26#ifndef ROUTER_CERTIFICATE_GENERATOR_INCLUDED
27#define ROUTER_CERTIFICATE_GENERATOR_INCLUDED
32#include <openssl/err.h>
33#include <openssl/evp.h>
34#include <openssl/pem.h>
35#include <openssl/rsa.h>
36#include <openssl/x509v3.h>
58struct is_error_code_enum<
cert_errc> :
public std::true_type {};
62 class cert_err_category_impl :
public std::error_category {
64 const char *
name()
const noexcept override {
65 return "certificate generator";
67 std::string message(
int ev)
const override {
70 return "RSA generation failed";
72 return "EVP_PKEY generation failed";
74 return "Could not create X.509 certificate";
76 return "Failed to set version for the X.509 certificate";
78 return "Failed to set serial number for the X.509 certificate";
80 return "Failed to set validity period for the X.509 certificate";
82 return "Failed to set X.509 certificate public key";
84 return "Failed to set X.509 certificate CN field";
86 return "Failed to set X.509 certificate issuer field";
88 return "Failed to set X.509 certificate v3 extensions";
90 return "Failed to sign X.509 certificate";
97 static cert_err_category_impl instance;
116 using EvpPkey = std::unique_ptr<EVP_PKEY, EvpPkeyDeleter>;
117 using X509Cert = std::unique_ptr<X509, X509Deleter>;
168 EVP_PKEY *pkey,
const std::string &common_name,
const uint32_t serial,
169 X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore = 0,
170 uint32_t notafter = 10 *
k_year)
const;
173 constexpr static uint32_t
k_year = 365 * 24 * 60 * 60;
const std::error_category & cert_err_category() noexcept
Definition: certificate_generator.h:61
cert_errc
Definition: certificate_generator.h:42
@ cert_could_not_be_signed
@ cert_set_public_key_failed
@ evp_pkey_generation_failed
@ cert_set_validity_failed
@ cert_set_v3_extensions_failed
@ cert_set_version_failed
std::error_code make_error_code(cert_errc e) noexcept
Definition: certificate_generator.h:101
Definition: certificate_generator.h:105
std::unique_ptr< EVP_PKEY, EvpPkeyDeleter > EvpPkey
Definition: certificate_generator.h:116
stdx::expected< X509Cert, std::error_code > generate_x509(EVP_PKEY *pkey, const std::string &common_name, const uint32_t serial, X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore=0, uint32_t notafter=10 *k_year) const
Generate X.509 cerificate.
Definition: certificate_generator.cc:218
constexpr static uint32_t k_max_cn_name_length
Definition: certificate_generator.h:174
std::unique_ptr< X509, X509Deleter > X509Cert
Definition: certificate_generator.h:117
static stdx::expected< EvpPkey, std::error_code > generate_evp_pkey()
Generate EVP_PKEY containing public and private keys.
Definition: certificate_generator.cc:153
static std::string cert_to_string(X509 *cert)
Get string representation of a X.509 certificate.
Definition: certificate_generator.cc:214
static std::string pkey_to_string(EVP_PKEY *pkey)
Get string representation of a private key.
Definition: certificate_generator.cc:185
constexpr static uint32_t k_year
Definition: certificate_generator.h:173
Definition: expected.h:284
Provides simple, yet useful dependency injection mechanism.
Definition: gcs_xcom_synode.h:64
case opt name
Definition: sslopt-case.h:29
Definition: certificate_generator.h:107
void operator()(EVP_PKEY *pkey)
Definition: certificate_generator.h:108
Definition: certificate_generator.h:111
void operator()(X509 *x509)
Definition: certificate_generator.h:112