add Crypto PKCS12/EC; update VS projects

Crypto/include/Poco/Crypto/Crypto.h

@@ -55,14 +55,21 @@ enum RSAPaddingMode
 // from a DLL simpler. All files within this DLL are compiled with the Crypto_EXPORTS
 // symbol defined on the command line. this symbol should not be defined on any project
 // that uses this DLL. This way any other project whose source files include this file see
-// Crypto_API functions as being imported from a DLL, wheras this DLL sees symbols
+// Crypto_API functions as being imported from a DLL, whereas this DLL sees symbols
 // defined with this macro as being exported.
 //
-#if defined(_WIN32) && defined(POCO_DLL)
-	#if defined(Crypto_EXPORTS)
-		#define Crypto_API __declspec(dllexport)
+#if defined(_WIN32)
+	#if defined(POCO_DLL)
+		#if defined(Crypto_EXPORTS)
+			#define Crypto_API __declspec(dllexport)
+		#else
+			#define Crypto_API __declspec(dllimport)
+		#endif
 	#else
-		#define Crypto_API __declspec(dllimport)
+		#if (POCO_MSVS_VERSION >= 2015) // needed for OpenSSL
+			#pragma comment(lib, "legacy_stdio_definitions.lib")
+			#pragma comment(lib, "legacy_stdio_wide_specifiers.lib")
+		#endif
 	#endif
 #endif
 
@@ -77,12 +84,35 @@ enum RSAPaddingMode
 
 
 //
-// Automatically link Crypto library.
+// Automatically link Crypto and OpenSSL libraries.
 //
 #if defined(_MSC_VER)
-	#if !defined(POCO_NO_AUTOMATIC_LIBS) && !defined(Crypto_EXPORTS)
-		#pragma comment(lib, "PocoCrypto" POCO_LIB_SUFFIX)
+	#if defined(_WIN64)
+		#define POCO_PLATFORM_BITS "64"
+	#else
+		#define POCO_PLATFORM_BITS "32"
 	#endif
+
+	#if defined (_DEBUG)
+		#define POCO_DEBUG_POSTFIX "d"
+	#else
+		#define POCO_DEBUG_POSTFIX ""
+	#endif
+
+	#if !defined(POCO_NO_AUTOMATIC_LIBS)
+		#if !defined(POCO_EXTERNAL_OPENSSL)
+			#if defined (_DLL)
+				#pragma comment(lib, "libeay" POCO_PLATFORM_BITS "MD" POCO_DEBUG_POSTFIX ".lib")
+				#pragma comment(lib, "ssleay" POCO_PLATFORM_BITS "MD" POCO_DEBUG_POSTFIX ".lib")
+			#else
+				#pragma comment(lib, "libeay" POCO_PLATFORM_BITS "MT" POCO_DEBUG_POSTFIX ".lib")
+				#pragma comment(lib, "ssleay" POCO_PLATFORM_BITS "MT" POCO_DEBUG_POSTFIX ".lib")
+			#endif
+		#endif // POCO_EXTERNAL_OPENSSL
+		#if !defined(Crypto_EXPORTS)
+			#pragma comment(lib, "PocoCrypto" POCO_LIB_SUFFIX)
+		#endif
+	#endif // POCO_NO_AUTOMATIC_LIBS
 #endif
 
 

Crypto/include/Poco/Crypto/CryptoException.h

@@ -0,0 +1,57 @@
+//
+// CryptoException.h
+//
+//
+// Library: Crypto
+// Package: Crypto
+// Module:  CryptoException
+//
+// Definition of the CryptoException class.
+//
+// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_CryptoException_INCLUDED
+#define Crypto_CryptoException_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Exception.h"
+#include <openssl/err.h>
+
+
+namespace Poco {
+namespace Crypto {
+
+
+POCO_DECLARE_EXCEPTION(Crypto_API, CryptoException, Poco::Exception)
+
+
+class OpenSSLException : public CryptoException
+{
+public:
+	OpenSSLException(int code = 0);
+	OpenSSLException(const std::string& msg, int code = 0);
+	OpenSSLException(const std::string& msg, const std::string& arg, int code = 0);
+	OpenSSLException(const std::string& msg, const Poco::Exception& exc, int code = 0);
+	OpenSSLException(const OpenSSLException& exc);
+	~OpenSSLException() throw();
+	OpenSSLException& operator = (const OpenSSLException& exc);
+	const char* name() const throw();
+	const char* className() const throw();
+	Poco::Exception* clone() const;
+	void rethrow() const;
+
+private:
+	void setExtMessage();
+};
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_CryptoException_INCLUDED

