libcamgm
|
Managing a CA repository. More...
#include <CA.hpp>
Public Member Functions | |
CA (const std::string &caName, const std::string &caPasswd, const std::string &repos=REPOSITORY) | |
~CA () | |
std::string | createSubCA (const std::string &newCaName, const std::string &keyPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData) |
std::string | createRequest (const std::string &keyPasswd, const RequestGenerationData &requestData, Type requestType) |
std::string | issueCertificate (const std::string &requestName, const CertificateIssueData &issueData, Type certType) |
std::string | createCertificate (const std::string &keyPasswd, const RequestGenerationData &requestData, const CertificateIssueData &certificateData, Type type) |
void | revokeCertificate (const std::string &certificateName, const CRLReason &crlReason=CRLReason()) |
void | createCRL (const CRLGenerationData &crlData) |
std::string | importRequestData (const ca_mgm::ByteBuffer &request, FormatType formatType=E_PEM) |
std::string | importRequest (const std::string &requestFile, FormatType formatType=E_PEM) |
CertificateIssueData | getIssueDefaults (Type type) |
RequestGenerationData | getRequestDefaults (Type type) |
CRLGenerationData | getCRLDefaults () |
void | setIssueDefaults (Type type, const CertificateIssueData &defaults) |
void | setRequestDefaults (Type type, const RequestGenerationData &defaults) |
void | setCRLDefaults (const CRLGenerationData &defaults) |
std::vector< std::map < std::string, std::string > > | getCertificateList () |
std::vector< std::map < std::string, std::string > > | getRequestList () |
CertificateData | getCA () |
RequestData | getRequest (const std::string &requestName) |
CertificateData | getCertificate (const std::string &certificateName) |
CRLData | getCRL () |
ca_mgm::ByteBuffer | exportCACert (FormatType exportType) |
ca_mgm::ByteBuffer | exportCAKeyAsPEM (const std::string &newPassword) |
ca_mgm::ByteBuffer | exportCAKeyAsDER () |
ca_mgm::ByteBuffer | exportCAasPKCS12 (const std::string &p12Password, bool withChain=false) |
ca_mgm::ByteBuffer | exportCertificate (const std::string &certificateName, FormatType exportType) |
ca_mgm::ByteBuffer | exportCertificateKeyAsPEM (const std::string &certificateName, const std::string &keyPassword, const std::string &newPassword) |
ca_mgm::ByteBuffer | exportCertificateKeyAsDER (const std::string &certificateName, const std::string &keyPassword) |
ca_mgm::ByteBuffer | exportCertificateAsPKCS12 (const std::string &certificateName, const std::string &keyPassword, const std::string &p12Password, bool withChain=false) |
ca_mgm::ByteBuffer | exportCRL (FormatType exportType) |
void | deleteRequest (const std::string &requestName) |
void | deleteCertificate (const std::string &certificateName, bool requestToo=true) |
void | updateDB () |
bool | verifyCertificate (const std::string &certificateName, bool crlCheck=true, const std::string &purpose=std::string("any")) |
CAConfig * | getConfig () |
Static Public Member Functions | |
static void | createRootCA (const std::string &caName, const std::string &caPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData, const std::string &repos=REPOSITORY) |
static void | importCA (const std::string &caName, const ca_mgm::ByteBuffer &caCertificate, const ca_mgm::ByteBuffer &caKey, const std::string &caPasswd=std::string(), const std::string &repos=REPOSITORY) |
static std::vector< std::string > | getCAList (const std::string &repos=REPOSITORY) |
static std::list< std::vector < std::string > > | getCATree (const std::string &repos=REPOSITORY) |
static CertificateIssueData | getRootCAIssueDefaults (const std::string &repos=REPOSITORY) |
static RequestGenerationData | getRootCARequestDefaults (const std::string &repos=REPOSITORY) |
static void | deleteCA (const std::string &caName, const std::string &caPasswd, bool force=false, const std::string &repos=REPOSITORY) |
Private Member Functions | |
CA () | |
CA (const CA &) | |
CA & | operator= (const CA &) |
void | checkDNPolicy (const DNObject &dn, Type type) |
std::string | initConfigFile () |
void | commitConfig2Template () |
void | removeDefaultsFromConfig () |
Private Attributes | |
ca_mgm::RWCOW_pointer< CAImpl > | m_impl |
Managing a CA repository.
