Managing a CA repository. More...
#include <CA.hpp>
Public Member Functions | |
CA (const String &caName, const String &caPasswd, const String &repos=REPOSITORY) | |
~CA () | |
String | createSubCA (const String &newCaName, const String &keyPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData) |
String | createRequest (const String &keyPasswd, const RequestGenerationData &requestData, Type requestType) |
String | issueCertificate (const String &requestName, const CertificateIssueData &issueData, Type certType) |
String | createCertificate (const String &keyPasswd, const RequestGenerationData &requestData, const CertificateIssueData &certificateData, Type type) |
void | revokeCertificate (const String &certificateName, const CRLReason &crlReason=CRLReason()) |
void | createCRL (const CRLGenerationData &crlData) |
String | importRequestData (const limal::ByteBuffer &request, FormatType formatType=E_PEM) |
String | importRequest (const String &requestFile, FormatType formatType=E_PEM) |
CertificateIssueData | getIssueDefaults (Type type) |
RequestGenerationData | getRequestDefaults (Type type) |
CRLGenerationData | getCRLDefaults () |
void | setIssueDefaults (Type type, const CertificateIssueData &defaults) |
void | setRequestDefaults (Type type, const RequestGenerationData &defaults) |
void | setCRLDefaults (const CRLGenerationData &defaults) |
BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::Map < BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String > > | getCertificateList () |
BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::Map < BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String > > | getRequestList () |
CertificateData | getCA () |
RequestData | getRequest (const String &requestName) |
CertificateData | getCertificate (const String &certificateName) |
CRLData | getCRL () |
limal::ByteBuffer | exportCACert (FormatType exportType) |
limal::ByteBuffer | exportCAKeyAsPEM (const String &newPassword) |
limal::ByteBuffer | exportCAKeyAsDER () |
limal::ByteBuffer | exportCAasPKCS12 (const String &p12Password, bool withChain=false) |
limal::ByteBuffer | exportCertificate (const String &certificateName, FormatType exportType) |
limal::ByteBuffer | exportCertificateKeyAsPEM (const String &certificateName, const String &keyPassword, const String &newPassword) |
limal::ByteBuffer | exportCertificateKeyAsDER (const String &certificateName, const String &keyPassword) |
limal::ByteBuffer | exportCertificateAsPKCS12 (const String &certificateName, const String &keyPassword, const String &p12Password, bool withChain=false) |
limal::ByteBuffer | exportCRL (FormatType exportType) |
void | deleteRequest (const String &requestName) |
void | deleteCertificate (const String &certificateName, bool requestToo=true) |
void | updateDB () |
bool | verifyCertificate (const String &certificateName, bool crlCheck=true, const String &purpose=String("any")) |
CAConfig * | getConfig () |
Static Public Member Functions | |
static void | createRootCA (const String &caName, const String &caPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData, const String &repos=REPOSITORY) |
static void | importCA (const String &caName, const limal::ByteBuffer &caCertificate, const limal::ByteBuffer &caKey, const String &caPasswd=String(), const String &repos=REPOSITORY) |
static BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::String > | getCAList (const String &repos=REPOSITORY) |
static BLOCXX_NAMESPACE::List < BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::String > > | getCATree (const String &repos=REPOSITORY) |
static CertificateIssueData | getRootCAIssueDefaults (const String &repos=REPOSITORY) |
static RequestGenerationData | getRootCARequestDefaults (const String &repos=REPOSITORY) |
static void | deleteCA (const String &caName, const String &caPasswd, bool force=false, const String &repos=REPOSITORY) |
Private Member Functions | |
CA () | |
CA (const CA &) | |
CA & | operator= (const CA &) |
void | checkDNPolicy (const DNObject &dn, Type type) |
String | initConfigFile () |
void | commitConfig2Template () |
void | removeDefaultsFromConfig () |
Private Attributes | |
BLOCXX_NAMESPACE::COWIntrusiveReference < CAImpl > | m_impl |
Managing a CA repository.
