1*3f982cf4SFabien Sanglard // Copyright 2019 The Chromium Authors. All rights reserved. 2*3f982cf4SFabien Sanglard // Use of this source code is governed by a BSD-style license that can be 3*3f982cf4SFabien Sanglard // found in the LICENSE file. 4*3f982cf4SFabien Sanglard 5*3f982cf4SFabien Sanglard #ifndef UTIL_CRYPTO_CERTIFICATE_UTILS_H_ 6*3f982cf4SFabien Sanglard #define UTIL_CRYPTO_CERTIFICATE_UTILS_H_ 7*3f982cf4SFabien Sanglard 8*3f982cf4SFabien Sanglard #include <openssl/evp.h> 9*3f982cf4SFabien Sanglard #include <openssl/x509.h> 10*3f982cf4SFabien Sanglard #include <stdint.h> 11*3f982cf4SFabien Sanglard 12*3f982cf4SFabien Sanglard #include <chrono> 13*3f982cf4SFabien Sanglard #include <string> 14*3f982cf4SFabien Sanglard #include <vector> 15*3f982cf4SFabien Sanglard 16*3f982cf4SFabien Sanglard #include "absl/strings/string_view.h" 17*3f982cf4SFabien Sanglard #include "platform/api/time.h" 18*3f982cf4SFabien Sanglard #include "platform/base/error.h" 19*3f982cf4SFabien Sanglard #include "util/crypto/rsa_private_key.h" 20*3f982cf4SFabien Sanglard 21*3f982cf4SFabien Sanglard namespace openscreen { 22*3f982cf4SFabien Sanglard 23*3f982cf4SFabien Sanglard // Generates a new RSA key pair with bit width |key_bits|. 24*3f982cf4SFabien Sanglard bssl::UniquePtr<EVP_PKEY> GenerateRsaKeyPair(int key_bits = 2048); 25*3f982cf4SFabien Sanglard 26*3f982cf4SFabien Sanglard // Creates a new X509 certificate having the given |name| and |duration| until 27*3f982cf4SFabien Sanglard // expiration, and based on the given |key_pair|. If |issuer| and |issuer_key| 28*3f982cf4SFabien Sanglard // are provided, they are used to set the issuer information, otherwise it will 29*3f982cf4SFabien Sanglard // be self-signed. |make_ca| determines whether additional extensions are added 30*3f982cf4SFabien Sanglard // to make it a valid certificate authority cert. 31*3f982cf4SFabien Sanglard ErrorOr<bssl::UniquePtr<X509>> CreateSelfSignedX509Certificate( 32*3f982cf4SFabien Sanglard absl::string_view name, 33*3f982cf4SFabien Sanglard std::chrono::seconds duration, 34*3f982cf4SFabien Sanglard const EVP_PKEY& key_pair, 35*3f982cf4SFabien Sanglard std::chrono::seconds time_since_unix_epoch = GetWallTimeSinceUnixEpoch(), 36*3f982cf4SFabien Sanglard bool make_ca = false, 37*3f982cf4SFabien Sanglard X509* issuer = nullptr, 38*3f982cf4SFabien Sanglard EVP_PKEY* issuer_key = nullptr); 39*3f982cf4SFabien Sanglard 40*3f982cf4SFabien Sanglard // Exports the given X509 certificate as its DER-encoded binary form. 41*3f982cf4SFabien Sanglard ErrorOr<std::vector<uint8_t>> ExportX509CertificateToDer( 42*3f982cf4SFabien Sanglard const X509& certificate); 43*3f982cf4SFabien Sanglard 44*3f982cf4SFabien Sanglard // Parses a DER-encoded X509 certificate from its binary form. 45*3f982cf4SFabien Sanglard ErrorOr<bssl::UniquePtr<X509>> ImportCertificate(const uint8_t* der_x509_cert, 46*3f982cf4SFabien Sanglard int der_x509_cert_length); 47*3f982cf4SFabien Sanglard 48*3f982cf4SFabien Sanglard // Parses a DER-encoded RSAPrivateKey (RFC 3447). 49*3f982cf4SFabien Sanglard ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey( 50*3f982cf4SFabien Sanglard const uint8_t* der_rsa_private_key, 51*3f982cf4SFabien Sanglard int key_length); 52*3f982cf4SFabien Sanglard 53*3f982cf4SFabien Sanglard std::string GetSpkiTlv(X509* cert); 54*3f982cf4SFabien Sanglard 55*3f982cf4SFabien Sanglard ErrorOr<uint64_t> ParseDerUint64(const ASN1_INTEGER* asn1int); 56*3f982cf4SFabien Sanglard 57*3f982cf4SFabien Sanglard } // namespace openscreen 58*3f982cf4SFabien Sanglard 59*3f982cf4SFabien Sanglard #endif // UTIL_CRYPTO_CERTIFICATE_UTILS_H_ 60