Add wrapper for getting X509_digest from a cert

[folly.git] / folly / ssl / OpenSSLCertUtils.h

diff --git a/folly/ssl/OpenSSLCertUtils.h b/folly/ssl/OpenSSLCertUtils.h
index be8fbec9187d930796215513037e6409049f272f..31273d02ae797814d643ad0ca99b6802bf0ebd6b 100644 (file)
--- a/folly/ssl/OpenSSLCertUtils.h
+++ b/folly/ssl/OpenSSLCertUtils.h
@@ -19,7 +19,9 @@
 #include <vector>
 
 #include <folly/Optional.h>
+#include <folly/io/IOBuf.h>
 #include <folly/portability/OpenSSL.h>
+#include <folly/ssl/OpenSSLPtrTypes.h>
 
 namespace folly {
 namespace ssl {
@@ -60,8 +62,36 @@ class OpenSSLCertUtils {
    */
   static folly::Optional<std::string> toString(X509& x509);
 
+  /**
+   * Decodes the DER representation of an X509 certificate.
+   *
+   * Throws on error (if a valid certificate can't be decoded).
+   */
+  static X509UniquePtr derDecode(ByteRange);
+
+  /**
+   * DER encodes an X509 certificate.
+   *
+   * Throws on error.
+   */
+  static std::unique_ptr<IOBuf> derEncode(X509&);
+
+  /**
+   * Reads certificates from memory and returns them as a vector of X509
+   * pointers.
+   */
+  static std::vector<X509UniquePtr> readCertsFromBuffer(ByteRange);
+
+  /**
+   * Return the output of the X509_digest for chosen message-digest algo
+   * NOTE: The returned digest will be in binary, and may need to be
+   * hex-encoded
+   */
+  static std::array<uint8_t, SHA_DIGEST_LENGTH> getDigestSha1(X509& x509);
+  static std::array<uint8_t, SHA256_DIGEST_LENGTH> getDigestSha256(X509& x509);
+
  private:
   static std::string getDateTimeStr(const ASN1_TIME* time);
 };
-}
-}
+} // namespace ssl
+} // namespace folly