xref: /aosp_15_r20/external/boringssl/include/openssl/pki/certificate.h (revision 8fb009dc861624b67b6cdb62ea21f0f22d0c584b) 
1*8fb009dcSAndroid Build Coastguard Worker /* Copyright (c) 2023, Google Inc.
2*8fb009dcSAndroid Build Coastguard Worker  *
3*8fb009dcSAndroid Build Coastguard Worker  * Permission to use, copy, modify, and/or distribute this software for any
4*8fb009dcSAndroid Build Coastguard Worker  * purpose with or without fee is hereby granted, provided that the above
5*8fb009dcSAndroid Build Coastguard Worker  * copyright notice and this permission notice appear in all copies.
6*8fb009dcSAndroid Build Coastguard Worker  *
7*8fb009dcSAndroid Build Coastguard Worker  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8*8fb009dcSAndroid Build Coastguard Worker  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9*8fb009dcSAndroid Build Coastguard Worker  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10*8fb009dcSAndroid Build Coastguard Worker  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11*8fb009dcSAndroid Build Coastguard Worker  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12*8fb009dcSAndroid Build Coastguard Worker  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13*8fb009dcSAndroid Build Coastguard Worker  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14*8fb009dcSAndroid Build Coastguard Worker 
15*8fb009dcSAndroid Build Coastguard Worker #if !defined(OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_) && defined(__cplusplus)
16*8fb009dcSAndroid Build Coastguard Worker #define OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_
17*8fb009dcSAndroid Build Coastguard Worker 
18*8fb009dcSAndroid Build Coastguard Worker #include <memory>
19*8fb009dcSAndroid Build Coastguard Worker #include <string>
20*8fb009dcSAndroid Build Coastguard Worker #include <string_view>
21*8fb009dcSAndroid Build Coastguard Worker 
22*8fb009dcSAndroid Build Coastguard Worker #include <openssl/base.h>
23*8fb009dcSAndroid Build Coastguard Worker #include <openssl/span.h>
24*8fb009dcSAndroid Build Coastguard Worker 
25*8fb009dcSAndroid Build Coastguard Worker namespace bssl {
26*8fb009dcSAndroid Build Coastguard Worker 
27*8fb009dcSAndroid Build Coastguard Worker struct CertificateInternals;
28*8fb009dcSAndroid Build Coastguard Worker 
29*8fb009dcSAndroid Build Coastguard Worker // Certificate represents a parsed X.509 certificate. It includes accessors for
30*8fb009dcSAndroid Build Coastguard Worker // the various things that one might want to extract from a certificate,
31*8fb009dcSAndroid Build Coastguard Worker class OPENSSL_EXPORT Certificate {
32*8fb009dcSAndroid Build Coastguard Worker  public:
33*8fb009dcSAndroid Build Coastguard Worker   Certificate(Certificate&& other);
34*8fb009dcSAndroid Build Coastguard Worker   Certificate(const Certificate& other) = delete;
35*8fb009dcSAndroid Build Coastguard Worker   ~Certificate();
36*8fb009dcSAndroid Build Coastguard Worker   Certificate& operator=(const Certificate& other) = delete;
37*8fb009dcSAndroid Build Coastguard Worker 
38*8fb009dcSAndroid Build Coastguard Worker   // FromDER returns a certificate from an DER-encoded X.509 object in |der|.
39*8fb009dcSAndroid Build Coastguard Worker   // In the event of a failure, it will return no value, and |out_diagnostic|
40*8fb009dcSAndroid Build Coastguard Worker   // may be set to a string of human readable debugging information if
41*8fb009dcSAndroid Build Coastguard Worker   // information abou the failure is available.
