Certificates¶
-
class
Certificate
¶ Implemented by SSL adapter to handle certificate operations.
Public Types
Public Functions
-
virtual
~Certificate
()¶
-
virtual bool
getFingerprint
(Fingerprint::Type type, Fingerprint &fingerprint) const = 0¶ Obtain certificate fingerprint.
- Parameters
type
: Which type of fingerprint to returnfingerprint
: On success, returned fingerprint
- Return Value
bool
: true on success, false if fingerprint not available
-
virtual String
getName
(DN dn, RDN rdn) const = 0¶ Retrieve an X.509 distinguished name component.
- Parameters
dn
: The desired Distinguished Namerdn
: The component to return
- Return Value
String
: The requested Distinguished Name component
-
size_t
printTo
(Print &p) const¶ Debugging print support.
-
virtual
-
class
ValidatorList
: public Vector<Validator>¶ Performs certificate validation.
Validators are created in the application’s session initialisation callback. When the certificate has been received, it is checked against each registered validator in turn until successful. All validators are destroyed during this process.
If there are no validators in the list then the certificate will not be checked and the connection accepted.
Public Types
-
template<>
typedef int (*Comparer
)(const Validator &lhs, const Validator &rhs)¶
Public Functions
-
bool
add
(Validator *validator)¶ Add a validator to the list.
- Parameters
validator
: Must be allocated on the heap
-
template <class T>
boolpin
(const T &fingerprint)¶ Pin a fingerprint.
Creates and adds a fingerprint validator to the list
-
bool
add
(ValidatorCallback callback, void *data = nullptr)¶ Register a custom validator callback.
- Parameters
callback
:data
: User-provided data (optional)
-
bool
validate
(const Certificate *certificate)¶ Validate certificate via registered validators.
We only need one match for a successful result, but we free all the validators. This method must be called no more than ONCE.
- Note
- Called by SSL framework.
- Parameters
certificate
: When called with nullptr will free all validators, then fail
- Return Value
bool
: true on success, false on failure
-
unsigned int
capacity
() const¶
-
bool
contains
(const Validator &elem) const¶
-
const Validator &
firstElement
() const¶
-
int
indexOf
(const Validator &elem) const¶
-
bool
isEmpty
() const¶
-
const Validator &
lastElement
() const¶
-
int
lastIndexOf
(const Validator &elem) const¶
-
unsigned int
count
() const¶
-
unsigned int
size
() const¶
-
void
copyInto
(Validator *array) const¶
-
bool
add
(const Validator &obj)¶
-
bool
addElement
(const Validator &obj)¶
-
bool
addElement
(Validator *objp)¶
-
void
clear
()¶
-
bool
ensureCapacity
(unsigned int minCapacity)¶
-
void
removeAllElements
()¶
-
bool
removeElement
(const Validator &obj)¶
-
bool
setSize
(unsigned int newSize)¶
-
void
trimToSize
()¶
-
const Validator &
elementAt
(unsigned int index) const¶
-
bool
insertElementAt
(const Validator &obj, unsigned int index)¶
-
const void
remove
(unsigned int index)¶
-
void
removeElementAt
(unsigned int index)¶
-
bool
setElementAt
(const Validator &obj, unsigned int index)¶
-
const Validator &
get
(unsigned int index) const¶
-
const Validator &
operator[]
(unsigned int index) const¶
-
Validator &
operator[]
(unsigned int index)¶
-
void
sort
(Comparer compareFunction)¶
-
const Validator &
at
(unsigned int i) const¶
Public Members
-
Fingerprint::Types
fingerprintTypes
¶ Contains a list of registered fingerprint types.
Allows implementations to avoid calculating fingerprint values which are not required, as this is computationally expensive.
-
template<>
-
class
Validator
¶ Base validator class.
Validation is performed by invoking each validator in turn until a successful result is obtained.
Custom validators may either override this class, or use a callback.
Subclassed by Ssl::CallbackValidator, Ssl::FingerprintValidator< FP >
-
union
Fingerprint
¶ - #include <Fingerprints.h>
Various types of fingerprint.
Applications should use the appropriate type to define a fingerprint, for example:
static const Fingerprint::Cert::Sha1 fingerprint PROGMEM = { ... };
Public Types
-
enum
Type
¶ SSL Certificate fingerprint type.
Values:
-
CertSha1
¶ SHA1 Fingerprint of entire certificate.
-
CertSha256
¶ SHA256 Fingerprint of entire certificate.
-
PkiSha256
¶ SHA256 Fingerprint of Public Key Information.
-
-
union
Cert
¶ - #include <Fingerprints.h>
Fingerprints for the entire Certificate.
-
struct
Sha1
¶ - #include <Fingerprints.h>
Fingerprint based on the SHA1 value of the certificate.
The SHA1 hash of the entire certificate. This changes on each certificate renewal so needs to be updated every time the remote server updates its certificate.
Advantages: Takes less time to verify than SHA256
Disadvantages: Likely to change periodically
Public Static Attributes
-
constexpr Type
type
= Type::CertSha1¶
-
constexpr Type
-
struct
Sha256
¶ - #include <Fingerprints.h>
Fingerprint based on the SHA256 value of the certificate.
Typically displayed in browser certificate information
Public Static Attributes
-
constexpr Type
type
= Type::CertSha256¶
-
constexpr Type
-
struct
-
union
Pki
¶ - #include <Fingerprints.h>
for the Public Key only
-
struct
Sha256
¶ - #include <Fingerprints.h>
Fingerprint based on the SHA256 value of the Public Key Subject in the certificate.
For HTTP public key pinning (RFC7469), the SHA-256 hash of the Subject Public Key Info (which usually only changes when the public key changes) is used.
Advantages: Doesn’t change frequently
Disadvantages: Takes more time (in ms) to verify.
Public Static Attributes
-
constexpr Type
type
= Type::PkiSha256¶
-
constexpr Type
-
struct
-
enum