25#ifndef ROUTER_CERTIFICATE_GENERATOR_INCLUDED
26#define ROUTER_CERTIFICATE_GENERATOR_INCLUDED
31#include <openssl/err.h>
32#include <openssl/evp.h>
33#include <openssl/pem.h>
34#include <openssl/rsa.h>
35#include <openssl/x509v3.h>
57struct is_error_code_enum<
cert_errc> :
public std::true_type {};
61 class cert_err_category_impl :
public std::error_category {
63 const char *
name()
const noexcept override {
64 return "certificate generator";
66 std::string message(
int ev)
const override {
69 return "RSA generation failed";
71 return "EVP_PKEY generation failed";
73 return "Could not create X.509 certificate";
75 return "Failed to set version for the X.509 certificate";
77 return "Failed to set serial number for the X.509 certificate";
79 return "Failed to set validity period for the X.509 certificate";
81 return "Failed to set X.509 certificate public key";
83 return "Failed to set X.509 certificate CN field";
85 return "Failed to set X.509 certificate issuer field";
87 return "Failed to set X.509 certificate v3 extensions";
89 return "Failed to sign X.509 certificate";
96 static cert_err_category_impl instance;
115 using EvpPkey = std::unique_ptr<EVP_PKEY, EvpPkeyDeleter>;
116 using X509Cert = std::unique_ptr<X509, X509Deleter>;
167 EVP_PKEY *pkey,
const std::string &common_name,
const uint32_t serial,
168 X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore = 0,
169 uint32_t notafter = 10 *
k_year)
const;
172 constexpr static uint32_t
k_year = 365 * 24 * 60 * 60;
const std::error_category & cert_err_category() noexcept
Definition: certificate_generator.h:60
cert_errc
Definition: certificate_generator.h:41
@ cert_could_not_be_signed
@ cert_set_public_key_failed
@ evp_pkey_generation_failed
@ cert_set_validity_failed
@ cert_set_v3_extensions_failed
@ cert_set_version_failed
std::error_code make_error_code(cert_errc e) noexcept
Definition: certificate_generator.h:100
Definition: certificate_generator.h:104
std::unique_ptr< EVP_PKEY, EvpPkeyDeleter > EvpPkey
Definition: certificate_generator.h:115
stdx::expected< X509Cert, std::error_code > generate_x509(EVP_PKEY *pkey, const std::string &common_name, const uint32_t serial, X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore=0, uint32_t notafter=10 *k_year) const
Generate X.509 cerificate.
Definition: certificate_generator.cc:219
constexpr static uint32_t k_max_cn_name_length
Definition: certificate_generator.h:173
std::unique_ptr< X509, X509Deleter > X509Cert
Definition: certificate_generator.h:116
static stdx::expected< EvpPkey, std::error_code > generate_evp_pkey()
Generate EVP_PKEY containing public and private keys.
Definition: certificate_generator.cc:154
static std::string cert_to_string(X509 *cert)
Get string representation of a X.509 certificate.
Definition: certificate_generator.cc:215
static std::string pkey_to_string(EVP_PKEY *pkey)
Get string representation of a private key.
Definition: certificate_generator.cc:186
constexpr static uint32_t k_year
Definition: certificate_generator.h:172
Definition: expected.h:943
Provides simple, yet useful dependency injection mechanism.
Definition: varlen_sort.h:174
case opt name
Definition: sslopt-case.h:32
Definition: certificate_generator.h:106
void operator()(EVP_PKEY *pkey)
Definition: certificate_generator.h:107
Definition: certificate_generator.h:110
void operator()(X509 *x509)
Definition: certificate_generator.h:111