This class provides methods for managing a CA repository. If you want to know how to use these methods and functions have a look at the example page
CreateCertificate.cpp, Export.cpp, and RevokeCertificateAndCreateCRL.cpp.
limal::ca_mgm::CA::~CA | ( | ) |
Destructor of CA.
limal::ca_mgm::CA::CA | ( | ) | [private] |
limal::ca_mgm::CA::CA | ( | const CA & | ) | [private] |
Check if the given dn matches the policy defined in the configuration file On error this method throws exceptions.
dn | the DN object | |
type | the Type of the certificate which should be signed |
void limal::ca_mgm::CA::commitConfig2Template | ( | ) | [private] |
Copy Config file to template On error this method throws exceptions.
String limal::ca_mgm::CA::createCertificate | ( | const String & | keyPasswd, | |
const RequestGenerationData & | requestData, | |||
const CertificateIssueData & | certificateData, | |||
Type | type | |||
) |
Create a certificate in the specified CA On error this method throws exceptions.
keyPasswd | the password for the private key | |
requestData | the data for the request | |
certificateData | the data of the certificate | |
type | the type of the certificate |
void limal::ca_mgm::CA::createCRL | ( | const CRLGenerationData & | crlData | ) |
Create a new CRL with the specified data. On error this method throws exceptions.
crlData | the data for the new CRL |
String limal::ca_mgm::CA::createRequest | ( | const String & | keyPasswd, | |
const RequestGenerationData & | requestData, | |||
Type | requestType | |||
) |
Create a certificate request in the specified CA On error this method throws exceptions.
keyPasswd | the password for the private key | |
requestData | the data for the request | |
requestType | the type of the request |
static void limal::ca_mgm::CA::createRootCA | ( | const String & | caName, | |
const String & | caPasswd, | |||
const RequestGenerationData & | caRequestData, | |||
const CertificateIssueData & | caIssueData, | |||
const String & | repos = REPOSITORY | |||
) | [static] |
Create a new selfsigned root CA plus the whole needed infrastructure. On error this function throws exceptions.
String limal::ca_mgm::CA::createSubCA | ( | const String & | newCaName, | |
const String & | keyPasswd, | |||
const RequestGenerationData & | caRequestData, | |||
const CertificateIssueData & | caIssueData | |||
) |
Create a new Sub CA and with the whole needed infrastructure. On error this method throws exceptions.
newCaName | the name for the new CA | |
keyPasswd | the password for the private key | |
caRequestData | data for the request generation | |
caIssueData | the required data to sign the request |
static void limal::ca_mgm::CA::deleteCA | ( | const String & | caName, | |
const String & | caPasswd, | |||
bool | force = false , |
|||
const String & | repos = REPOSITORY | |||
) | [static] |
Delete a Certificate Authority infrastructure
Normaly you can only delete a CA if the CA certificate is expired or you have never signed a certificate with this CA. In all other cases you have to set the force parameter to "true" if you realy want to delete the CA and you know what you do. On error this function throws exceptions.
void limal::ca_mgm::CA::deleteCertificate | ( | const String & | certificateName, | |
bool | requestToo = true | |||
) |
Delete the specified certificate together with the corresponding request and private key if requestToo is set to true. This function works only for revoked or expired certificates. On error this method throws exceptions.
certificateName | the certificate to delete | |
requestToo | if set to true also request and key file will be deleted if they exists |
void limal::ca_mgm::CA::deleteRequest | ( | const String & | requestName | ) |
Delete a Request. This function removes also the private key if one is available. On error this method throws exceptions.
requestName | the name of the request |
limal::ByteBuffer limal::ca_mgm::CA::exportCAasPKCS12 | ( | const String & | p12Password, | |
bool | withChain = false | |||
) |
Return the CA certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.
p12Password | the password for the private key | |
withChain | should the certificate chain be included set this to true, otherwise set this to false |
limal::ByteBuffer limal::ca_mgm::CA::exportCACert | ( | FormatType | exportType | ) |
Return the CA certificate in PEM or DER format. On error this method throws exceptions.