Crypto/include/Poco/Crypto/ECDSADigestEngine.h

@@ -0,0 +1,101 @@
+//
+// ECDSADigestEngine.h
+//
+//
+// Library: Crypto
+// Package: ECDSA
+// Module:  ECDSADigestEngine
+//
+// Definition of the ECDSADigestEngine class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_ECDSADigestEngine_INCLUDED
+#define Crypto_ECDSADigestEngine_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/ECKey.h"
+#include "Poco/DigestEngine.h"
+#include "Poco/Crypto/DigestEngine.h"
+#include <istream>
+#include <ostream>
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class Crypto_API ECDSADigestEngine: public Poco::DigestEngine
+	/// This class implements a Poco::DigestEngine that can be
+	/// used to compute a secure digital signature.
+	///
+	/// First another Poco::Crypto::DigestEngine is created and
+	/// used to compute a cryptographic hash of the data to be
+	/// signed. Then, the hash value is encrypted, using
+	/// the ECDSA private key.
+	///
+	/// To verify a signature, pass it to the verify() 
+	/// member function. It will decrypt the signature
+	/// using the ECDSA public key and compare the resulting
+	/// hash with the actual hash of the data.
+{
+public:
+
+	ECDSADigestEngine(const ECKey& key, const std::string &name);
+		/// Creates the ECDSADigestEngine with the given ECDSA key,
+		/// using the hash algorithm with the given name
+		/// (e.g., "SHA1", "SHA256", "SHA512", etc.).
+		/// See the OpenSSL documentation for a list of supported digest algorithms.
+		///
+		/// Throws a Poco::NotFoundException if no algorithm with the given name exists.
+
+	~ECDSADigestEngine();
+		/// Destroys the ECDSADigestEngine.
+
+	std::size_t digestLength() const;
+		/// Returns the length of the digest in bytes.
+
+	void reset();
+		/// Resets the engine so that a new
+		/// digest can be computed.
+		
+	const DigestEngine::Digest& digest();
+		/// Finishes the computation of the digest 
+		/// (the first time it's called) and
+		/// returns the message digest. 
+		///
+		/// Can be called multiple times.
+
+	const DigestEngine::Digest& signature();
+		/// Signs the digest using the ECDSADSA algorithm
+		/// and the private key (the first time it's
+		/// called) and returns the result.
+		///
+		/// Can be called multiple times.
+
+	bool verify(const DigestEngine::Digest& signature);
+		/// Verifies the data against the signature.
+		///
+		/// Returns true if the signature can be verified, false otherwise.
+
+protected:
+	void updateImpl(const void* data, std::size_t length);
+
+private:
+	ECKey _key;
+	Poco::Crypto::DigestEngine _engine;
+	Poco::DigestEngine::Digest _digest;
+	Poco::DigestEngine::Digest _signature;
+};
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_ECDSADigestEngine_INCLUDED

