Classes | Enumerations | Functions | Variables
SSL certificate generator API

Classes

class  Ssl::CertificateProperties
 

Enumerations

enum  Ssl::CertSignAlgorithm {
  Ssl::algSignTrusted = 0,
  Ssl::algSignUntrusted,
  Ssl::algSignSelf,
  Ssl::algSignEnd
}
 
enum  Ssl::CertAdaptAlgorithm {
  Ssl::algSetValidAfter = 0,
  Ssl::algSetValidBefore,
  Ssl::algSetCommonName,
  Ssl::algSetEnd
}
 

Functions

EVP_PKEY * Ssl::createSslPrivateKey ()
 
bool Ssl::writeCertAndPrivateKeyToMemory (Security::CertPointer const &cert, Security::PrivateKeyPointer const &pkey, std::string &bufferToWrite)
 
bool Ssl::appendCertToMemory (Security::CertPointer const &cert, std::string &bufferToWrite)
 
bool Ssl::readCertAndPrivateKeyFromMemory (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, char const *bufferToRead)
 
bool Ssl::readCertFromMemory (Security::CertPointer &cert, char const *bufferToRead)
 
void Ssl::ReadPrivateKeyFromFile (char const *keyFilename, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
 
bool Ssl::OpenCertsFileForReading (BIO_Pointer &bio, const char *filename)
 
bool Ssl::ReadX509Certificate (BIO_Pointer &bio, Security::CertPointer &cert)
 
bool Ssl::ReadPrivateKey (BIO_Pointer &bio, Security::PrivateKeyPointer &pkey, pem_password_cb *passwd_callback)
 
bool Ssl::OpenCertsFileForWriting (BIO_Pointer &bio, const char *filename)
 
bool Ssl::WriteX509Certificate (BIO_Pointer &bio, const Security::CertPointer &cert)
 
bool Ssl::WritePrivateKey (BIO_Pointer &bio, const Security::PrivateKeyPointer &pkey)
 
const char * Ssl::certSignAlgorithm (int sg)
 
CertSignAlgorithm Ssl::certSignAlgorithmId (const char *sg)
 
const char * Ssl::sslCertAdaptAlgoritm (int alg)
 
std::string & Ssl::OnDiskCertificateDbKey (const CertificateProperties &)
 
bool Ssl::generateSslCertificate (Security::CertPointer &cert, Security::PrivateKeyPointer &pkey, CertificateProperties const &properties)
 
bool Ssl::sslDateIsInTheFuture (char const *date)
 
bool Ssl::certificateMatchesProperties (X509 *peer_cert, CertificateProperties const &properties)
 

Variables

const char * Ssl::CertSignAlgorithmStr []
 
const char * Ssl::CertAdaptAlgorithmStr []
 

Detailed Description

These functions must not depend on Squid runtime code such as debug() because they are used by security_file_certgen helper.

Enumeration Type Documentation

◆ CertAdaptAlgorithm

enum Ssl::CertAdaptAlgorithm

Supported certificate adaptation algorithms

Enumerator
algSetValidAfter 
algSetValidBefore 
algSetCommonName 
algSetEnd 

Definition at line 188 of file gadgets.h.

◆ CertSignAlgorithm

enum Ssl::CertSignAlgorithm

Supported certificate signing algorithms

Enumerator
algSignTrusted 
algSignUntrusted 
algSignSelf 
algSignEnd 

Definition at line 150 of file gadgets.h.

Function Documentation

◆ appendCertToMemory()

bool Ssl::appendCertToMemory ( Security::CertPointer const &  cert,
std::string &  bufferToWrite 
)

Append SSL certificate to bufferToWrite.

Definition at line 92 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), len, and NULL.

Referenced by Ssl::CrtdMessage::composeRequest().

◆ certificateMatchesProperties()

bool Ssl::certificateMatchesProperties ( X509 *  peer_cert,
CertificateProperties const &  properties 
)

Check if the major fields of a certificates matches the properties given by a CertficateProperties object

Returns
true if the certificates matches false otherwise.

Definition at line 812 of file gadgets.cc.

