Classes | Enumerations | Functions | Variables
SSL certificate generator API

These functions must not depend on Squid runtime code such as debug() because they are used by security_file_certgen helper. More...

Classes

class  Ssl::CertificateProperties
 

Enumerations

enum  Ssl::CertSignAlgorithm {
  Ssl::algSignTrusted = 0,
  Ssl::algSignUntrusted,
  Ssl::algSignSelf,
  Ssl::algSignEnd
}
 
enum  Ssl::CertAdaptAlgorithm {
  Ssl::algSetValidAfter = 0,
  Ssl::algSetValidBefore,
  Ssl::algSetCommonName,
  Ssl::algSetEnd
}
 

Functions

bool Ssl::writeCertAndPrivateKeyToMemory (Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
 
bool Ssl::appendCertToMemory (Security::CertPointer const &cert, std::string &bufferToWrite)
 
bool Ssl::readCertAndPrivateKeyFromMemory (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
 
void Ssl::ReadPrivateKeyFromFile (char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
 
bool Ssl::OpenCertsFileForReading (BIO_Pointer &bio, const char *filename)
 
bool Ssl::ReadPrivateKey (BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
 
bool Ssl::OpenCertsFileForWriting (BIO_Pointer &bio, const char *filename)
 
bool Ssl::WriteX509Certificate (BIO_Pointer &bio, const Security::CertPointer &cert)
 
bool Ssl::WritePrivateKey (BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
 
const char * Ssl::certSignAlgorithm (int sg)
 
CertSignAlgorithm Ssl::certSignAlgorithmId (const char *sg)
 
const char * Ssl::sslCertAdaptAlgoritm (int alg)
 
std::string & Ssl::OnDiskCertificateDbKey (const CertificateProperties &)
 
bool Ssl::generateSslCertificate (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
 
bool Ssl::sslDateIsInTheFuture (char const *date)
 
bool Ssl::certificateMatchesProperties (X509 *peer_cert, CertificateProperties const &properties)
 

Variables

const char * Ssl::CertSignAlgorithmStr []
 
const char * Ssl::CertAdaptAlgorithmStr []
 

Detailed Description

Enumeration Type Documentation

◆ CertAdaptAlgorithm

enum Ssl::CertAdaptAlgorithm

Supported certificate adaptation algorithms

Enumerator
algSetValidAfter 
algSetValidBefore 
algSetCommonName 
algSetEnd 

Definition at line 207 of file gadgets.h.

◆ CertSignAlgorithm

enum Ssl::CertSignAlgorithm

Supported certificate signing algorithms

Enumerator
algSignTrusted 
algSignUntrusted 
algSignSelf 
algSignEnd 

Definition at line 169 of file gadgets.h.

Function Documentation

◆ appendCertToMemory()

bool Ssl::appendCertToMemory ( Security::CertPointer const &  cert,
std::string &  bufferToWrite 
)

Append SSL certificate to bufferToWrite.

Definition at line 123 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get().

Referenced by Ssl::CrtdMessage::composeRequest().

◆ certificateMatchesProperties()

bool Ssl::certificateMatchesProperties ( X509 *  peer_cert,
CertificateProperties const &  properties 
)

Check if the major fields of a certificates matches the properties given by a CertficateProperties object

Returns
true if the certificates matches false otherwise.

Definition at line 936 of file gadgets.cc.

References Ssl::algSignSelf, asn1time_cmp(), assert, Ssl::CommonHostName(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signAlgorithm, Ssl::CertificateProperties::signWithX509, STACK_OF(), X509_getm_notAfter, and X509_getm_notBefore.

◆ certSignAlgorithm()

const char* Ssl::certSignAlgorithm ( int  sg)
inline

Return the short name of the signing algorithm "sg"

Definition at line 182 of file gadgets.h.

References Ssl::algSignEnd, and Ssl::CertSignAlgorithmStr.

Referenced by Ssl::CrtdMessage::composeRequest(), dump_sslproxy_cert_sign(), Ssl::InRamCertificateDbKey(), and Ssl::OnDiskCertificateDbKey().

◆ certSignAlgorithmId()

CertSignAlgorithm Ssl::certSignAlgorithmId ( const char *  sg)
inline

Return the id of the signing algorithm "sg"

Definition at line 194 of file gadgets.h.

References Ssl::algSignEnd, and Ssl::CertSignAlgorithmStr.

Referenced by Ssl::CrtdMessage::parseRequest().

◆ generateSslCertificate()

bool Ssl::generateSslCertificate ( Security::CertPointer cert,
Security::PrivateKeyPointer &  pkey,
Ssl::CertificateProperties const &  properties 
)

Decide on the kind of certificate and generate a CA- or self-signed one. The generated certificate will inherite properties from certToMimic Return generated certificate and private key in resultX509 and resultPkey variables.

Definition at line 769 of file gadgets.cc.

References createSerial(), and generateFakeSslCertificate().

Referenced by Ssl::configureSSL(), Ssl::GenerateSslContext(), Ssl::generateUntrustedCert(), and processNewRequest().

◆ OnDiskCertificateDbKey()

std::string & Ssl::OnDiskCertificateDbKey ( const CertificateProperties properties)
Returns
certificate database key

Definition at line 269 of file gadgets.cc.

