limal::ca_mgm::CA Class Reference

Managing a CA repository. More...

#include <CA.hpp>

List of all members.

Public Member Functions
	CA (const String &caName, const String &caPasswd, const String &repos=REPOSITORY)
	~CA ()
String	createSubCA (const String &newCaName, const String &keyPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData)
String	createRequest (const String &keyPasswd, const RequestGenerationData &requestData, Type requestType)
String	issueCertificate (const String &requestName, const CertificateIssueData &issueData, Type certType)
String	createCertificate (const String &keyPasswd, const RequestGenerationData &requestData, const CertificateIssueData &certificateData, Type type)
void	revokeCertificate (const String &certificateName, const CRLReason &crlReason=CRLReason())
void	createCRL (const CRLGenerationData &crlData)
String	importRequestData (const limal::ByteBuffer &request, FormatType formatType=E_PEM)
String	importRequest (const String &requestFile, FormatType formatType=E_PEM)
CertificateIssueData	getIssueDefaults (Type type)
RequestGenerationData	getRequestDefaults (Type type)
CRLGenerationData	getCRLDefaults ()
void	setIssueDefaults (Type type, const CertificateIssueData &defaults)
void	setRequestDefaults (Type type, const RequestGenerationData &defaults)
void	setCRLDefaults (const CRLGenerationData &defaults)
BLOCXX_NAMESPACE::Array< BLOCXX_NAMESPACE::Map< BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String > >	getCertificateList ()
BLOCXX_NAMESPACE::Array< BLOCXX_NAMESPACE::Map< BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String > >	getRequestList ()
CertificateData	getCA ()
RequestData	getRequest (const String &requestName)
CertificateData	getCertificate (const String &certificateName)
CRLData	getCRL ()
limal::ByteBuffer	exportCACert (FormatType exportType)
limal::ByteBuffer	exportCAKeyAsPEM (const String &newPassword)
limal::ByteBuffer	exportCAKeyAsDER ()
limal::ByteBuffer	exportCAasPKCS12 (const String &p12Password, bool withChain=false)
limal::ByteBuffer	exportCertificate (const String &certificateName, FormatType exportType)
limal::ByteBuffer	exportCertificateKeyAsPEM (const String &certificateName, const String &keyPassword, const String &newPassword)
limal::ByteBuffer	exportCertificateKeyAsDER (const String &certificateName, const String &keyPassword)
limal::ByteBuffer	exportCertificateAsPKCS12 (const String &certificateName, const String &keyPassword, const String &p12Password, bool withChain=false)
limal::ByteBuffer	exportCRL (FormatType exportType)
void	deleteRequest (const String &requestName)
void	deleteCertificate (const String &certificateName, bool requestToo=true)
void	updateDB ()
bool	verifyCertificate (const String &certificateName, bool crlCheck=true, const String &purpose=String("any"))
CAConfig *	getConfig ()
Static Public Member Functions
static void	createRootCA (const String &caName, const String &caPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData, const String &repos=REPOSITORY)
static void	importCA (const String &caName, const limal::ByteBuffer &caCertificate, const limal::ByteBuffer &caKey, const String &caPasswd=String(), const String &repos=REPOSITORY)
static BLOCXX_NAMESPACE::Array< BLOCXX_NAMESPACE::String >	getCAList (const String &repos=REPOSITORY)
static BLOCXX_NAMESPACE::List< BLOCXX_NAMESPACE::Array< BLOCXX_NAMESPACE::String > >	getCATree (const String &repos=REPOSITORY)
static CertificateIssueData	getRootCAIssueDefaults (const String &repos=REPOSITORY)
static RequestGenerationData	getRootCARequestDefaults (const String &repos=REPOSITORY)
static void	deleteCA (const String &caName, const String &caPasswd, bool force=false, const String &repos=REPOSITORY)
Private Member Functions
	CA ()
	CA (const CA &)
CA &	operator= (const CA &)
void	checkDNPolicy (const DNObject &dn, Type type)
String	initConfigFile ()
void	commitConfig2Template ()
void	removeDefaultsFromConfig ()
Private Attributes
BLOCXX_NAMESPACE::COWIntrusiveReference< CAImpl >	m_impl

---

Detailed Description

Managing a CA repository.

This class provides methods for managing a CA repository. If you want to know how to use these methods and functions have a look at the example page

Examples:

CreateCertificate.cpp, Export.cpp, and RevokeCertificateAndCreateCRL.cpp.

