You.i Engine
CYISSLRootCertificateProvider Class Reference

Detailed Description

Provides SSL root certificate information.

The SSL root certification information is provided in two ways:

  1. The CYISSLRootCertificateProvider will query the system root certificate store to obtain the default root certificates for the system. This is currently only supported on the PlayStation and UWP platforms.
  2. The path to a SSL root certificate bundle in PEM format can be specified. For platforms which do not support querying the system root certificate store this path must be set for SSL communication to succeed.

This provider will be used by CYITCPSecureSocket, CYIWebSocket and CYIHTTPService when SSL communcation is required.

Note
The SSL root certificate bundle specified by path will take precedence over the system root certificates.

#include <network/YiSSLRootCertificateProvider.h>

Classes

struct  Certificate
 

Public Types

enum  CertificateFormat {
  CertificateFormat::PEM,
  CertificateFormat::X509Encoded
}
 

Public Member Functions

virtual ~CYISSLRootCertificateProvider ()
 
void SetRootCertificateBundleFilePath (const CYIString &filePath)
 
const CYIStringGetRootCertificateBundleFilePath () const
 
void AddPinnedPublicKey (const CYIUrl &domain, const CYIString &publicKey)
 
std::map< CYIUrl, CYIString > & GetPinnedPublicKeys ()
 
void ClearPinnedPublicKeys ()
 
const std::vector< Certificate > & GetSystemRootCertificates () const
 

Static Public Member Functions

static CYISSLRootCertificateProviderGetInstance ()
 

Member Enumeration Documentation

◆ CertificateFormat

The format of the root certificate contained in the root certificate.

See also
CYISSLRootCertificateProvider::Certificate
Enumerator
PEM 

The root certificate is in PEM format.

X509Encoded 

The root certificate is in encoded X509 format.

Constructor & Destructor Documentation

◆ ~CYISSLRootCertificateProvider()

virtual CYISSLRootCertificateProvider::~CYISSLRootCertificateProvider ( )
virtual

Member Function Documentation

◆ AddPinnedPublicKey()

void CYISSLRootCertificateProvider::AddPinnedPublicKey ( const CYIUrl domain,
const CYIString publicKey 
)

HTTPS requests to domain will fail if the public key returned by the server does not match publicKey. The domain parameter is the CYIUrl for the associated domain. The publicKey parameter is the base64 encoded string of the Subject Public Key Information of the X.509 certificate.

Note
Not toggleable. Once a the system notes that a challenge with this public key was accepted it will continue to be accepted regardless of whether the key is pinned or not.
See also
GetPinnedPublicKeys
ClearPinnedPublicKeys

◆ ClearPinnedPublicKeys()

void CYISSLRootCertificateProvider::ClearPinnedPublicKeys ( )

Clears the map of domains and pinned public keys.

◆ GetInstance()

static CYISSLRootCertificateProvider* CYISSLRootCertificateProvider::GetInstance ( )
static

◆ GetPinnedPublicKeys()

std::map<CYIUrl, CYIString>& CYISSLRootCertificateProvider::GetPinnedPublicKeys ( )

Returns a map of domains to pinned public keys.

◆ GetRootCertificateBundleFilePath()

const CYIString& CYISSLRootCertificateProvider::GetRootCertificateBundleFilePath ( ) const

Returns the file path to the SSL root certificate bundle.

See also
SetRootCertificateBundleFilePath

◆ GetSystemRootCertificates()

const std::vector<Certificate>& CYISSLRootCertificateProvider::GetSystemRootCertificates ( ) const

Returns the SSL root certificates that were loaded from the system root certificate store.

Note
If a SSL root certificate bundle is set via SetRootCertificateBundleFilePath these certificates will not be used.

◆ SetRootCertificateBundleFilePath()

void CYISSLRootCertificateProvider::SetRootCertificateBundleFilePath ( const CYIString filePath)

Sets the file path to the SSL root certificate bundle to be used by the CYISSLRootCertificateProvider. This SSL root certificate bundle must be in PEM format.

Note
When set this root certificate bundle will take precedence over the system root certificates.

The documentation for this class was generated from the following file: