ladybird/Userland/Libraries/LibTLS/Certificate.h

/*
 * Copyright (c) 2020, the SerenityOS developers.
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#pragma once

#include <AK/ByteBuffer.h>
#include <AK/Forward.h>
#include <AK/Optional.h>
#include <AK/Singleton.h>
#include <AK/Types.h>
#include <LibCore/DateTime.h>
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
#include <LibCrypto/PK/RSA.h>

namespace TLS {

enum class CertificateKeyAlgorithm {
    Unsupported = 0x00,
    RSA_RSA = 0x01,
    RSA_MD5 = 0x04,
    RSA_SHA1 = 0x05,
    RSA_SHA256 = 0x0b,
    RSA_SHA384 = 0x0c,
    RSA_SHA512 = 0x0d,
};

class Certificate {
public:
    u16 version { 0 };
    CertificateKeyAlgorithm algorithm { CertificateKeyAlgorithm::Unsupported };
    CertificateKeyAlgorithm key_algorithm { CertificateKeyAlgorithm::Unsupported };
    CertificateKeyAlgorithm ec_algorithm { CertificateKeyAlgorithm::Unsupported };
    ByteBuffer exponent {};
    Crypto::PK::RSAPublicKey<Crypto::UnsignedBigInteger> public_key {};
    Crypto::PK::RSAPrivateKey<Crypto::UnsignedBigInteger> private_key {};
    struct Name {
        String country;
        String state;
        String location;
        String entity;
        String subject;
        String unit;
    } issuer, subject;
    Core::DateTime not_before;
    Core::DateTime not_after;
    Vector<String> SAN;
    u8* ocsp { nullptr };
    Crypto::UnsignedBigInteger serial_number;
    ByteBuffer sign_key {};
    ByteBuffer fingerprint {};
    ByteBuffer der {};
    ByteBuffer data {};
    CertificateKeyAlgorithm signature_algorithm { CertificateKeyAlgorithm::Unsupported };
    ByteBuffer signature_value {};

    static Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false);

    bool is_valid() const;
};

class DefaultRootCACertificates {
public:
    DefaultRootCACertificates();

    Vector<Certificate> const& certificates() const { return m_ca_certificates; }

    static DefaultRootCACertificates& the() { return s_the; }

private:
    static Singleton<DefaultRootCACertificates> s_the;

    Vector<Certificate> m_ca_certificates;
};

}

using TLS::Certificate;
using TLS::DefaultRootCACertificates;
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`/*`
			`* Copyright (c) 2020, the SerenityOS developers.`
			`*`
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt * 2021-04-22 08:24:48 +00:00			`* SPDX-License-Identifier: BSD-2-Clause`
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`*/`

			`#pragma once`

			`#include <AK/ByteBuffer.h>`
			`#include <AK/Forward.h>`
LibTLS: Move the asn certificate parser to Certificate.cpp 2021-05-17 18:40:45 +00:00			`#include <AK/Optional.h>`
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file. 2020-10-30 08:26:31 +00:00			`#include <AK/Singleton.h>`
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`#include <AK/Types.h>`
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^) 2021-04-18 09:16:17 +00:00			`#include <LibCore/DateTime.h>`
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`#include <LibCrypto/BigInt/UnsignedBigInteger.h>`
			`#include <LibCrypto/PK/RSA.h>`

			`namespace TLS {`

			`enum class CertificateKeyAlgorithm {`
			`Unsupported = 0x00,`
			`RSA_RSA = 0x01,`
			`RSA_MD5 = 0x04,`
			`RSA_SHA1 = 0x05,`
			`RSA_SHA256 = 0x0b,`
LibTLS: Add SHA-384 as supported certificate signing algorithm 2022-02-13 16:00:04 +00:00			`RSA_SHA384 = 0x0c,`
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`RSA_SHA512 = 0x0d,`
			`};`

LibTLS: Move the asn certificate parser to Certificate.cpp 2021-05-17 18:40:45 +00:00			`class Certificate {`
			`public:`
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^) 2021-04-18 09:16:17 +00:00			`u16 version { 0 };`
			`CertificateKeyAlgorithm algorithm { CertificateKeyAlgorithm::Unsupported };`
			`CertificateKeyAlgorithm key_algorithm { CertificateKeyAlgorithm::Unsupported };`
			`CertificateKeyAlgorithm ec_algorithm { CertificateKeyAlgorithm::Unsupported };`
			`ByteBuffer exponent {};`
			`Crypto::PK::RSAPublicKey<Crypto::UnsignedBigInteger> public_key {};`
			`Crypto::PK::RSAPrivateKey<Crypto::UnsignedBigInteger> private_key {};`
			`struct Name {`
			`String country;`
			`String state;`
			`String location;`
			`String entity;`
			`String subject;`
			`String unit;`
			`} issuer, subject;`
			`Core::DateTime not_before;`
			`Core::DateTime not_after;`
LibTLS: Read subjectAltName from certificates and use it As quite a few certificates use this extension, reading and using it to find matching certificates is fairly useful :^) 2020-12-13 18:55:09 +00:00			`Vector<String> SAN;`
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^) 2021-04-18 09:16:17 +00:00			`u8* ocsp { nullptr };`
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`Crypto::UnsignedBigInteger serial_number;`
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^) 2021-04-18 09:16:17 +00:00			`ByteBuffer sign_key {};`
			`ByteBuffer fingerprint {};`
			`ByteBuffer der {};`
			`ByteBuffer data {};`
LibTLS: Parse Certificate signature algorithm and value This part of the certificate was originally just skipped, however it will be needed to check the validity of the certificate. 2022-02-21 21:14:40 +00:00			`CertificateKeyAlgorithm signature_algorithm { CertificateKeyAlgorithm::Unsupported };`
			`ByteBuffer signature_value {};`
LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00
LibTLS: Move the asn certificate parser to Certificate.cpp 2021-05-17 18:40:45 +00:00			`static Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false);`

LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`bool is_valid() const;`
			`};`

LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file. 2020-10-30 08:26:31 +00:00			`class DefaultRootCACertificates {`
			`public:`
			`DefaultRootCACertificates();`

Everywhere: Run clang-format 2022-04-01 17:58:27 +00:00			`Vector<Certificate> const& certificates() const { return m_ca_certificates; }`
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file. 2020-10-30 08:26:31 +00:00
			`static DefaultRootCACertificates& the() { return s_the; }`

			`private:`
Everywhere: Replace AK::Singleton => Singleton 2021-08-07 19:34:11 +00:00			`static Singleton<DefaultRootCACertificates> s_the;`
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file. 2020-10-30 08:26:31 +00:00
			`Vector<Certificate> m_ca_certificates;`
			`};`

LibTLS: Move out Certificate to its own header file 2020-10-29 08:23:13 +00:00			`}`

			`using TLS::Certificate;`
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file. 2020-10-30 08:26:31 +00:00			`using TLS::DefaultRootCACertificates;`