References Ssl::algSignEnd, Ssl::certSignAlgorithm(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, printX509Signature(), Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signAlgorithm, and Ssl::CertificateProperties::signHash.

Referenced by processNewRequest().

◆ OpenCertsFileForReading()

bool Ssl::OpenCertsFileForReading ( Ssl::BIO_Pointer bio,
const char *  filename 
)

Initialize the bio with the file 'filename' opened for reading

Definition at line 780 of file gadgets.cc.

Referenced by Ssl::CertificateDb::ReadEntry(), and Ssl::ReadPrivateKeyFromFile().

◆ OpenCertsFileForWriting()

bool Ssl::OpenCertsFileForWriting ( Ssl::BIO_Pointer bio,
const char *  filename 
)

Initialize the bio with the file 'filename' opened for writing

Definition at line 848 of file gadgets.cc.

Referenced by Ssl::CertificateDb::WriteEntry().

◆ readCertAndPrivateKeyFromMemory()

bool Ssl::readCertAndPrivateKeyFromMemory ( Security::CertPointer cert,
Security::PrivateKeyPointer &  pkey,
char const *  bufferToRead 
)

Write private key and SSL certificate to memory.

Definition at line 147 of file gadgets.cc.

References CurrentException(), DBG_IMPORTANT, debugs, Debug::Extra(), Ssl::ReadCertificate(), and Security::LockingPointer< T, UnLocker, Locker >::reset().

Referenced by Ssl::configureSSLUsingPkeyAndCertFromMemory(), Ssl::GenerateSslContextUsingPkeyAndCertFromMemory(), and Ssl::CrtdMessage::parseRequest().

◆ ReadPrivateKey()

bool Ssl::ReadPrivateKey ( Ssl::BIO_Pointer bio,
Security::PrivateKeyPointer &  pkey,
pem_password_cb *  passwd_callback 
)

Read a private key from bio

Definition at line 826 of file gadgets.cc.

References assert.

Referenced by Ssl::CertificateDb::ReadEntry(), and Ssl::ReadPrivateKeyFromFile().

◆ ReadPrivateKeyFromFile()

void Ssl::ReadPrivateKeyFromFile ( char const *  keyFilename,
Security::PrivateKeyPointer &  pkey,
pem_password_cb *  passwd_callback 
)

Read private key from file.

Definition at line 837 of file gadgets.cc.

References Ssl::OpenCertsFileForReading(), and Ssl::ReadPrivateKey().

Referenced by Security::KeyData::loadX509PrivateKeyFromFile().

◆ sslCertAdaptAlgoritm()

const char* Ssl::sslCertAdaptAlgoritm ( int  alg)
inline

Return the short name of the adaptation algorithm "alg"

Definition at line 219 of file gadgets.h.

References Ssl::algSetEnd, and Ssl::CertAdaptAlgorithmStr.

Referenced by dump_sslproxy_cert_adapt().

◆ sslDateIsInTheFuture()

bool Ssl::sslDateIsInTheFuture ( char const *  date)

Verify date. Date format it ASN1_UTCTIME. if there is out of date error, return false.

Definition at line 884 of file gadgets.cc.

Referenced by Ssl::CertificateDb::deleteInvalidCertificate(), and Ssl::CertificateDb::pure_find().

◆ writeCertAndPrivateKeyToMemory()

bool Ssl::writeCertAndPrivateKeyToMemory ( Security::CertPointer const &  cert,
Security::PrivateKeyPointer const &  pkey,
std::string &  bufferToWrite 
)

Write private key and SSL certificate to memory.

Definition at line 99 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get().

Referenced by Ssl::CrtdMessage::composeRequest(), and processNewRequest().

◆ WritePrivateKey()

bool Ssl::WritePrivateKey ( Ssl::BIO_Pointer bio,
const Security::PrivateKeyPointer &  pkey 
)

Write private key to BIO.

Definition at line 869 of file gadgets.cc.

Referenced by Ssl::CertificateDb::WriteEntry().

◆ WriteX509Certificate()

bool Ssl::WriteX509Certificate ( Ssl::BIO_Pointer bio,
const Security::CertPointer cert 
)

Write certificate to BIO.

Definition at line 859 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get().

Referenced by Ssl::CertificateDb::WriteEntry().

Variable Documentation

◆ CertAdaptAlgorithmStr

const char * Ssl::CertAdaptAlgorithmStr
Initial value:
= {
"setValidAfter",
"setValidBefore",
"setCommonName",
nullptr
}

Short names for certificate adaptation algorithms

Definition at line 239 of file gadgets.cc.

Referenced by ConnStateData::buildSslCertGenerationParams(), parse_sslproxy_cert_adapt(), and Ssl::sslCertAdaptAlgoritm().

◆ CertSignAlgorithmStr

const char * Ssl::CertSignAlgorithmStr
Initial value:
= {
"signTrusted",
"signUntrusted",
"signSelf",
nullptr
}

Short names for certificate signing algorithms

Definition at line 232 of file gadgets.cc.

Referenced by Ssl::certSignAlgorithm(), Ssl::certSignAlgorithmId(), and parse_sslproxy_cert_sign().

 

Introduction

Documentation

Support

Miscellaneous