Crypto/include/Poco/Crypto/ECKey.h

@@ -0,0 +1,99 @@
+//
+// ECKey.h
+//
+//
+// Library: Crypto
+// Package: EC
+// Module:  ECKey
+//
+// Definition of the ECKey class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_ECKey_INCLUDED
+#define Crypto_ECKey_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/KeyPair.h"
+#include "Poco/Crypto/ECKeyImpl.h"
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class X509Certificate;
+class PKCS12Container;
+
+
+class Crypto_API ECKey : public KeyPair
+	/// This class stores an EC key pair, consisting
+	/// of private and public key. Storage of the private
+	/// key is optional.
+	///
+	/// If a private key is available, the ECKey can be
+	/// used for decrypting data (encrypted with the public key)
+	/// or computing secure digital signatures.
+{
+public:
+	ECKey(const EVPPKey& key);
+		/// Constructs ECKeyImpl by extracting the EC key.
+
+	ECKey(const X509Certificate& cert);
+		/// Extracts the EC public key from the given certificate.
+
+	ECKey(const PKCS12Container& cert);
+		/// Extracts the EC private key from the given certificate.
+
+	ECKey(const std::string& eccGroup);
+		/// Creates the ECKey. Creates a new public/private keypair using the given parameters.
+		/// Can be used to sign data and verify signatures.
+
+	ECKey(const std::string& publicKeyFile, const std::string& privateKeyFile, const std::string& privateKeyPassphrase = "");
+		/// Creates the ECKey, by reading public and private key from the given files and
+		/// using the given passphrase for the private key.
+		///
+		/// Cannot be used for signing or decryption unless a private key is available.
+		///
+		/// If a private key is specified, you don't need to specify a public key file.
+		/// OpenSSL will auto-create the public key from the private key.
+
+	ECKey(std::istream* pPublicKeyStream, std::istream* pPrivateKeyStream = 0, const std::string& privateKeyPassphrase = "");
+		/// Creates the ECKey, by reading public and private key from the given streams and
+		/// using the given passphrase for the private key.
+		///
+		/// Cannot be used for signing or decryption unless a private key is available.
+		///
+		/// If a private key is specified, you don't need to specify a public key file.
+		/// OpenSSL will auto-create the public key from the private key.
+
+	~ECKey();
+		/// Destroys the ECKey.
+
+	ECKeyImpl::Ptr impl() const;
+		/// Returns the impl object.
+	
+private:
+	ECKeyImpl::Ptr _pImpl;
+};
+
+
+//
+// inlines
+//
+inline ECKeyImpl::Ptr ECKey::impl() const
+{
+	return _pImpl;
+}
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_ECKey_INCLUDED

