CreateCertificate.cpp

This is an example which shows how to create a Certificate.

00001 #include <blocxx/Logger.hpp>
00002 #include <blocxx/AppenderLogger.hpp>
00003 #include <blocxx/CerrLogger.hpp>
00004 #include <blocxx/CerrAppender.hpp>
00005 #include <blocxx/String.hpp>
00006 #include <blocxx/PerlRegEx.hpp>
00007 #include <limal/Logger.hpp>
00008 #include <limal/PathInfo.hpp>
00009 #include <limal/ca-mgm/CA.hpp>
00010 
00011 #include <iostream>
00012 #include <fstream>
00013 #include <unistd.h>
00014 
00015 using namespace blocxx;
00016 using namespace limal;
00017 using namespace limal::ca_mgm;
00018 using namespace std;
00019 
00020 int main()
00021 {
00022     try
00023     {
00024         blocxx::StringArray cat;
00025         cat.push_back("FATAL");
00026         cat.push_back("ERROR");
00027         cat.push_back("INFO");
00028         //cat.push_back("DEBUG");
00029 
00030         // Logging
00031         LoggerRef l = limal::Logger::createCerrLogger(
00032                                                       "CreateCertificate",
00033                                                       LogAppender::ALL_COMPONENTS,
00034                                                       cat,
00035                                                       "%-5p %c - %m"
00036                                                   );
00037         limal::Logger::setDefaultLogger(l);
00038         
00039         CA ca("Test_CA1", "system", "./TestRepos/");
00040         RequestGenerationData rgd = ca.getRequestDefaults(E_Client_Req);
00041         
00042         // ------------------------ Set DN --------------------------------
00043         
00044         List<RDNObject> dnl = rgd.getSubjectDN().getDN();
00045         List<RDNObject>::iterator dnit;
00046         
00047         for(dnit = dnl.begin(); dnit != dnl.end(); ++dnit)
00048         {
00049             if((*dnit).getType() == "countryName")
00050             {
00051                 (*dnit).setRDNValue("DE");
00052             }
00053             else if((*dnit).getType() == "commonName")
00054             {
00055                 (*dnit).setRDNValue("Full Test Certificate");
00056             }
00057             else if((*dnit).getType() == "emailAddress")
00058             {
00059                 (*dnit).setRDNValue("suse@suse.de");
00060             }
00061         }
00062         
00063         DNObject dn(dnl);
00064         rgd.setSubjectDN(dn);
00065 
00066         // ------------------------ create request --------------------------------
00067 
00068         blocxx::String r = ca.createRequest("system", rgd, E_Client_Req);
00069         
00070         cout << "RETURN Request " << endl;
00071 
00072         // ------------------------ get issue defaults --------------------------------
00073 
00074         CertificateIssueData cid = ca.getIssueDefaults(E_Client_Cert);
00075 
00076         // ---------------------- create netscape extension -------------------------
00077 
00078         NsBaseUrlExt nsBaseUrl("http://www.my-company.com/");
00079         NsRevocationUrlExt nsRevocationUrl("http://www.my-company.com/revoke.pl");
00080         NsCaRevocationUrlExt nsCaRevocationUrl("http://www.my-company.com/CArevoke.pl");
00081         NsRenewalUrlExt nsRenewalUrl("http://www.my-company.com/renew.pl");
00082         NsCaPolicyUrlExt nsCaPolicyUrl("http://www.my-company.com/policy.html");
00083         NsSslServerNameExt nsSslServerName("*.my-company.com");
00084         NsCommentExt nsComment("My Company Certificate");
00085 
00086         // ---------------------- create bit extension -----------------------------
00087 
00088         KeyUsageExt   ku(KeyUsageExt::decipherOnly);
00089         NsCertTypeExt nsCertType(NsCertTypeExt::objCA | 
00090                                  NsCertTypeExt::emailCA |
00091                                  NsCertTypeExt::sslCA);
00092 
00093         // -------------- create basic constrains extension -----------------------
00094 
00095         BasicConstraintsExt basicConstraints(true, 3);
00096 
00097         // -------------- create extended keyUsage extension ----------------------
00098 
00099         StringList sl;
00100         sl.push_back("2.3.4.5");
00101         sl.push_back("2.12.10.39");
00102         sl.push_back("codeSigning");
00103         sl.push_back("msCTLSign");
00104         sl.push_back("nsSGC");
00105 
00106         ExtendedKeyUsageExt extendedKeyUsage( sl );
00107 
00108         // ----------------- create key identifier extension ---------------------
00109         
00110         SubjectKeyIdentifierExt subjectKeyIdentifier(true);
00111         AuthorityKeyIdentifierGenerateExt 
00112             authorityKeyIdentifier(
00113                                    AuthorityKeyIdentifierGenerateExt::KeyID_always,
00114                                    AuthorityKeyIdentifierGenerateExt::Issuer_always);
00115 
00116         // ------------------ create alternative extension -----------------------
00117         
00118         List<LiteralValue> list;
00119         list.push_back(LiteralValue("IP", "164.34.35.184"));
00120         list.push_back(LiteralValue("DNS", "ca.my-company.com"));
00121         list.push_back(LiteralValue("RID", "1.2.3.4"));
00122         list.push_back(LiteralValue("email", "me@my-company.com"));
00123         list.push_back(LiteralValue("URI", "http://www.my-company.com/"));
00124         
00125         SubjectAlternativeNameExt subjectAlternativeName(true, list);
00126         IssuerAlternativeNameExt issuerAlternativeName(true, list);
00127 
00128         // -------------- create authority information extension ------------------
00129        
00130         List<AuthorityInformation> info;
00131         info.push_back(AuthorityInformation("OCSP", 
00132                                             LiteralValue("URI",
00133                                                          "http://www.my-company.com/ocsp.pl")));
00134         info.push_back(AuthorityInformation("caIssuers", 
00135                                             LiteralValue("URI",
00136                                                          "http://www.my-company.com/caIssuer.html")));
00137 
00138         AuthorityInfoAccessExt authorityInfoAccess;
00139         authorityInfoAccess.setAuthorityInformation(info);
00140 
00141         // -------------------- create CRL dist point extension -------------------
00142 
00143         List<LiteralValue> crldist;
00144         crldist.push_back(LiteralValue("URI",
00145                                        "ldap://ldap.my-company.com/?ou=PKI%2ddc=my-company%2ddc=com"));
00146 
00147         CRLDistributionPointsExt crlDistributionPoints;
00148         crlDistributionPoints.setCRLDistributionPoints(crldist);
00149 
00150         // ------------------ create certificate policy extension ------------------
00151 
00152         blocxx::List<CertificatePolicy> p;
00153         p.push_back(CertificatePolicy("1.12.35.1"));
00154 
00155         CertificatePolicy p2;
00156         p2.setPolicyIdentifier("1.3.6.8");
00157         
00158         StringList slp;
00159         slp.push_back("http://www.my-company.com/");
00160         slp.push_back("http://www2.my-company.com/");
00161         p2.setCpsURI(slp);
00162 
00163         List<Int32> num;
00164         num.push_back(1);
00165         num.push_back(5);
00166         num.push_back(8);
00167 
00168         UserNotice un;
00169         un.setExplicitText("This is the explicite Text");
00170         un.setOrganizationNotice("My Company", num);
00171 
00172         List<UserNotice> unl;
00173         unl.push_back(un);
00174         p2.setUserNoticeList(unl);
00175         p.push_back(p2);
00176 
00177         CertificatePoliciesExt certificatePolicies(p);
00178         
00179         // ---------------------- get current extensions --------------------------
00180 
00181         X509v3CertificateIssueExts ex = cid.getExtensions();
00182 
00183         // ------------------------ set new extensions ----------------------------
00184 
00185         ex.setNsBaseUrl(nsBaseUrl);
00186         ex.setNsRevocationUrl(nsRevocationUrl);
00187         ex.setNsCaRevocationUrl(nsCaRevocationUrl);
00188         ex.setNsRenewalUrl(nsRenewalUrl);
00189         ex.setNsCaPolicyUrl(nsCaPolicyUrl);
00190         ex.setNsSslServerName(nsSslServerName);
00191         ex.setNsComment(nsComment);
00192 
00193         ex.setNsCertType(nsCertType);
00194         ex.setKeyUsage(ku);
00195 
00196         ex.setBasicConstraints(basicConstraints);
00197         ex.setExtendedKeyUsage(extendedKeyUsage);
00198         ex.setSubjectKeyIdentifier(subjectKeyIdentifier);
00199         ex.setAuthorityKeyIdentifier(authorityKeyIdentifier);
00200         ex.setSubjectAlternativeName(subjectAlternativeName);
00201         ex.setIssuerAlternativeName(issuerAlternativeName);
00202         ex.setAuthorityInfoAccess(authorityInfoAccess);
00203         ex.setCRLDistributionPoints(crlDistributionPoints);
00204         ex.setCertificatePolicies(certificatePolicies);
00205 
00206         cid.setExtensions(ex);
00207         
00208         blocxx::String c = ca.issueCertificate(r, cid, E_CA_Cert);
00209 
00210         cout << "RETURN Certificate " << endl;
00211     }
00212     catch(Exception& e)
00213     {
00214         cerr << e << endl;
00215     }
00216 
00217     return 0;
00218 }
00219 
00220 /* vim: set ts=8 sts=8 sw=8 ai noet: */
Generated on Mon Nov 27 22:50:13 2006 for limal-ca-mgm by  doxygen 1.5.0