xref: /aosp_15_r20/external/boringssl/include/openssl/pki/certificate.h (revision 8fb009dc861624b67b6cdb62ea21f0f22d0c584b) 
1 /* Copyright (c) 2023, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #if !defined(OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_) && defined(__cplusplus)
16 #define OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_
17 
18 #include <memory>
19 #include <string>
20 #include <string_view>
21 
22 #include <openssl/base.h>
23 #include <openssl/span.h>
24 
25 namespace bssl {
26 
27 struct CertificateInternals;
28 
29 // Certificate represents a parsed X.509 certificate. It includes accessors for
30 // the various things that one might want to extract from a certificate,
31 class OPENSSL_EXPORT Certificate {
32  public:
33   Certificate(Certificate&& other);
34   Certificate(const Certificate& other) = delete;
35   ~Certificate();
36   Certificate& operator=(const Certificate& other) = delete;
37 
38   // FromDER returns a certificate from an DER-encoded X.509 object in |der|.
39   // In the event of a failure, it will return no value, and |out_diagnostic|
40   // may be set to a string of human readable debugging information if
41   // information abou the failure is available.
42   static std::unique_ptr<Certificate> FromDER(
43       bssl::Span<const uint8_t> der, std::string *out_diagnostic);
44 
45   // FromPEM returns a certificate from the first CERTIFICATE PEM block in
46   // |pem|. In the event of a failure, it will return no value, and
47   // |out_diagnostic| may be set to a string of human readable debugging
48   // informtion if informaiton about the failuew is available.
49   static std::unique_ptr<Certificate> FromPEM(
50       std::string_view pem, std::string *out_diagnostic);
51 
52   // IsSelfIssued returns true if the certificate is "self-issued" per RFC 5280
53   // section 6.1. I.e. that the subject and issuer names are equal after
54   // canonicalization (and no other checks).
55   //
56   // Other contexts may have a different notion such as "self signed" which
57   // may or may not be this, and may check other properties of the certificate.
58   bool IsSelfIssued() const;
59 
60   // Validity specifies the temporal validity of a cerificate, expressed in
61   // POSIX time values of seconds since the POSIX epoch. The certificate is
62   // valid at POSIX time t in second granularity, where not_before <= t <=
63   // not_after.
64   struct Validity {
65     int64_t not_before;
66     int64_t not_after;
67   };
68 
69   Validity GetValidity() const;
70 
71   // The binary, big-endian, DER representation of the certificate serial
72   // number. It may include a leading 00 byte.
73   bssl::Span<const uint8_t> GetSerialNumber() const;
74 
75  private:
76   explicit Certificate(std::unique_ptr<CertificateInternals> internals);
77 
78   std::unique_ptr<CertificateInternals> internals_;
79 };
80 
81 }  // namespace bssl
82 
83 #endif  // OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_ && __cplusplus
84