limal::ca_mgm::CA Class Reference

Managing a CA repository. More...

#include <CA.hpp>

List of all members.

Public Member Functions

 CA (const String &caName, const String &caPasswd, const String &repos=REPOSITORY)
 ~CA ()
String createSubCA (const String &newCaName, const String &keyPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData)
String createRequest (const String &keyPasswd, const RequestGenerationData &requestData, Type requestType)
String issueCertificate (const String &requestName, const CertificateIssueData &issueData, Type certType)
String createCertificate (const String &keyPasswd, const RequestGenerationData &requestData, const CertificateIssueData &certificateData, Type type)
void revokeCertificate (const String &certificateName, const CRLReason &crlReason=CRLReason())
void createCRL (const CRLGenerationData &crlData)
String importRequestData (const limal::ByteBuffer &request, FormatType formatType=E_PEM)
String importRequest (const String &requestFile, FormatType formatType=E_PEM)
CertificateIssueData getIssueDefaults (Type type)
RequestGenerationData getRequestDefaults (Type type)
CRLGenerationData getCRLDefaults ()
void setIssueDefaults (Type type, const CertificateIssueData &defaults)
void setRequestDefaults (Type type, const RequestGenerationData &defaults)
void setCRLDefaults (const CRLGenerationData &defaults)
BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::Map
< BLOCXX_NAMESPACE::String,
BLOCXX_NAMESPACE::String > > 
getCertificateList ()
BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::Map
< BLOCXX_NAMESPACE::String,
BLOCXX_NAMESPACE::String > > 
getRequestList ()
CertificateData getCA ()
RequestData getRequest (const String &requestName)
CertificateData getCertificate (const String &certificateName)
CRLData getCRL ()
limal::ByteBuffer exportCACert (FormatType exportType)
limal::ByteBuffer exportCAKeyAsPEM (const String &newPassword)
limal::ByteBuffer exportCAKeyAsDER ()
limal::ByteBuffer exportCAasPKCS12 (const String &p12Password, bool withChain=false)
limal::ByteBuffer exportCertificate (const String &certificateName, FormatType exportType)
limal::ByteBuffer exportCertificateKeyAsPEM (const String &certificateName, const String &keyPassword, const String &newPassword)
limal::ByteBuffer exportCertificateKeyAsDER (const String &certificateName, const String &keyPassword)
limal::ByteBuffer exportCertificateAsPKCS12 (const String &certificateName, const String &keyPassword, const String &p12Password, bool withChain=false)
limal::ByteBuffer exportCRL (FormatType exportType)
void deleteRequest (const String &requestName)
void deleteCertificate (const String &certificateName, bool requestToo=true)
void updateDB ()
bool verifyCertificate (const String &certificateName, bool crlCheck=true, const String &purpose=String("any"))
CAConfiggetConfig ()

Static Public Member Functions

static void createRootCA (const String &caName, const String &caPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData, const String &repos=REPOSITORY)
static void importCA (const String &caName, const limal::ByteBuffer &caCertificate, const limal::ByteBuffer &caKey, const String &caPasswd=String(), const String &repos=REPOSITORY)
static BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::String > 
getCAList (const String &repos=REPOSITORY)
static BLOCXX_NAMESPACE::List
< BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::String > > 
getCATree (const String &repos=REPOSITORY)
static CertificateIssueData getRootCAIssueDefaults (const String &repos=REPOSITORY)
static RequestGenerationData getRootCARequestDefaults (const String &repos=REPOSITORY)
static void deleteCA (const String &caName, const String &caPasswd, bool force=false, const String &repos=REPOSITORY)

Private Member Functions

 CA ()
 CA (const CA &)
CAoperator= (const CA &)
void checkDNPolicy (const DNObject &dn, Type type)
String initConfigFile ()
void commitConfig2Template ()
void removeDefaultsFromConfig ()

Private Attributes

BLOCXX_NAMESPACE::COWIntrusiveReference
< CAImpl > 
m_impl

Detailed Description

Managing a CA repository.

This class provides methods for managing a CA repository. If you want to know how to use these methods and functions have a look at the example page

Examples:

CreateCertificate.cpp, Export.cpp, and RevokeCertificateAndCreateCRL.cpp.


Constructor & Destructor Documentation

limal::ca_mgm::CA::CA ( const String caName,
const String caPasswd,
const String repos = REPOSITORY 
)

Construct a CA object.

