1 #include <openssl/ossl_typ.h>
2 #include <openssl/x509.h>
3 #include <openssl/x509_vfy.h>
4 
5 #include <memory>
6 #include <string>
7 
8 namespace phosphor::certs
9 {
10 
11 /** @brief Creates an X509 Store from the given certSrcPath
12  *  Creates an X509 Store, adds a lookup file to the store from the given source
13  * certificate, and returns it
14  *  @param[in] certSrcPath - the file path to a list of trusted certificates
15  *
16  */
17 std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)>
18     getX509Store(const std::string& certSrcPath);
19 
20 /** @brief Loads Certificate file into the X509 structure.
21  *  @param[in] filePath - Certificate and key full file path.
22  *  @return pointer to the X509 structure.
23  */
24 std::unique_ptr<X509, decltype(&::X509_free)>
25     loadCert(const std::string& filePath);
26 
27 /**
28  * @brief Parses the certificate and throws error if certificate NotBefore date
29  * is lt 1970
30  * @param[in] cert Reference to certificate object uploaded
31  * @return void
32  */
33 void validateCertificateStartDate(X509& cert);
34 
35 /**
36  * @brief Validates the certificate against the trusted certificates store and
37  * throws error if certificate is not valid
38  * @param[in] x509Store Reference to trusted certificates store
39  * @param[in] cert Reference to certificate to be validated
40  * @return void
41  */
42 void validateCertificateAgainstStore(X509_STORE& x509Store, X509& cert);
43 
44 /**
45  * @brief Validates the certificate can be used in an SSL context, otherwise,
46  * throws errors
47  * @param[in] cert Reference to certificate to be validated
48  * @return void
49  */
50 void validateCertificateInSSLContext(X509& cert);
51 
52 /**
53  * @brief Generates certificate ID based on provided certificate file.
54  *
55  * @param[in] cert - Certificate object.
56  *
57  * @return Certificate ID as formatted string.
58  */
59 std::string generateCertId(X509& cert);
60 
61 /** @brief Parses PEM string into the X509 structure.
62  *  @param[in] pem - PEM encoded X509 certificate buffer.
63  *  @return pointer to the X509 structure.
64  */
65 std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem);
66 } // namespace phosphor::certs
67