quic/core/crypto/certificate_util.h

// Copyright 2021 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_UTIL_H_
#define QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_UTIL_H_

#include <string>

#include "absl/strings/string_view.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "quic/core/quic_time.h"
#include "quic/platform/api/quic_export.h"

namespace quic {

struct QUIC_NO_EXPORT CertificateTimestamp {
  uint16_t year;
  uint8_t month;
  uint8_t day;
  uint8_t hour;
  uint8_t minute;
  uint8_t second;
};

struct QUIC_NO_EXPORT CertificateOptions {
  absl::string_view subject;
  uint64_t serial_number;
  CertificateTimestamp validity_start;  // a.k.a not_valid_before
  CertificateTimestamp validity_end;    // a.k.a not_valid_after
};

// Creates a ECDSA P-256 key pair.
QUIC_EXPORT_PRIVATE bssl::UniquePtr<EVP_PKEY>
MakeKeyPairForSelfSignedCertificate();

// Creates a self-signed, DER-encoded X.509 certificate.
// |key| must be a ECDSA P-256 key.
// This is mostly stolen from Chromium's net/cert/x509_util.h, with
// modifications to make it work in QUICHE.
QUIC_EXPORT_PRIVATE std::string CreateSelfSignedCertificate(
    EVP_PKEY& key, const CertificateOptions& options);

}  // namespace quic

#endif  // QUICHE_QUIC_CORE_CRYPTO_CERTIFICATE_UTIL_H_