References Ssl::algSignSelf, asn1time_cmp(), assert, Ssl::CommonHostName(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), i, match(), Ssl::CertificateProperties::mimicCert, NULL, Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signAlgorithm, Ssl::CertificateProperties::signWithX509, STACK_OF(), X509_getm_notAfter, and X509_getm_notBefore.

◆ certSignAlgorithm()

const char* Ssl::certSignAlgorithm ( int  sg)
inline

Return the short name of the signing algorithm "sg"

Definition at line 163 of file gadgets.h.

References Ssl::algSignEnd, Ssl::CertSignAlgorithmStr, and NULL.

Referenced by Ssl::CrtdMessage::composeRequest(), dump_sslproxy_cert_sign(), Ssl::InRamCertificateDbKey(), and Ssl::OnDiskCertificateDbKey().

◆ certSignAlgorithmId()

CertSignAlgorithm Ssl::certSignAlgorithmId ( const char *  sg)
inline

Return the id of the signing algorithm "sg"

Definition at line 175 of file gadgets.h.

References Ssl::algSignEnd, Ssl::CertSignAlgorithmStr, i, and NULL.

Referenced by Ssl::CrtdMessage::parseRequest().

◆ createSslPrivateKey()

EVP_PKEY * Ssl::createSslPrivateKey ( )

Create 1024 bits rsa key.

Definition at line 12 of file gadgets.cc.

References NULL.

Referenced by generateFakeSslCertificate().

◆ generateSslCertificate()

bool Ssl::generateSslCertificate ( Security::CertPointer cert,
Security::PrivateKeyPointer &  pkey,
Ssl::CertificateProperties const &  properties 
)

Decide on the kind of certificate and generate a CA- or self-signed one. The generated certificate will inherite properties from certToMimic Return generated certificate and private key in resultX509 and resultPkey variables.

Definition at line 675 of file gadgets.cc.

References createSerial(), and generateFakeSslCertificate().

Referenced by Ssl::configureSSL(), Ssl::GenerateSslContext(), Ssl::generateUntrustedCert(), and processNewRequest().

◆ OnDiskCertificateDbKey()

std::string & Ssl::OnDiskCertificateDbKey ( const CertificateProperties properties)
Returns
certificate database key

Definition at line 232 of file gadgets.cc.

References Ssl::algSignEnd, Ssl::certSignAlgorithm(), Ssl::CertificateProperties::commonName, Security::LockingPointer< T, UnLocker, Locker >::get(), Ssl::CertificateProperties::mimicCert, NULL, printX509Signature(), Ssl::CertificateProperties::setCommonName, Ssl::CertificateProperties::setValidAfter, Ssl::CertificateProperties::setValidBefore, Ssl::CertificateProperties::signAlgorithm, and Ssl::CertificateProperties::signHash.

Referenced by processNewRequest().

◆ OpenCertsFileForReading()

bool Ssl::OpenCertsFileForReading ( Ssl::BIO_Pointer bio,
const char *  filename 
)

Initialize the bio with the file 'filename' openned for reading

Definition at line 686 of file gadgets.cc.

Referenced by Ssl::CertificateDb::ReadEntry(), and Ssl::ReadPrivateKeyFromFile().

◆ OpenCertsFileForWriting()

bool Ssl::OpenCertsFileForWriting ( Ssl::BIO_Pointer bio,
const char *  filename 
)

Initialize the bio with the file 'filename' openned for writting

Definition at line 730 of file gadgets.cc.

Referenced by Ssl::CertificateDb::WriteEntry().

◆ readCertAndPrivateKeyFromMemory()

bool Ssl::readCertAndPrivateKeyFromMemory ( Security::CertPointer cert,
Security::PrivateKeyPointer &  pkey,
char const *  bufferToRead 
)

Write private key and SSL certificate to memory.

Definition at line 116 of file gadgets.cc.

References NULL, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by Ssl::configureSSLUsingPkeyAndCertFromMemory(), Ssl::GenerateSslContextUsingPkeyAndCertFromMemory(), and Ssl::CrtdMessage::parseRequest().

◆ readCertFromMemory()

bool Ssl::readCertFromMemory ( Security::CertPointer cert,
char const *  bufferToRead 
)

Read SSL certificate from memory.

Definition at line 134 of file gadgets.cc.