Parameters:
caName the name of this CA.
caPasswd the password of this CA.
repos directory path to the repository root
limal::ca_mgm::CA::~CA (  ) 

Destructor of CA.

limal::ca_mgm::CA::CA (  )  [private]
limal::ca_mgm::CA::CA ( const CA  )  [private]

Member Function Documentation

void limal::ca_mgm::CA::checkDNPolicy ( const DNObject dn,
Type  type 
) [private]

Check if the given dn matches the policy defined in the configuration file On error this method throws exceptions.

Parameters:
dn the DN object
type the Type of the certificate which should be signed
void limal::ca_mgm::CA::commitConfig2Template (  )  [private]

Copy Config file to template On error this method throws exceptions.

String limal::ca_mgm::CA::createCertificate ( const String keyPasswd,
const RequestGenerationData requestData,
const CertificateIssueData certificateData,
Type  type 
)

Create a certificate in the specified CA On error this method throws exceptions.

Parameters:
keyPasswd the password for the private key
requestData the data for the request
certificateData the data of the certificate
type the type of the certificate
Returns:
the name of the certificate
Examples:
RevokeCertificateAndCreateCRL.cpp.
void limal::ca_mgm::CA::createCRL ( const CRLGenerationData crlData  ) 

Create a new CRL with the specified data. On error this method throws exceptions.

Parameters:
crlData the data for the new CRL
Examples:
RevokeCertificateAndCreateCRL.cpp.
String limal::ca_mgm::CA::createRequest ( const String keyPasswd,
const RequestGenerationData requestData,
Type  requestType 
)

Create a certificate request in the specified CA On error this method throws exceptions.

Parameters:
keyPasswd the password for the private key
requestData the data for the request
requestType the type of the request
Returns:
the name of the new request
Examples:
CreateCertificate.cpp.
static void limal::ca_mgm::CA::createRootCA ( const String caName,
const String caPasswd,
const RequestGenerationData caRequestData,
const CertificateIssueData caIssueData,
const String repos = REPOSITORY 
) [static]

Create a new selfsigned root CA plus the whole needed infrastructure. On error this function throws exceptions.

Parameters:
caName the name for this CA
caPasswd the password for this CA
caRequestData the data for the request
caIssueData the data to signing the CA
repos the path to the repository root directory
String limal::ca_mgm::CA::createSubCA ( const String newCaName,
const String keyPasswd,
const RequestGenerationData caRequestData,
const CertificateIssueData caIssueData 
)

Create a new Sub CA and with the whole needed infrastructure. On error this method throws exceptions.

Parameters:
newCaName the name for the new CA
keyPasswd the password for the private key
caRequestData data for the request generation
caIssueData the required data to sign the request
Returns:
The name of the certificate file
static void limal::ca_mgm::CA::deleteCA ( const String caName,
const String caPasswd,
bool  force = false,
const String repos = REPOSITORY 
) [static]

Delete a Certificate Authority infrastructure

Normaly you can only delete a CA if the CA certificate is expired or you have never signed a certificate with this CA. In all other cases you have to set the force parameter to "true" if you realy want to delete the CA and you know what you do. On error this function throws exceptions.

Parameters:
caName the name of the CA to delete
caPasswd the password of the CA
force no checks, simply delete the CA
repos the path to the repository root directory
void limal::ca_mgm::CA::deleteCertificate ( const String certificateName,
bool  requestToo = true 
)

Delete the specified certificate together with the corresponding request and private key if requestToo is set to true. This function works only for revoked or expired certificates. On error this method throws exceptions.

Parameters:
certificateName the certificate to delete
requestToo if set to true also request and key file will be deleted if they exists
void limal::ca_mgm::CA::deleteRequest ( const String requestName  ) 

Delete a Request. This function removes also the private key if one is available. On error this method throws exceptions.

Parameters:
requestName the name of the request
limal::ByteBuffer limal::ca_mgm::CA::exportCAasPKCS12 ( const String p12Password,
bool  withChain = false 
)

Return the CA certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.

Parameters:
p12Password the password for the private key
withChain should the certificate chain be included set this to true, otherwise set this to false
Returns:
the data in PKCS12 format
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCACert ( FormatType  exportType  ) 

Return the CA certificate in PEM or DER format. On error this method throws exceptions.

Parameters:
exportType the type in which the CA should be exported
Returns:
this CA certificate
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsDER (  ) 

Return the CA private key in DER format. The private Key is decrypted. On error this method throws exceptions.

Returns:
the private key of the CA in DER format
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsPEM ( const String newPassword  ) 

Return the CA private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.

Parameters:
newPassword the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted.
Returns:
the private key of the CA in PEM format
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCertificate ( const String certificateName,
FormatType  exportType 
)

Return the specified certificate in PEM or DER format On error this method throws exceptions.

