5.x/doxygen/identity_8h_source.html

// Copyright (c) Microsoft Corporation. All rights reserved.

// Licensed under the Apache 2.0 License.

#pragma once


#include "ccf/crypto/curve.h"

#include "ccf/crypto/verifier.h"

#include "crypto/certs.h"

#include "crypto/openssl/key_pair.h"


#include <openssl/crypto.h>

#include <string>

#include <vector>


namespace ccf

{


  enum class IdentityType

  {

    REPLICATED,

    SPLIT

  };


  struct NetworkIdentity

  {

    ccf::crypto::Pem priv_key;

    ccf::crypto::Pem cert;

    std::optional<IdentityType> type = IdentityType::REPLICATED;

    std::string subject_name = "CN=CCF Service";


    bool operator==(const NetworkIdentity& other) const

    {

      return cert == other.cert && priv_key == other.priv_key &&

        type == other.type && subject_name == other.subject_name;

    }


    NetworkIdentity(const std::string& subject_name_) :

      type(IdentityType::REPLICATED),

      subject_name(subject_name_)

    {}


    NetworkIdentity() = default;


    virtual ccf::crypto::Pem issue_certificate(

      const std::string& valid_from, size_t validity_period_days)

    {

      return {};

    }


    virtual void set_certificate(const ccf::crypto::Pem& certificate) {}


    virtual ~NetworkIdentity() {}

  };


  class ReplicatedNetworkIdentity : public NetworkIdentity

  {

  public:

    ReplicatedNetworkIdentity() = default;


    ReplicatedNetworkIdentity(

      const std::string& subject_name_,

      ccf::crypto::CurveID curve_id,

      const std::string& valid_from,

      size_t validity_period_days) :

      NetworkIdentity(subject_name_)

    {

      auto identity_key_pair =

        std::make_shared<ccf::crypto::KeyPair_OpenSSL>(curve_id);

      priv_key = identity_key_pair->private_key_pem();


      cert = ccf::crypto::create_self_signed_cert(

        identity_key_pair,

        subject_name,

        {} /* SAN */,

        valid_from,

        validity_period_days);

    }


    ReplicatedNetworkIdentity(const NetworkIdentity& other) :

      NetworkIdentity(ccf::crypto::get_subject_name(other.cert))

    {

      if (type != other.type)

      {

        throw std::runtime_error("invalid identity type conversion");

      }

      priv_key = other.priv_key;

      cert = other.cert;

    }


    virtual ccf::crypto::Pem issue_certificate(

      const std::string& valid_from, size_t validity_period_days) override

    {

      auto identity_key_pair =

        std::make_shared<ccf::crypto::KeyPair_OpenSSL>(priv_key);


      return ccf::crypto::create_self_signed_cert(

        identity_key_pair,

        subject_name,

        {} /* SAN */,

        valid_from,

        validity_period_days);

    }


    virtual void set_certificate(const ccf::crypto::Pem& new_cert) override

    {

      cert = new_cert;

    }


    ~ReplicatedNetworkIdentity() override

    {

      OPENSSL_cleanse(priv_key.data(), priv_key.size());

    }


  };


}

certs.h

ccf::ReplicatedNetworkIdentity
Definition identity.h:53

ccf::ReplicatedNetworkIdentity::ReplicatedNetworkIdentity
ReplicatedNetworkIdentity(const std::string &subject_name_, ccf::crypto::CurveID curve_id, const std::string &valid_from, size_t validity_period_days)
Definition identity.h:57

ccf::ReplicatedNetworkIdentity::issue_certificate
virtual ccf::crypto::Pem issue_certificate(const std::string &valid_from, size_t validity_period_days) override
Definition identity.h:87

ccf::ReplicatedNetworkIdentity::~ReplicatedNetworkIdentity
~ReplicatedNetworkIdentity() override
Definition identity.h:106

ccf::ReplicatedNetworkIdentity::ReplicatedNetworkIdentity
ReplicatedNetworkIdentity()=default

ccf::ReplicatedNetworkIdentity::ReplicatedNetworkIdentity
ReplicatedNetworkIdentity(const NetworkIdentity &other)
Definition identity.h:76

ccf::ReplicatedNetworkIdentity::set_certificate
virtual void set_certificate(const ccf::crypto::Pem &new_cert) override
Definition identity.h:101

ccf::crypto::Pem
Definition pem.h:18

ccf::crypto::Pem::size
size_t size() const
Definition pem.h:61

ccf::crypto::Pem::data
uint8_t * data()
Definition pem.h:51

curve.h

verifier.h

ccf::crypto::CurveID
CurveID
Definition curve.h:18

ccf
Definition app_interface.h:15

ccf::IdentityType
IdentityType
Definition identity.h:17

ccf::IdentityType::REPLICATED
@ REPLICATED

ccf::IdentityType::SPLIT
@ SPLIT

key_pair.h

ccf::NetworkIdentity
Definition identity.h:23

ccf::NetworkIdentity::issue_certificate
virtual ccf::crypto::Pem issue_certificate(const std::string &valid_from, size_t validity_period_days)
Definition identity.h:41

ccf::NetworkIdentity::NetworkIdentity
NetworkIdentity()=default

ccf::NetworkIdentity::NetworkIdentity
NetworkIdentity(const std::string &subject_name_)
Definition identity.h:35

ccf::NetworkIdentity::subject_name
std::string subject_name
Definition identity.h:27

ccf::NetworkIdentity::cert
ccf::crypto::Pem cert
Definition identity.h:25

ccf::NetworkIdentity::priv_key
ccf::crypto::Pem priv_key
Definition identity.h:24

ccf::NetworkIdentity::set_certificate
virtual void set_certificate(const ccf::crypto::Pem &certificate)
Definition identity.h:47

ccf::NetworkIdentity::type
std::optional< IdentityType > type
Definition identity.h:26

ccf::NetworkIdentity::operator==
bool operator==(const NetworkIdentity &other) const
Definition identity.h:29

ccf::NetworkIdentity::~NetworkIdentity
virtual ~NetworkIdentity()
Definition identity.h:49