xref: /openbmc/bmcweb/include/ssl_key_handler.hpp (revision bd79bce8c3f1deb1fb2773868b9ece25233cf27b)
1 
2 
3 #pragma once
4 
5 #include <boost/asio/ssl/context.hpp>
6 
7 #include <optional>
8 #include <string>
9 
10 namespace ensuressl
11 {
12 
13 enum class VerifyCertificate
14 {
15     Verify,
16     NoVerify
17 };
18 
19 constexpr const char* trustStorePath = "/etc/ssl/certs/authority";
20 constexpr const char* x509Comment = "Generated from OpenBMC service";
21 
22 bool isTrustChainError(int errnum);
23 
24 bool validateCertificate(X509* cert);
25 
26 std::string verifyOpensslKeyCert(const std::string& filepath);
27 
28 X509* loadCert(const std::string& filePath);
29 
30 int addExt(X509* cert, int nid, const char* value);
31 
32 std::string generateSslCertificate(const std::string& cn);
33 
34 void writeCertificateToFile(const std::string& filepath,
35                             const std::string& certificate);
36 
37 std::string ensureOpensslKeyPresentAndValid(const std::string& filepath);
38 
39 std::shared_ptr<boost::asio::ssl::context> getSslServerContext();
40 
41 std::optional<boost::asio::ssl::context>
42     getSSLClientContext(VerifyCertificate verifyCertificate);
43 
44 } // namespace ensuressl
45