1*724985ffSEd Tanous 2*724985ffSEd Tanous 35f34a9c5SEd Tanous #pragma once 45f34a9c5SEd Tanous 53112a144SEd Tanous #include <boost/asio/ssl/context.hpp> 61214b7e7SGunnar Mills 73ccb3adbSEd Tanous #include <optional> 83ccb3adbSEd Tanous #include <string> 91abe55efSEd Tanous 101abe55efSEd Tanous namespace ensuressl 111abe55efSEd Tanous { 12e38778a5SAppaRao Puli 1319bb362bSEd Tanous enum class VerifyCertificate 1419bb362bSEd Tanous { 1519bb362bSEd Tanous Verify, 1619bb362bSEd Tanous NoVerify 1719bb362bSEd Tanous }; 1819bb362bSEd Tanous 19*724985ffSEd Tanous constexpr const char* trustStorePath = "/etc/ssl/certs/authority"; 20*724985ffSEd Tanous constexpr const char* x509Comment = "Generated from OpenBMC service"; 21d5fb584aSAbhilash Raju 22*724985ffSEd Tanous bool isTrustChainError(int errnum); 23e38778a5SAppaRao Puli 24*724985ffSEd Tanous bool validateCertificate(X509* cert); 25e38778a5SAppaRao Puli 26*724985ffSEd Tanous std::string verifyOpensslKeyCert(const std::string& filepath); 27e38778a5SAppaRao Puli 28*724985ffSEd Tanous X509* loadCert(const std::string& filePath); 29e38778a5SAppaRao Puli 30*724985ffSEd Tanous int addExt(X509* cert, int nid, const char* value); 3119bb362bSEd Tanous 32*724985ffSEd Tanous std::string generateSslCertificate(const std::string& cn); 33e38778a5SAppaRao Puli 34*724985ffSEd Tanous void writeCertificateToFile(const std::string& filepath, 35*724985ffSEd Tanous const std::string& certificate); 36e38778a5SAppaRao Puli 37*724985ffSEd Tanous std::string ensureOpensslKeyPresentAndValid(const std::string& filepath); 38*724985ffSEd Tanous 39*724985ffSEd Tanous std::shared_ptr<boost::asio::ssl::context> getSslServerContext(); 40*724985ffSEd Tanous 41*724985ffSEd Tanous std::optional<boost::asio::ssl::context> 42*724985ffSEd Tanous getSSLClientContext(VerifyCertificate verifyCertificate); 43e38778a5SAppaRao Puli 44911ac317SEd Tanous } // namespace ensuressl 45