60 lines
2.0 KiB
C++
60 lines
2.0 KiB
C++
// Copyright 2019 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef UTIL_CRYPTO_CERTIFICATE_UTILS_H_
|
|
#define UTIL_CRYPTO_CERTIFICATE_UTILS_H_
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/x509.h>
|
|
#include <stdint.h>
|
|
|
|
#include <chrono>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "absl/strings/string_view.h"
|
|
#include "platform/api/time.h"
|
|
#include "platform/base/error.h"
|
|
#include "util/crypto/rsa_private_key.h"
|
|
|
|
namespace openscreen {
|
|
|
|
// Generates a new RSA key pair with bit width |key_bits|.
|
|
bssl::UniquePtr<EVP_PKEY> GenerateRsaKeyPair(int key_bits = 2048);
|
|
|
|
// Creates a new X509 certificate having the given |name| and |duration| until
|
|
// expiration, and based on the given |key_pair|. If |issuer| and |issuer_key|
|
|
// are provided, they are used to set the issuer information, otherwise it will
|
|
// be self-signed. |make_ca| determines whether additional extensions are added
|
|
// to make it a valid certificate authority cert.
|
|
ErrorOr<bssl::UniquePtr<X509>> CreateSelfSignedX509Certificate(
|
|
absl::string_view name,
|
|
std::chrono::seconds duration,
|
|
const EVP_PKEY& key_pair,
|
|
std::chrono::seconds time_since_unix_epoch = GetWallTimeSinceUnixEpoch(),
|
|
bool make_ca = false,
|
|
X509* issuer = nullptr,
|
|
EVP_PKEY* issuer_key = nullptr);
|
|
|
|
// Exports the given X509 certificate as its DER-encoded binary form.
|
|
ErrorOr<std::vector<uint8_t>> ExportX509CertificateToDer(
|
|
const X509& certificate);
|
|
|
|
// Parses a DER-encoded X509 certificate from its binary form.
|
|
ErrorOr<bssl::UniquePtr<X509>> ImportCertificate(const uint8_t* der_x509_cert,
|
|
int der_x509_cert_length);
|
|
|
|
// Parses a DER-encoded RSAPrivateKey (RFC 3447).
|
|
ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey(
|
|
const uint8_t* der_rsa_private_key,
|
|
int key_length);
|
|
|
|
std::string GetSpkiTlv(X509* cert);
|
|
|
|
ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int);
|
|
|
|
} // namespace openscreen
|
|
|
|
#endif // UTIL_CRYPTO_CERTIFICATE_UTILS_H_
|