#include <memory>
#include <string>
+#include <string.h>
#include <vector>
#include <cinttypes>
#include <ctime>
+#include <unordered_set>
#include <openssl/ssl.h>
#include "db/database.h"
-class CAConfig {
-public:
+struct CAConfig {
std::string path;
std::string name;
+ std::string crlURL;
+ std::string crtURL;
std::shared_ptr<X509> ca;
std::shared_ptr<EVP_PKEY> caKey;
std::shared_ptr<ASN1_TIME> notBefore;
+
CAConfig( const std::string& name );
+
bool crlNeedsResign();
};
std::vector<std::shared_ptr<CAConfig>> ca;
std::time_t maxValidity;
+ std::unordered_set<std::string> include;
std::shared_ptr<CAConfig> getCA() {
+ std::shared_ptr<CAConfig> min = nullptr;
+
for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
- return *it;
+ if( min != nullptr ) {
+ if( strcmp( min->name.c_str(), ( *it )->name.c_str() ) < 0 ) {
+ min = *it;
+ }
+ } else {
+ min = *it;
+ }
}
}
- return ca[0];
+ return min ? min : ca[0];
}
};
std::shared_ptr<SSL_CTX> generateSSLContext( bool server );
std::shared_ptr<BIO> openSerial( const std::string& name );
std::string timeToString( std::shared_ptr<ASN1_TIME> time );
+
void extractTimes( std::shared_ptr<X509> source, std::shared_ptr<SignedCertificate> cert );