util/crypto/certificate_utils.h - platform/external/openscreen - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef UTIL_CRYPTO_CERTIFICATE_UTILS_H_
 #define UTIL_CRYPTO_CERTIFICATE_UTILS_H_

 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <stdint.h>

 #include <chrono>
 #include <string>
 #include <vector>

 #include "absl/strings/string_view.h"
 #include "platform/api/time.h"
 #include "platform/base/error.h"
 #include "util/crypto/rsa_private_key.h"

 namespace openscreen {

 // Generates a new RSA key pair with bit width |key_bits|.
 bssl::UniquePtr<EVP_PKEY> GenerateRsaKeyPair(int key_bits = 2048);

 // Creates a new X509 certificate having the given |name| and |duration| until
 // expiration, and based on the given |key_pair|.  If |issuer| and |issuer_key|
 // are provided, they are used to set the issuer information, otherwise it will
 // be self-signed.  |make_ca| determines whether additional extensions are added
 // to make it a valid certificate authority cert.
 ErrorOr<bssl::UniquePtr<X509>> CreateSelfSignedX509Certificate(
     absl::string_view name,
     std::chrono::seconds duration,
     const EVP_PKEY& key_pair,
     std::chrono::seconds time_since_unix_epoch = GetWallTimeSinceUnixEpoch(),
     bool make_ca = false,
     X509* issuer = nullptr,
     EVP_PKEY* issuer_key = nullptr);

 // Exports the given X509 certificate as its DER-encoded binary form.
 ErrorOr<std::vector<uint8_t>> ExportX509CertificateToDer(
     const X509& certificate);

 // Parses a DER-encoded X509 certificate from its binary form.
 ErrorOr<bssl::UniquePtr<X509>> ImportCertificate(const uint8_t* der_x509_cert,
                                                  int der_x509_cert_length);

 // Parses a DER-encoded RSAPrivateKey (RFC 3447).
 ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey(
     const uint8_t* der_rsa_private_key,
     int key_length);

 std::string GetSpkiTlv(X509* cert);

 ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int);

 }  // namespace openscreen

 #endif  // UTIL_CRYPTO_CERTIFICATE_UTILS_H_
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef UTIL_CRYPTO_CERTIFICATE_UTILS_H_
	#define UTIL_CRYPTO_CERTIFICATE_UTILS_H_

	#include <openssl/evp.h>
	#include <openssl/x509.h>
	#include <stdint.h>

	#include <chrono>
	#include <string>
	#include <vector>

	#include "absl/strings/string_view.h"
	#include "platform/api/time.h"
	#include "platform/base/error.h"
	#include "util/crypto/rsa_private_key.h"

	namespace openscreen {

	// Generates a new RSA key pair with bit width \|key_bits\|.
	bssl::UniquePtr<EVP_PKEY> GenerateRsaKeyPair(int key_bits = 2048);

	// Creates a new X509 certificate having the given \|name\| and \|duration\| until
	// expiration, and based on the given \|key_pair\|. If \|issuer\| and \|issuer_key\|
	// are provided, they are used to set the issuer information, otherwise it will
	// be self-signed. \|make_ca\| determines whether additional extensions are added
	// to make it a valid certificate authority cert.
	ErrorOr<bssl::UniquePtr<X509>> CreateSelfSignedX509Certificate(
	absl::string_view name,
	std::chrono::seconds duration,
	const EVP_PKEY& key_pair,
	std::chrono::seconds time_since_unix_epoch = GetWallTimeSinceUnixEpoch(),
	bool make_ca = false,
	X509* issuer = nullptr,
	EVP_PKEY* issuer_key = nullptr);

	// Exports the given X509 certificate as its DER-encoded binary form.
	ErrorOr<std::vector<uint8_t>> ExportX509CertificateToDer(
	const X509& certificate);

	// Parses a DER-encoded X509 certificate from its binary form.
	ErrorOr<bssl::UniquePtr<X509>> ImportCertificate(const uint8_t* der_x509_cert,
	int der_x509_cert_length);

	// Parses a DER-encoded RSAPrivateKey (RFC 3447).
	ErrorOr<bssl::UniquePtr<EVP_PKEY>> ImportRSAPrivateKey(
	const uint8_t* der_rsa_private_key,
	int key_length);

	std::string GetSpkiTlv(X509* cert);

	ErrorOr<uint64_t> ParseDerUint64(ASN1_INTEGER* asn1int);

	} // namespace openscreen

	#endif // UTIL_CRYPTO_CERTIFICATE_UTILS_H_