nuttx-apps/include/crypto/controlse/ccertificate.hxx
2024-04-21 11:20:12 +08:00

123 lines
4.5 KiB
C++

//***************************************************************************
// apps/include/crypto/controlse/ccertificate.hxx
//
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright ownership. The
// ASF licenses this file to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance with the
// License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations
// under the License.
//
//***************************************************************************
// Copyright 2024 NXP
#pragma once
//***************************************************************************
// Included Files
//***************************************************************************
#include "crypto/controlse/isecure_element_object.hxx"
#include <mbedtls/x509_crt.h>
//***************************************************************************
// Class definitions
//***************************************************************************
namespace Controlse
{
class ISecureElement;
class CPublicKey;
class CSerialNumber;
class CCertificate : public ISecureElementObject
{
public:
CCertificate(const ISecureElement &se, uint32_t keystore_id);
CCertificate(const uint8_t *crt_der_or_pem, size_t crt_size);
CCertificate(const ISecureElement &se, const uint8_t *csr_der_or_pem,
size_t csr_size, uint32_t keystore_id);
// from_datetime and to_datetime need to have format: YYYYMMDDHHMMSSZ
CCertificate(const ISecureElement &se, const uint8_t *csr_der_or_pem,
size_t csr_size, uint32_t keystore_id,
const char *from_datetime, const char *to_datetime);
CCertificate(const CCertificate &) = delete;
CCertificate(CCertificate &&) = default;
~CCertificate();
CCertificate &operator=(const CCertificate &other) = delete;
bool IsLoaded() const;
bool StoreOnSecureElement(const ISecureElement &se,
uint32_t keystore_id) const;
bool LoadFromSecureElement(const ISecureElement &se, uint32_t keystore_id);
bool LoadFromDerOrPem(const uint8_t *crt_der_or_pem, size_t crt_size);
bool LoadFromCsrDerOrPem(const ISecureElement &se,
const uint8_t *csr_der_or_pem, size_t csr_size,
uint32_t keystore_id, const char *from_datetime,
const char *to_datetime);
bool VerifyAgainst(const ISecureElement &se,
uint32_t verify_against_id) const;
// Test time range is valid
// returns 0 if valid
// -1 when expired
// 1 when not yet valid
int TestValidTimerange(time_t now) const;
// Get public key from certificate
// returns pointer to public key when successful otherwise NULL
// note: must be deleted by caller when not NULL
CPublicKey *GetPublicKey() const;
// Get oid from certificate if available
// oid must be one of MBEDTLS_OID_AT* from mbedtls/oid.h
//
// returns zero terminated text string when successful otherwise NULL
// note: must be deleted by caller when not NULL
char *GetOid(const char *oid) const;
// Get serial number from from certificate
// returns pointer to CSerialNumber when successful otherwise NULL
// note: must be deleted by caller when not NULL
CSerialNumber *GetSerialNumber() const;
size_t GetNumberOfSubjectAlternativeNames() const;
// Get SAN from from certificate
// returns pointer to array when successful otherwise NULL
// note: must be deleted by caller when not NULL
char *GetSubjectAlternativeName(int item) const;
// Get certificate in DER format
// returns size of the der array otherwise 0
// note: der must be deleted by caller when not NULL
size_t GetDer(uint8_t **der) const;
// Get certificate in PEM format
// returns pointer to pem string when successful otherwise NULL
// note: must be deleted by caller when not NULL
char *GetPem() const;
bool ContainsSan(const char *name, size_t size) const;
static constexpr char TAG_ID_SIZE = 18;
private:
bool is_loaded = false;
mbedtls_x509_crt crt;
};
} // namespace Controlse