/* * Copyright 2021 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef KMSP11_CERT_AUTHORITY_H_ #define KMSP11_CERT_AUTHORITY_H_ #include "common/kms_client.h" #include "common/openssl.h" #include "kmsp11/util/crypto_utils.h" namespace cloud_kms::kmsp11 { // CertAuthority implements an x.509 v3 certificate authority that generates // certificates suitable for lookup in JCA. class CertAuthority { public: static absl::StatusOr<std::unique_ptr<CertAuthority>> New(); absl::StatusOr<bssl::UniquePtr<X509>> GenerateCert( const kms_v1::CryptoKeyVersion& ckv, EVP_PKEY* public_key) const; private: CertAuthority(bssl::UniquePtr<EVP_PKEY> signing_key); bssl::UniquePtr<EVP_PKEY> signing_key_; std::string issuer_cn_; }; } // namespace cloud_kms::kmsp11 #endif // KMSP11_CERT_AUTHORITY_H_