xref: /openbmc/phosphor-certificate-manager/x509_utils.hpp (revision 1eb04fc38a650f7ddd44457cedcb8657f343a561) 
1e869bb63SNan Zhou #include <openssl/ossl_typ.h>
2e869bb63SNan Zhou #include <openssl/x509.h>
3e869bb63SNan Zhou #include <openssl/x509_vfy.h>
4e869bb63SNan Zhou 
5e869bb63SNan Zhou #include <memory>
6e869bb63SNan Zhou #include <string>
7e869bb63SNan Zhou 
8e869bb63SNan Zhou namespace phosphor::certs
9e869bb63SNan Zhou {
10e869bb63SNan Zhou 
11e869bb63SNan Zhou /** @brief Creates an X509 Store from the given certSrcPath
12e869bb63SNan Zhou  *  Creates an X509 Store, adds a lookup file to the store from the given source
13e869bb63SNan Zhou  * certificate, and returns it
14e869bb63SNan Zhou  *  @param[in] certSrcPath - the file path to a list of trusted certificates
15e869bb63SNan Zhou  *
16e869bb63SNan Zhou  */
17*1eb04fc3SPatrick Williams std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)> getX509Store(
18*1eb04fc3SPatrick Williams     const std::string& certSrcPath);
19e869bb63SNan Zhou 
20e869bb63SNan Zhou /** @brief Loads Certificate file into the X509 structure.
21e869bb63SNan Zhou  *  @param[in] filePath - Certificate and key full file path.
22e869bb63SNan Zhou  *  @return pointer to the X509 structure.
23e869bb63SNan Zhou  */
24*1eb04fc3SPatrick Williams std::unique_ptr<X509, decltype(&::X509_free)> loadCert(
25*1eb04fc3SPatrick Williams     const std::string& filePath);
26e869bb63SNan Zhou 
27e869bb63SNan Zhou /**
28e869bb63SNan Zhou  * @brief Parses the certificate and throws error if certificate NotBefore date
29e869bb63SNan Zhou  * is lt 1970
30e869bb63SNan Zhou  * @param[in] cert Reference to certificate object uploaded
31e869bb63SNan Zhou  * @return void
32e869bb63SNan Zhou  */
33e869bb63SNan Zhou void validateCertificateStartDate(X509& cert);
34e869bb63SNan Zhou 
35e869bb63SNan Zhou /**
36e869bb63SNan Zhou  * @brief Validates the certificate against the trusted certificates store and
37e869bb63SNan Zhou  * throws error if certificate is not valid
38e869bb63SNan Zhou  * @param[in] x509Store Reference to trusted certificates store
39e869bb63SNan Zhou  * @param[in] cert Reference to certificate to be validated
40e869bb63SNan Zhou  * @return void
41e869bb63SNan Zhou  */
42e869bb63SNan Zhou void validateCertificateAgainstStore(X509_STORE& x509Store, X509& cert);
43e869bb63SNan Zhou 
44e869bb63SNan Zhou /**
45e869bb63SNan Zhou  * @brief Validates the certificate can be used in an SSL context, otherwise,
46e869bb63SNan Zhou  * throws errors
47e869bb63SNan Zhou  * @param[in] cert Reference to certificate to be validated
48e869bb63SNan Zhou  * @return void
49e869bb63SNan Zhou  */
50e869bb63SNan Zhou void validateCertificateInSSLContext(X509& cert);
51e869bb63SNan Zhou 
52e869bb63SNan Zhou /**
53e869bb63SNan Zhou  * @brief Generates certificate ID based on provided certificate file.
54e869bb63SNan Zhou  *
55e869bb63SNan Zhou  * @param[in] cert - Certificate object.
56e869bb63SNan Zhou  *
57e869bb63SNan Zhou  * @return Certificate ID as formatted string.
58e869bb63SNan Zhou  */
59e869bb63SNan Zhou std::string generateCertId(X509& cert);
60e869bb63SNan Zhou 
616ec13c8fSNan Zhou /** @brief Parses PEM string into the X509 structure.
626ec13c8fSNan Zhou  *  @param[in] pem - PEM encoded X509 certificate buffer.
636ec13c8fSNan Zhou  *  @return pointer to the X509 structure.
646ec13c8fSNan Zhou  */
656ec13c8fSNan Zhou std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem);
66e869bb63SNan Zhou } // namespace phosphor::certs
67