Crypto/include/Poco/Crypto/ECKeyImpl.h

@@ -0,0 +1,137 @@
+//
+// ECKeyImpl.h
+//
+//
+// Library: Crypto
+// Package: EC
+// Module:  ECKeyImpl
+//
+// Definition of the ECKeyImpl class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_ECKeyImplImpl_INCLUDED
+#define Crypto_ECKeyImplImpl_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/EVPPKey.h"
+#include "Poco/Crypto/KeyPairImpl.h"
+#include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
+#include <istream>
+#include <ostream>
+#include <vector>
+#include <openssl/objects.h>
+#include <openssl/ec.h>
+#include <openssl/pem.h>
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class X509Certificate;
+class PKCS12Container;
+
+
+class ECKeyImpl: public KeyPairImpl
+	/// Elliptic Curve key clas implementation.
+{
+public:
+	typedef Poco::AutoPtr<ECKeyImpl> Ptr;
+	typedef std::vector<unsigned char> ByteVec;
+
+	ECKeyImpl(const EVPPKey& key);
+		/// Constructs ECKeyImpl by extracting the EC key.
+
+	ECKeyImpl(const X509Certificate& cert);
+		/// Constructs ECKeyImpl by extracting the EC public key from the given certificate.
+
+	ECKeyImpl(const PKCS12Container& cert);
+		/// Constructs ECKeyImpl by extracting the EC private key from the given certificate.
+
+	ECKeyImpl(int eccGroup);
+		/// Creates the ECKey of the specified group. Creates a new public/private keypair using the given parameters.
+		/// Can be used to sign data and verify signatures.
+
+	ECKeyImpl(const std::string& publicKeyFile, const std::string& privateKeyFile, const std::string& privateKeyPassphrase);
+		/// Creates the ECKey, by reading public and private key from the given files and
+		/// using the given passphrase for the private key. Can only by used for signing if 
+		/// a private key is available. 
+
+	ECKeyImpl(std::istream* pPublicKeyStream, std::istream* pPrivateKeyStream, const std::string& privateKeyPassphrase);
+		/// Creates the ECKey. Can only by used for signing if pPrivKey
+		/// is not null. If a private key file is specified, you don't need to
+		/// specify a public key file. OpenSSL will auto-create it from the private key.
+
+	~ECKeyImpl();
+		/// Destroys the ECKeyImpl.
+
+	EC_KEY* getECKey();
+		/// Returns the OpenSSL EC key.
+
+	const EC_KEY* getECKey() const;
+		/// Returns the OpenSSL EC key.
+
+	int size() const;
+		/// Returns the EC key length in bits.
+
+	int groupId() const;
+		/// Returns the EC key group integer Id.
+
+	std::string groupName() const;
+		/// Returns the EC key group name.
+
+	void save(const std::string& publicKeyFile, const std::string& privateKeyFile = "", const std::string& privateKeyPassphrase = "");
+		/// Exports the public and private keys to the given files. 
+		///
+		/// If an empty filename is specified, the corresponding key
+		/// is not exported.
+
+	void save(std::ostream* pPublicKeyStream, std::ostream* pPrivateKeyStream = 0, const std::string& privateKeyPassphrase = "");
+		/// Exports the public and private key to the given streams.
+		///
+		/// If a null pointer is passed for a stream, the corresponding
+		/// key is not exported.
+
+private:
+	typedef EVP_PKEY* (*PEM_read_bio_Key_fn)(BIO*, EVP_PKEY**, pem_password_cb*, void*);
+	typedef EVP_PKEY* (*PEM_read_Key_fn)(FILE*, EVP_PKEY**, pem_password_cb*, void*);
+
+	static int passCB(char* buf, int size, int, void* pass);
+	bool loadKey(PEM_read_Key_fn func, const std::string& keyFile, const std::string& pass = "");
+	bool loadKey(PEM_read_bio_Key_fn func, std::istream* pKeyStream, const std::string& pass = "");
+	void freeEC();
+
+	static ByteVec convertToByteVec(const BIGNUM* bn);
+
+	EC_KEY* _pEC;
+};
+
+
+//
+// inlines
+//
+inline EC_KEY* ECKeyImpl::getECKey()
+{
+	return _pEC;
+}
+
+
+inline const EC_KEY* ECKeyImpl::getECKey() const
+{
+	return _pEC;
+}
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_ECKeyImplImpl_INCLUDED