42*8fb009dcSAndroid Build Coastguard Worker   static std::unique_ptr<Certificate> FromDER(
43*8fb009dcSAndroid Build Coastguard Worker       bssl::Span<const uint8_t> der, std::string *out_diagnostic);
44*8fb009dcSAndroid Build Coastguard Worker 
45*8fb009dcSAndroid Build Coastguard Worker   // FromPEM returns a certificate from the first CERTIFICATE PEM block in
46*8fb009dcSAndroid Build Coastguard Worker   // |pem|. In the event of a failure, it will return no value, and
47*8fb009dcSAndroid Build Coastguard Worker   // |out_diagnostic| may be set to a string of human readable debugging
48*8fb009dcSAndroid Build Coastguard Worker   // informtion if informaiton about the failuew is available.
49*8fb009dcSAndroid Build Coastguard Worker   static std::unique_ptr<Certificate> FromPEM(
50*8fb009dcSAndroid Build Coastguard Worker       std::string_view pem, std::string *out_diagnostic);
51*8fb009dcSAndroid Build Coastguard Worker 
52*8fb009dcSAndroid Build Coastguard Worker   // IsSelfIssued returns true if the certificate is "self-issued" per RFC 5280
53*8fb009dcSAndroid Build Coastguard Worker   // section 6.1. I.e. that the subject and issuer names are equal after
54*8fb009dcSAndroid Build Coastguard Worker   // canonicalization (and no other checks).
55*8fb009dcSAndroid Build Coastguard Worker   //
56*8fb009dcSAndroid Build Coastguard Worker   // Other contexts may have a different notion such as "self signed" which
57*8fb009dcSAndroid Build Coastguard Worker   // may or may not be this, and may check other properties of the certificate.
58*8fb009dcSAndroid Build Coastguard Worker   bool IsSelfIssued() const;
59*8fb009dcSAndroid Build Coastguard Worker 
60*8fb009dcSAndroid Build Coastguard Worker   // Validity specifies the temporal validity of a cerificate, expressed in
61*8fb009dcSAndroid Build Coastguard Worker   // POSIX time values of seconds since the POSIX epoch. The certificate is
62*8fb009dcSAndroid Build Coastguard Worker   // valid at POSIX time t in second granularity, where not_before <= t <=
63*8fb009dcSAndroid Build Coastguard Worker   // not_after.
64*8fb009dcSAndroid Build Coastguard Worker   struct Validity {
65*8fb009dcSAndroid Build Coastguard Worker     int64_t not_before;
66*8fb009dcSAndroid Build Coastguard Worker     int64_t not_after;
67*8fb009dcSAndroid Build Coastguard Worker   };
68*8fb009dcSAndroid Build Coastguard Worker 
69*8fb009dcSAndroid Build Coastguard Worker   Validity GetValidity() const;
70*8fb009dcSAndroid Build Coastguard Worker 
71*8fb009dcSAndroid Build Coastguard Worker   // The binary, big-endian, DER representation of the certificate serial
72*8fb009dcSAndroid Build Coastguard Worker   // number. It may include a leading 00 byte.
73*8fb009dcSAndroid Build Coastguard Worker   bssl::Span<const uint8_t> GetSerialNumber() const;
74*8fb009dcSAndroid Build Coastguard Worker 
75*8fb009dcSAndroid Build Coastguard Worker  private:
76*8fb009dcSAndroid Build Coastguard Worker   explicit Certificate(std::unique_ptr<CertificateInternals> internals);
77*8fb009dcSAndroid Build Coastguard Worker 
78*8fb009dcSAndroid Build Coastguard Worker   std::unique_ptr<CertificateInternals> internals_;
79*8fb009dcSAndroid Build Coastguard Worker };
80*8fb009dcSAndroid Build Coastguard Worker 
81*8fb009dcSAndroid Build Coastguard Worker }  // namespace bssl
82*8fb009dcSAndroid Build Coastguard Worker 
83*8fb009dcSAndroid Build Coastguard Worker #endif  // OPENSSL_HEADER_BSSL_PKI_CERTIFICATE_H_ && __cplusplus
84