1*e869bb63SNan Zhou #include <openssl/ossl_typ.h> 2*e869bb63SNan Zhou #include <openssl/x509.h> 3*e869bb63SNan Zhou #include <openssl/x509_vfy.h> 4*e869bb63SNan Zhou 5*e869bb63SNan Zhou #include <memory> 6*e869bb63SNan Zhou #include <string> 7*e869bb63SNan Zhou 8*e869bb63SNan Zhou namespace phosphor::certs 9*e869bb63SNan Zhou { 10*e869bb63SNan Zhou 11*e869bb63SNan Zhou /** @brief Creates an X509 Store from the given certSrcPath 12*e869bb63SNan Zhou * Creates an X509 Store, adds a lookup file to the store from the given source 13*e869bb63SNan Zhou * certificate, and returns it 14*e869bb63SNan Zhou * @param[in] certSrcPath - the file path to a list of trusted certificates 15*e869bb63SNan Zhou * 16*e869bb63SNan Zhou */ 17*e869bb63SNan Zhou std::unique_ptr<X509_STORE, decltype(&::X509_STORE_free)> 18*e869bb63SNan Zhou getX509Store(const std::string& certSrcPath); 19*e869bb63SNan Zhou 20*e869bb63SNan Zhou /** @brief Loads Certificate file into the X509 structure. 21*e869bb63SNan Zhou * @param[in] filePath - Certificate and key full file path. 22*e869bb63SNan Zhou * @return pointer to the X509 structure. 23*e869bb63SNan Zhou */ 24*e869bb63SNan Zhou std::unique_ptr<X509, decltype(&::X509_free)> 25*e869bb63SNan Zhou loadCert(const std::string& filePath); 26*e869bb63SNan Zhou 27*e869bb63SNan Zhou /** 28*e869bb63SNan Zhou * @brief Parses the certificate and throws error if certificate NotBefore date 29*e869bb63SNan Zhou * is lt 1970 30*e869bb63SNan Zhou * @param[in] cert Reference to certificate object uploaded 31*e869bb63SNan Zhou * @return void 32*e869bb63SNan Zhou */ 33*e869bb63SNan Zhou void validateCertificateStartDate(X509& cert); 34*e869bb63SNan Zhou 35*e869bb63SNan Zhou /** 36*e869bb63SNan Zhou * @brief Validates the certificate against the trusted certificates store and 37*e869bb63SNan Zhou * throws error if certificate is not valid 38*e869bb63SNan Zhou * @param[in] x509Store Reference to trusted certificates store 39*e869bb63SNan Zhou * @param[in] cert Reference to certificate to be validated 40*e869bb63SNan Zhou * @return void 41*e869bb63SNan Zhou */ 42*e869bb63SNan Zhou void validateCertificateAgainstStore(X509_STORE& x509Store, X509& cert); 43*e869bb63SNan Zhou 44*e869bb63SNan Zhou /** 45*e869bb63SNan Zhou * @brief Validates the certificate can be used in an SSL context, otherwise, 46*e869bb63SNan Zhou * throws errors 47*e869bb63SNan Zhou * @param[in] cert Reference to certificate to be validated 48*e869bb63SNan Zhou * @return void 49*e869bb63SNan Zhou */ 50*e869bb63SNan Zhou void validateCertificateInSSLContext(X509& cert); 51*e869bb63SNan Zhou 52*e869bb63SNan Zhou /** 53*e869bb63SNan Zhou * @brief Generates certificate ID based on provided certificate file. 54*e869bb63SNan Zhou * 55*e869bb63SNan Zhou * @param[in] cert - Certificate object. 56*e869bb63SNan Zhou * 57*e869bb63SNan Zhou * @return Certificate ID as formatted string. 58*e869bb63SNan Zhou */ 59*e869bb63SNan Zhou std::string generateCertId(X509& cert); 60*e869bb63SNan Zhou 61*e869bb63SNan Zhou } // namespace phosphor::certs 62