Managing a CA repository.
More...
#include <CA.hpp>
List of all members.
Public Member Functions |
| | CA (const String &caName, const String &caPasswd, const String &repos=REPOSITORY) |
| | ~CA () |
| String | createSubCA (const String &newCaName, const String &keyPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData) |
| String | createRequest (const String &keyPasswd, const RequestGenerationData &requestData, Type requestType) |
| String | issueCertificate (const String &requestName, const CertificateIssueData &issueData, Type certType) |
| String | createCertificate (const String &keyPasswd, const RequestGenerationData &requestData, const CertificateIssueData &certificateData, Type type) |
| void | revokeCertificate (const String &certificateName, const CRLReason &crlReason=CRLReason()) |
| void | createCRL (const CRLGenerationData &crlData) |
| String | importRequestData (const limal::ByteBuffer &request, FormatType formatType=E_PEM) |
| String | importRequest (const String &requestFile, FormatType formatType=E_PEM) |
| CertificateIssueData | getIssueDefaults (Type type) |
| RequestGenerationData | getRequestDefaults (Type type) |
| CRLGenerationData | getCRLDefaults () |
| void | setIssueDefaults (Type type, const CertificateIssueData &defaults) |
| void | setRequestDefaults (Type type, const RequestGenerationData &defaults) |
| void | setCRLDefaults (const CRLGenerationData &defaults) |
BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::Map
< BLOCXX_NAMESPACE::String,
BLOCXX_NAMESPACE::String > > | getCertificateList () |
BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::Map
< BLOCXX_NAMESPACE::String,
BLOCXX_NAMESPACE::String > > | getRequestList () |
| CertificateData | getCA () |
| RequestData | getRequest (const String &requestName) |
| CertificateData | getCertificate (const String &certificateName) |
| CRLData | getCRL () |
| limal::ByteBuffer | exportCACert (FormatType exportType) |
| limal::ByteBuffer | exportCAKeyAsPEM (const String &newPassword) |
| limal::ByteBuffer | exportCAKeyAsDER () |
| limal::ByteBuffer | exportCAasPKCS12 (const String &p12Password, bool withChain=false) |
| limal::ByteBuffer | exportCertificate (const String &certificateName, FormatType exportType) |
| limal::ByteBuffer | exportCertificateKeyAsPEM (const String &certificateName, const String &keyPassword, const String &newPassword) |
| limal::ByteBuffer | exportCertificateKeyAsDER (const String &certificateName, const String &keyPassword) |
| limal::ByteBuffer | exportCertificateAsPKCS12 (const String &certificateName, const String &keyPassword, const String &p12Password, bool withChain=false) |
| limal::ByteBuffer | exportCRL (FormatType exportType) |
| void | deleteRequest (const String &requestName) |
| void | deleteCertificate (const String &certificateName, bool requestToo=true) |
| void | updateDB () |
| bool | verifyCertificate (const String &certificateName, bool crlCheck=true, const String &purpose=String("any")) |
| CAConfig * | getConfig () |
Static Public Member Functions |
| static void | createRootCA (const String &caName, const String &caPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData, const String &repos=REPOSITORY) |
| static void | importCA (const String &caName, const limal::ByteBuffer &caCertificate, const limal::ByteBuffer &caKey, const String &caPasswd=String(), const String &repos=REPOSITORY) |
static BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::String > | getCAList (const String &repos=REPOSITORY) |
static BLOCXX_NAMESPACE::List
< BLOCXX_NAMESPACE::Array
< BLOCXX_NAMESPACE::String > > | getCATree (const String &repos=REPOSITORY) |
| static CertificateIssueData | getRootCAIssueDefaults (const String &repos=REPOSITORY) |
| static RequestGenerationData | getRootCARequestDefaults (const String &repos=REPOSITORY) |
| static void | deleteCA (const String &caName, const String &caPasswd, bool force=false, const String &repos=REPOSITORY) |
Private Attributes |
BLOCXX_NAMESPACE::COWIntrusiveReference
< CAImpl > | m_impl |
Detailed Description
Managing a CA repository.
