diff --git a/src/ds/x509_time_fmt.h b/include/ccf/ds/x509_time_fmt.h similarity index 99% rename from src/ds/x509_time_fmt.h rename to include/ccf/ds/x509_time_fmt.h index 7dc01f597..2b3982797 100644 --- a/src/ds/x509_time_fmt.h +++ b/include/ccf/ds/x509_time_fmt.h @@ -11,7 +11,7 @@ #include #include -namespace ds +namespace ccf::ds { static inline std::string to_x509_time_string(const std::tm& time) { diff --git a/src/crypto/certs.h b/src/crypto/certs.h index 1164bade3..24a41ce2d 100644 --- a/src/crypto/certs.h +++ b/src/crypto/certs.h @@ -4,7 +4,7 @@ #include "ccf/crypto/key_pair.h" #include "ccf/crypto/pem.h" -#include "ds/x509_time_fmt.h" +#include "ccf/ds/x509_time_fmt.h" #include #include @@ -17,9 +17,9 @@ namespace ccf::crypto using namespace std::chrono_literals; // Note: As per RFC 5280, the validity period runs until "notAfter" // _inclusive_ so substract one second from the validity period. - auto valid_to = ::ds::time_point_from_string(valid_from) + + auto valid_to = ccf::ds::time_point_from_string(valid_from) + std::chrono::days(validity_period_days) - 1s; - return ::ds::to_x509_time_string(valid_to); + return ccf::ds::to_x509_time_string(valid_to); } static Pem create_self_signed_cert( diff --git a/src/crypto/openssl/openssl_wrappers.h b/src/crypto/openssl/openssl_wrappers.h index 92a797222..6cbd71c35 100644 --- a/src/crypto/openssl/openssl_wrappers.h +++ b/src/crypto/openssl/openssl_wrappers.h @@ -6,8 +6,9 @@ #define FMT_HEADER_ONLY +#include "ccf/ds/x509_time_fmt.h" + #include -#include #include #include #include @@ -360,7 +361,7 @@ namespace ccf::crypto Unique_X509_TIME(const std::string& s) : Unique_SSL_OBJECT(ASN1_TIME_new(), ASN1_TIME_free, /*check_null=*/false) { - auto t = ::ds::to_x509_time_string(s); + auto t = ccf::ds::to_x509_time_string(s); CHECK1(ASN1_TIME_set_string(*this, t.c_str())); CHECK1(ASN1_TIME_normalize(*this)); } @@ -368,7 +369,7 @@ namespace ccf::crypto Unique_SSL_OBJECT(t, ASN1_TIME_free, /*check_null=*/false) {} Unique_X509_TIME(const std::chrono::system_clock::time_point& t) : - Unique_X509_TIME(::ds::to_x509_time_string(t)) + Unique_X509_TIME(ccf::ds::to_x509_time_string(t)) {} }; @@ -424,5 +425,12 @@ namespace ccf::crypto { using Unique_SSL_OBJECT::Unique_SSL_OBJECT; }; + + struct Unique_EVP_PKEY + : public Unique_SSL_OBJECT + { + Unique_EVP_PKEY() = default; + Unique_EVP_PKEY(EVP_PKEY* key) : Unique_SSL_OBJECT(key, EVP_PKEY_free) {} + }; } } diff --git a/src/crypto/openssl/verifier.cpp b/src/crypto/openssl/verifier.cpp index cd192854b..5bd034d5e 100644 --- a/src/crypto/openssl/verifier.cpp +++ b/src/crypto/openssl/verifier.cpp @@ -208,7 +208,7 @@ namespace ccf::crypto const std::chrono::system_clock::time_point& now) const { auto [from, to] = validity_period(); - auto tp_to = ::ds::time_point_from_string(to); + auto tp_to = ccf::ds::time_point_from_string(to); return std::chrono::duration_cast(tp_to - now) .count() + 1; @@ -218,8 +218,8 @@ namespace ccf::crypto const std::chrono::system_clock::time_point& now) const { auto [from, to] = validity_period(); - auto tp_from = ::ds::time_point_from_string(from); - auto tp_to = ::ds::time_point_from_string(to); + auto tp_from = ccf::ds::time_point_from_string(from); + auto tp_to = ccf::ds::time_point_from_string(to); auto total_sec = std::chrono::duration_cast(tp_to - tp_from) .count() + diff --git a/src/crypto/openssl/x509_time.h b/src/crypto/openssl/x509_time.h index 93bd2fd9a..00839ac76 100644 --- a/src/crypto/openssl/x509_time.h +++ b/src/crypto/openssl/x509_time.h @@ -2,7 +2,7 @@ // Licensed under the Apache 2.0 License. #pragma once -#include "ds/x509_time_fmt.h" +#include "ccf/ds/x509_time_fmt.h" #include "openssl_wrappers.h" #include @@ -30,6 +30,6 @@ namespace ccf::crypto::OpenSSL { std::tm t; CHECK1(ASN1_TIME_to_tm(time, &t)); - return ::ds::to_x509_time_string(t); + return ccf::ds::to_x509_time_string(t); } } diff --git a/src/crypto/test/crypto.cpp b/src/crypto/test/crypto.cpp index 5ed9eacc0..5fccd1aa5 100644 --- a/src/crypto/test/crypto.cpp +++ b/src/crypto/test/crypto.cpp @@ -12,6 +12,7 @@ #include "ccf/crypto/rsa_key_pair.h" #include "ccf/crypto/symmetric_key.h" #include "ccf/crypto/verifier.h" +#include "ccf/ds/x509_time_fmt.h" #include "crypto/certs.h" #include "crypto/csr.h" #include "crypto/openssl/cose_sign.h" @@ -21,7 +22,6 @@ #include "crypto/openssl/symmetric_key.h" #include "crypto/openssl/verifier.h" #include "crypto/openssl/x509_time.h" -#include "ds/x509_time_fmt.h" #include #include @@ -189,7 +189,7 @@ ccf::crypto::Pem generate_self_signed_cert( constexpr size_t certificate_validity_period_days = 365; using namespace std::literals; auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); return ccf::crypto::create_self_signed_cert( kp, name, {}, valid_from, certificate_validity_period_days); @@ -755,71 +755,71 @@ void run_csr(bool corrupt_csr = false) TEST_CASE("2-digit years") { auto time_str = "220405175422Z"; - auto tp = ::ds::time_point_from_string(time_str); - auto conv = ::ds::to_x509_time_string(tp); + auto tp = ccf::ds::time_point_from_string(time_str); + auto conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == std::string("20") + time_str); } TEST_CASE("Non-ASN.1 timepoint formats") { auto time_str = "2022-04-05 18:53:27"; - auto tp = ::ds::time_point_from_string(time_str); - auto conv = ::ds::to_x509_time_string(tp); + auto tp = ccf::ds::time_point_from_string(time_str); + auto conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220405185327Z"); time_str = "2022-04-05 18:53:27.190380"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220405185327Z"); time_str = "2022-04-05 18:53:27 +03:00"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220405155327Z"); time_str = "2022-04-05 18:53:27 +0300"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220405155327Z"); time_str = "2022-04-05 18:53:27.190380+03:00"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220405155327Z"); time_str = "2022-04-05 18:53:27 -03:00"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220405215327Z"); time_str = "2022-04-07T10:37:49.567612"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220407103749Z"); time_str = "2022-04-07T10:37:49.567612+03:00"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220407073749Z"); time_str = "2022-04-07T10:37:49.567612Z"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220407103749Z"); time_str = "220425165619+0000"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220425165619Z"); time_str = "220425165619+0200"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220425145619Z"); time_str = "20220425165619-0300"; - tp = ::ds::time_point_from_string(time_str); - conv = ::ds::to_x509_time_string(tp); + tp = ccf::ds::time_point_from_string(time_str); + conv = ccf::ds::to_x509_time_string(tp); REQUIRE(conv == "20220425195619Z"); } @@ -987,9 +987,9 @@ TEST_CASE("x509 time") auto to = ccf::crypto::OpenSSL::Unique_X509_TIME(adjusted_time); // Convert to string and back to time_points - auto from_conv = ::ds::time_point_from_string( + auto from_conv = ccf::ds::time_point_from_string( ccf::crypto::OpenSSL::to_x509_time_string(from)); - auto to_conv = ::ds::time_point_from_string( + auto to_conv = ccf::ds::time_point_from_string( ccf::crypto::OpenSSL::to_x509_time_string(to)); // Diff