---

Constructor & Destructor Documentation

limal::ca_mgm::CA::CA (  const String &  caName, const String &  caPasswd, const String &  repos = REPOSITORY )

Construct a CA object. Parameters: caName  the name of this CA. caPasswd  the password of this CA. repos  directory path to the repository root

limal::ca_mgm::CA::~CA (   )

Destructor of CA.

limal::ca_mgm::CA::CA (   )  [private]

limal::ca_mgm::CA::CA (  const CA &   )  [private]

---

Member Function Documentation

void limal::ca_mgm::CA::checkDNPolicy (  const DNObject &  dn, Type  type )  [private]

Check if the given dn matches the policy defined in the configuration file On error this method throws exceptions. Parameters: dn  the DN object type  the Type of the certificate which should be signed

void limal::ca_mgm::CA::commitConfig2Template (   )  [private]

Copy Config file to template On error this method throws exceptions.

String limal::ca_mgm::CA::createCertificate (  const String &  keyPasswd, const RequestGenerationData &  requestData, const CertificateIssueData &  certificateData, Type  type )

Create a certificate in the specified CA On error this method throws exceptions. Parameters: keyPasswd  the password for the private key requestData  the data for the request certificateData  the data of the certificate type  the type of the certificate Returns: the name of the certificate

void limal::ca_mgm::CA::createCRL (  const CRLGenerationData &  crlData  )

Create a new CRL with the specified data. On error this method throws exceptions. Parameters: crlData  the data for the new CRL

String limal::ca_mgm::CA::createRequest (  const String &  keyPasswd, const RequestGenerationData &  requestData, Type  requestType )

Create a certificate request in the specified CA On error this method throws exceptions. Parameters: keyPasswd  the password for the private key requestData  the data for the request requestType  the type of the request Returns: the name of the new request

static void limal::ca_mgm::CA::createRootCA (  const String &  caName, const String &  caPasswd, const RequestGenerationData &  caRequestData, const CertificateIssueData &  caIssueData, const String &  repos = REPOSITORY )  [static]

Create a new selfsigned root CA plus the whole needed infrastructure. On error this function throws exceptions. Parameters: caName  the name for this CA caPasswd  the password for this CA caRequestData  the data for the request caIssueData  the data to signing the CA repos  the path to the repository root directory

String limal::ca_mgm::CA::createSubCA (  const String &  newCaName, const String &  keyPasswd, const RequestGenerationData &  caRequestData, const CertificateIssueData &  caIssueData )

Create a new Sub CA and with the whole needed infrastructure. On error this method throws exceptions. Parameters: newCaName  the name for the new CA keyPasswd  the password for the private key caRequestData  data for the request generation caIssueData  the required data to sign the request Returns: The name of the certificate file

static void limal::ca_mgm::CA::deleteCA (  const String &  caName, const String &  caPasswd, bool  force = false, const String &  repos = REPOSITORY )  [static]

Delete a Certificate Authority infrastructure Normaly you can only delete a CA if the CA certificate is expired or you have never signed a certificate with this CA. In all other cases you have to set the force parameter to "true" if you realy want to delete the CA and you know what you do. On error this function throws exceptions. Parameters: caName  the name of the CA to delete caPasswd  the password of the CA force  no checks, simply delete the CA repos  the path to the repository root directory

void limal::ca_mgm::CA::deleteCertificate (  const String &  certificateName, bool  requestToo = true )

Delete the specified certificate together with the corresponding request and private key if requestToo is set to true. This function works only for revoked or expired certificates. On error this method throws exceptions. Parameters: certificateName  the certificate to delete requestToo  if set to true also request and key file will be deleted if they exists

void limal::ca_mgm::CA::deleteRequest (  const String &  requestName  )

Delete a Request. This function removes also the private key if one is available. On error this method throws exceptions. Parameters: requestName  the name of the request

limal::ByteBuffer limal::ca_mgm::CA::exportCAasPKCS12 (  const String &  p12Password, bool  withChain = false )

Return the CA certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions. Parameters: p12Password  the password for the private key withChain  should the certificate chain be included set this to true, otherwise set this to false Returns: the data in PKCS12 format Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCACert (  FormatType  exportType  )

Return the CA certificate in PEM or DER format. On error this method throws exceptions. Parameters: exportType  the type in which the CA should be exported Returns: this CA certificate Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsDER (   )

Return the CA private key in DER format. The private Key is decrypted. On error this method throws exceptions. Returns: the private key of the CA in DER format Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsPEM (  const String &  newPassword  )