This class provides methods for managing a CA repository. If you want to know how to use these methods and functions have a look at the example page
- Examples:
- CreateCertificate.cpp, Export.cpp, and RevokeCertificateAndCreateCRL.cpp.
Constructor & Destructor Documentation
Construct a CA object.
- Parameters:
-
| caName | the name of this CA. |
| caPasswd | the password of this CA. |
| repos | directory path to the repository root |
| limal::ca_mgm::CA::~CA |
( |
| ) |
|
| limal::ca_mgm::CA::CA |
( |
| ) |
|
|
private |
| limal::ca_mgm::CA::CA |
( |
const CA & |
| ) |
|
|
private |
Member Function Documentation
| void limal::ca_mgm::CA::checkDNPolicy |
( |
const DNObject & |
dn, |
|
|
Type |
type |
|
) |
| |
|
private |
Check if the given dn matches the policy defined in the configuration file On error this method throws exceptions.
- Parameters:
-
| dn | the DN object |
| type | the Type of the certificate which should be signed |
| void limal::ca_mgm::CA::commitConfig2Template |
( |
| ) |
|
|
private |
Copy Config file to template On error this method throws exceptions.
Create a certificate in the specified CA On error this method throws exceptions.
- Parameters:
-
| keyPasswd | the password for the private key |
| requestData | the data for the request |
| certificateData | the data of the certificate |
| type | the type of the certificate |
- Returns:
- the name of the certificate
- Examples:
- RevokeCertificateAndCreateCRL.cpp.
Create a new CRL with the specified data. On error this method throws exceptions.
- Parameters:
-
| crlData | the data for the new CRL |
- Examples:
- RevokeCertificateAndCreateCRL.cpp.
Create a certificate request in the specified CA On error this method throws exceptions.
- Parameters:
-
| keyPasswd | the password for the private key |
| requestData | the data for the request |
| requestType | the type of the request |
- Returns:
- the name of the new request
- Examples:
- CreateCertificate.cpp.
Create a new selfsigned root CA plus the whole needed infrastructure. On error this function throws exceptions.
- Parameters:
-
| caName | the name for this CA |
| caPasswd | the password for this CA |
| caRequestData | the data for the request |
| caIssueData | the data to signing the CA |
| repos | the path to the repository root directory |
Create a new Sub CA and with the whole needed infrastructure. On error this method throws exceptions.
- Parameters:
-
| newCaName | the name for the new CA |
| keyPasswd | the password for the private key |
| caRequestData | data for the request generation |
| caIssueData | the required data to sign the request |
- Returns:
- The name of the certificate file
| static void limal::ca_mgm::CA::deleteCA |
( |
const String & |
caName, |
|
|
const String & |
caPasswd, |
|
|
bool |
force = false, |
|
|
const String & |
repos = REPOSITORY |
|
) |
| |
|
static |
Delete a Certificate Authority infrastructure
Normaly you can only delete a CA if the CA certificate is expired or you have never signed a certificate with this CA. In all other cases you have to set the force parameter to "true" if you realy want to delete the CA and you know what you do. On error this function throws exceptions.
- Parameters:
-
| caName | the name of the CA to delete |
| caPasswd | the password of the CA |
| force | no checks, simply delete the CA |
| repos | the path to the repository root directory |
| void limal::ca_mgm::CA::deleteCertificate |
( |
const String & |
certificateName, |
|
|
bool |
requestToo = true |
|
) |
| |
Delete the specified certificate together with the corresponding request and private key if requestToo is set to true. This function works only for revoked or expired certificates. On error this method throws exceptions.
- Parameters:
-
| certificateName | the certificate to delete |
| requestToo | if set to true also request and key file will be deleted if they exists |
| void limal::ca_mgm::CA::deleteRequest |
( |
const String & |
requestName | ) |
|
Delete a Request. This function removes also the private key if one is available. On error this method throws exceptions.
- Parameters:
-
| requestName | the name of the request |
Return the CA certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.
- Parameters:
-
| p12Password | the password for the private key |
| withChain | should the certificate chain be included set this to true, otherwise set this to false |
- Returns:
- the data in PKCS12 format
- Examples:
- Export.cpp.