Parameters:
certificateName the name of the certificate
exportType the format in which the certificate should be exported
Returns:
the certificate data
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCertificateAsPKCS12 ( const String certificateName,
const String keyPassword,
const String p12Password,
bool  withChain = false 
)

Return the certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.

Parameters:
certificateName the name of the certificate
keyPassword the current password of the key.
p12Password the password for the private key
withChain should the certificate chain be included set this to true, otherwise set this to false
Returns:
the data in PKCS12 format
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsDER ( const String certificateName,
const String keyPassword 
)

Return the certificate private key in DER format. The private Key is decrypted. On error this method throws exceptions.

Parameters:
certificateName the name of the certificate
keyPassword the current password of the key.
Returns:
the private key in DER format
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsPEM ( const String certificateName,
const String keyPassword,
const String newPassword 
)

Return the certificate private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.

Parameters:
certificateName the name of the certificate
keyPassword the current password of the key.
newPassword the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted.
Returns:
the private key of the certificate in PEM format
Examples:
Export.cpp.
limal::ByteBuffer limal::ca_mgm::CA::exportCRL ( FormatType  exportType  ) 

Export the CRL of this CA in the requested format type. On error this method throws exceptions.

Parameters:
exportType the format type
Returns:
the CRL in the requested format
Examples:
Export.cpp.
CertificateData limal::ca_mgm::CA::getCA (  ) 

Parse this CA and return the data. On error this method throws exceptions.

Returns:
the CA data
static BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::String> limal::ca_mgm::CA::getCAList ( const String repos = REPOSITORY  )  [static]

Get a list of available CAs On error this function throws exceptions.

Parameters:
repos the path to the repository root directory
Returns:
Array of Strings of available CAs
static BLOCXX_NAMESPACE ::List< BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getCATree ( const String repos = REPOSITORY  )  [static]

Return a table of the available CAs and its issuer. If the CA is self-signed the issuer field is empty.

caNameissuer caName
RootCA 
UserCARootCA
IPSecCAUserCA

On error this function throws exceptions.

Parameters:
repos the path to the repository root directory
Returns:
a list of lists of the available CAs
CertificateData limal::ca_mgm::CA::getCertificate ( const String certificateName  ) 

Parse a certificate and return the data. On error this method throws exceptions.

Parameters:
certificateName the name of the certificate
Returns:
the certificate data
BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::Map< BLOCXX_NAMESPACE ::String, BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getCertificateList (  ) 

Get an Array of maps with all certificates of the defined CA. On error this method throws exceptions.

Returns:
a list of maps with all certificates in this CA. the map keys are:
  • certificate (the name of the certificate)
  • commonName
  • emailAddress
  • countryName
  • stateOrProvinceName
  • localityName
  • organizationName
  • organizationalUnitName
  • status (The status of the certificate: "valid", "revoked", "expired")
CAConfig* limal::ca_mgm::CA::getConfig (  ) 

Return the current config object

Returns:
the config object
CRLData limal::ca_mgm::CA::getCRL (  ) 

Parse the current CRL of this CA and return the data. On error this method throws exceptions.

Returns:
the CRL data
CRLGenerationData limal::ca_mgm::CA::getCRLDefaults (  ) 

Get a CRLGenerationData object with current default settings for this CA. On error this method throws exceptions.

Returns:
a CRLGenerationData object with the current defaults
Examples:
RevokeCertificateAndCreateCRL.cpp.
CertificateIssueData limal::ca_mgm::CA::getIssueDefaults ( Type  type  ) 

Get a CertificateIssueData object with current signing default settings for this CA and the specific type. On error this method throws exceptions.

Parameters:
type the requested certificate type
Returns:
a CertificateIssueData object with the current defaults
Examples:
CreateCertificate.cpp, and RevokeCertificateAndCreateCRL.cpp.
RequestData limal::ca_mgm::CA::getRequest ( const String requestName  ) 

Parse a request and return the data. On error this method throws exceptions.

Parameters:
requestName the name of the Request
Returns:
the request data
RequestGenerationData limal::ca_mgm::CA::getRequestDefaults ( Type  type  ) 

Get a RequestGenerationData object with current request default settings for this CA and the specific type. On error this method throws exceptions.

Parameters:
type the requested certificate type
Returns:
a RequestGenerationData object with the current defaults
Examples:
CreateCertificate.cpp, and RevokeCertificateAndCreateCRL.cpp.
BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::Map< BLOCXX_NAMESPACE ::String, BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getRequestList (  ) 

Get an Array of maps with all requests of the defined CA. On error this method throws exceptions.

