1 | /* |
2 | * Copyright 2017-present Facebook, Inc. |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | #pragma once |
17 | |
18 | #include <string> |
19 | #include <vector> |
20 | |
21 | #include <folly/Optional.h> |
22 | #include <folly/io/IOBuf.h> |
23 | #include <folly/portability/OpenSSL.h> |
24 | #include <folly/ssl/OpenSSLPtrTypes.h> |
25 | |
26 | namespace folly { |
27 | namespace ssl { |
28 | |
29 | class OpenSSLCertUtils { |
30 | public: |
31 | // Note: non-const until OpenSSL 1.1.0 |
32 | static Optional<std::string> getCommonName(X509& x509); |
33 | |
34 | static std::vector<std::string> getSubjectAltNames(X509& x509); |
35 | |
36 | /* |
37 | * Return the subject name, if any, from the cert |
38 | * @param x509 Reference to an X509 |
39 | * @return a folly::Optional<std::string>, or folly::none |
40 | */ |
41 | static Optional<std::string> getSubject(X509& x509); |
42 | |
43 | /* |
44 | * Return the issuer name, if any, from the cert |
45 | * @param x509 Reference to an X509 |
46 | * @return a folly::Optional<std::string>, or folly::none |
47 | */ |
48 | static Optional<std::string> getIssuer(X509& x509); |
49 | |
50 | /* |
51 | * Get a string representation of the not-before time on the certificate |
52 | */ |
53 | static std::string getNotBeforeTime(X509& x509); |
54 | |
55 | /* |
56 | * Get a string representation of the not-after (expiration) time |
57 | */ |
58 | static std::string getNotAfterTime(X509& x509); |
59 | |
60 | /* |
61 | * Summarize the CN, Subject, Issuer, Validity, and extensions as a string |
62 | */ |
63 | static folly::Optional<std::string> toString(X509& x509); |
64 | |
65 | /** |
66 | * Decode the DER representation of an X509 certificate. |
67 | * |
68 | * Throws on error (if a valid certificate can't be decoded). |
69 | */ |
70 | static X509UniquePtr derDecode(ByteRange); |
71 | |
72 | /** |
73 | * Encode an X509 certificate in DER format. |
74 | * |
75 | * Throws on error. |
76 | */ |
77 | static std::unique_ptr<IOBuf> derEncode(X509&); |
78 | |
79 | /** |
80 | * Read certificates from memory and returns them as a vector of X509 |
81 | * pointers. Throw if there is any malformed cert or memory allocation |
82 | * problem. |
83 | * @param range Buffer to parse. |
84 | * @return A vector of X509 objects. |
85 | */ |
86 | static std::vector<X509UniquePtr> readCertsFromBuffer(ByteRange range); |
87 | |
88 | /** |
89 | * Return the output of the X509_digest for chosen message-digest algo |
90 | * NOTE: The returned digest will be in binary, and may need to be |
91 | * hex-encoded |
92 | */ |
93 | static std::array<uint8_t, SHA_DIGEST_LENGTH> getDigestSha1(X509& x509); |
94 | static std::array<uint8_t, SHA256_DIGEST_LENGTH> getDigestSha256(X509& x509); |
95 | |
96 | /** |
97 | * Read a store from a file. Throw if unable to read the file, memory |
98 | * allocation fails, or any cert can't be parsed or added to the store. |
99 | * @param caFile Path to the CA file. |
100 | * @return A X509 store that contains certs in the CA file. |
101 | */ |
102 | static X509StoreUniquePtr readStoreFromFile(std::string caFile); |
103 | |
104 | /** |
105 | * Read a store from a PEM buffer. Throw if memory allocation fails, or |
106 | * any cert can't be parsed or added to the store. |
107 | * @param range A buffer containing certs in PEM format. |
108 | * @return A X509 store that contains certs in the CA file. |
109 | */ |
110 | static X509StoreUniquePtr readStoreFromBuffer(ByteRange range); |
111 | |
112 | private: |
113 | static std::string getDateTimeStr(const ASN1_TIME* time); |
114 | }; |
115 | } // namespace ssl |
116 | } // namespace folly |
117 | |