Return the CA certificate in PEM or DER format. On error this method throws exceptions.
- Parameters:
-
| exportType | the type in which the CA should be exported |
- Returns:
- this CA certificate
- Examples:
- Export.cpp.
Return the CA private key in DER format. The private Key is decrypted. On error this method throws exceptions.
- Returns:
- the private key of the CA in DER format
- Examples:
- Export.cpp.
Return the CA private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.
- Parameters:
-
| newPassword | the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. |
- Returns:
- the private key of the CA in PEM format
- Examples:
- Export.cpp.
Return the specified certificate in PEM or DER format On error this method throws exceptions.
- Parameters:
-
| certificateName | the name of the certificate |
| exportType | the format in which the certificate should be exported |
- Returns:
- the certificate data
- Examples:
- Export.cpp.
| limal::ByteBuffer limal::ca_mgm::CA::exportCertificateAsPKCS12 |
( |
const String & |
certificateName, |
|
|
const String & |
keyPassword, |
|
|
const String & |
p12Password, |
|
|
bool |
withChain = false |
|
) |
| |
Return the certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.
- Parameters:
-
| certificateName | the name of the certificate |
| keyPassword | the current password of the key. |
| p12Password | the password for the private key |
| withChain | should the certificate chain be included set this to true, otherwise set this to false |
- Returns:
- the data in PKCS12 format
- Examples:
- Export.cpp.
Return the certificate private key in DER format. The private Key is decrypted. On error this method throws exceptions.
- Parameters:
-
| certificateName | the name of the certificate |
| keyPassword | the current password of the key. |
- Returns:
- the private key in DER format
- Examples:
- Export.cpp.
Return the certificate private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.
- Parameters:
-
| certificateName | the name of the certificate |
| keyPassword | the current password of the key. |
| newPassword | the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. |
- Returns:
- the private key of the certificate in PEM format
- Examples:
- Export.cpp.
Export the CRL of this CA in the requested format type. On error this method throws exceptions.
- Parameters:
-
| exportType | the format type |
- Returns:
- the CRL in the requested format
- Examples:
- Export.cpp.
Parse this CA and return the data. On error this method throws exceptions.
- Returns:
- the CA data
| static BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::String> limal::ca_mgm::CA::getCAList |
( |
const String & |
repos = REPOSITORY | ) |
|
|
static |
Get a list of available CAs On error this function throws exceptions.
- Parameters:
-
| repos | the path to the repository root directory |
- Returns:
- Array of Strings of available CAs
| static BLOCXX_NAMESPACE::List<BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::String> > limal::ca_mgm::CA::getCATree |
( |
const String & |
repos = REPOSITORY | ) |
|
|
static |
Return a table of the available CAs and its issuer. If the CA is self-signed the issuer field is empty.
| caName | issuer caName |
| RootCA | |
| UserCA | RootCA |
| IPSecCA | UserCA |
On error this function throws exceptions.
- Parameters:
-
| repos | the path to the repository root directory |
- Returns:
- a list of lists of the available CAs
Parse a certificate and return the data. On error this method throws exceptions.
- Parameters:
-
| certificateName | the name of the certificate |
- Returns:
- the certificate data
| BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::Map<BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String> > limal::ca_mgm::CA::getCertificateList |
( |
| ) |
|
Get an Array of maps with all certificates of the defined CA. On error this method throws exceptions.
- Returns:
- a list of maps with all certificates in this CA. the map keys are:
-
certificate (the name of the certificate)
-
commonName
-
emailAddress
-
countryName
-
stateOrProvinceName
-
localityName
-
organizationName
-
organizationalUnitName
-
status (The status of the certificate: "valid", "revoked", "expired")
| CAConfig* limal::ca_mgm::CA::getConfig |
( |
| ) |
|
Return the current config object
- Returns:
- the config object
| CRLData limal::ca_mgm::CA::getCRL |
( |
| ) |
|
Parse the current CRL of this CA and return the data. On error this method throws exceptions.
- Returns:
- the CRL data
Parse a request and return the data. On error this method throws exceptions.
