#pragma once
-#include <openssl/ssl.h>
+
#include <memory>
#include <string>
+#include <string.h>
+#include <vector>
#include <cinttypes>
+#include <ctime>
+
+#include <openssl/ssl.h>
+
+#include "db/database.h"
-class CAConfig {
-public:
+struct CAConfig {
std::string path;
std::string name;
+ std::string crlURL;
+ std::string crtURL;
std::shared_ptr<X509> ca;
std::shared_ptr<EVP_PKEY> caKey;
- CAConfig( std::string name );
+ std::shared_ptr<ASN1_TIME> notBefore;
-};
+ CAConfig( const std::string& name );
+ bool crlNeedsResign();
+};
struct Profile {
uint16_t id;
std::string eku;
std::string ku;
- std::shared_ptr<CAConfig> ca;
+ std::vector<std::shared_ptr<CAConfig>> ca;
+ std::time_t maxValidity;
+ std::shared_ptr<CAConfig> getCA() {
+ std::shared_ptr<CAConfig> min = nullptr;
+ for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
+ if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0) {
+ if(min != nullptr){
+ if(strcmp(min->name.c_str(), (*it)->name.c_str()) < 0){
+ min = *it;
+ }
+ }else{
+ min=*it;
+ }
+ }
+ }
+
+ return min ? min : ca[0];
+ }
};
extern std::shared_ptr<int> ssl_lib_ref;
-std::shared_ptr<X509> loadX509FromFile( std::string filename );
-std::shared_ptr<EVP_PKEY> loadPkeyFromFile( std::string filename );
+std::shared_ptr<X509> loadX509FromFile( const std::string& filename );
+std::shared_ptr<EVP_PKEY> loadPkeyFromFile( const std::string& filename );
std::shared_ptr<SSL_CTX> generateSSLContext( bool server );
-std::shared_ptr<BIO> openSerial( const std::string name );
+std::shared_ptr<BIO> openSerial( const std::string& name );
+std::string timeToString( std::shared_ptr<ASN1_TIME> time );
+
+void extractTimes( std::shared_ptr<X509> source, std::shared_ptr<SignedCertificate> cert );