mirror of
https://github.com/apple/foundationdb.git
synced 2025-06-02 19:25:52 +08:00
3e79735b2f
* Add JWT support to TokenSign
* Encapsulate OpenSSL public/private key type
Type-safe passing around of keys without having to DER/PEM-serialize
(OpenSSL doesn't have distinct types for public and private key)
* Apply Clang format
* Add verify benchmark for JWT and FlatBuffers token
* Unit test base64url::{encode, decode}
* Make all payload fields optional
Let user code validate non-signature fields
* Make all payload fields optional
Completely defer field check to user code
* Move rapidjson from fdbclient to contrib
* Make fdbrpc's rapidjson linkage private
Currently only sources include them.
* Modify rapidjson path in apiversioner.py
* Algorithm::Unknown > Algorithm::UNKNOWN
100 lines
2.5 KiB
C++
100 lines
2.5 KiB
C++
/*
|
|
* PKey.h
|
|
*
|
|
* This source file is part of the FoundationDB open source project
|
|
*
|
|
* Copyright 2013-2022 Apple Inc. and the FoundationDB project authors
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef FLOW_PKEY_H
|
|
#define FLOW_PKEY_H
|
|
|
|
#include <memory>
|
|
#include <openssl/evp.h>
|
|
#include "flow/Arena.h"
|
|
|
|
struct PemEncoded {};
|
|
struct DerEncoded {};
|
|
|
|
class PrivateKey;
|
|
|
|
// Consumes public key in ASN.1 subjectPublicKeyInfo encoding
|
|
class PublicKey {
|
|
std::shared_ptr<EVP_PKEY> ptr;
|
|
|
|
public:
|
|
PublicKey() noexcept = default;
|
|
|
|
// PEM_read_bio_PUBKEY
|
|
PublicKey(PemEncoded, StringRef pem);
|
|
|
|
// d2i_PUBKEY
|
|
PublicKey(DerEncoded, StringRef der);
|
|
|
|
PublicKey(const PublicKey& other) noexcept = default;
|
|
|
|
PublicKey& operator=(const PublicKey& other) noexcept = default;
|
|
|
|
// PEM_write_bio_PUBKEY
|
|
StringRef writePem(Arena& arena) const;
|
|
|
|
// i2d_PUBKEY
|
|
StringRef writeDer(Arena& arena) const;
|
|
|
|
EVP_PKEY* nativeHandle() const noexcept { return ptr.get(); }
|
|
|
|
explicit operator bool() const noexcept { return static_cast<bool>(ptr); }
|
|
};
|
|
|
|
class PrivateKey {
|
|
std::shared_ptr<EVP_PKEY> ptr;
|
|
|
|
public:
|
|
PrivateKey() noexcept = default;
|
|
|
|
// PEM_read_bio_PrivateKey
|
|
PrivateKey(PemEncoded, StringRef pem);
|
|
|
|
// d2i_AutoPrivateKey
|
|
PrivateKey(DerEncoded, StringRef der);
|
|
|
|
// Unsafe. Use when you're sure of unsafePtr's content & lifetime
|
|
PrivateKey(std::shared_ptr<EVP_PKEY> unsafePtr);
|
|
|
|
PrivateKey(const PrivateKey& other) noexcept = default;
|
|
|
|
PrivateKey& operator=(const PrivateKey& other) noexcept = default;
|
|
|
|
// PEM_write_bio_PrivateKey
|
|
StringRef writePem(Arena& arena) const;
|
|
|
|
// d2i_PrivateKey
|
|
StringRef writeDer(Arena& arena) const;
|
|
|
|
// PEM_write_bio_PUBKEY
|
|
StringRef writePublicKeyPem(Arena& arena) const;
|
|
|
|
// i2d_PUBKEY
|
|
StringRef writePublicKeyDer(Arena& arena) const;
|
|
|
|
EVP_PKEY* nativeHandle() const noexcept { return ptr.get(); }
|
|
|
|
explicit operator bool() const noexcept { return static_cast<bool>(ptr); }
|
|
|
|
// Create a PublicKey independent of this key
|
|
PublicKey toPublicKey() const;
|
|
};
|
|
#endif /*FLOW_PKEY_H*/
|