gnunet-android

GNUnet for Android
Log | Files | Refs | README

certificate.h (3191B)

      1 // Copyright 2023 The BoringSSL Authors
      2 //
      3 // Licensed under the Apache License, Version 2.0 (the "License");
      4 // you may not use this file except in compliance with the License.
      5 // You may obtain a copy of the License at
      6 //
      7 //     https://www.apache.org/licenses/LICENSE-2.0
      8 //
      9 // Unless required by applicable law or agreed to in writing, software
     10 // distributed under the License is distributed on an "AS IS" BASIS,
     11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     12 // See the License for the specific language governing permissions and
     13 // limitations under the License.
     14 
     15 #if !defined(OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_) && defined(__cplusplus)
     16 #define OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_
     17 
     18 #include <memory>
     19 #include <string>
     20 #include <string_view>
     21 
     22 #include <openssl/base.h>   // IWYU pragma: export
     23 #include <openssl/span.h>
     24 
     25 BSSL_NAMESPACE_BEGIN
     26 
     27 struct CertificateInternals;
     28 
     29 // Certificate represents a parsed X.509 certificate. It includes accessors for
     30 // the various things that one might want to extract from a certificate,
     31 class OPENSSL_EXPORT Certificate {
     32  public:
     33   Certificate(Certificate&& other);
     34   Certificate(const Certificate& other) = delete;
     35   ~Certificate();
     36   Certificate& operator=(const Certificate& other) = delete;
     37 
     38   // FromDER returns a certificate from an DER-encoded X.509 object in |der|.
     39   // In the event of a failure, it will return no value, and |out_diagnostic|
     40   // may be set to a string of human readable debugging information if
     41   // information abou the failure is available.
     42   static std::unique_ptr<Certificate> FromDER(
     43       bssl::Span<const uint8_t> der, std::string *out_diagnostic);
     44 
     45   // FromPEM returns a certificate from the first CERTIFICATE PEM block in
     46   // |pem|. In the event of a failure, it will return no value, and
     47   // |out_diagnostic| may be set to a string of human readable debugging
     48   // informtion if informaiton about the failuew is available.
     49   static std::unique_ptr<Certificate> FromPEM(
     50       std::string_view pem, std::string *out_diagnostic);
     51 
     52   // IsSelfIssued returns true if the certificate is "self-issued" per RFC 5280
     53   // section 6.1. I.e. that the subject and issuer names are equal after
     54   // canonicalization (and no other checks).
     55   //
     56   // Other contexts may have a different notion such as "self signed" which
     57   // may or may not be this, and may check other properties of the certificate.
     58   bool IsSelfIssued() const;
     59 
     60   // Validity specifies the temporal validity of a cerificate, expressed in
     61   // POSIX time values of seconds since the POSIX epoch. The certificate is
     62   // valid at POSIX time t in second granularity, where not_before <= t <=
     63   // not_after.
     64   struct Validity {
     65     int64_t not_before;
     66     int64_t not_after;
     67   };
     68 
     69   Validity GetValidity() const;
     70 
     71   // The binary, big-endian, DER representation of the certificate serial
     72   // number. It may include a leading 00 byte.
     73   bssl::Span<const uint8_t> GetSerialNumber() const;
     74 
     75  private:
     76   explicit Certificate(std::unique_ptr<CertificateInternals> internals);
     77 
     78   std::unique_ptr<CertificateInternals> internals_;
     79 };
     80 
     81 BSSL_NAMESPACE_END
     82 
     83 #endif  // OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_ && __cplusplus