// Copyright 2019 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef UTIL_CRYPTO_CERTIFICATE_UTILS_H_ #define UTIL_CRYPTO_CERTIFICATE_UTILS_H_ #include #include #include #include #include #include #include "absl/strings/string_view.h" #include "platform/api/time.h" #include "platform/base/error.h" #include "util/crypto/rsa_private_key.h" namespace openscreen { // Generates a new RSA key pair with bit width |key_bits|. bssl::UniquePtr GenerateRsaKeyPair(int key_bits = 2048); // Creates a new X509 certificate having the given |name| and |duration| until // expiration, and based on the given |key_pair|. If |issuer| and |issuer_key| // are provided, they are used to set the issuer information, otherwise it will // be self-signed. |make_ca| determines whether additional extensions are added // to make it a valid certificate authority cert. ErrorOr> CreateSelfSignedX509Certificate( absl::string_view name, std::chrono::seconds duration, const EVP_PKEY& key_pair, std::chrono::seconds time_since_unix_epoch = GetWallTimeSinceUnixEpoch(), bool make_ca = false, X509* issuer = nullptr, EVP_PKEY* issuer_key = nullptr); // Exports the given X509 certificate as its DER-encoded binary form. ErrorOr> ExportX509CertificateToDer( const X509& certificate); // Parses a DER-encoded X509 certificate from its binary form. ErrorOr> ImportCertificate(const uint8_t* der_x509_cert, int der_x509_cert_length); // Parses a DER-encoded RSAPrivateKey (RFC 3447). ErrorOr> ImportRSAPrivateKey( const uint8_t* der_rsa_private_key, int key_length); std::string GetSpkiTlv(X509* cert); ErrorOr ParseDerUint64(const ASN1_INTEGER* asn1int); } // namespace openscreen #endif // UTIL_CRYPTO_CERTIFICATE_UTILS_H_