exportType | the type in which the CA should be exported |
limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsDER | ( | ) |
Return the CA private key in DER format. The private Key is decrypted. On error this method throws exceptions.
limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsPEM | ( | const String & | newPassword | ) |
Return the CA private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.
newPassword | the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. |
limal::ByteBuffer limal::ca_mgm::CA::exportCertificate | ( | const String & | certificateName, | |
FormatType | exportType | |||
) |
Return the specified certificate in PEM or DER format On error this method throws exceptions.
certificateName | the name of the certificate | |
exportType | the format in which the certificate should be exported |
limal::ByteBuffer limal::ca_mgm::CA::exportCertificateAsPKCS12 | ( | const String & | certificateName, | |
const String & | keyPassword, | |||
const String & | p12Password, | |||
bool | withChain = false | |||
) |
Return the certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.
certificateName | the name of the certificate | |
keyPassword | the current password of the key. | |
p12Password | the password for the private key | |
withChain | should the certificate chain be included set this to true, otherwise set this to false |
limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsDER | ( | const String & | certificateName, | |
const String & | keyPassword | |||
) |
Return the certificate private key in DER format. The private Key is decrypted. On error this method throws exceptions.
certificateName | the name of the certificate | |
keyPassword | the current password of the key. |
limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsPEM | ( | const String & | certificateName, | |
const String & | keyPassword, | |||
const String & | newPassword | |||
) |
Return the certificate private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.
certificateName | the name of the certificate | |
keyPassword | the current password of the key. | |
newPassword | the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. |
limal::ByteBuffer limal::ca_mgm::CA::exportCRL | ( | FormatType | exportType | ) |
Export the CRL of this CA in the requested format type. On error this method throws exceptions.
exportType | the format type |
CertificateData limal::ca_mgm::CA::getCA | ( | ) |
static BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::String> limal::ca_mgm::CA::getCAList | ( | const String & | repos = REPOSITORY |
) | [static] |
Get a list of available CAs On error this function throws exceptions.
repos | the path to the repository root directory |
static BLOCXX_NAMESPACE ::List< BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getCATree | ( | const String & | repos = REPOSITORY |
) | [static] |
Return a table of the available CAs and its issuer. If the CA is self-signed the issuer field is empty.
caName | issuer caName |
---|---|
RootCA | |
UserCA | RootCA |
IPSecCA | UserCA |
On error this function throws exceptions.
repos | the path to the repository root directory |
CertificateData limal::ca_mgm::CA::getCertificate | ( | const String & | certificateName | ) |
Parse a certificate and return the data. On error this method throws exceptions.
certificateName | the name of the certificate |
BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::Map< BLOCXX_NAMESPACE ::String, BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getCertificateList | ( | ) |
Get an Array of maps with all certificates of the defined CA. On error this method throws exceptions.
CAConfig* limal::ca_mgm::CA::getConfig | ( | ) |
Return the current config object
CRLData limal::ca_mgm::CA::getCRL | ( | ) |
Parse the current CRL of this CA and return the data. On error this method throws exceptions.
CRLGenerationData limal::ca_mgm::CA::getCRLDefaults | ( | ) |
Get a CRLGenerationData object with current default settings for this CA. On error this method throws exceptions.
CertificateIssueData limal::ca_mgm::CA::getIssueDefaults | ( | Type | type | ) |
Get a CertificateIssueData object with current signing default settings for this CA and the specific type. On error this method throws exceptions.
type | the requested certificate type |
RequestData limal::ca_mgm::CA::getRequest | ( | const String & | requestName | ) |
Parse a request and return the data. On error this method throws exceptions.
requestName | the name of the Request |
RequestGenerationData limal::ca_mgm::CA::getRequestDefaults | ( | Type | type | ) |
Get a RequestGenerationData object with current request default settings for this CA and the specific type. On error this method throws exceptions.
type | the requested certificate type |
BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::Map< BLOCXX_NAMESPACE ::String, BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getRequestList | ( | ) |
Get an Array of maps with all requests of the defined CA. On error this method throws exceptions.
static CertificateIssueData limal::ca_mgm::CA::getRootCAIssueDefaults | ( | const String & | repos = REPOSITORY |
) | [static] |
Get a CertificateIssueData object with current signing default settings for a Root CA. On error this function throws exceptions.
repos | the path to the repository root directory |
static RequestGenerationData limal::ca_mgm::CA::getRootCARequestDefaults | ( | const String & | repos = REPOSITORY |
) | [static] |
Get a RequestGenerationData object with current request default settings for a Root CA. On error this function throws exceptions.
repos | the path to the repository root directory |
static void limal::ca_mgm::CA::importCA | ( | const String & | caName, | |
const limal::ByteBuffer & | caCertificate, | |||
const limal::ByteBuffer & | caKey, | |||
const String & | caPasswd = String() , |
|||
const String & | repos = REPOSITORY | |||
) | [static] |
Import a CA certificate and private key and creates a infrastructure. On error this function throws exceptions.
String limal::ca_mgm::CA::importRequest | ( | const String & | requestFile, | |
FormatType | formatType = E_PEM | |||
) |
Import a request in a CA repository. On error this method throws exceptions.
requestFile | the request file | |
formatType | the input format type |
String limal::ca_mgm::CA::importRequestData | ( | const limal::ByteBuffer & | request, | |
FormatType | formatType = E_PEM | |||
) |
Import a request in a CA repository. On error this method throws exceptions.
request | the request data | |
formatType | the input format type |
String limal::ca_mgm::CA::initConfigFile | ( | ) | [private] |
Initialize the config file On error this method throws exceptions.
Copy the template to a configfile and create the config object
String limal::ca_mgm::CA::issueCertificate | ( | const String & | requestName, | |
const CertificateIssueData & | issueData, | |||
Type | certType | |||
) |
Issue a certificate in the specified CA On error this method throws exceptions.
requestName | the name of the request which sould be signed | |
issueData | the issuing data | |
certType | the type of the certificate |
void limal::ca_mgm::CA::removeDefaultsFromConfig | ( | ) | [private] |
remove _default values from configfile
void limal::ca_mgm::CA::revokeCertificate | ( | const String & | certificateName, | |
const CRLReason & | crlReason = CRLReason() | |||
) |
Revoke a certificate. On error this method throws exceptions.
certificateName | the name of the certificate to revoke | |
crlReason | a crlReason object which describes the reason why this certificate is revoked. |
void limal::ca_mgm::CA::setCRLDefaults | ( | const CRLGenerationData & | defaults | ) |
Set CRL defaults for this CA On error this method throws exceptions.
defaults | the new CRL defaults |
void limal::ca_mgm::CA::setIssueDefaults | ( | Type | type, | |
const CertificateIssueData & | defaults | |||
) |
Set the signing defaults for this CA and the specific certType On error this method throws exceptions.
type | the requested certificate type | |
defaults | the new certificate defaults |
void limal::ca_mgm::CA::setRequestDefaults | ( | Type | type, | |
const RequestGenerationData & | defaults | |||
) |
Set the request defaults for this CA and the specific certType On error this method throws exceptions.
type | the requested certificate type | |
defaults | the new certificate defaults |
void limal::ca_mgm::CA::updateDB | ( | ) |
Update the internal openssl database. On error this method throws exceptions.
bool limal::ca_mgm::CA::verifyCertificate | ( | const String & | certificateName, | |
bool | crlCheck = true , |
|||
const String & | purpose = String("any") | |||
) |
Verify a certificate. On error this method throws exceptions.
certificateName | the name of the certificate | |
crlCheck | verify against the CRLs | |
purpose | check for a specific certificate purpose valid purpose string are:
|
BLOCXX_NAMESPACE ::COWIntrusiveReference<CAImpl> limal::ca_mgm::CA::m_impl [private] |