This class provides methods for managing a CA repository. If you want to know how to use these methods and functions have a look at the example page
ca_mgm::CA::CA | ( | const std::string & | caName, |
const std::string & | caPasswd, | ||
const std::string & | repos = REPOSITORY |
||
) |
ca_mgm::CA::~CA | ( | ) |
Destructor of CA.
|
private |
|
private |
Check if the given dn matches the policy defined in the configuration file On error this method throws exceptions.
dn | the DN object |
type | the Type of the certificate which should be signed |
|
private |
Copy Config file to template On error this method throws exceptions.
std::string ca_mgm::CA::createCertificate | ( | const std::string & | keyPasswd, |
const RequestGenerationData & | requestData, | ||
const CertificateIssueData & | certificateData, | ||
Type | type | ||
) |
Create a certificate in the specified CA On error this method throws exceptions.
keyPasswd | the password for the private key |
requestData | the data for the request |
certificateData | the data of the certificate |
type | the type of the certificate |
void ca_mgm::CA::createCRL | ( | const CRLGenerationData & | crlData | ) |
Create a new CRL with the specified data. On error this method throws exceptions.
crlData | the data for the new CRL |
std::string ca_mgm::CA::createRequest | ( | const std::string & | keyPasswd, |
const RequestGenerationData & | requestData, | ||
Type | requestType | ||
) |
Create a certificate request in the specified CA On error this method throws exceptions.
keyPasswd | the password for the private key |
requestData | the data for the request |
requestType | the type of the request |
|
static |
Create a new selfsigned root CA plus the whole needed infrastructure. On error this function throws exceptions.
std::string ca_mgm::CA::createSubCA | ( | const std::string & | newCaName, |
const std::string & | keyPasswd, | ||
const RequestGenerationData & | caRequestData, | ||
const CertificateIssueData & | caIssueData | ||
) |
Create a new Sub CA and with the whole needed infrastructure. On error this method throws exceptions.
newCaName | the name for the new CA |
keyPasswd | the password for the private key |
caRequestData | data for the request generation |
caIssueData | the required data to sign the request |
|
static |
Delete a Certificate Authority infrastructure
Normaly you can only delete a CA if the CA certificate is expired or you have never signed a certificate with this CA. In all other cases you have to set the force parameter to "true" if you realy want to delete the CA and you know what you do. On error this function throws exceptions.
void ca_mgm::CA::deleteCertificate | ( | const std::string & | certificateName, |
bool | requestToo = true |
||
) |
Delete the specified certificate together with the corresponding request and private key if requestToo is set to true. This function works only for revoked or expired certificates. On error this method throws exceptions.
certificateName | the certificate to delete |
requestToo | if set to true also request and key file will be deleted if they exists |
void ca_mgm::CA::deleteRequest | ( | const std::string & | requestName | ) |
Delete a Request. This function removes also the private key if one is available. On error this method throws exceptions.
requestName | the name of the request |
ca_mgm::ByteBuffer ca_mgm::CA::exportCAasPKCS12 | ( | const std::string & | p12Password, |
bool | withChain = false |
||
) |
Return the CA certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.
p12Password | the password for the private key |
withChain | should the certificate chain be included set this to true, otherwise set this to false |
ca_mgm::ByteBuffer ca_mgm::CA::exportCACert | ( | FormatType | exportType | ) |
ca_mgm::ByteBuffer ca_mgm::CA::exportCAKeyAsDER | ( | ) |
ca_mgm::ByteBuffer ca_mgm::CA::exportCAKeyAsPEM | ( | const std::string & | newPassword | ) |
Return the CA private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.
newPassword | the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. |
ca_mgm::ByteBuffer ca_mgm::CA::exportCertificate | ( | const std::string & | certificateName, |
FormatType | exportType | ||
) |
Return the specified certificate in PEM or DER format On error this method throws exceptions.
certificateName | the name of the certificate |
exportType | the format in which the certificate should be exported |
ca_mgm::ByteBuffer ca_mgm::CA::exportCertificateAsPKCS12 | ( | const std::string & | certificateName, |
const std::string & | keyPassword, | ||
const std::string & | p12Password, | ||
bool | withChain = false |
||
) |
Return the certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.
certificateName | the name of the certificate |
keyPassword | the current password of the key. |
p12Password | the password for the private key |
withChain | should the certificate chain be included set this to true, otherwise set this to false |
ca_mgm::ByteBuffer ca_mgm::CA::exportCertificateKeyAsDER | ( | const std::string & | certificateName, |
const std::string & | keyPassword | ||
) |
Return the certificate private key in DER format. The private Key is decrypted. On error this method throws exceptions.
certificateName | the name of the certificate |
keyPassword | the current password of the key. |
ca_mgm::ByteBuffer ca_mgm::CA::exportCertificateKeyAsPEM | ( | const std::string & | certificateName, |
const std::string & | keyPassword, | ||
const std::string & | newPassword | ||
) |
Return the certificate private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.
certificateName | the name of the certificate |
keyPassword | the current password of the key. |
newPassword | the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. |
ca_mgm::ByteBuffer ca_mgm::CA::exportCRL | ( | FormatType | exportType | ) |
Export the CRL of this CA in the requested format type. On error this method throws exceptions.
exportType | the format type |
CertificateData ca_mgm::CA::getCA | ( | ) |
|
static |
Get a list of available CAs On error this function throws exceptions.
