xref: /openbmc/bmcweb/include/ssl_key_handler.hpp (revision 40e9b92ec19acffb46f83a6e55b18974da5d708e) 
1 // SPDX-License-Identifier: Apache-2.0
2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors
3 
4 #pragma once
5 
6 #include <boost/asio/ssl/context.hpp>
7 
8 #include <optional>
9 #include <string>
10 
11 namespace ensuressl
12 {
13 
14 enum class VerifyCertificate
15 {
16     Verify,
17     NoVerify
18 };
19 
20 constexpr const char* trustStorePath = "/etc/ssl/certs/authority";
21 constexpr const char* x509Comment = "Generated from OpenBMC service";
22 
23 bool isTrustChainError(int errnum);
24 
25 bool validateCertificate(X509* cert);
26 
27 std::string verifyOpensslKeyCert(const std::string& filepath);
28 
29 X509* loadCert(const std::string& filePath);
30 
31 int addExt(X509* cert, int nid, const char* value);
32 
33 std::string generateSslCertificate(const std::string& cn);
34 
35 void writeCertificateToFile(const std::string& filepath,
36                             const std::string& certificate);
37 
38 std::string ensureOpensslKeyPresentAndValid(const std::string& filepath);
39 
40 std::shared_ptr<boost::asio::ssl::context> getSslServerContext();
41 
42 std::optional<boost::asio::ssl::context>
43     getSSLClientContext(VerifyCertificate verifyCertificate);
44 
45 } // namespace ensuressl
46