MySQL 8.3.0
Source Code Documentation
certificate_generator.h
Go to the documentation of this file.
1/*
2 Copyright (c) 2020, 2023, Oracle and/or its affiliates.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23*/
24
25#ifndef ROUTER_CERTIFICATE_GENERATOR_INCLUDED
26#define ROUTER_CERTIFICATE_GENERATOR_INCLUDED
27
28#include <memory>
29#include <string>
30
31#include <openssl/err.h>
32#include <openssl/evp.h>
33#include <openssl/pem.h>
34#include <openssl/rsa.h>
35#include <openssl/x509v3.h>
36
37#include "dim.h"
40
41enum class cert_errc {
53};
54
55namespace std {
56template <>
57struct is_error_code_enum<cert_errc> : public std::true_type {};
58} // namespace std
59
60inline const std::error_category &cert_err_category() noexcept {
61 class cert_err_category_impl : public std::error_category {
62 public:
63 const char *name() const noexcept override {
64 return "certificate generator";
65 }
66 std::string message(int ev) const override {
67 switch (static_cast<cert_errc>(ev)) {
69 return "RSA generation failed";
71 return "EVP_PKEY generation failed";
73 return "Could not create X.509 certificate";
75 return "Failed to set version for the X.509 certificate";
77 return "Failed to set serial number for the X.509 certificate";
79 return "Failed to set validity period for the X.509 certificate";
81 return "Failed to set X.509 certificate public key";
83 return "Failed to set X.509 certificate CN field";
85 return "Failed to set X.509 certificate issuer field";
87 return "Failed to set X.509 certificate v3 extensions";
89 return "Failed to sign X.509 certificate";
90 default:
91 return "unknown";
92 }
93 }
94 };
95
96 static cert_err_category_impl instance;
97 return instance;
98}
99
100inline std::error_code make_error_code(cert_errc e) noexcept {
101 return {static_cast<int>(e), cert_err_category()};
102}
103
105 private:
107 void operator()(EVP_PKEY *pkey) { EVP_PKEY_free(pkey); }
108 };
109
110 struct X509Deleter {
111 void operator()(X509 *x509) { X509_free(x509); }
112 };
113
114 public:
115 using EvpPkey = std::unique_ptr<EVP_PKEY, EvpPkeyDeleter>;
116 using X509Cert = std::unique_ptr<X509, X509Deleter>;
117
118 /**
119 * Generate EVP_PKEY containing public and private keys.
120 *
121 * @returns Unique pointer to EVP_PKEY object on success or std::error_code if
122 * key generation failed.
123 */
125
126 /**
127 * Get string representation of a private key.
128 *
129 * @param[in] pkey Private key.
130 *
131 * @returns Private key string representation.
132 */
133 static std::string pkey_to_string(EVP_PKEY *pkey);
134
135 /**
136 * Get string representation of a X.509 certificate.
137 *
138 * @param[in] cert X.509 certificate
139 *
140 * @returns X.509 certificate string representation.
141 */
142 static std::string cert_to_string(X509 *cert);
143
144 /**
145 * Generate X.509 cerificate.
146 *
147 * Generate X.509 cerificate that could be either self-signed or signed by
148 * some provided CA certificate. Certificate will be by default valid for
149 * 10 years.
150 *
151 * @param[in] pkey EVP_PKEY object containing public/private key pair.
152 * @param[in] common_name Common name that will be used in certificate Subject
153 * name section.
154 * @param[in] serial Serial number that will be encoded into the certificate.
155 * @param[in] ca_cert Certificate that will be used to sign certificate
156 * returned by this method. If ca_cert is nullptr then returned certificate
157 * will be self-signed.
158 * @param[in] ca_pkey CA private key that will be used to sign the
159 * certificate, for a self signed certificate 'pkey' argument will be used.
160 * @param[in] notbefore Certificate validity period start.
161 * @param[in] notafter Certificate validity period end.
162 *
163 * @return X.509 certificate on success or std::error_code if
164 * certificate generation failed.
165 */
167 EVP_PKEY *pkey, const std::string &common_name, const uint32_t serial,
168 X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore = 0,
169 uint32_t notafter = 10 * k_year) const;
170
171 private:
172 constexpr static uint32_t k_year = 365 * 24 * 60 * 60;
173 constexpr static uint32_t k_max_cn_name_length = 64;
174};
175
176#endif // ROUTER_CERTIFICATE_GENERATOR_INCLUDED
const std::error_category & cert_err_category() noexcept
Definition: certificate_generator.h:60
cert_errc
Definition: certificate_generator.h:41
@ cert_set_issuer_failed
@ cert_could_not_be_signed
@ cert_set_public_key_failed
@ rsa_generation_failed
@ cert_set_cn_failed
@ evp_pkey_generation_failed
@ cert_set_serial_failed
@ cert_alloc_failed
@ cert_set_validity_failed
@ cert_set_v3_extensions_failed
@ cert_set_version_failed
std::error_code make_error_code(cert_errc e) noexcept
Definition: certificate_generator.h:100
Definition: certificate_generator.h:104
std::unique_ptr< EVP_PKEY, EvpPkeyDeleter > EvpPkey
Definition: certificate_generator.h:115
stdx::expected< X509Cert, std::error_code > generate_x509(EVP_PKEY *pkey, const std::string &common_name, const uint32_t serial, X509 *ca_cert, EVP_PKEY *ca_pkey, uint32_t notbefore=0, uint32_t notafter=10 *k_year) const
Generate X.509 cerificate.
Definition: certificate_generator.cc:219
constexpr static uint32_t k_max_cn_name_length
Definition: certificate_generator.h:173
std::unique_ptr< X509, X509Deleter > X509Cert
Definition: certificate_generator.h:116
static stdx::expected< EvpPkey, std::error_code > generate_evp_pkey()
Generate EVP_PKEY containing public and private keys.
Definition: certificate_generator.cc:154
static std::string cert_to_string(X509 *cert)
Get string representation of a X.509 certificate.
Definition: certificate_generator.cc:215
static std::string pkey_to_string(EVP_PKEY *pkey)
Get string representation of a private key.
Definition: certificate_generator.cc:186
constexpr static uint32_t k_year
Definition: certificate_generator.h:172
Definition: expected.h:943
Provides simple, yet useful dependency injection mechanism.
Definition: varlen_sort.h:174
case opt name
Definition: sslopt-case.h:32
Definition: certificate_generator.h:106
void operator()(EVP_PKEY *pkey)
Definition: certificate_generator.h:107
Definition: certificate_generator.h:110
void operator()(X509 *x509)
Definition: certificate_generator.h:111