Crypto/include/Poco/Crypto/EVPPKey.h

@@ -0,0 +1,143 @@
+//
+// EVPPKey.h
+//
+//
+// Library: Crypto
+// Package: CryptoCore
+// Module:  EVPPKey
+//
+// Definition of the EVPPKey class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_EVPPKeyImpl_INCLUDED
+#define Crypto_EVPPKeyImpl_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/CryptoException.h"
+#include <openssl/ec.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class Crypto_API EVPPKey
+	/// Utility class for conversion of native keys to EVP.
+	/// Currently, only RSA and EC keys are supported.
+{
+public:
+	explicit EVPPKey(const std::string& ecCurveName);
+		/// Constructs EVPPKey from ECC curve name.
+		///
+		/// Only EC keys can be wrapped by an EVPPKey
+		/// created using this constructor.
+
+	explicit EVPPKey(const char* ecCurveName);
+		/// Constructs EVPPKey from ECC curve name.
+		///
+		/// Only EC keys can be wrapped by an EVPPKey
+		/// created using this constructor.
+
+	explicit EVPPKey(EVP_PKEY* pEVPPKey);
+		/// Constructs EVPPKey from EVP_PKEY pointer.
+		/// The content behind the supplied pointer is internally duplicated.
+
+	template<typename K>
+	explicit EVPPKey(K* pKey): _pEVPPKey(EVP_PKEY_new())
+		/// Constructs EVPPKey from a "native" key pointer.
+	{
+		if (!_pEVPPKey) throw OpenSSLException();
+		setKey(pKey);
+	}
+
+	EVPPKey(const EVPPKey& other);
+		/// Copy constructor.
+
+	EVPPKey& operator=(const EVPPKey& other);
+		/// Assignment operator.
+
+#ifdef POCO_ENABLE_CPP11
+	EVPPKey(EVPPKey&& other);
+		/// Move constructor.
+
+	EVPPKey& operator=(EVPPKey&& other);
+		/// Assignment move operator.
+#endif // POCO_ENABLE_CPP11
+
+	~EVPPKey();
+		/// Destroys the EVPPKey.
+
+	int type() const;
+		/// Retuns the EVPPKey type NID.
+
+	operator const EVP_PKEY*() const;
+		/// Returns const pointer to the EVP_PKEY structure.
+
+	operator EVP_PKEY*();
+		/// Returns pointer to the EVP_PKEY structure.
+
+private:
+	EVPPKey();
+
+	void newECKey(const char* group);
+
+	void duplicate(EVP_PKEY* pEVPPKey);
+	void setKey(EC_KEY* pKey);
+	void setKey(RSA* pKey);
+
+	EVP_PKEY* _pEVPPKey;
+};
+
+//
+// inlines
+//
+
+inline int EVPPKey::type() const
+{
+	if (!_pEVPPKey) return NID_undef;
+
+	return EVP_PKEY_type(_pEVPPKey->type);
+}
+
+
+inline EVPPKey::operator const EVP_PKEY*() const
+	/// Returns const pointer to the EVP_PKEY structure.
+{
+	return _pEVPPKey;
+}
+
+
+inline EVPPKey::operator EVP_PKEY*()
+	/// Returns pointer to the EVP_PKEY structure.
+{
+	return _pEVPPKey;
+}
+
+
+inline void EVPPKey::setKey(EC_KEY* pKey)
+{
+	if (!EVP_PKEY_set1_EC_KEY(_pEVPPKey, pKey))
+		throw OpenSSLException();
+}
+
+
+inline void EVPPKey::setKey(RSA* pKey)
+{
+	if (!EVP_PKEY_set1_RSA(_pEVPPKey, pKey))
+		throw OpenSSLException();
+}
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_EVPPKeyImpl_INCLUDED

Crypto/include/Poco/Crypto/KeyPair.h

@@ -0,0 +1,119 @@
+//
+// KeyPair.h
+//
+//
+// Library: Crypto
+// Package: CryptoCore
+// Module:  KeyPair
+//
+// Definition of the KeyPair class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_KeyPair_INCLUDED
+#define Crypto_KeyPair_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/KeyPairImpl.h"
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class X509Certificate;
+
+
+class Crypto_API KeyPair
+	/// This is a parent class for classes storing a key pair, consisting
+	/// of private and public key. Storage of the private key is optional.
+	///
+	/// If a private key is available, the KeyPair can be
+	/// used for decrypting data (encrypted with the public key)
+	/// or computing secure digital signatures.
+{
+public:
+	enum Type
+	{
+		KT_RSA = KeyPairImpl::KT_RSA_IMPL,
+		KT_EC = KeyPairImpl::KT_EC_IMPL
+	};
+
+	explicit KeyPair(KeyPairImpl::Ptr pKeyPairImpl = 0);
+		/// Extracts the RSA public key from the given certificate.
+
+	virtual ~KeyPair();
+		/// Destroys the KeyPair.
+
+	virtual int size() const;
+		/// Returns the RSA modulus size.
+
+	virtual void save(const std::string& publicKeyPairFile, const std::string& privateKeyPairFile = "", const std::string& privateKeyPairPassphrase = "");
+		/// Exports the public and private keys to the given files. 
+		///
+		/// If an empty filename is specified, the corresponding key
+		/// is not exported.
+
+	virtual void save(std::ostream* pPublicKeyPairStream, std::ostream* pPrivateKeyPairStream = 0, const std::string& privateKeyPairPassphrase = "");
+		/// Exports the public and private key to the given streams.
+		///
+		/// If a null pointer is passed for a stream, the corresponding
+		/// key is not exported.
+
+	KeyPairImpl::Ptr impl() const;
+		/// Returns the impl object.
+
+	const std::string& name() const;
+		/// Returns key pair name
+
+	Type type() const;
+		/// Returns key pair type
+	
+private:
+	KeyPairImpl::Ptr   _pImpl;
+};
+
+
+//
+// inlines
+//
+
+inline int KeyPair::size() const
+{
+	return _pImpl->size();
+}
+
+
+inline void KeyPair::save(const std::string& publicKeyFile, const std::string& privateKeyFile, const std::string& privateKeyPassphrase)
+{
+	_pImpl->save(publicKeyFile, privateKeyFile, privateKeyPassphrase);
+}
+
+
+inline void KeyPair::save(std::ostream* pPublicKeyStream, std::ostream* pPrivateKeyStream, const std::string& privateKeyPassphrase)
+{
+	_pImpl->save(pPublicKeyStream, pPrivateKeyStream, privateKeyPassphrase);
+}
+
+
+inline const std::string& KeyPair::name() const
+{
+	return _pImpl->name();
+}
+
+inline KeyPairImpl::Ptr KeyPair::impl() const
+{
+	return _pImpl;
+}
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_KeyPair_INCLUDED

Crypto/include/Poco/Crypto/KeyPairImpl.h

@@ -0,0 +1,103 @@
+//
+// KeyPairImpl.h
+//
+//
+// Library: Crypto
+// Package: CryptoCore
+// Module:  KeyPairImpl
+//
+// Definition of the KeyPairImpl class.
+//
+// Copyright (c) 2008, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_KeyPairImplImpl_INCLUDED
+#define Crypto_KeyPairImplImpl_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
+#include <string>
+#include <vector>
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class KeyPairImpl: public Poco::RefCountedObject
+	/// Class KeyPairImpl
+{
+public:
+	enum Type
+	{
+		KT_RSA_IMPL = 0,
+		KT_EC_IMPL
+	};
+
+	typedef Poco::AutoPtr<KeyPairImpl> Ptr;
+	typedef std::vector<unsigned char> ByteVec;
+
+	KeyPairImpl(const std::string& name, Type type);
+		/// Create KeyPairImpl with specified type and name.
+
+	virtual ~KeyPairImpl();
+		/// Destroys the KeyPairImpl.
+
+	virtual int size() const = 0;
+		/// Returns the key size.
+
+	virtual void save(const std::string& publicKeyFile, const std::string& privateKeyFile = "", const std::string& privateKeyPassphrase = "") = 0;
+		/// Exports the public and private keys to the given files. 
+		///
+		/// If an empty filename is specified, the corresponding key
+		/// is not exported.
+
+	virtual void save(std::ostream* pPublicKeyStream, std::ostream* pPrivateKeyStream = 0, const std::string& privateKeyPassphrase = "") = 0;
+		/// Exports the public and private key to the given streams.
+		///
+		/// If a null pointer is passed for a stream, the corresponding
+		/// key is not exported.
+
+	const std::string& name() const;
+		/// Returns key pair name
+
+	Type type() const;
+		/// Returns key pair type
+
+private:
+	KeyPairImpl();
+
+	std::string _name;
+	Type        _type;
+	OpenSSLInitializer _openSSLInitializer;
+};
+
+
+//
+// inlines
+//
+
+
+inline const std::string& KeyPairImpl::name() const
+{
+	return _name;
+}
+
+
+inline KeyPairImpl::Type KeyPairImpl::type() const
+{
+	return _type;
+}
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_KeyPairImplImpl_INCLUDED

Crypto/include/Poco/Crypto/PKCS12Container.h

@@ -0,0 +1,139 @@
+//
+// PKCS12Container.h
+//
+// $Id: //poco/1.4/Crypto/include/Poco/Crypto/PKCS12Container.h#2 $
+//
+// Library: Crypto
+// Package: Certificate
+// Module:  PKCS12Container
+//
+// Definition of the PKCS12Container class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Crypto_PKCS12Container_INCLUDED
+#define Crypto_PKCS12Container_INCLUDED
+
+
+#include "Poco/Crypto/Crypto.h"
+#include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/Crypto/EVPPKey.h"
+#include "Poco/Path.h"
+#include <memory>
+#include <istream>
+#include <openssl/pkcs12.h>
+
+
+namespace Poco {
+namespace Crypto {
+
+
+class Crypto_API PKCS12Container
+	/// This class implements PKCS#12 container functionality.
+{
+public:
+	typedef std::vector<X509Certificate> CAList;
+
+	explicit PKCS12Container(std::istream& istr, const std::string& password = "");
+		/// Creates the PKCS12Container object from a stream.
+
+	explicit PKCS12Container(const std::string& str, const std::string& password = "");
+		/// Creates the PKCS12Container object from a string.
+
+	PKCS12Container(const PKCS12Container& cert);
+		/// Copy constructor.
+
+	PKCS12Container& operator = (const PKCS12Container& cert);
+		/// Assignment operator.
+
+	~PKCS12Container();
+		/// Destroys the PKCS12Container.
+
+	bool hasKey() const;
+		/// Returns true if container contains the key.
+
+	EVPPKey getKey() const;
+		/// Return key as openssl EVP_PKEY wrapper object.
+
+	bool hasX509Certificate() const;
+		/// Returns true if container has X509 certificate.
+
+	const X509Certificate& getX509Certificate() const;
+		/// Returns the X509 certificate.
+		/// Throws NotFoundException if there is no certificate.
+
+	const CAList& getCACerts() const;
+		/// Returns the list of CA certificates in this container.
+
+	const std::string& getFriendlyName() const;
+		/// Returns the friendly name of the certificate bag.
+
+private:
+	void load(PKCS12* pPKCS12, const std::string& password = "");
+
+#ifdef POCO_ENABLE_CPP11
+	typedef std::unique_ptr<X509Certificate> CertPtr;
+#else
+	typedef std::auto_ptr<X509Certificate> CertPtr;
+#endif // #ifdef POCO_ENABLE_CPP11
+
+	OpenSSLInitializer _openSSLInitializer;
+	EVP_PKEY*          _pKey;
+	CertPtr            _pX509Cert;
+	CAList             _caCertList;
+	std::string        _pkcsFriendlyname;
+};
+
+
+//
+// inlines
+//
+
+inline bool PKCS12Container::hasX509Certificate() const
+{
+	return _pX509Cert.get() != 0;
+}
+
+
+inline const X509Certificate& PKCS12Container::getX509Certificate() const
+{
+	if (!hasX509Certificate())
+		throw NotFoundException("PKCS12Container X509 certificate");
+	return *_pX509Cert;
+}
+
+
+inline const std::string& PKCS12Container::getFriendlyName() const
+{
+	return _pkcsFriendlyname;
+}
+
+
+inline const PKCS12Container::CAList& PKCS12Container::getCACerts() const
+{
+	return _caCertList;
+}
+
+
+inline bool PKCS12Container::hasKey() const
+{
+	return _pKey != 0;
+}
+
+
+inline EVPPKey PKCS12Container::getKey() const
+{
+	return EVPPKey(_pKey);
+}
+
+
+} } // namespace Poco::Crypto
+
+
+#endif // Crypto_PKCS12Container_INCLUDED

Crypto/include/Poco/Crypto/X509Certificate.h

@@ -44,7 +44,9 @@ public:
 		NID_LOCALITY_NAME = 15,
 		NID_STATE_OR_PROVINCE = 16,
 		NID_ORGANIZATION_NAME = 17,
-		NID_ORGANIZATION_UNIT_NAME = 18	
+		NID_ORGANIZATION_UNIT_NAME = 18,
+		NID_PKCS9_EMAIL_ADDRESS = 48,
+		NID_SERIAL_NUMBER = 105
 	};
 	
 	explicit X509Certificate(std::istream& istr);
@@ -126,7 +128,7 @@ public:
 		/// certificate.
 		///
 		/// Returns true if verification against the issuer certificate
-		/// was successfull, false otherwise.
+		/// was successful, false otherwise.
 
 	bool equals(const X509Certificate& otherCertificate) const;
 		/// Checks whether the certificate is equal to
@@ -139,6 +141,9 @@ public:
 	const X509* certificate() const;
 		/// Returns the underlying OpenSSL certificate.
 
+	void print(std::ostream& out) const;
+		/// Prints the certificate information to ostream.
+
 protected:
 	void load(std::istream& stream);
 		/// Loads the certificate from the given stream. The