/
CertUtils.h
100 lines (82 loc) · 2.8 KB
/
CertUtils.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/*
* Copyright (c) 2018-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree.
*/
#pragma once
#include <fizz/backend/openssl/crypto/signature/Signature.h>
#include <fizz/compression/CertificateCompressor.h>
#include <fizz/record/Types.h>
#include <folly/ssl/OpenSSLPtrTypes.h>
namespace fizz {
class SelfCert;
class PeerCert;
enum class CertificateVerifyContext;
namespace openssl {
class CertUtils {
public:
/**
* Adds the appropriate context data to prepare toBeSigned for a signature
* scheme's signing function.
*/
static Buf prepareSignData(
CertificateVerifyContext context,
folly::ByteRange toBeSigned);
static CertificateMsg getCertMessage(
const std::vector<folly::ssl::X509UniquePtr>& certs,
Buf certificateRequestContext);
template <KeyType T>
static std::vector<SignatureScheme> getSigSchemes();
static std::vector<SignatureScheme> getSigSchemes(KeyType type);
/**
* Create a PeerCert from the ASN1 encoded certData.
*/
static std::unique_ptr<PeerCert> makePeerCert(Buf certData);
/**
* Create a PeerCert from a given X509
*/
static std::unique_ptr<PeerCert> makePeerCert(folly::ssl::X509UniquePtr cert);
/**
* Creates a SelfCert using the supplied certificate/key file data and
* compressors.
* Throws std::runtime_error on error.
*/
static std::unique_ptr<SelfCert> makeSelfCert(
std::string certData,
std::string keyData,
const std::vector<std::shared_ptr<CertificateCompressor>>& compressors =
{});
static folly::ssl::EvpPkeyUniquePtr readPrivateKeyFromBuffer(
std::string keyData,
char* password = nullptr);
/**
* Returns the key type for a public/private key.
*/
static KeyType getKeyType(const folly::ssl::EvpPkeyUniquePtr& key);
/**
* Creates a SelfCert using the supplied certificate, encrypted key data,
* and password. Throws std::runtime_error on error.
*/
static std::unique_ptr<SelfCert> makeSelfCert(
std::string certData,
std::string encryptedKeyData,
std::string password,
const std::vector<std::shared_ptr<CertificateCompressor>>& compressors =
{});
static std::unique_ptr<SelfCert> makeSelfCert(
std::vector<folly::ssl::X509UniquePtr> certs,
folly::ssl::EvpPkeyUniquePtr key,
const std::vector<std::shared_ptr<CertificateCompressor>>& compressors =
{});
/**
* Clones a compressed cert by copying the relevant fields and cloning the
* underlying data IOBuf.
*/
static CompressedCertificate cloneCompressedCert(
const CompressedCertificate& src);
};
} // namespace openssl
} // namespace fizz
#include <fizz/backend/openssl/certificate/CertUtils-inl.h>