- Parameters:
-
| requestName | the name of the Request |
- Returns:
- the request data
| BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::Map<BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String> > limal::ca_mgm::CA::getRequestList |
( |
| ) |
|
Get an Array of maps with all requests of the defined CA. On error this method throws exceptions.
- Returns:
- a list of maps with all requests in this CA. the map keys are:
-
request (the name of the request)
-
commonName
-
emailAddress
-
countryName
-
stateOrProvinceName
-
localityName
-
organizationName
-
organizationalUnitName
-
date
Get a CertificateIssueData object with current signing default settings for a Root CA. On error this function throws exceptions.
- Parameters:
-
| repos | the path to the repository root directory |
- Returns:
- a CertificateIssueData object with the current defaults
Get a RequestGenerationData object with current request default settings for a Root CA. On error this function throws exceptions.
- Parameters:
-
| repos | the path to the repository root directory |
- Returns:
- a RequestGenerationData object with the current defaults
Import a CA certificate and private key and creates a infrastructure. On error this function throws exceptions.
- Parameters:
-
| caName | the name of the CA |
| caCertificate | the CA certificate data in PEM format |
| caKey | the private key in PEM format |
| caPasswd | password of the private key or a new password if the key is unencrypted |
| repos | the path to the repository root directory |
Import a request in a CA repository. On error this method throws exceptions.
- Parameters:
-
| requestFile | the request file |
| formatType | the input format type |
- Returns:
- the name of the request
Import a request in a CA repository. On error this method throws exceptions.
- Parameters:
-
| request | the request data |
| formatType | the input format type |
- Returns:
- the name of the request
| String limal::ca_mgm::CA::initConfigFile |
( |
| ) |
|
|
private |
Initialize the config file On error this method throws exceptions.
Copy the template to a configfile and create the config object
- Returns:
- the name of the config file
Issue a certificate in the specified CA On error this method throws exceptions.
- Parameters:
-
| requestName | the name of the request which sould be signed |
| issueData | the issuing data |
| certType | the type of the certificate |
- Returns:
- the name of the certificate
- Examples:
- CreateCertificate.cpp.
| CA& limal::ca_mgm::CA::operator= |
( |
const CA & |
| ) |
|
|
private |
| void limal::ca_mgm::CA::removeDefaultsFromConfig |
( |
| ) |
|
|
private |
remove _default values from configfile
Revoke a certificate. On error this method throws exceptions.
- Note:
- This function does not create a new CRL.
- Parameters:
-
| certificateName | the name of the certificate to revoke |
| crlReason | a crlReason object which describes the reason why this certificate is revoked. |
- Examples:
- RevokeCertificateAndCreateCRL.cpp.
Set CRL defaults for this CA On error this method throws exceptions.
- Parameters:
-
| defaults | the new CRL defaults |
Set the signing defaults for this CA and the specific certType On error this method throws exceptions.
- Parameters:
-
| type | the requested certificate type |
| defaults | the new certificate defaults |
Set the request defaults for this CA and the specific certType On error this method throws exceptions.
- Parameters:
-
| type | the requested certificate type |
| defaults | the new certificate defaults |
| void limal::ca_mgm::CA::updateDB |
( |
| ) |
|
Update the internal openssl database. On error this method throws exceptions.
| bool limal::ca_mgm::CA::verifyCertificate |
( |
const String & |
certificateName, |
|
|
bool |
crlCheck = true, |
|
|
const String & |
purpose = String("any") |
|
) |
| |
Verify a certificate. On error this method throws exceptions.
- Parameters:
-
| certificateName | the name of the certificate |
| crlCheck | verify against the CRLs |
| purpose | check for a specific certificate purpose valid purpose string are:
-
sslclient
-
sslserver
-
nssslserver
-
smimesign
-
smimeencrypt
-
crlsign
-
ocsphelper
-
any (default)
|
- Returns:
- true if the certificate is valid, otherwise false.
Member Data Documentation
| BLOCXX_NAMESPACE::COWIntrusiveReference<CAImpl> limal::ca_mgm::CA::m_impl |
|
private |
The documentation for this class was generated from the following file:
