]>
Commit | Line | Data |
---|---|---|
95d2589c CT |
1 | /* |
2 | * 2009/01/17 | |
3 | */ | |
4 | ||
5 | #ifndef SQUID_SSL_GADGETS_H | |
6 | #define SQUID_SSL_GADGETS_H | |
7 | ||
8 | #include "base/TidyPointer.h" | |
9 | ||
10 | #if HAVE_OPENSSL_SSL_H | |
11 | #include <openssl/ssl.h> | |
12 | #endif | |
13 | #if HAVE_OPENSSL_TXT_DB_H | |
14 | #include <openssl/txt_db.h> | |
15 | #endif | |
16 | #if HAVE_STRING | |
17 | #include <string> | |
18 | #endif | |
19 | ||
20 | namespace Ssl | |
21 | { | |
22 | /** | |
23 | \defgroup SslCrtdSslAPI ssl_crtd SSL api. | |
24 | These functions must not depend on Squid runtime code such as debug() | |
25 | because they are used by ssl_crtd. | |
26 | */ | |
27 | ||
3a665e67 | 28 | // Macro to be used to define the C++ equivalent function of an extern "C" |
14851ec2 CT |
29 | // function. The C++ function suffixed with the _cpp extension |
30 | #define CtoCpp1(function, argument) \ | |
31 | extern "C++" inline void function ## _cpp(argument a) { \ | |
32 | function(a); \ | |
33 | } | |
95d2589c CT |
34 | |
35 | /** | |
36 | \ingroup SslCrtdSslAPI | |
37 | * TidyPointer typedefs for common SSL objects | |
38 | */ | |
14851ec2 CT |
39 | CtoCpp1(X509_free, X509 *) |
40 | typedef TidyPointer<X509, X509_free_cpp> X509_Pointer; | |
41 | ||
42 | CtoCpp1(EVP_PKEY_free, EVP_PKEY *) | |
43 | typedef TidyPointer<EVP_PKEY, EVP_PKEY_free_cpp> EVP_PKEY_Pointer; | |
44 | ||
45 | CtoCpp1(BN_free, BIGNUM *) | |
46 | typedef TidyPointer<BIGNUM, BN_free_cpp> BIGNUM_Pointer; | |
47 | ||
48 | CtoCpp1(BIO_free, BIO *) | |
49 | typedef TidyPointer<BIO, BIO_free_cpp> BIO_Pointer; | |
50 | ||
51 | CtoCpp1(ASN1_INTEGER_free, ASN1_INTEGER *) | |
52 | typedef TidyPointer<ASN1_INTEGER, ASN1_INTEGER_free_cpp> ASN1_INT_Pointer; | |
53 | ||
54 | CtoCpp1(TXT_DB_free, TXT_DB *) | |
55 | typedef TidyPointer<TXT_DB, TXT_DB_free_cpp> TXT_DB_Pointer; | |
56 | ||
57 | CtoCpp1(X509_NAME_free, X509_NAME *) | |
58 | typedef TidyPointer<X509_NAME, X509_NAME_free_cpp> X509_NAME_Pointer; | |
59 | ||
60 | CtoCpp1(RSA_free, RSA *) | |
61 | typedef TidyPointer<RSA, RSA_free_cpp> RSA_Pointer; | |
62 | ||
63 | CtoCpp1(X509_REQ_free, X509_REQ *) | |
64 | typedef TidyPointer<X509_REQ, X509_REQ_free_cpp> X509_REQ_Pointer; | |
65 | ||
66 | CtoCpp1(SSL_CTX_free, SSL_CTX *) | |
67 | typedef TidyPointer<SSL_CTX, SSL_CTX_free_cpp> SSL_CTX_Pointer; | |
68 | ||
69 | CtoCpp1(SSL_free, SSL *) | |
70 | typedef TidyPointer<SSL, SSL_free_cpp> SSL_Pointer; | |
95d2589c CT |
71 | |
72 | ||
73 | /** | |
74 | \ingroup SslCrtdSslAPI | |
75 | * Create 1024 bits rsa key. | |
76 | */ | |
77 | EVP_PKEY * createSslPrivateKey(); | |
78 | ||
79 | /** | |
80 | \ingroup SslCrtdSslAPI | |
81 | * Create request on certificate for a host. | |
82 | */ | |
83 | X509_REQ * createNewX509Request(EVP_PKEY_Pointer const & pkey, const char * hostname); | |
84 | ||
85 | /** | |
86 | \ingroup SslCrtdSslAPI | |
87 | * Write private key and SSL certificate to memory. | |
88 | */ | |
89 | bool writeCertAndPrivateKeyToMemory(X509_Pointer const & cert, EVP_PKEY_Pointer const & pkey, std::string & bufferToWrite); | |
90 | ||
91 | /** | |
92 | \ingroup SslCrtdSslAPI | |
93 | * Write private key and SSL certificate to file. | |
94 | */ | |
95 | bool writeCertAndPrivateKeyToFile(X509_Pointer const & cert, EVP_PKEY_Pointer const & pkey, char const * filename); | |
96 | ||
97 | /** | |
98 | \ingroup SslCrtdSslAPI | |
99 | * Write private key and SSL certificate to memory. | |
100 | */ | |
101 | bool readCertAndPrivateKeyFromMemory(X509_Pointer & cert, EVP_PKEY_Pointer & pkey, char const * bufferToRead); | |
102 | ||
103 | /** | |
104 | \ingroup SslCrtdSslAPI | |
105 | * Sign SSL request. | |
106 | * \param x509 if this param equals NULL, returning certificate will be selfsigned. | |
107 | * \return X509 Signed certificate. | |
108 | */ | |
109 | X509 * signRequest(X509_REQ_Pointer const & request, X509_Pointer const & x509, EVP_PKEY_Pointer const & pkey, ASN1_TIME * timeNotAfter, BIGNUM const * serial); | |
110 | ||
111 | /** | |
112 | \ingroup SslCrtdSslAPI | |
113 | * Decide on the kind of certificate and generate a CA- or self-signed one. | |
114 | * Return generated certificate and private key in resultX509 and resultPkey | |
115 | * variables. | |
116 | */ | |
117 | bool generateSslCertificateAndPrivateKey(char const *host, X509_Pointer const & signedX509, EVP_PKEY_Pointer const & signedPkey, X509_Pointer & cert, EVP_PKEY_Pointer & pkey, BIGNUM const* serial); | |
118 | ||
119 | /** | |
120 | \ingroup SslCrtdSslAPI | |
121 | * Read certificate and private key from files. | |
122 | * \param certFilename name of file with certificate. | |
123 | * \param keyFilename name of file with private key. | |
124 | */ | |
125 | void readCertAndPrivateKeyFromFiles(X509_Pointer & cert, EVP_PKEY_Pointer & pkey, char const * certFilename, char const * keyFilename); | |
126 | ||
127 | /** | |
128 | \ingroup SslCrtdSslAPI | |
129 | * Verify date. Date format it ASN1_UTCTIME. if there is out of date error, | |
130 | * return false. | |
131 | */ | |
132 | bool sslDateIsInTheFuture(char const * date); | |
133 | ||
134 | } // namespace Ssl | |
135 | #endif // SQUID_SSL_GADGETS_H |