RevokeCertificateAndCreateCRL.cpp

This example show how to revoke a certificate and create a certificate revocation list (CRL)

#include <blocxx/Logger.hpp>
#include <blocxx/AppenderLogger.hpp>
#include <blocxx/CerrLogger.hpp>
#include <blocxx/CerrAppender.hpp>
#include <blocxx/String.hpp>
#include <blocxx/PerlRegEx.hpp>
#include <limal/Logger.hpp>
#include <limal/PathInfo.hpp>
#include <limal/ca-mgm/CA.hpp>
#include <limal/ca-mgm/CRLReason.hpp>

#include <iostream>
#include <fstream>
#include <unistd.h>

using namespace blocxx;
using namespace limal;
using namespace limal::ca_mgm;
using namespace std;

int main()
{
    try
    {
        blocxx::StringArray cat;
        cat.push_back("FATAL");
        cat.push_back("ERROR");
        cat.push_back("INFO");
        //cat.push_back("DEBUG");

        // Logging
        LoggerRef l = limal::Logger::createCerrLogger(
                                                      "RevokeCertificate",
                                                      LogAppender::ALL_COMPONENTS,
                                                      cat,
                                                      "%-5p %c - %m"
                                                      );
        limal::Logger::setDefaultLogger(l);
        
        CA ca("Test_CA1", "system", "./TestRepos/");

        // ------------------------ get request defaults -------------------

        RequestGenerationData rgd = ca.getRequestDefaults(E_Server_Req);

        List<RDNObject> dnl = rgd.getSubjectDN().getDN();
        List<RDNObject>::iterator dnit;
        
        // ------------------------ fill the Subject (DN) -------------------

        for(dnit = dnl.begin(); dnit != dnl.end(); ++dnit)
        {
            cout << "DN Key " << (*dnit).getType() << endl;
            
            if((*dnit).getType() == "countryName")
            {
                (*dnit).setRDNValue("DE");
            }
            else if((*dnit).getType() == "commonName")
            {
                (*dnit).setRDNValue("Test Certificate for revocation 2");
            }
            else if((*dnit).getType() == "emailAddress")
            {
                (*dnit).setRDNValue("suse@suse.de");
            }
        }
        
        DNObject dn(dnl);
        rgd.setSubjectDN(dn);

        // ------------------------ get issue defaults ---------------------

        CertificateIssueData cid = ca.getIssueDefaults(E_Server_Cert);

        // ------------------------ create a certificate -------------------

        blocxx::String c = ca.createCertificate("system", rgd, cid,
                                                E_Server_Cert);

        cout << "RETURN Certificate " << endl;

        // ------------------------ set a CRL reason -----------------------

        CRLReason reason("certificateHold");
        reason.setHoldInstruction("holdInstructionCallIssuer");

        // ------------------------ revoke the certificate -----------------

        ca.revokeCertificate(c, reason);

        // ------------------------ get CRL defaults -----------------------

        CRLGenerationData cgd = ca.getCRLDefaults();
        
        // ------------------------ create a CRL ---------------------------

        ca.createCRL(cgd);

        // The CRL is now available at './TestRepos/Test_CA1/crl/crl.pem'

    }
    catch(Exception& e)
    {
        cerr << e << endl;
    }

    return 0;
}

/* vim: set ts=8 sts=8 sw=8 ai noet: */