#pragma once
-#include <openssl/ssl.h>
+
#include <memory>
#include <string>
+#include <string.h>
#include <vector>
#include <cinttypes>
+#include <ctime>
+
+#include <openssl/ssl.h>
-class CAConfig {
-public:
+#include "db/database.h"
+
+struct CAConfig {
std::string path;
std::string name;
+ std::string crlURL;
+ std::string crtURL;
std::shared_ptr<X509> ca;
std::shared_ptr<EVP_PKEY> caKey;
std::shared_ptr<ASN1_TIME> notBefore;
- CAConfig( std::string name );
+ CAConfig( const std::string& name );
+
+ bool crlNeedsResign();
};
struct Profile {
std::string ku;
std::vector<std::shared_ptr<CAConfig>> ca;
+ std::time_t maxValidity;
std::shared_ptr<CAConfig> getCA() {
+ std::shared_ptr<CAConfig> min = nullptr;
+
for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
- return *it;
+ if( min != nullptr ) {
+ if( strcmp( min->name.c_str(), ( *it )->name.c_str() ) < 0 ) {
+ min = *it;
+ }
+ } else {
+ min = *it;
+ }
}
}
- return ca[0];
+ return min ? min : ca[0];
}
};
extern std::shared_ptr<int> ssl_lib_ref;
-std::shared_ptr<X509> loadX509FromFile( std::string filename );
-std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename );
+std::shared_ptr<X509> loadX509FromFile( const std::string& filename );
+std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename );
std::shared_ptr<SSL_CTX> generateSSLContext( bool server );
-std::shared_ptr<BIO> openSerial( const std::string name );
+std::shared_ptr<BIO> openSerial( const std::string& name );
+std::string timeToString( std::shared_ptr<ASN1_TIME> time );
+
+void extractTimes( std::shared_ptr<X509> source, std::shared_ptr<SignedCertificate> cert );
projects / cassiopeia.git / blobdiff