blob: ebc1cf48d6e9ca7b16035502bbd4ff6c6ecbacc7 [file] [log] [blame]
// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_UTIL_H_
#define QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_UTIL_H_
#include <string>
#include "absl/strings/string_view.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "quic/core/quic_time.h"
#include "quic/platform/api/quic_export.h"
namespace quic {
struct QUIC_NO_EXPORT CertificateTimestamp {
uint16_t year;
uint8_t month;
uint8_t day;
uint8_t hour;
uint8_t minute;
uint8_t second;
};
struct QUIC_NO_EXPORT CertificateOptions {
absl::string_view subject;
uint64_t serial_number;
CertificateTimestamp validity_start; // a.k.a not_valid_before
CertificateTimestamp validity_end; // a.k.a not_valid_after
};
// Creates a ECDSA P-256 key pair.
QUIC_EXPORT_PRIVATE bssl::UniquePtr<EVP_PKEY>
MakeKeyPairForSelfSignedCertificate();
// Creates a self-signed, DER-encoded X.509 certificate.
// |key| must be a ECDSA P-256 key.
// This is mostly stolen from Chromium's net/cert/x509_util.h, with
// modifications to make it work in QUICHE.
QUIC_EXPORT_PRIVATE std::string CreateSelfSignedCertificate(
EVP_PKEY& key, const CertificateOptions& options);
} // namespace quic
#endif // QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_UTIL_H_