is still the same amount of days @@ -1007,7 +1007,7 @@ TEST_CASE("x509 time") for (auto const& days_offset : days_offsets) { auto adjusted_time = time + std::chrono::days(days_offset); - auto adjusted_str = ::ds::to_x509_time_string(adjusted_time); + auto adjusted_str = ccf::ds::to_x509_time_string(adjusted_time); auto asn1_time = ccf::crypto::OpenSSL::Unique_X509_TIME(adjusted_str); auto converted_str = ccf::crypto::OpenSSL::to_x509_time_string(asn1_time); REQUIRE(converted_str == adjusted_str); diff --git a/src/crypto/test/kp_cert.cpp b/src/crypto/test/kp_cert.cpp index f7140359a..cf1337a43 100644 --- a/src/crypto/test/kp_cert.cpp +++ b/src/crypto/test/kp_cert.cpp @@ -7,7 +7,8 @@ #include constexpr size_t certificate_validity_period_days = 365; -auto valid_from = ::ds::to_x509_time_string(std::chrono::system_clock::now()); +auto valid_from = + ccf::ds::to_x509_time_string(std::chrono::system_clock::now()); auto valid_to = ccf::crypto::compute_cert_valid_to_string( valid_from, certificate_validity_period_days); diff --git a/src/endpoints/authentication/cert_auth.cpp b/src/endpoints/authentication/cert_auth.cpp index b5eafa69f..e02452f16 100644 --- a/src/endpoints/authentication/cert_auth.cpp +++ b/src/endpoints/authentication/cert_auth.cpp @@ -3,13 +3,13 @@ #include "ccf/endpoints/authentication/cert_auth.h" +#include "ccf/ds/x509_time_fmt.h" #include "ccf/pal/locking.h" #include "ccf/rpc_context.h" #include "ccf/service/tables/members.h" #include "ccf/service/tables/nodes.h" #include "ccf/service/tables/users.h" #include "ds/lru.h" -#include "ds/x509_time_fmt.h" #include "enclave/enclave_time.h" namespace ccf @@ -49,12 +49,12 @@ namespace ccf const auto valid_from_unix_time = duration_cast( - ::ds::time_point_from_string(valid_from_timestring) + ccf::ds::time_point_from_string(valid_from_timestring) .time_since_epoch()) .count(); const auto valid_to_unix_time = duration_cast( - ::ds::time_point_from_string(valid_to_timestring) + ccf::ds::time_point_from_string(valid_to_timestring) .time_since_epoch()) .count(); diff --git a/src/host/main.cpp b/src/host/main.cpp index 469b233a5..614bfecd0 100644 --- a/src/host/main.cpp +++ b/src/host/main.cpp @@ -3,6 +3,7 @@ #include "ccf/ds/logger.h" #include "ccf/ds/unit_strings.h" +#include "ccf/ds/x509_time_fmt.h" #include "ccf/pal/attestation.h" #include "ccf/pal/platform.h" #include "ccf/version.h" @@ -13,7 +14,6 @@ #include "ds/non_blocking.h" #include "ds/nonstd.h" #include "ds/oversized.h" -#include "ds/x509_time_fmt.h" #include "enclave.h" #include "handle_ring_buffer.h" #include "host/env.h" @@ -593,7 +593,7 @@ int main(int argc, char** argv) LOG_INFO_FMT("Startup host time: {}", startup_host_time); startup_config.startup_host_time = - ::ds::to_x509_time_string(startup_host_time); + ccf::ds::to_x509_time_string(startup_host_time); if (config.command.type == StartType::Start) { diff --git a/src/node/rpc/test/frontend_test_infra.h b/src/node/rpc/test/frontend_test_infra.h index 1ba5aa351..370970e9c 100644 --- a/src/node/rpc/test/frontend_test_infra.h +++ b/src/node/rpc/test/frontend_test_infra.h @@ -31,7 +31,7 @@ using TResponse = ::http::SimpleResponseProcessor::Response; constexpr size_t certificate_validity_period_days = 365; using namespace std::literals; auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); auto valid_to = ccf::crypto::compute_cert_valid_to_string( valid_from, certificate_validity_period_days); @@ -118,7 +118,7 @@ std::unique_ptr make_test_network_ident() { using namespace std::literals; const auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); return std::make_unique( "CN=CCF test