Add utility to create stores

[folly.git] / folly / ssl / OpenSSLCertUtils.h

diff --git a/folly/ssl/OpenSSLCertUtils.h b/folly/ssl/OpenSSLCertUtils.h
index 82e30ffb46446d02286f8fac2b82f64ec988e037..edf3498c66e67eb1740a10b3d9ced26d16c3fbfd 100644 (file)
--- a/folly/ssl/OpenSSLCertUtils.h
+++ b/folly/ssl/OpenSSLCertUtils.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 Facebook, Inc.
+ * Copyright 2017-present Facebook, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,9 +18,10 @@
 #include <string>
 #include <vector>
 
-#include <openssl/x509.h>
-
 #include <folly/Optional.h>
+#include <folly/io/IOBuf.h>
+#include <folly/portability/OpenSSL.h>
+#include <folly/ssl/OpenSSLPtrTypes.h>
 
 namespace folly {
 namespace ssl {
@@ -31,6 +32,72 @@ class OpenSSLCertUtils {
   static Optional<std::string> getCommonName(X509& x509);
 
   static std::vector<std::string> getSubjectAltNames(X509& x509);
+
+  /*
+   * Return the subject name, if any, from the cert
+   * @param x509    Reference to an X509
+   * @return a folly::Optional<std::string>, or folly::none
+   */
+  static Optional<std::string> getSubject(X509& x509);
+
+  /*
+   * Return the issuer name, if any, from the cert
+   * @param x509    Reference to an X509
+   * @return a folly::Optional<std::string>, or folly::none
+   */
+  static Optional<std::string> getIssuer(X509& x509);
+
+  /*
+   * Get a string representation of the not-before time on the certificate
+   */
+  static std::string getNotBeforeTime(X509& x509);
+
+  /*
+   * Get a string representation of the not-after (expiration) time
+   */
+  static std::string getNotAfterTime(X509& x509);
+
+  /*
+   * Summarize the CN, Subject, Issuer, Validity, and extensions as a string
+   */
+  static folly::Optional<std::string> toString(X509& x509);
+
+  /**
+   * Decodes the DER representation of an X509 certificate.
+   *
+   * Throws on error (if a valid certificate can't be decoded).
+   */
+  static X509UniquePtr derDecode(ByteRange);
+
+  /**
+   * DER encodes an X509 certificate.
+   *
+   * Throws on error.
+   */
+  static std::unique_ptr<IOBuf> derEncode(X509&);
+
+  /**
+   * Reads certificates from memory and returns them as a vector of X509
+   * pointers.
+   */
+  static std::vector<X509UniquePtr> readCertsFromBuffer(ByteRange);
+
+  /**
+   * Return the output of the X509_digest for chosen message-digest algo
+   * NOTE: The returned digest will be in binary, and may need to be
+   * hex-encoded
+   */
+  static std::array<uint8_t, SHA_DIGEST_LENGTH> getDigestSha1(X509& x509);
+  static std::array<uint8_t, SHA256_DIGEST_LENGTH> getDigestSha256(X509& x509);
+
+  /**
+   * Reads a store from a file (or buffer).  Throws on error.
+   */
+  static X509StoreUniquePtr readStoreFromFile(std::string caFile);
+  static X509StoreUniquePtr readStoreFromBuffer(ByteRange);
+
+ private:
+  static std::string getDateTimeStr(const ASN1_TIME* time);
 };
-}
-}
+} // namespace ssl
+} // namespace folly