1 /*
2  *
3  *  Copyright (C) 1998-2019, OFFIS e.V.
4  *  All rights reserved.  See COPYRIGHT file for details.
5  *
6  *  This software and supporting documentation were developed by
7  *
8  *    OFFIS e.V.
9  *    R&D Division Health
10  *    Escherweg 2
11  *    D-26121 Oldenburg, Germany
12  *
13  *
14  *  Module: dcmsign
15  *
16  *  Author: Norbert Loxen, Marco Eichelberg
17  *
18  *  Purpose:
19  *    classes: SiSecurityProfile
20  *
21  */
22 
23 #ifndef SISPROF_H
24 #define SISPROF_H
25 
26 #include "dcmtk/config/osconfig.h"
27 
28 #ifdef WITH_OPENSSL
29 
30 #include "dcmtk/dcmsign/sitypes.h"   /* for E_KeyType */
31 #include "dcmtk/dcmsign/sipurpos.h"  /* for E_SignaturePurposeType */
32 #include "dcmtk/dcmdata/dcxfer.h"    /* for E_TransferSyntax */
33 
34 class SiAlgorithm;
35 class DcmItem;
36 class DcmAttributeTag;
37 class SiMAC;
38 class DcmTagKey;
39 
40 /** abstract base class for all security profiles.
41  *  @remark this class is only available if DCMTK is compiled with
42  *  OpenSSL support enabled.
43  */
44 class DCMTK_DCMSIGN_EXPORT SiSecurityProfile
45 {
46 public:
47 
48   /// default constructor
SiSecurityProfile()49   SiSecurityProfile() { }
50 
51   /// destructor
~SiSecurityProfile()52   virtual ~SiSecurityProfile() { }
53 
54   /** checks whether the given MAC type can be used with this security profile.
55    *  @param macType MAC type to be checked
56    *  @return true if MAC type is allowable for this profile, false otherwise.
57    */
58   virtual OFBool isAllowableMACType(E_MACType macType) const = 0;
59 
60   /** checks whether the given MAC object can be used with this security profile.
61    *  @param macType object to be checked
62    *  @return true if object is allowable for this profile, false otherwise.
63    */
64   virtual OFBool isAllowableMAC(const SiMAC& mac) const;
65 
66   /** checks whether the given public/private key algorithm can be used with this security profile.
67    *  @param keyType public key algorithm type to be checked
68    *  @return true if public key algorithm is allowable for this profile, false otherwise.
69    */
70   virtual OFBool isAllowableAlgorithmType(E_KeyType keyType) const = 0;
71 
72   /** checks whether the given public/private key object can be used with this security profile.
73    *  @param algo object to be checked
74    *  @return true if object is allowable for this profile, false otherwise.
75    */
76   virtual OFBool isAllowableAlgorithm(const SiAlgorithm& algo) const;
77 
78   /** checks whether the given transfer syntax can be used with this security profile
79    *  @param xfer transfer syntax to be checked
80    *  @return true if transfer syntax is allowable for this profile, false otherwise.
81    */
82   virtual OFBool isAllowableTransferSyntax(E_TransferSyntax xfer) const = 0;
83 
84   /** checks whether an attribute with the given tag is required to be signed
85    *  for the current security profile if the attribute is present in the dataset
86    *  @param key tag key to be checked
87    *  @return true if required, false otherwise.
88    */
89   virtual OFBool attributeRequiredIfPresent(const DcmTagKey& key) const = 0;
90 
91   /** checks whether an attribute with the given tag must not be signed
92    *  for the current security profile.
93    *  @param key tag key to be checked
94    *  @return true if attribute must not be signed, false otherwise.
95    */
96   virtual OFBool attributeForbidden(const DcmTagKey& key) const = 0;
97 
98   /** updates the given list of attribute tags according to the
99    *  requirements of the current security profile. For all elements present in the
100    *  dataset, the attribute tag is inserted or removed from the list if required by the profile.
101    *  @param item dataset to be handled
102    *  @param tagList attribute tag list to be updated
103    *  @return status code
104    */
105   virtual OFCondition updateAttributeList(DcmItem &item, DcmAttributeTag& tagList);
106 
107   /** create a maximum list of attribute tags according to the
108    *  requirements of the current security profile. For all elements present in the
109    *  dataset, the attribute tag is inserted if permitted by the profile.
110    *  @param item dataset to be handled
111    *  @param tagList attribute tag list to be created
112    *  @return status code
113    */
114   virtual OFCondition createAttributeList(DcmItem &item, DcmAttributeTag& tagList);
115 
116   /** checks whether the given list of attribute tags fulfils the requirements
117    *  of the current security profile for the given dataset.
118    *  @param item dataset to be checked
119    *  @param tagList attribute tag list.
120    *  @return true if minimum requirements for profile are fulfilled, false otherwise.
121    */
122   virtual OFBool checkAttributeList(DcmItem &item, DcmAttributeTag& tagList);
123 
124   /** checks whether all attributes that are required unconditionally
125    *  to be signed in this profile are included in the given tagList.
126    *  @param taglist attribute tag list
127    *  @return true if requirements for profile are fulfilled, false otherwise.
128    */
129   virtual OFBool checkRequiredAttributeList(DcmAttributeTag& tagList) const = 0;
130 
131   /** some digital signature profiles specify conditions under which certain
132    *  attributes must be included into the signature.
133    *  This method allows the signature profile to inspect the dataset in order
134    *  to determine whether or not the conditions are met.
135    *  This method should be called before DcmSignature::createSignature() is executed.
136    *  @param item the dataset or item to which the signature will be added
137    *  @return status code
138    */
139   virtual OFCondition inspectSignatureDataset(DcmItem &item) = 0;
140 
141   /** return the required digital signature purpose for this signature profile
142    *  @return required signature purpose if any, ESP_none otherwise
143    */
144   virtual SiSignaturePurpose::E_SignaturePurposeType getOverrideSignaturePurpose() const;
145 
146   /** returns true if this signature profile only applies to main dataset level
147    *  @return OFTrue if this signature profile only applies to main dataset level, OFFalse otherwise
148    */
149   virtual OFBool mainDatasetRequired() const = 0;
150 
151   /** checks if the given tag key is contained in the given list.
152    *  @param tagList list of tag keys
153    *  @param key tag key
154    *  @return true if tag key is present in list, false otherwise.
155    */
156   static OFBool containsTag(DcmAttributeTag& tagList, const DcmTagKey& key);
157 
158 private:
159 
160   /// private undefined copy constructor
161   SiSecurityProfile(SiSecurityProfile& arg);
162 
163   /// private undefined copy assignment operator
164   SiSecurityProfile& operator=(SiSecurityProfile& arg);
165 
166 };
167 
168 #endif
169 #endif
170