1 /*** 2 * Copyright (C) Microsoft. All rights reserved. 3 * Licensed under the MIT license. See LICENSE.txt file in the project root for full license information. 4 * 5 * =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 6 * 7 * Contains utility functions for helping to verify server certificates in OS X/iOS and Android. 8 * 9 * For the latest on this and related APIs, please see: https://github.com/Microsoft/cpprestsdk 10 * 11 * =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 12 ****/ 13 14 #pragma once 15 16 #if defined(_WIN32) 17 #include <Wincrypt.h> 18 19 namespace web 20 { 21 namespace http 22 { 23 namespace client 24 { 25 namespace details 26 { 27 struct winhttp_cert_context 28 { 29 PCCERT_CONTEXT raw; winhttp_cert_contextwinhttp_cert_context30 winhttp_cert_context() CPPREST_NOEXCEPT : raw(nullptr) {} 31 winhttp_cert_context(const winhttp_cert_context&) = delete; 32 winhttp_cert_context& operator=(const winhttp_cert_context&) = delete; ~winhttp_cert_contextwinhttp_cert_context33 ~winhttp_cert_context() 34 { 35 // https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-certfreecertificatecontext 36 // "The function always returns nonzero." 37 if (raw) 38 { 39 (void)CertFreeCertificateContext(raw); 40 } 41 } 42 }; 43 44 struct winhttp_cert_chain_context 45 { 46 PCCERT_CHAIN_CONTEXT raw; winhttp_cert_chain_contextwinhttp_cert_chain_context47 winhttp_cert_chain_context() CPPREST_NOEXCEPT : raw(nullptr) {} 48 winhttp_cert_chain_context(const winhttp_cert_chain_context&) = delete; 49 winhttp_cert_chain_context& operator=(const winhttp_cert_chain_context&) = delete; ~winhttp_cert_chain_contextwinhttp_cert_chain_context50 ~winhttp_cert_chain_context() 51 { 52 if (raw) 53 { 54 CertFreeCertificateChain(raw); 55 } 56 } 57 }; 58 } // namespace details 59 } // namespace client 60 } // namespace http 61 } // namespace web 62 #endif // _WIN32 63 64 #if defined(__APPLE__) || (defined(ANDROID) || defined(__ANDROID__)) || \ 65 (defined(_WIN32) && defined(CPPREST_FORCE_HTTP_CLIENT_ASIO)) || \ 66 (defined(_WIN32) && !defined(__cplusplus_winrt) && !defined(_M_ARM) && !defined(CPPREST_EXCLUDE_WEBSOCKETS)) 67 #define CPPREST_PLATFORM_ASIO_CERT_VERIFICATION_AVAILABLE 68 #endif 69 70 #ifdef CPPREST_PLATFORM_ASIO_CERT_VERIFICATION_AVAILABLE 71 #include <string> 72 73 #if defined(_MSC_VER) 74 #pragma warning(push) 75 #pragma warning(disable : 4005) 76 #endif 77 #if defined(__clang__) 78 #pragma clang diagnostic push 79 #pragma clang diagnostic ignored "-Wunused-local-typedef" 80 #endif 81 #include <boost/asio/ssl.hpp> 82 #if defined(__clang__) 83 #pragma clang diagnostic pop 84 #endif 85 #if defined(_MSC_VER) 86 #pragma warning(pop) 87 #endif 88 89 namespace web 90 { 91 namespace http 92 { 93 namespace client 94 { 95 namespace details 96 { 97 /// <summary> 98 /// Using platform specific APIs verifies server certificate. 99 /// Currently implemented to work on Windows, iOS, Android, and OS X. 100 /// </summary> 101 /// <param name="verifyCtx">Boost.ASIO context to get certificate chain from.</param> 102 /// <param name="hostName">Host name from the URI.</param> 103 /// <returns>True if verification passed and server can be trusted, false otherwise.</returns> 104 bool verify_cert_chain_platform_specific(boost::asio::ssl::verify_context& verifyCtx, const std::string& hostName); 105 } // namespace details 106 } // namespace client 107 } // namespace http 108 } // namespace web 109 110 #endif // CPPREST_PLATFORM_ASIO_CERT_VERIFICATION_AVAILABLE 111