1 /* 2 * 3 * Copyright (C) 1998-2019, OFFIS e.V. 4 * All rights reserved. See COPYRIGHT file for details. 5 * 6 * This software and supporting documentation were developed by 7 * 8 * OFFIS e.V. 9 * R&D Division Health 10 * Escherweg 2 11 * D-26121 Oldenburg, Germany 12 * 13 * 14 * Module: dcmsign 15 * 16 * Author: Norbert Loxen, Marco Eichelberg 17 * 18 * Purpose: 19 * classes: SiSecurityProfile 20 * 21 */ 22 23 #ifndef SISPROF_H 24 #define SISPROF_H 25 26 #include "dcmtk/config/osconfig.h" 27 28 #ifdef WITH_OPENSSL 29 30 #include "dcmtk/dcmsign/sitypes.h" /* for E_KeyType */ 31 #include "dcmtk/dcmsign/sipurpos.h" /* for E_SignaturePurposeType */ 32 #include "dcmtk/dcmdata/dcxfer.h" /* for E_TransferSyntax */ 33 34 class SiAlgorithm; 35 class DcmItem; 36 class DcmAttributeTag; 37 class SiMAC; 38 class DcmTagKey; 39 40 /** abstract base class for all security profiles. 41 * @remark this class is only available if DCMTK is compiled with 42 * OpenSSL support enabled. 43 */ 44 class DCMTK_DCMSIGN_EXPORT SiSecurityProfile 45 { 46 public: 47 48 /// default constructor SiSecurityProfile()49 SiSecurityProfile() { } 50 51 /// destructor ~SiSecurityProfile()52 virtual ~SiSecurityProfile() { } 53 54 /** checks whether the given MAC type can be used with this security profile. 55 * @param macType MAC type to be checked 56 * @return true if MAC type is allowable for this profile, false otherwise. 57 */ 58 virtual OFBool isAllowableMACType(E_MACType macType) const = 0; 59 60 /** checks whether the given MAC object can be used with this security profile. 61 * @param macType object to be checked 62 * @return true if object is allowable for this profile, false otherwise. 63 */ 64 virtual OFBool isAllowableMAC(const SiMAC& mac) const; 65 66 /** checks whether the given public/private key algorithm can be used with this security profile. 67 * @param keyType public key algorithm type to be checked 68 * @return true if public key algorithm is allowable for this profile, false otherwise. 69 */ 70 virtual OFBool isAllowableAlgorithmType(E_KeyType keyType) const = 0; 71 72 /** checks whether the given public/private key object can be used with this security profile. 73 * @param algo object to be checked 74 * @return true if object is allowable for this profile, false otherwise. 75 */ 76 virtual OFBool isAllowableAlgorithm(const SiAlgorithm& algo) const; 77 78 /** checks whether the given transfer syntax can be used with this security profile 79 * @param xfer transfer syntax to be checked 80 * @return true if transfer syntax is allowable for this profile, false otherwise. 81 */ 82 virtual OFBool isAllowableTransferSyntax(E_TransferSyntax xfer) const = 0; 83 84 /** checks whether an attribute with the given tag is required to be signed 85 * for the current security profile if the attribute is present in the dataset 86 * @param key tag key to be checked 87 * @return true if required, false otherwise. 88 */ 89 virtual OFBool attributeRequiredIfPresent(const DcmTagKey& key) const = 0; 90 91 /** checks whether an attribute with the given tag must not be signed 92 * for the current security profile. 93 * @param key tag key to be checked 94 * @return true if attribute must not be signed, false otherwise. 95 */ 96 virtual OFBool attributeForbidden(const DcmTagKey& key) const = 0; 97 98 /** updates the given list of attribute tags according to the 99 * requirements of the current security profile. For all elements present in the 100 * dataset, the attribute tag is inserted or removed from the list if required by the profile. 101 * @param item dataset to be handled 102 * @param tagList attribute tag list to be updated 103 * @return status code 104 */ 105 virtual OFCondition updateAttributeList(DcmItem &item, DcmAttributeTag& tagList); 106 107 /** create a maximum list of attribute tags according to the 108 * requirements of the current security profile. For all elements present in the 109 * dataset, the attribute tag is inserted if permitted by the profile. 110 * @param item dataset to be handled 111 * @param tagList attribute tag list to be created 112 * @return status code 113 */ 114 virtual OFCondition createAttributeList(DcmItem &item, DcmAttributeTag& tagList); 115 116 /** checks whether the given list of attribute tags fulfils the requirements 117 * of the current security profile for the given dataset. 118 * @param item dataset to be checked 119 * @param tagList attribute tag list. 120 * @return true if minimum requirements for profile are fulfilled, false otherwise. 121 */ 122 virtual OFBool checkAttributeList(DcmItem &item, DcmAttributeTag& tagList); 123 124 /** checks whether all attributes that are required unconditionally 125 * to be signed in this profile are included in the given tagList. 126 * @param taglist attribute tag list 127 * @return true if requirements for profile are fulfilled, false otherwise. 128 */ 129 virtual OFBool checkRequiredAttributeList(DcmAttributeTag& tagList) const = 0; 130 131 /** some digital signature profiles specify conditions under which certain 132 * attributes must be included into the signature. 133 * This method allows the signature profile to inspect the dataset in order 134 * to determine whether or not the conditions are met. 135 * This method should be called before DcmSignature::createSignature() is executed. 136 * @param item the dataset or item to which the signature will be added 137 * @return status code 138 */ 139 virtual OFCondition inspectSignatureDataset(DcmItem &item) = 0; 140 141 /** return the required digital signature purpose for this signature profile 142 * @return required signature purpose if any, ESP_none otherwise 143 */ 144 virtual SiSignaturePurpose::E_SignaturePurposeType getOverrideSignaturePurpose() const; 145 146 /** returns true if this signature profile only applies to main dataset level 147 * @return OFTrue if this signature profile only applies to main dataset level, OFFalse otherwise 148 */ 149 virtual OFBool mainDatasetRequired() const = 0; 150 151 /** checks if the given tag key is contained in the given list. 152 * @param tagList list of tag keys 153 * @param key tag key 154 * @return true if tag key is present in list, false otherwise. 155 */ 156 static OFBool containsTag(DcmAttributeTag& tagList, const DcmTagKey& key); 157 158 private: 159 160 /// private undefined copy constructor 161 SiSecurityProfile(SiSecurityProfile& arg); 162 163 /// private undefined copy assignment operator 164 SiSecurityProfile& operator=(SiSecurityProfile& arg); 165 166 }; 167 168 #endif 169 #endif 170