network", ccf::crypto::service_identity_curve_choice, diff --git a/src/node/test/channels.cpp b/src/node/test/channels.cpp index 462b1fa9e..506c17a7b 100644 --- a/src/node/test/channels.cpp +++ b/src/node/test/channels.cpp @@ -79,12 +79,13 @@ static std::pair make_validity_pair(bool expired) if (expired) { return std::make_pair( - ::ds::to_x509_time_string(now - std::chrono::days(2 * validity_days)), + ccf::ds::to_x509_time_string(now - std::chrono::days(2 * validity_days)), validity_days); } else { - return std::make_pair(::ds::to_x509_time_string(now - 24h), validity_days); + return std::make_pair( + ccf::ds::to_x509_time_string(now - 24h), validity_days); } } diff --git a/src/node/test/historical_queries.cpp b/src/node/test/historical_queries.cpp index 5959b3848..8b31b7863 100644 --- a/src/node/test/historical_queries.cpp +++ b/src/node/test/historical_queries.cpp @@ -31,7 +31,7 @@ using NumToString = ccf::kv::Map; constexpr size_t certificate_validity_period_days = 365; using namespace std::literals; auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); auto valid_to = ccf::crypto::compute_cert_valid_to_string( valid_from, certificate_validity_period_days); diff --git a/src/node/test/history.cpp b/src/node/test/history.cpp index 1ad1cb2e9..91cad0b6e 100644 --- a/src/node/test/history.cpp +++ b/src/node/test/history.cpp @@ -4,10 +4,10 @@ #include "ccf/app_interface.h" #include "ccf/ds/logger.h" +#include "ccf/ds/x509_time_fmt.h" #include "ccf/service/tables/nodes.h" #include "crypto/certs.h" #include "crypto/openssl/hash.h" -#include "ds/x509_time_fmt.h" #include "kv/kv_types.h" #include "kv/store.h" #include "kv/test/null_encryptor.h" @@ -26,7 +26,7 @@ using MapT = ccf::kv::Map; constexpr size_t certificate_validity_period_days = 365; using namespace std::literals; auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); auto valid_to = ccf::crypto::compute_cert_valid_to_string( valid_from, certificate_validity_period_days); diff --git a/src/node/test/receipt.cpp b/src/node/test/receipt.cpp index 1ab323db5..ae8a70632 100644 --- a/src/node/test/receipt.cpp +++ b/src/node/test/receipt.cpp @@ -4,10 +4,10 @@ #include "ccf/receipt.h" #include "ccf/crypto/key_pair.h" +#include "ccf/ds/x509_time_fmt.h" #include "ccf/service/tables/nodes.h" #include "crypto/openssl/hash.h" #include "crypto/openssl/key_pair.h" -#include "ds/x509_time_fmt.h" #include #include @@ -31,9 +31,9 @@ void populate_receipt(std::shared_ptr receipt) { using namespace std::literals; const auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 1h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 1h); const auto valid_to = - ::ds::to_x509_time_string(std::chrono::system_clock::now() + 1h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() + 1h); auto node_kp = ccf::crypto::make_key_pair(); auto node_cert = node_kp->self_sign("CN=node", valid_from, valid_to); diff --git a/src/tls/test/main.cpp b/src/tls/test/main.cpp index 51bf6740c..6e619baf6 100644 --- a/src/tls/test/main.cpp +++ b/src/tls/test/main.cpp @@ -223,7 +223,7 @@ static ccf::crypto::Pem generate_self_signed_cert( using namespace std::literals; constexpr size_t certificate_validity_period_days = 365; auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); return ccf::crypto::create_self_signed_cert( kp, name, {}, valid_from, certificate_validity_period_days); @@ -239,7 +239,7 @@ static ccf::crypto::Pem generate_endorsed_cert( using namespace std::literals; auto valid_from = - ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); + ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h); return ccf::crypto::create_endorsed_cert( kp,