1*40e9b92eSEd Tanous // SPDX-License-Identifier: Apache-2.0 2*40e9b92eSEd Tanous // SPDX-FileCopyrightText: Copyright OpenBMC Authors 3724985ffSEd Tanous 45f34a9c5SEd Tanous #pragma once 55f34a9c5SEd Tanous 63112a144SEd Tanous #include <boost/asio/ssl/context.hpp> 71214b7e7SGunnar Mills 83ccb3adbSEd Tanous #include <optional> 93ccb3adbSEd Tanous #include <string> 101abe55efSEd Tanous 111abe55efSEd Tanous namespace ensuressl 121abe55efSEd Tanous { 13e38778a5SAppaRao Puli 1419bb362bSEd Tanous enum class VerifyCertificate 1519bb362bSEd Tanous { 1619bb362bSEd Tanous Verify, 1719bb362bSEd Tanous NoVerify 1819bb362bSEd Tanous }; 1919bb362bSEd Tanous 20724985ffSEd Tanous constexpr const char* trustStorePath = "/etc/ssl/certs/authority"; 21724985ffSEd Tanous constexpr const char* x509Comment = "Generated from OpenBMC service"; 22d5fb584aSAbhilash Raju 23724985ffSEd Tanous bool isTrustChainError(int errnum); 24e38778a5SAppaRao Puli 25724985ffSEd Tanous bool validateCertificate(X509* cert); 26e38778a5SAppaRao Puli 27724985ffSEd Tanous std::string verifyOpensslKeyCert(const std::string& filepath); 28e38778a5SAppaRao Puli 29724985ffSEd Tanous X509* loadCert(const std::string& filePath); 30e38778a5SAppaRao Puli 31724985ffSEd Tanous int addExt(X509* cert, int nid, const char* value); 3219bb362bSEd Tanous 33724985ffSEd Tanous std::string generateSslCertificate(const std::string& cn); 34e38778a5SAppaRao Puli 35724985ffSEd Tanous void writeCertificateToFile(const std::string& filepath, 36724985ffSEd Tanous const std::string& certificate); 37e38778a5SAppaRao Puli 38724985ffSEd Tanous std::string ensureOpensslKeyPresentAndValid(const std::string& filepath); 39724985ffSEd Tanous 40724985ffSEd Tanous std::shared_ptr<boost::asio::ssl::context> getSslServerContext(); 41724985ffSEd Tanous 42724985ffSEd Tanous std::optional<boost::asio::ssl::context> 43724985ffSEd Tanous getSSLClientContext(VerifyCertificate verifyCertificate); 44e38778a5SAppaRao Puli 45911ac317SEd Tanous } // namespace ensuressl 46