Returns:
a list of maps with all requests in this CA. the map keys are:
  • request (the name of the request)
  • commonName
  • emailAddress
  • countryName
  • stateOrProvinceName
  • localityName
  • organizationName
  • organizationalUnitName
  • date
static CertificateIssueData limal::ca_mgm::CA::getRootCAIssueDefaults ( const String repos = REPOSITORY  )  [static]

Get a CertificateIssueData object with current signing default settings for a Root CA. On error this function throws exceptions.

Parameters:
repos the path to the repository root directory
Returns:
a CertificateIssueData object with the current defaults
static RequestGenerationData limal::ca_mgm::CA::getRootCARequestDefaults ( const String repos = REPOSITORY  )  [static]

Get a RequestGenerationData object with current request default settings for a Root CA. On error this function throws exceptions.

Parameters:
repos the path to the repository root directory
Returns:
a RequestGenerationData object with the current defaults
static void limal::ca_mgm::CA::importCA ( const String caName,
const limal::ByteBuffer caCertificate,
const limal::ByteBuffer caKey,
const String caPasswd = String(),
const String repos = REPOSITORY 
) [static]

Import a CA certificate and private key and creates a infrastructure. On error this function throws exceptions.

Parameters:
caName the name of the CA
caCertificate the CA certificate data in PEM format
caKey the private key in PEM format
caPasswd password of the private key or a new password if the key is unencrypted
repos the path to the repository root directory
String limal::ca_mgm::CA::importRequest ( const String requestFile,
FormatType  formatType = E_PEM 
)

Import a request in a CA repository. On error this method throws exceptions.

Parameters:
requestFile the request file
formatType the input format type
Returns:
the name of the request
String limal::ca_mgm::CA::importRequestData ( const limal::ByteBuffer request,
FormatType  formatType = E_PEM 
)

Import a request in a CA repository. On error this method throws exceptions.

Parameters:
request the request data
formatType the input format type
Returns:
the name of the request
String limal::ca_mgm::CA::initConfigFile (  )  [private]

Initialize the config file On error this method throws exceptions.

Copy the template to a configfile and create the config object

Returns:
the name of the config file
String limal::ca_mgm::CA::issueCertificate ( const String requestName,
const CertificateIssueData issueData,
Type  certType 
)

Issue a certificate in the specified CA On error this method throws exceptions.

Parameters:
requestName the name of the request which sould be signed
issueData the issuing data
certType the type of the certificate
Returns:
the name of the certificate
Examples:
CreateCertificate.cpp.
CA& limal::ca_mgm::CA::operator= ( const CA  )  [private]
void limal::ca_mgm::CA::removeDefaultsFromConfig (  )  [private]

remove _default values from configfile

void limal::ca_mgm::CA::revokeCertificate ( const String certificateName,
const CRLReason crlReason = CRLReason() 
)

Revoke a certificate. On error this method throws exceptions.

Note:
This function does not create a new CRL.
Parameters:
certificateName the name of the certificate to revoke
crlReason a crlReason object which describes the reason why this certificate is revoked.
Examples:
RevokeCertificateAndCreateCRL.cpp.
void limal::ca_mgm::CA::setCRLDefaults ( const CRLGenerationData defaults  ) 

Set CRL defaults for this CA On error this method throws exceptions.

Parameters:
defaults the new CRL defaults
void limal::ca_mgm::CA::setIssueDefaults ( Type  type,
const CertificateIssueData defaults 
)

Set the signing defaults for this CA and the specific certType On error this method throws exceptions.

Parameters:
type the requested certificate type
defaults the new certificate defaults
void limal::ca_mgm::CA::setRequestDefaults ( Type  type,
const RequestGenerationData defaults 
)

Set the request defaults for this CA and the specific certType On error this method throws exceptions.

Parameters:
type the requested certificate type
defaults the new certificate defaults
void limal::ca_mgm::CA::updateDB (  ) 

Update the internal openssl database. On error this method throws exceptions.

bool limal::ca_mgm::CA::verifyCertificate ( const String certificateName,
bool  crlCheck = true,
const String purpose = String("any") 
)

Verify a certificate. On error this method throws exceptions.

Parameters:
certificateName the name of the certificate
crlCheck verify against the CRLs
purpose check for a specific certificate purpose valid purpose string are:

  • sslclient
  • sslserver
  • nssslserver
  • smimesign
  • smimeencrypt
  • crlsign
  • ocsphelper
  • any (default)
Returns:
true if the certificate is valid, otherwise false.

Member Data Documentation

BLOCXX_NAMESPACE ::COWIntrusiveReference<CAImpl> limal::ca_mgm::CA::m_impl [private]

The documentation for this class was generated from the following file:
Generated on Sun Aug 1 09:44:15 2010 for limal-ca-mgm by  doxygen 1.6.3