Return the CA private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions. Parameters: newPassword  the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. Returns: the private key of the CA in PEM format Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificate (  const String &  certificateName, FormatType  exportType )

Return the specified certificate in PEM or DER format On error this method throws exceptions. Parameters: certificateName  the name of the certificate exportType  the format in which the certificate should be exported Returns: the certificate data Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificateAsPKCS12 (  const String &  certificateName, const String &  keyPassword, const String &  p12Password, bool  withChain = false )

Return the certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions. Parameters: certificateName  the name of the certificate keyPassword  the current password of the key. p12Password  the password for the private key withChain  should the certificate chain be included set this to true, otherwise set this to false Returns: the data in PKCS12 format Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsDER (  const String &  certificateName, const String &  keyPassword )

Return the certificate private key in DER format. The private Key is decrypted. On error this method throws exceptions. Parameters: certificateName  the name of the certificate keyPassword  the current password of the key. Returns: the private key in DER format Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsPEM (  const String &  certificateName, const String &  keyPassword, const String &  newPassword )

Return the certificate private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions. Parameters: certificateName  the name of the certificate keyPassword  the current password of the key. newPassword  the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted. Returns: the private key of the certificate in PEM format Examples: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCRL (  FormatType  exportType  )

Export the CRL of this CA in the requested format type. On error this method throws exceptions. Parameters: exportType  the format type Returns: the CRL in the requested format Examples: Export.cpp.

CertificateData limal::ca_mgm::CA::getCA (   )

Parse this CA and return the data. On error this method throws exceptions. Returns: the CA data

static BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::String> limal::ca_mgm::CA::getCAList (  const String &  repos = REPOSITORY  )  [static]

Get a list of available CAs On error this function throws exceptions. Parameters: repos  the path to the repository root directory Returns: Array of Strings of available CAs

static BLOCXX_NAMESPACE ::List< BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getCATree (  const String &  repos = REPOSITORY  )  [static]

Return a table of the available CAs and its issuer. If the CA is self-signed the issuer field is empty. caName issuer caName RootCA   UserCA RootCA IPSecCA UserCA On error this function throws exceptions. Parameters: repos  the path to the repository root directory Returns: a list of lists of the available CAs

CertificateData limal::ca_mgm::CA::getCertificate (  const String &  certificateName  )

Parse a certificate and return the data. On error this method throws exceptions. Parameters: certificateName  the name of the certificate Returns: the certificate data

BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::Map< BLOCXX_NAMESPACE ::String, BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getCertificateList (   )

Get an Array of maps with all certificates of the defined CA. On error this method throws exceptions. Returns: a list of maps with all certificates in this CA. the map keys are: certificate (the name of the certificate) commonName emailAddress countryName stateOrProvinceName localityName organizationName organizationalUnitName status (The status of the certificate: "valid", "revoked", "expired")

CAConfig* limal::ca_mgm::CA::getConfig (   )

Return the current config object Returns: the config object

CRLData limal::ca_mgm::CA::getCRL (   )

Parse the current CRL of this CA and return the data. On error this method throws exceptions. Returns: the CRL data

CRLGenerationData limal::ca_mgm::CA::getCRLDefaults (   )

Get a CRLGenerationData object with current default settings for this CA. On error this method throws exceptions. Returns: a CRLGenerationData object with the current defaults

CertificateIssueData limal::ca_mgm::CA::getIssueDefaults (  Type  type  )

Get a CertificateIssueData object with current signing default settings for this CA and the specific type. On error this method throws exceptions. Parameters: type  the requested certificate type Returns: a CertificateIssueData object with the current defaults

RequestData limal::ca_mgm::CA::getRequest (  const String &  requestName  )

Parse a request and return the data. On error this method throws exceptions. Parameters: requestName  the name of the Request Returns: the request data

RequestGenerationData limal::ca_mgm::CA::getRequestDefaults (  Type  type  )

Get a RequestGenerationData object with current request default settings for this CA and the specific type. On error this method throws exceptions. Parameters: type  the requested certificate type Returns: a RequestGenerationData object with the current defaults Examples: CreateCertificate.cpp, and RevokeCertificateAndCreateCRL.cpp.

