00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00027 #ifndef LIMAL_CA_HPP
00028 #define LIMAL_CA_HPP
00029
00030 #include <limal/ca-mgm/config.h>
00031 #include <limal/ca-mgm/CommonData.hpp>
00032 #include <limal/ca-mgm/RequestGenerationData.hpp>
00033 #include <limal/ca-mgm/RequestData.hpp>
00034 #include <limal/ca-mgm/CRLGenerationData.hpp>
00035 #include <limal/ca-mgm/CRLData.hpp>
00036 #include <limal/ca-mgm/CertificateIssueData.hpp>
00037 #include <limal/ca-mgm/CertificateData.hpp>
00038 #include <limal/ca-mgm/CAConfig.hpp>
00039 #include <limal/ByteBuffer.hpp>
00040 #include <blocxx/COWIntrusiveReference.hpp>
00041
00042 namespace LIMAL_NAMESPACE
00043 {
00044 namespace CA_MGM_NAMESPACE
00045 {
00046 class CAImpl;
00047
00056 class CA
00057 {
00058 public:
00059
00067 CA(const String& caName, const String& caPasswd, const String& repos=REPOSITORY);
00068
00072 ~CA();
00073
00074
00086 String
00087 createSubCA(const String& newCaName,
00088 const String& keyPasswd,
00089 const RequestGenerationData& caRequestData,
00090 const CertificateIssueData& caIssueData);
00091
00102 String
00103 createRequest(const String& keyPasswd,
00104 const RequestGenerationData& requestData,
00105 Type requestType);
00106
00107
00118 String
00119 issueCertificate(const String& requestName,
00120 const CertificateIssueData& issueData,
00121 Type certType);
00122
00134 String
00135 createCertificate(const String& keyPasswd,
00136 const RequestGenerationData& requestData,
00137 const CertificateIssueData& certificateData,
00138 Type type);
00139
00140
00152 void
00153 revokeCertificate(const String& certificateName,
00154 const CRLReason& crlReason = CRLReason());
00155
00163 void
00164 createCRL(const CRLGenerationData& crlData);
00165
00175 String
00176 importRequestData(const limal::ByteBuffer& request,
00177 FormatType formatType = E_PEM);
00178
00188 String
00189 importRequest(const String& requestFile,
00190 FormatType formatType = E_PEM);
00191
00192
00202 CertificateIssueData
00203 getIssueDefaults(Type type);
00204
00214 RequestGenerationData
00215 getRequestDefaults(Type type);
00216
00224 CRLGenerationData
00225 getCRLDefaults();
00226
00235 void
00236 setIssueDefaults(Type type,
00237 const CertificateIssueData& defaults);
00238
00247 void
00248 setRequestDefaults(Type type,
00249 const RequestGenerationData& defaults);
00250
00258 void
00259 setCRLDefaults(const CRLGenerationData& defaults);
00260
00261
00280 blocxx::Array<blocxx::Map<blocxx::String, blocxx::String> >
00281 getCertificateList();
00282
00283
00302 blocxx::Array<blocxx::Map<blocxx::String, blocxx::String> >
00303 getRequestList();
00304
00305
00306
00313 CertificateData
00314 getCA();
00315
00324 RequestData
00325 getRequest(const String& requestName);
00326
00335 CertificateData
00336 getCertificate(const String& certificateName);
00337
00338
00345 CRLData
00346 getCRL();
00347
00348
00357 limal::ByteBuffer
00358 exportCACert(FormatType exportType);
00359
00372 limal::ByteBuffer
00373 exportCAKeyAsPEM(const String& newPassword);
00374
00382 limal::ByteBuffer
00383 exportCAKeyAsDER();
00384
00397 limal::ByteBuffer
00398 exportCAasPKCS12(const String& p12Password,
00399 bool withChain = false);
00400
00401
00413 limal::ByteBuffer
00414 exportCertificate(const String& certificateName,
00415 FormatType exportType);
00416
00431 limal::ByteBuffer
00432 exportCertificateKeyAsPEM(const String& certificateName,
00433 const String& keyPassword,
00434 const String& newPassword);
00435
00446 limal::ByteBuffer
00447 exportCertificateKeyAsDER(const String& certificateName,
00448 const String& keyPassword);
00449
00464 limal::ByteBuffer
00465 exportCertificateAsPKCS12(const String& certificateName,
00466 const String& keyPassword,
00467 const String& p12Password,
00468 bool withChain = false);
00469
00478 limal::ByteBuffer
00479 exportCRL(FormatType exportType);
00480
00481
00490 void
00491 deleteRequest(const String& requestName);
00492
00504 void
00505 deleteCertificate(const String& certificateName,
00506 bool requestToo = true);
00507
00508
00514 void
00515 updateDB();
00516
00538 bool
00539 verifyCertificate(const String& certificateName,
00540 bool crlCheck = true,
00541 const String& purpose = String("any"));
00542
00548 CAConfig*
00549 getConfig();
00550
00551
00552
00553
00554
00555
00556
00569 static void
00570 createRootCA(const String& caName,
00571 const String& caPasswd,
00572 const RequestGenerationData& caRequestData,
00573 const CertificateIssueData& caIssueData,
00574 const String& repos=REPOSITORY);
00575
00576
00589 static void
00590 importCA(const String& caName,
00591 const limal::ByteBuffer& caCertificate,
00592 const limal::ByteBuffer& caKey,
00593 const String& caPasswd = String(),
00594 const String& repos=REPOSITORY);
00595
00604 static blocxx::Array<blocxx::String>
00605 getCAList(const String& repos=REPOSITORY);
00606
00624 static blocxx::List<blocxx::Array<blocxx::String> >
00625 getCATree(const String& repos=REPOSITORY);
00626
00636 static CertificateIssueData
00637 getRootCAIssueDefaults(const String& repos=REPOSITORY);
00638
00648 static RequestGenerationData
00649 getRootCARequestDefaults(const String& repos=REPOSITORY);
00650
00651
00667 static void
00668 deleteCA(const String& caName,
00669 const String& caPasswd,
00670 bool force = false,
00671 const String& repos = REPOSITORY);
00672
00673 private:
00674 blocxx::COWIntrusiveReference<CAImpl> m_impl;
00675
00676
00677 CA();
00678 CA(const CA&);
00679
00680 CA&
00681 operator=(const CA&);
00682
00692 void
00693 checkDNPolicy(const DNObject& dn, Type type);
00694
00703 String
00704 initConfigFile();
00705
00710 void
00711 commitConfig2Template();
00712
00716 void
00717 removeDefaultsFromConfig();
00718 };
00719
00720 }
00721 }
00722
00723
00746 #endif // LIMAL_CA_MGM_HPP
00747