repos | the path to the repository root directory |
|
static |
Return a table of the available CAs and its issuer. If the CA is self-signed the issuer field is empty.
caName | issuer caName |
---|---|
RootCA | |
UserCA | RootCA |
IPSecCA | UserCA |
On error this function throws exceptions.
repos | the path to the repository root directory |
CertificateData ca_mgm::CA::getCertificate | ( | const std::string & | certificateName | ) |
Parse a certificate and return the data. On error this method throws exceptions.
certificateName | the name of the certificate |
std::vector<std::map<std::string, std::string> > ca_mgm::CA::getCertificateList | ( | ) |
Get an Array of maps with all certificates of the defined CA. On error this method throws exceptions.
CAConfig* ca_mgm::CA::getConfig | ( | ) |
Return the current config object
CRLData ca_mgm::CA::getCRL | ( | ) |
Parse the current CRL of this CA and return the data. On error this method throws exceptions.
CRLGenerationData ca_mgm::CA::getCRLDefaults | ( | ) |
Get a CRLGenerationData object with current default settings for this CA. On error this method throws exceptions.
CertificateIssueData ca_mgm::CA::getIssueDefaults | ( | Type | type | ) |
Get a CertificateIssueData object with current signing default settings for this CA and the specific type. On error this method throws exceptions.
type | the requested certificate type |
RequestData ca_mgm::CA::getRequest | ( | const std::string & | requestName | ) |
Parse a request and return the data. On error this method throws exceptions.
requestName | the name of the Request |
RequestGenerationData ca_mgm::CA::getRequestDefaults | ( | Type | type | ) |
Get a RequestGenerationData object with current request default settings for this CA and the specific type. On error this method throws exceptions.
type | the requested certificate type |
std::vector<std::map<std::string, std::string> > ca_mgm::CA::getRequestList | ( | ) |
Get an Array of maps with all requests of the defined CA. On error this method throws exceptions.
|
static |
Get a CertificateIssueData object with current signing default settings for a Root CA. On error this function throws exceptions.
repos | the path to the repository root directory |
|
static |
Get a RequestGenerationData object with current request default settings for a Root CA. On error this function throws exceptions.
repos | the path to the repository root directory |
|
static |
Import a CA certificate and private key and creates a infrastructure. On error this function throws exceptions.
std::string ca_mgm::CA::importRequest | ( | const std::string & | requestFile, |
FormatType | formatType = E_PEM |
||
) |
Import a request in a CA repository. On error this method throws exceptions.
requestFile | the request file |
formatType | the input format type |
std::string ca_mgm::CA::importRequestData | ( | const ca_mgm::ByteBuffer & | request, |
FormatType | formatType = E_PEM |
||
) |
Import a request in a CA repository. On error this method throws exceptions.
request | the request data |
formatType | the input format type |
|
private |
Initialize the config file On error this method throws exceptions.
Copy the template to a configfile and create the config object
std::string ca_mgm::CA::issueCertificate | ( | const std::string & | requestName, |
const CertificateIssueData & | issueData, | ||
Type | certType | ||
) |
Issue a certificate in the specified CA On error this method throws exceptions.
requestName | the name of the request which sould be signed |
issueData | the issuing data |
certType | the type of the certificate |
|
private |
remove _default values from configfile
void ca_mgm::CA::revokeCertificate | ( | const std::string & | certificateName, |
const CRLReason & | crlReason = CRLReason() |
||
) |
Revoke a certificate. On error this method throws exceptions.
certificateName | the name of the certificate to revoke |
crlReason | a crlReason object which describes the reason why this certificate is revoked. |
void ca_mgm::CA::setCRLDefaults | ( | const CRLGenerationData & | defaults | ) |
Set CRL defaults for this CA On error this method throws exceptions.
defaults | the new CRL defaults |
void ca_mgm::CA::setIssueDefaults | ( | Type | type, |
const CertificateIssueData & | defaults | ||
) |
Set the signing defaults for this CA and the specific certType On error this method throws exceptions.
type | the requested certificate type |
defaults | the new certificate defaults |
void ca_mgm::CA::setRequestDefaults | ( | Type | type, |
const RequestGenerationData & | defaults | ||
) |
Set the request defaults for this CA and the specific certType On error this method throws exceptions.
type | the requested certificate type |
defaults | the new certificate defaults |
void ca_mgm::CA::updateDB | ( | ) |
Update the internal openssl database. On error this method throws exceptions.
bool ca_mgm::CA::verifyCertificate | ( | const std::string & | certificateName, |
bool | crlCheck = true , |
||
const std::string & | purpose = std::string("any") |
||
) |
Verify a certificate. On error this method throws exceptions.
certificateName | the name of the certificate |
crlCheck | verify against the CRLs |
purpose | check for a specific certificate purpose valid purpose string are:
|
|
private |