You.i Engine
CYISSLRootCertificateProvider Class Reference

Detailed Description

Provides SSL root certificate information.

The SSL root certification information is provided in two ways:

  1. The CYISSLRootCertificateProvider will query the system root certificate store to obtain the default root certificates for the system. This is currently only supported on the PlayStation and UWP platforms.
  2. The path to a SSL root certificate bundle in PEM format can be specified. For platforms which do not support querying the system root certificate store this path must be set for SSL communication to succeed.

This provider will be used by CYITCPSecureSocket, CYIWebSocket and CYIHTTPService when SSL communcation is required.

The SSL root certificate bundle specified by path will take precedence over the system root certificates.

#include <network/YiSSLRootCertificateProvider.h>


struct  Certificate

Public Types

enum  CertificateFormat {

Public Member Functions

virtual ~CYISSLRootCertificateProvider ()
void SetRootCertificateBundleFilePath (const CYIString &filePath)
const CYIStringGetRootCertificateBundleFilePath () const
void AddPinnedPublicKey (const CYIUrl &domain, const CYIString &publicKey)
std::map< CYIUrl, CYIString > & GetPinnedPublicKeys ()
void ClearPinnedPublicKeys ()
const std::vector< Certificate > & GetSystemRootCertificates () const

Static Public Member Functions

static CYISSLRootCertificateProviderGetInstance ()

Member Enumeration Documentation

◆ CertificateFormat

The format of the root certificate contained in the root certificate.

See also

The root certificate is in PEM format.


The root certificate is in encoded X509 format.

Constructor & Destructor Documentation

◆ ~CYISSLRootCertificateProvider()

virtual CYISSLRootCertificateProvider::~CYISSLRootCertificateProvider ( )

Member Function Documentation

◆ AddPinnedPublicKey()

void CYISSLRootCertificateProvider::AddPinnedPublicKey ( const CYIUrl domain,
const CYIString publicKey 

HTTPS requests to domain will fail if the public key returned by the server does not match publicKey. The domain parameter is the CYIUrl for the associated domain. The publicKey parameter is the base64 encoded string of the Subject Public Key Information of the X.509 certificate.

Not toggleable. Once a the system notes that a challenge with this public key was accepted it will continue to be accepted regardless of whether the key is pinned or not.
See also

◆ ClearPinnedPublicKeys()

void CYISSLRootCertificateProvider::ClearPinnedPublicKeys ( )

Clears the map of domains and pinned public keys.

◆ GetInstance()

static CYISSLRootCertificateProvider* CYISSLRootCertificateProvider::GetInstance ( )

◆ GetPinnedPublicKeys()

std::map<CYIUrl, CYIString>& CYISSLRootCertificateProvider::GetPinnedPublicKeys ( )

Returns a map of domains to pinned public keys.

◆ GetRootCertificateBundleFilePath()

const CYIString& CYISSLRootCertificateProvider::GetRootCertificateBundleFilePath ( ) const

Returns the file path to the SSL root certificate bundle.

See also

◆ GetSystemRootCertificates()

const std::vector<Certificate>& CYISSLRootCertificateProvider::GetSystemRootCertificates ( ) const

Returns the SSL root certificates that were loaded from the system root certificate store.

If a SSL root certificate bundle is set via SetRootCertificateBundleFilePath these certificates will not be used.

◆ SetRootCertificateBundleFilePath()

void CYISSLRootCertificateProvider::SetRootCertificateBundleFilePath ( const CYIString filePath)

Sets the file path to the SSL root certificate bundle to be used by the CYISSLRootCertificateProvider. This SSL root certificate bundle must be in PEM format.

When set this root certificate bundle will take precedence over the system root certificates.

The documentation for this class was generated from the following file: