forked from ibm-openbmc/phosphor-certificate-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
x509_utils.hpp
66 lines (57 loc) · 2.01 KB
/
x509_utils.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#include <openssl/ossl_typ.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <memory>
#include <string>
namespace phosphor::certs
{
/** @brief Creates an X509 Store from the given certSrcPath
* Creates an X509 Store, adds a lookup file to the store from the given source
* certificate, and returns it
* @param[in] certSrcPath - the file path to a list of trusted certificates
*
*/
std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)>
getX509Store(const std::string& certSrcPath);
/** @brief Loads Certificate file into the X509 structure.
* @param[in] filePath - Certificate and key full file path.
* @return pointer to the X509 structure.
*/
std::unique_ptr<X509, decltype(&::X509_free)>
loadCert(const std::string& filePath);
/**
* @brief Parses the certificate and throws error if certificate NotBefore date
* is lt 1970
* @param[in] cert Reference to certificate object uploaded
* @return void
*/
void validateCertificateStartDate(X509& cert);
/**
* @brief Validates the certificate against the trusted certificates store and
* throws error if certificate is not valid
* @param[in] x509Store Reference to trusted certificates store
* @param[in] cert Reference to certificate to be validated
* @return void
*/
void validateCertificateAgainstStore(X509_STORE& x509Store, X509& cert);
/**
* @brief Validates the certificate can be used in an SSL context, otherwise,
* throws errors
* @param[in] cert Reference to certificate to be validated
* @return void
*/
void validateCertificateInSSLContext(X509& cert);
/**
* @brief Generates certificate ID based on provided certificate file.
*
* @param[in] cert - Certificate object.
*
* @return Certificate ID as formatted string.
*/
std::string generateCertId(X509& cert);
/** @brief Parses PEM string into the X509 structure.
* @param[in] pem - PEM encoded X509 certificate buffer.
* @return pointer to the X509 structure.
*/
std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem);
} // namespace phosphor::certs