References NULL, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by Ssl::CrtdMessage::parseRequest(), and Ssl::CertValidationMsg::parseResponse().

◆ ReadPrivateKey()

bool Ssl::ReadPrivateKey ( Ssl::BIO_Pointer bio,
Security::PrivateKeyPointer &  pkey,
pem_password_cb *  passwd_callback 
)

Read a private key from bio

Definition at line 708 of file gadgets.cc.

References assert, and NULL.

Referenced by Ssl::CertificateDb::ReadEntry(), and Ssl::ReadPrivateKeyFromFile().

◆ ReadPrivateKeyFromFile()

void Ssl::ReadPrivateKeyFromFile ( char const *  keyFilename,
Security::PrivateKeyPointer &  pkey,
pem_password_cb *  passwd_callback 
)

Read private key from file.

Definition at line 719 of file gadgets.cc.

References Ssl::OpenCertsFileForReading(), and Ssl::ReadPrivateKey().

Referenced by Security::KeyData::loadX509PrivateKeyFromFile().

◆ ReadX509Certificate()

bool Ssl::ReadX509Certificate ( Ssl::BIO_Pointer bio,
Security::CertPointer cert 
)

Read a certificate from bio

Definition at line 697 of file gadgets.cc.

References assert, NULL, and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by Ssl::CertificateDb::ReadEntry().

◆ sslCertAdaptAlgoritm()

const char* Ssl::sslCertAdaptAlgoritm ( int  alg)
inline

Return the short name of the adaptation algorithm "alg"

Definition at line 200 of file gadgets.h.

References Ssl::algSetEnd, Ssl::CertAdaptAlgorithmStr, and NULL.

Referenced by dump_sslproxy_cert_adapt().

◆ sslDateIsInTheFuture()

bool Ssl::sslDateIsInTheFuture ( char const *  date)

Verify date. Date format it ASN1_UTCTIME. if there is out of date error, return false.

Definition at line 760 of file gadgets.cc.

Referenced by Ssl::CertificateDb::deleteInvalidCertificate(), and Ssl::CertificateDb::pure_find().

◆ writeCertAndPrivateKeyToMemory()

bool Ssl::writeCertAndPrivateKeyToMemory ( Security::CertPointer const &  cert,
Security::PrivateKeyPointer const &  pkey,
std::string &  bufferToWrite 
)

Write private key and SSL certificate to memory.

Definition at line 68 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get(), len, and NULL.

Referenced by Ssl::CrtdMessage::composeRequest(), and processNewRequest().

◆ WritePrivateKey()

bool Ssl::WritePrivateKey ( Ssl::BIO_Pointer bio,
const Security::PrivateKeyPointer &  pkey 
)

Write private key to BIO.

Definition at line 751 of file gadgets.cc.

References NULL.

Referenced by Ssl::CertificateDb::WriteEntry().

◆ WriteX509Certificate()

bool Ssl::WriteX509Certificate ( Ssl::BIO_Pointer bio,
const Security::CertPointer cert 
)

Write certificate to BIO.

Definition at line 741 of file gadgets.cc.

References Security::LockingPointer< T, UnLocker, Locker >::get().

Referenced by Ssl::CertificateDb::WriteEntry().

Variable Documentation

◆ CertAdaptAlgorithmStr

const char * Ssl::CertAdaptAlgorithmStr
Initial value:
= {
"setValidAfter",
"setValidBefore",
"setCommonName",
NULL
}
NULL
#define NULL
Definition: types.h:166

Short names for certificate adaptation algorithms

Definition at line 202 of file gadgets.cc.

Referenced by ConnStateData::buildSslCertGenerationParams(), Ssl::CrtdMessage::composeRequest(), parse_sslproxy_cert_adapt(), and Ssl::sslCertAdaptAlgoritm().

◆ CertSignAlgorithmStr

const char * Ssl::CertSignAlgorithmStr
Initial value:
= {
"signTrusted",
"signUntrusted",
"signSelf",
NULL
}
NULL
#define NULL
Definition: types.h:166

Short names for certificate signing algorithms

Definition at line 195 of file gadgets.cc.

Referenced by Ssl::certSignAlgorithm(), Ssl::certSignAlgorithmId(), and parse_sslproxy_cert_sign().

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors