| Nan Zhou | e869bb6 | 2021-12-30 11:34:42 -0800 | [diff] [blame] | 1 | #include <openssl/ossl_typ.h> |
| 2 | #include <openssl/x509.h> |
| 3 | #include <openssl/x509_vfy.h> |
| 4 | |
| 5 | #include <memory> |
| 6 | #include <string> |
| 7 | |
| 8 | namespace phosphor::certs |
| 9 | { |
| 10 | |
| 11 | /** @brief Creates an X509 Store from the given certSrcPath |
| 12 | * Creates an X509 Store, adds a lookup file to the store from the given source |
| 13 | * certificate, and returns it |
| 14 | * @param[in] certSrcPath - the file path to a list of trusted certificates |
| 15 | * |
| 16 | */ |
| Patrick Williams | 1eb04fc | 2025-02-01 08:23:07 -0500 | [diff] [blame] | 17 | std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)> getX509Store( |
| 18 | const std::string& certSrcPath); |
| Nan Zhou | e869bb6 | 2021-12-30 11:34:42 -0800 | [diff] [blame] | 19 | |
| 20 | /** @brief Loads Certificate file into the X509 structure. |
| 21 | * @param[in] filePath - Certificate and key full file path. |
| 22 | * @return pointer to the X509 structure. |
| 23 | */ |
| Patrick Williams | 1eb04fc | 2025-02-01 08:23:07 -0500 | [diff] [blame] | 24 | std::unique_ptr<X509, decltype(&::X509_free)> loadCert( |
| 25 | const std::string& filePath); |
| Nan Zhou | e869bb6 | 2021-12-30 11:34:42 -0800 | [diff] [blame] | 26 | |
| 27 | /** |
| 28 | * @brief Parses the certificate and throws error if certificate NotBefore date |
| 29 | * is lt 1970 |
| 30 | * @param[in] cert Reference to certificate object uploaded |
| 31 | * @return void |
| 32 | */ |
| 33 | void validateCertificateStartDate(X509& cert); |
| 34 | |
| 35 | /** |
| 36 | * @brief Validates the certificate against the trusted certificates store and |
| 37 | * throws error if certificate is not valid |
| 38 | * @param[in] x509Store Reference to trusted certificates store |
| 39 | * @param[in] cert Reference to certificate to be validated |
| 40 | * @return void |
| 41 | */ |
| 42 | void validateCertificateAgainstStore(X509_STORE& x509Store, X509& cert); |
| 43 | |
| 44 | /** |
| 45 | * @brief Validates the certificate can be used in an SSL context, otherwise, |
| 46 | * throws errors |
| 47 | * @param[in] cert Reference to certificate to be validated |
| 48 | * @return void |
| 49 | */ |
| 50 | void validateCertificateInSSLContext(X509& cert); |
| 51 | |
| 52 | /** |
| 53 | * @brief Generates certificate ID based on provided certificate file. |
| 54 | * |
| 55 | * @param[in] cert - Certificate object. |
| 56 | * |
| 57 | * @return Certificate ID as formatted string. |
| 58 | */ |
| 59 | std::string generateCertId(X509& cert); |
| 60 | |
| Nan Zhou | 6ec13c8 | 2021-12-30 11:34:50 -0800 | [diff] [blame] | 61 | /** @brief Parses PEM string into the X509 structure. |
| 62 | * @param[in] pem - PEM encoded X509 certificate buffer. |
| 63 | * @return pointer to the X509 structure. |
| 64 | */ |
| 65 | std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem); |
| Nan Zhou | e869bb6 | 2021-12-30 11:34:42 -0800 | [diff] [blame] | 66 | } // namespace phosphor::certs |