11 #include <openssl/x509.h> 12 #include <openssl/x509v3.h> 17 inline std::vector<SignatureScheme> CertUtils::getSigSchemes<KeyType::P256>() {
22 inline std::vector<SignatureScheme> CertUtils::getSigSchemes<KeyType::P384>() {
27 inline std::vector<SignatureScheme> CertUtils::getSigSchemes<KeyType::P521>() {
32 inline std::vector<SignatureScheme> CertUtils::getSigSchemes<KeyType::RSA>() {
39 std::vector<folly::ssl::X509UniquePtr> certs,
40 const std::vector<std::shared_ptr<fizz::CertificateCompressor>>&
42 if (certs.size() == 0) {
43 throw std::runtime_error(
"Must supply at least 1 cert");
45 if (X509_check_private_key(certs[0].
get(), pkey.get()) != 1) {
46 throw std::runtime_error(
"Cert does not match private key");
51 for (
const auto& compressor : compressors) {
52 compressedCerts_[compressor->getAlgorithm()] =
53 compressor->compress(getCertMessage());
70 Buf certificateRequestContext)
const {
72 certs_,
std::move(certificateRequestContext));
83 return CertUtils::getSigSchemes<T>();
91 auto signData = CertUtils::prepareSignData(context, toBeSigned);
93 case SignatureScheme::ecdsa_secp256r1_sha256:
94 return signature_.sign<SignatureScheme::ecdsa_secp256r1_sha256>(
95 signData->coalesce());
97 throw std::runtime_error(
"Unsupported signature scheme");
106 auto signData = CertUtils::prepareSignData(context, toBeSigned);
108 case SignatureScheme::ecdsa_secp384r1_sha384:
109 return signature_.sign<SignatureScheme::ecdsa_secp384r1_sha384>(
110 signData->coalesce());
112 throw std::runtime_error(
"Unsupported signature scheme");
121 auto signData = CertUtils::prepareSignData(context, toBeSigned);
123 case SignatureScheme::ecdsa_secp521r1_sha512:
124 return signature_.sign<SignatureScheme::ecdsa_secp521r1_sha512>(
125 signData->coalesce());
127 throw std::runtime_error(
"Unsupported signature scheme");
136 auto signData = CertUtils::prepareSignData(context, toBeSigned);
138 case SignatureScheme::rsa_pss_sha256:
139 return signature_.sign<SignatureScheme::rsa_pss_sha256>(
140 signData->coalesce());
142 throw std::runtime_error(
"Unsupported signature scheme");
150 throw std::runtime_error(
"could not get key from cert");
167 auto signData = CertUtils::prepareSignData(context, toBeSigned);
169 case SignatureScheme::ecdsa_secp256r1_sha256:
170 return signature_.verify<SignatureScheme::ecdsa_secp256r1_sha256>(
171 signData->coalesce(), signature);
173 throw std::runtime_error(
"Unsupported signature scheme");
183 auto signData = CertUtils::prepareSignData(context, toBeSigned);
185 case SignatureScheme::ecdsa_secp384r1_sha384:
186 return signature_.verify<SignatureScheme::ecdsa_secp384r1_sha384>(
187 signData->coalesce(), signature);
189 throw std::runtime_error(
"Unsupported signature scheme");
199 auto signData = CertUtils::prepareSignData(context, toBeSigned);
201 case SignatureScheme::ecdsa_secp521r1_sha512:
202 return signature_.verify<SignatureScheme::ecdsa_secp521r1_sha512>(
203 signData->coalesce(), signature);
205 throw std::runtime_error(
"Unsupported signature scheme");
215 auto signData = CertUtils::prepareSignData(context, toBeSigned);
217 case SignatureScheme::rsa_pss_sha256:
218 return signature_.verify<SignatureScheme::rsa_pss_sha256>(
219 signData->coalesce(), signature);
221 throw std::runtime_error(
"Unsupported signature scheme");
227 X509_up_ref(cert_.get());
233 X509_up_ref(certs_.front().get());
CertificateCompressionAlgorithm
std::unique_ptr< X509, X509Deleter > X509UniquePtr
constexpr detail::Map< Move > move
std::vector< SignatureScheme > getSigSchemes() const override
std::unique_ptr< EVP_PKEY, EvpPkeyDeleter > EvpPkeyUniquePtr
std::vector< std::string > getAltIdentities() const override
SelfCertImpl(folly::ssl::EvpPkeyUniquePtr pkey, std::vector< folly::ssl::X509UniquePtr > certs, const std::vector< std::shared_ptr< fizz::CertificateCompressor >> &compressors={})
static std::vector< std::string > getSubjectAltNames(X509 &x509)
CompressedCertificate getCompressedCert(CertificateCompressionAlgorithm algo) const override
Buf sign(SignatureScheme scheme, CertificateVerifyContext context, folly::ByteRange toBeSigned) const override
CertificateMsg getCertMessage(Buf certificateRequestContext=nullptr) const override
static CertificateMsg getCertMessage(const std::vector< folly::ssl::X509UniquePtr > &certs, Buf certificateRequestContext)
static Optional< std::string > getCommonName(X509 &x509)
FOLLY_CPP14_CONSTEXPR Value value_or(U &&dflt) const &
std::unique_ptr< folly::IOBuf > Buf
static CompressedCertificate cloneCompressedCert(const CompressedCertificate &src)
std::string getIdentity() const override