BLOCXX_NAMESPACE ::Array< BLOCXX_NAMESPACE ::Map< BLOCXX_NAMESPACE ::String, BLOCXX_NAMESPACE ::String> > limal::ca_mgm::CA::getRequestList (   )

Get an Array of maps with all requests of the defined CA. On error this method throws exceptions. Returns: a list of maps with all requests in this CA. the map keys are: request (the name of the request) commonName emailAddress countryName stateOrProvinceName localityName organizationName organizationalUnitName date

static CertificateIssueData limal::ca_mgm::CA::getRootCAIssueDefaults (  const String &  repos = REPOSITORY  )  [static]

Get a CertificateIssueData object with current signing default settings for a Root CA. On error this function throws exceptions. Parameters: repos  the path to the repository root directory Returns: a CertificateIssueData object with the current defaults

static RequestGenerationData limal::ca_mgm::CA::getRootCARequestDefaults (  const String &  repos = REPOSITORY  )  [static]

Get a RequestGenerationData object with current request default settings for a Root CA. On error this function throws exceptions. Parameters: repos  the path to the repository root directory Returns: a RequestGenerationData object with the current defaults

static void limal::ca_mgm::CA::importCA (  const String &  caName, const limal::ByteBuffer &  caCertificate, const limal::ByteBuffer &  caKey, const String &  caPasswd = String(), const String &  repos = REPOSITORY )  [static]

Import a CA certificate and private key and creates a infrastructure. On error this function throws exceptions. Parameters: caName  the name of the CA caCertificate  the CA certificate data in PEM format caKey  the private key in PEM format caPasswd  password of the private key or a new password if the key is unencrypted repos  the path to the repository root directory

String limal::ca_mgm::CA::importRequest (  const String &  requestFile, FormatType  formatType = E_PEM )

Import a request in a CA repository. On error this method throws exceptions. Parameters: requestFile  the request file formatType  the input format type Returns: the name of the request

String limal::ca_mgm::CA::importRequestData (  const limal::ByteBuffer &  request, FormatType  formatType = E_PEM )

Import a request in a CA repository. On error this method throws exceptions. Parameters: request  the request data formatType  the input format type Returns: the name of the request

String limal::ca_mgm::CA::initConfigFile (   )  [private]

Initialize the config file On error this method throws exceptions. Copy the template to a configfile and create the config object Returns: the name of the config file

String limal::ca_mgm::CA::issueCertificate (  const String &  requestName, const CertificateIssueData &  issueData, Type  certType )

Issue a certificate in the specified CA On error this method throws exceptions. Parameters: requestName  the name of the request which sould be signed issueData  the issuing data certType  the type of the certificate Returns: the name of the certificate

CA& limal::ca_mgm::CA::operator= (  const CA &   )  [private]

void limal::ca_mgm::CA::removeDefaultsFromConfig (   )  [private]

remove _default values from configfile

void limal::ca_mgm::CA::revokeCertificate (  const String &  certificateName, const CRLReason &  crlReason = CRLReason() )

Revoke a certificate. On error this method throws exceptions. Note: This function does not create a new CRL. Parameters: certificateName  the name of the certificate to revoke crlReason  a crlReason object which describes the reason why this certificate is revoked.

void limal::ca_mgm::CA::setCRLDefaults (  const CRLGenerationData &  defaults  )

Set CRL defaults for this CA On error this method throws exceptions. Parameters: defaults  the new CRL defaults

void limal::ca_mgm::CA::setIssueDefaults (  Type  type, const CertificateIssueData &  defaults )

Set the signing defaults for this CA and the specific certType On error this method throws exceptions. Parameters: type  the requested certificate type defaults  the new certificate defaults

void limal::ca_mgm::CA::setRequestDefaults (  Type  type, const RequestGenerationData &  defaults )

Set the request defaults for this CA and the specific certType On error this method throws exceptions. Parameters: type  the requested certificate type defaults  the new certificate defaults

void limal::ca_mgm::CA::updateDB (   )

Update the internal openssl database. On error this method throws exceptions.

bool limal::ca_mgm::CA::verifyCertificate (  const String &  certificateName, bool  crlCheck = true, const String &  purpose = String("any") )

Verify a certificate. On error this method throws exceptions. Parameters: certificateName  the name of the certificate crlCheck  verify against the CRLs purpose  check for a specific certificate purpose valid purpose string are: sslclient sslserver nssslserver smimesign smimeencrypt crlsign ocsphelper any (default) Returns: true if the certificate is valid, otherwise false.

---

Member Data Documentation

BLOCXX_NAMESPACE ::COWIntrusiveReference<CAImpl> limal::ca_mgm::CA::m_impl [private]

---

The documentation for this class was generated from the following file:

• CA.hpp

---