 #ifdef WITH_OPENSSL
29 
30 #include "dcmtk/dcmsign/sitypes.h"
31 #include "dcmtk/ofstd/ofstring.h"
32 
33 class SiAlgorithm;
34 class SiCertificate;
35 struct evp_pkey_st;
36 typedef struct evp_pkey_st EVP_PKEY;
37 
38 
39 /** a class representing a private key.
40  *  @remark this class is only available if DCMTK is compiled with
41  *  OpenSSL support enabled.
42  */
43 class DCMTK_DCMSIGN_EXPORT SiPrivateKey
44 {
45 public:
46   /// default constructor
47   SiPrivateKey();
48 
49   ///destructor
50   virtual ~SiPrivateKey();
51 
52   /** sets the password string to be used when loading an
53    *  encrypted private key file in PEM format (ASN.1/DER encoded files are never encrypted).
54    *  Must be called prior to loadPrivateKey() in order to be effective.
55    *  @param thePasswd password string, may be "" or NULL in which case an empty
56    *    password is assumed.
57    */
58   void setPrivateKeyPasswd(const char *thePasswd);
59 
60   /** sets the password string to be used when loading an
61    *  encrypted private key file to be read from the console stdin.
62    */
63   void setPrivateKeyPasswdFromConsole();
64 
65   /** loads a private key from file. If the private key is in encrypted PEM
66    *  format, the password is either read from console (default) or taken
67    *  from an internal setting created with setPrivateKeyPasswd().
68    *  @param filename file name of key
69    *  @param filetype file format: X509_FILETYPE_PEM or X509_FILETYPE_ASN1
70    *  @return status code
71    */
72   OFCondition loadPrivateKey(const char *filename, int filetype);
73 
74   /** returns the type of public key stored in this certificate
75    */
76   E_KeyType getKeyType() const;
77 
78   /** creates an SiAlgorithm object for the private key contained in this certificate.
79    *  If no key is loaded or operation fails, returns NULL.
80    *  New SiAlgorithm object must be deleted by caller.
81    *  @return pointer to new SiAlgorithm object
82    */
83   SiAlgorithm *createAlgorithmForPrivateKey();
84 
85   /** checks if the private key and the certificate set using setPrivateKeyFile()
86    *  and setCertificateFile() match, i.e. if they establish a private/public key pair.
87    *  @return OFTrue if private key and certificate match, OFFalse otherwise.
88    */
89   OFBool matchesCertificate(SiCertificate& cert);
90 
91   /** provides access to the raw private key in OpenSSL format. Use with care!
92    *  @return raw private key in OpenSSL format
93    */
94   EVP_PKEY *getRawPrivateKey();
95 
96 private:
97 
98   /// private undefined copy constructor
99   SiPrivateKey(SiPrivateKey& arg);
100 
101   /// private undefined copy assignment operator
102   SiPrivateKey& operator=(SiPrivateKey& arg);
103 
104   /// contains the password for the private key if set on command line
105   OFString privateKeyPasswd;
106 
107   /// true if the privateKeyPasswd contains the password, false otherwise.
108   OFBool usePrivateKeyPassword;
109 
110   /// the private key managed by this object, may be NULL if not loaded yet
111   EVP_PKEY* pkey;
112 
113 };
114 
115 #endif
116 #endif
117