libcamgm
CA.hpp
Go to the documentation of this file.
1 /*---------------------------------------------------------------------\
2 | |
3 | _ _ _ _ __ _ |
4 | | | | | | \_/ | / \ | | |
5 | | | | | | |_| | / /\ \ | | |
6 | | |__ | | | | | | / ____ \ | |__ |
7 | |____||_| |_| |_|/ / \ \|____| |
8 | |
9 | ca-mgm library |
10 | |
11 | (C) SUSE Linux Products GmbH |
12 \----------------------------------------------------------------------/
13 
14  File: CA.hpp
15 
16  Author: <Michael Calmer> <mc@suse.de>
17  Maintainer: <Michael Calmer> <mc@suse.de>
18 
19  Purpose:
20 
21 /-*/
22 
27 #ifndef CA_MGM_CA_HPP
28 #define CA_MGM_CA_HPP
29 
30 #include <ca-mgm/config.h>
31 #include <ca-mgm/CommonData.hpp>
33 #include <ca-mgm/RequestData.hpp>
35 #include <ca-mgm/CRLData.hpp>
38 #include <ca-mgm/CAConfig.hpp>
39 #include <ca-mgm/ByteBuffer.hpp>
40 #include <ca-mgm/PtrTypes.hpp>
41 
42 namespace CA_MGM_NAMESPACE
43 {
44  class CAImpl;
45 
54  class CA
55  {
56  public:
57 
65  CA(const std::string& caName, const std::string& caPasswd, const std::string& repos=REPOSITORY);
66 
70  ~CA();
71 
72 
84  std::string
85  createSubCA(const std::string& newCaName,
86  const std::string& keyPasswd,
87  const RequestGenerationData& caRequestData,
88  const CertificateIssueData& caIssueData);
89 
100  std::string
101  createRequest(const std::string& keyPasswd,
102  const RequestGenerationData& requestData,
103  Type requestType);
104 
105 
116  std::string
117  issueCertificate(const std::string& requestName,
118  const CertificateIssueData& issueData,
119  Type certType);
120 
132  std::string
133  createCertificate(const std::string& keyPasswd,
134  const RequestGenerationData& requestData,
135  const CertificateIssueData& certificateData,
136  Type type);
137 
138 
150  void
151  revokeCertificate(const std::string& certificateName,
152  const CRLReason& crlReason = CRLReason());
153 
161  void
162  createCRL(const CRLGenerationData& crlData);
163 
173  std::string
174  importRequestData(const ca_mgm::ByteBuffer& request,
175  FormatType formatType = E_PEM);
176 
186  std::string
187  importRequest(const std::string& requestFile,
188  FormatType formatType = E_PEM);
189 
190 
201  getIssueDefaults(Type type);
202 
213  getRequestDefaults(Type type);
214 
223  getCRLDefaults();
224 
233  void
234  setIssueDefaults(Type type,
235  const CertificateIssueData& defaults);
236 
245  void
246  setRequestDefaults(Type type,
247  const RequestGenerationData& defaults);
248 
256  void
257  setCRLDefaults(const CRLGenerationData& defaults);
258 
259 
278  std::vector<std::map<std::string, std::string> >
279  getCertificateList();
280 
281 
300  std::vector<std::map<std::string, std::string> >
301  getRequestList();
302 
303 
304 
312  getCA();
313 
323  getRequest(const std::string& requestName);
324 
334  getCertificate(const std::string& certificateName);
335 
336 
343  CRLData
344  getCRL();
345 
346 
356  exportCACert(FormatType exportType);
357 
371  exportCAKeyAsPEM(const std::string& newPassword);
372 
381  exportCAKeyAsDER();
382 
396  exportCAasPKCS12(const std::string& p12Password,
397  bool withChain = false);
398 
399 
412  exportCertificate(const std::string& certificateName,
413  FormatType exportType);
414 
430  exportCertificateKeyAsPEM(const std::string& certificateName,
431  const std::string& keyPassword,
432  const std::string& newPassword);
433 
445  exportCertificateKeyAsDER(const std::string& certificateName,
446  const std::string& keyPassword);
447 
463  exportCertificateAsPKCS12(const std::string& certificateName,
464  const std::string& keyPassword,
465  const std::string& p12Password,
466  bool withChain = false);
467 
477  exportCRL(FormatType exportType);
478 
479 
488  void
489  deleteRequest(const std::string& requestName);
490 
502  void
503  deleteCertificate(const std::string& certificateName,
504  bool requestToo = true);
505 
506 
512  void
513  updateDB();
514 
536  bool
537  verifyCertificate(const std::string& certificateName,
538  bool crlCheck = true,
539  const std::string& purpose = std::string("any"));
540 
546  CAConfig*
547  getConfig();
548 
549 
550  /* ##########################################################################
551  * ### static Functions ###
552  * ##########################################################################
553  */
554 
567  static void
568  createRootCA(const std::string& caName,
569  const std::string& caPasswd,
570  const RequestGenerationData& caRequestData,
571  const CertificateIssueData& caIssueData,
572  const std::string& repos=REPOSITORY);
573 
574 
587  static void
588  importCA(const std::string& caName,
589  const ca_mgm::ByteBuffer& caCertificate,
590  const ca_mgm::ByteBuffer& caKey,
591  const std::string& caPasswd = std::string(),
592  const std::string& repos=REPOSITORY);
593 
602  static std::vector<std::string>
603  getCAList(const std::string& repos=REPOSITORY);
604 
622  static std::list<std::vector<std::string> >
623  getCATree(const std::string& repos=REPOSITORY);
624 
634  static CertificateIssueData
635  getRootCAIssueDefaults(const std::string& repos=REPOSITORY);
636 
646  static RequestGenerationData
647  getRootCARequestDefaults(const std::string& repos=REPOSITORY);
648 
649 
665  static void
666  deleteCA(const std::string& caName,
667  const std::string& caPasswd,
668  bool force = false,
669  const std::string& repos = REPOSITORY);
670 
671  private:
673 
674 
675  CA();
676  CA(const CA&);
677 
678  CA&
679  operator=(const CA&);
680 
690  void
691  checkDNPolicy(const DNObject& dn, Type type);
692 
701  std::string
702  initConfigFile();
703 
708  void
709  commitConfig2Template();
710 
714  void
715  removeDefaultsFromConfig();
716  };
717 
718 } // End of CA_MGM_NAMESPACE
719 
720 
743 #endif // CA_MGM_HPP
744 
Data representation to generate a CRL.
Definition: CRLGenerationData.hpp:41
Definition: CRLReason.hpp:33
Managing a CA repository.
Definition: CA.hpp:54
Definition: DNObject.hpp:72
Data representation for generating a certificate request.
Definition: RequestGenerationData.hpp:44
Read-only data representation of a request.
Definition: RequestData.hpp:42
Definition: CommonData.hpp:50
Read-only data representation of a CRL.
Definition: CRLData.hpp:79
This is a short description of the library.
Definition: CAConfig.hpp:43
FormatType
Definition: CommonData.hpp:49
Read-only data representation of a certificate.
Definition: CertificateData.hpp:41
#define REPOSITORY
Definition: CommonData.hpp:33
LiMaL byte buffer class.
Type
Definition: CommonData.hpp:39
ca_mgm::RWCOW_pointer< CAImpl > m_impl
Definition: CA.hpp:672
Buffer for storing binary data.
Definition: ByteBuffer.hpp:55
Data representation for signing a certificate.
Definition: CertificateIssueData.hpp:42