MySQL 8.4.2
Source Code Documentation
certificate_generator.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2020, 2024, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is designed to work with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have either included with
14 the program or referenced in the documentation.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24*/
25
26#ifndef ROUTER_CERTIFICATE_GENERATOR_INCLUDED
27#define ROUTER_CERTIFICATE_GENERATOR_INCLUDED
28
29#include <memory>
30#include <string>
31
32#include <openssl/err.h>
33#include <openssl/evp.h>
34#include <openssl/pem.h>
35#include <openssl/rsa.h>
36#include <openssl/x509v3.h>
37
38#include "dim.h"
41
42enum class cert_errc {
54};
55
56namespace std {
57template <>
58struct is_error_code_enum<cert_errc> : public std::true_type {};
59} // namespace std
60
61inline const std::error_category &cert_err_category() noexcept {
62 class cert_err_category_impl : public std::error_category {
63 public:
64 const char *name() const noexcept override {
65 return "certificate generator";
66 }
67 std::string message(int ev) const override {
68 switch (static_cast<cert_errc>(ev)) {
70 return "RSA generation failed";
72 return "EVP_PKEY generation failed";
74 return "Could not create X.509 certificate";
76 return "Failed to set version for the X.509 certificate";
78 return "Failed to set serial number for the X.509 certificate";
80 return "Failed to set validity period for the X.509 certificate";
82 return "Failed to set X.509 certificate public key";
84 return "Failed to set X.509 certificate CN field";
86 return "Failed to set X.509 certificate issuer field";
88 return "Failed to set X.509 certificate v3 extensions";
90 return "Failed to sign X.509 certificate";
91 default:
92 return "unknown";
93 }
94 }
95 };
96
97 static cert_err_category_impl instance;
98 return instance;
99}
100
101inline std::error_code make_error_code(cert_errc e) noexcept {
102 return {static_cast<int>(e), cert_err_category()};
103}
104
106 private:
108 void operator()(EVP_PKEY *pkey) { EVP_PKEY_free(pkey); }
109 };
110
111 struct X509Deleter {
112 void operator()(X509 *x509) { X509_free(x509); }
113 };
114
115 public:
116 using EvpPkey = std::unique_ptr<EVP_PKEY, EvpPkeyDeleter>;
117 using X509Cert = std::unique_ptr<X509, X509Deleter>;
118
119 /**
120 * Generate EVP_PKEY containing public and private keys.
121 *
122 * @returns Unique pointer to EVP_PKEY object on success or std::error_code if
123 * key generation failed.
124 */
126
127 /**
128 * Get string representation of a private key.
129 *
130 * @param[in] pkey Private key.
131 *
132 * @returns Private key string representation.
133 */
134 static std::string pkey_to_string(EVP_PKEY *pkey);
135
136 /**
137 * Get string representation of a X.509 certificate.
138 *
139 * @param[in] cert X.509 certificate
140 *
141 * @returns X.509 certificate string representation.
142 */
143 static std::string cert_to_string(X509 *cert);
144
145 /**
146 * Generate X.509 cerificate.
147 *
148 * Generate X.509 cerificate that could be either self-signed or signed by
149 * some provided CA certificate. Certificate will be by default valid for
150 * 10 years.
151 *
152 * @param[in] pkey EVP_PKEY object containing public/private key pair.
153 * @param[in] common_name Common name that will be used in certificate Subject
154 * name section.
155 * @param[in] serial Serial number that will be encoded into the certificate.
156 * @param[in] ca_cert Certificate that will be used to sign certificate
157 * returned by this method. If ca_cert is nullptr then returned certificate
158 * will be self-signed.
159 * @param[in] ca_pkey CA private key that will be used to sign the
160 * certificate, for a self signed certificate 'pkey' argument will be used.
161 * @param[in] notbefore Certificate validity period start.
162 * @param[in] notafter Certificate validity period end.
163 *
164 * @return X.509 certificate on success or std::error_code if
165 * certificate generation failed.
166 */
168 EVP_PKEY *pkey, const std::string &common_name, const uint32_t serial,
169 X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore = 0,
170 uint32_t notafter = 10 * k_year) const;
171
172 private:
173 constexpr static uint32_t k_year = 365 * 24 * 60 * 60;
174 constexpr static uint32_t k_max_cn_name_length = 64;
175};
176
177#endif // ROUTER_CERTIFICATE_GENERATOR_INCLUDED
const std::error_category & cert_err_category() noexcept
Definition: certificate_generator.h:61
cert_errc
Definition: certificate_generator.h:42
@ cert_set_issuer_failed
@ cert_could_not_be_signed
@ cert_set_public_key_failed
@ rsa_generation_failed
@ cert_set_cn_failed
@ evp_pkey_generation_failed
@ cert_set_serial_failed
@ cert_alloc_failed
@ cert_set_validity_failed
@ cert_set_v3_extensions_failed
@ cert_set_version_failed
std::error_code make_error_code(cert_errc e) noexcept
Definition: certificate_generator.h:101
Definition: certificate_generator.h:105
std::unique_ptr< EVP_PKEY, EvpPkeyDeleter > EvpPkey
Definition: certificate_generator.h:116
stdx::expected< X509Cert, std::error_code > generate_x509(EVP_PKEY *pkey, const std::string &common_name, const uint32_t serial, X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore=0, uint32_t notafter=10 *k_year) const
Generate X.509 cerificate.
Definition: certificate_generator.cc:218
constexpr static uint32_t k_max_cn_name_length
Definition: certificate_generator.h:174
std::unique_ptr< X509, X509Deleter > X509Cert
Definition: certificate_generator.h:117
static stdx::expected< EvpPkey, std::error_code > generate_evp_pkey()
Generate EVP_PKEY containing public and private keys.
Definition: certificate_generator.cc:153
static std::string cert_to_string(X509 *cert)
Get string representation of a X.509 certificate.
Definition: certificate_generator.cc:214
static std::string pkey_to_string(EVP_PKEY *pkey)
Get string representation of a private key.
Definition: certificate_generator.cc:185
constexpr static uint32_t k_year
Definition: certificate_generator.h:173
Definition: expected.h:284
Provides simple, yet useful dependency injection mechanism.
Definition: gcs_xcom_synode.h:64
case opt name
Definition: sslopt-case.h:29
Definition: certificate_generator.h:107
void operator()(EVP_PKEY *pkey)
Definition: certificate_generator.h:108
Definition: certificate_generator.h:111
void operator()(X509 *x509)
Definition: certificate_generator.h:112