Managing a CA repository. More...

#include <CA.hpp>

Public Member Functions
	CA (const String &caName, const String &caPasswd, const String &repos=REPOSITORY)
	~CA ()
String	createSubCA (const String &newCaName, const String &keyPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData)
String	createRequest (const String &keyPasswd, const RequestGenerationData &requestData, Type requestType)
String	issueCertificate (const String &requestName, const CertificateIssueData &issueData, Type certType)
String	createCertificate (const String &keyPasswd, const RequestGenerationData &requestData, const CertificateIssueData &certificateData, Type type)
void	revokeCertificate (const String &certificateName, const CRLReason &crlReason=CRLReason())
void	createCRL (const CRLGenerationData &crlData)
String	importRequestData (const limal::ByteBuffer &request, FormatType formatType=E_PEM)
String	importRequest (const String &requestFile, FormatType formatType=E_PEM)
CertificateIssueData	getIssueDefaults (Type type)
RequestGenerationData	getRequestDefaults (Type type)
CRLGenerationData	getCRLDefaults ()
void	setIssueDefaults (Type type, const CertificateIssueData &defaults)
void	setRequestDefaults (Type type, const RequestGenerationData &defaults)
void	setCRLDefaults (const CRLGenerationData &defaults)
BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::Map < BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String > >	getCertificateList ()
BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::Map < BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String > >	getRequestList ()
CertificateData	getCA ()
RequestData	getRequest (const String &requestName)
CertificateData	getCertificate (const String &certificateName)
CRLData	getCRL ()
limal::ByteBuffer	exportCACert (FormatType exportType)
limal::ByteBuffer	exportCAKeyAsPEM (const String &newPassword)
limal::ByteBuffer	exportCAKeyAsDER ()
limal::ByteBuffer	exportCAasPKCS12 (const String &p12Password, bool withChain=false)
limal::ByteBuffer	exportCertificate (const String &certificateName, FormatType exportType)
limal::ByteBuffer	exportCertificateKeyAsPEM (const String &certificateName, const String &keyPassword, const String &newPassword)
limal::ByteBuffer	exportCertificateKeyAsDER (const String &certificateName, const String &keyPassword)
limal::ByteBuffer	exportCertificateAsPKCS12 (const String &certificateName, const String &keyPassword, const String &p12Password, bool withChain=false)
limal::ByteBuffer	exportCRL (FormatType exportType)
void	deleteRequest (const String &requestName)
void	deleteCertificate (const String &certificateName, bool requestToo=true)
void	updateDB ()
bool	verifyCertificate (const String &certificateName, bool crlCheck=true, const String &purpose=String("any"))
CAConfig *	getConfig ()
Static Public Member Functions
static void	createRootCA (const String &caName, const String &caPasswd, const RequestGenerationData &caRequestData, const CertificateIssueData &caIssueData, const String &repos=REPOSITORY)
static void	importCA (const String &caName, const limal::ByteBuffer &caCertificate, const limal::ByteBuffer &caKey, const String &caPasswd=String(), const String &repos=REPOSITORY)
static BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::String >	getCAList (const String &repos=REPOSITORY)
static BLOCXX_NAMESPACE::List < BLOCXX_NAMESPACE::Array < BLOCXX_NAMESPACE::String > >	getCATree (const String &repos=REPOSITORY)
static CertificateIssueData	getRootCAIssueDefaults (const String &repos=REPOSITORY)
static RequestGenerationData	getRootCARequestDefaults (const String &repos=REPOSITORY)
static void	deleteCA (const String &caName, const String &caPasswd, bool force=false, const String &repos=REPOSITORY)
Private Member Functions
	CA ()
	CA (const CA &)
CA &	operator= (const CA &)
void	checkDNPolicy (const DNObject &dn, Type type)
String	initConfigFile ()
void	commitConfig2Template ()
void	removeDefaultsFromConfig ()
Private Attributes
BLOCXX_NAMESPACE::COWIntrusiveReference < CAImpl >	m_impl

Detailed Description

Managing a CA repository.

This class provides methods for managing a CA repository. If you want to know how to use these methods and functions have a look at the example page

Examples:: CreateCertificate.cpp, Export.cpp, and RevokeCertificateAndCreateCRL.cpp.

Constructor & Destructor Documentation

limal::ca_mgm::CA::CA	(	const String &	caName,
		const String &	caPasswd,
		const String &	repos = `REPOSITORY`
	)

Construct a CA object.

Parameters:

caName	the name of this CA.
caPasswd	the password of this CA.
repos	directory path to the repository root

limal::ca_mgm::CA::~CA ( )

Destructor of CA.

limal::ca_mgm::CA::CA ( ) [private]

limal::ca_mgm::CA::CA ( const CA & ) [private]

Member Function Documentation

void limal::ca_mgm::CA::checkDNPolicy	(	const DNObject &	dn,
		Type	type
	)		`[private]`

Check if the given dn matches the policy defined in the configuration file On error this method throws exceptions.

Parameters:

dn	the DN object
type	the Type of the certificate which should be signed

void limal::ca_mgm::CA::commitConfig2Template ( ) [private]

Copy Config file to template On error this method throws exceptions.

String limal::ca_mgm::CA::createCertificate	(	const String &	keyPasswd,
		const RequestGenerationData &	requestData,
		const CertificateIssueData &	certificateData,
		Type	type
	)

Create a certificate in the specified CA On error this method throws exceptions.

Parameters:

keyPasswd	the password for the private key
requestData	the data for the request
certificateData	the data of the certificate
type	the type of the certificate

Returns:: the name of the certificate

Examples:: RevokeCertificateAndCreateCRL.cpp.

void limal::ca_mgm::CA::createCRL ( const CRLGenerationData & crlData )

Create a new CRL with the specified data. On error this method throws exceptions.

Parameters:

crlData the data for the new CRL

Examples:: RevokeCertificateAndCreateCRL.cpp.

String limal::ca_mgm::CA::createRequest	(	const String &	keyPasswd,
		const RequestGenerationData &	requestData,
		Type	requestType
	)

Create a certificate request in the specified CA On error this method throws exceptions.

Parameters:

keyPasswd	the password for the private key
requestData	the data for the request
requestType	the type of the request

Returns:: the name of the new request

Examples:: CreateCertificate.cpp.

static void limal::ca_mgm::CA::createRootCA	(	const String &	caName,
		const String &	caPasswd,
		const RequestGenerationData &	caRequestData,
		const CertificateIssueData &	caIssueData,
		const String &	repos = `REPOSITORY`
	)		`[static]`

Create a new selfsigned root CA plus the whole needed infrastructure. On error this function throws exceptions.

Parameters:

caName	the name for this CA
caPasswd	the password for this CA
caRequestData	the data for the request
caIssueData	the data to signing the CA
repos	the path to the repository root directory

String limal::ca_mgm::CA::createSubCA	(	const String &	newCaName,
		const String &	keyPasswd,
		const RequestGenerationData &	caRequestData,
		const CertificateIssueData &	caIssueData
	)

Create a new Sub CA and with the whole needed infrastructure. On error this method throws exceptions.

Parameters:

newCaName	the name for the new CA
keyPasswd	the password for the private key
caRequestData	data for the request generation
caIssueData	the required data to sign the request

Returns:: The name of the certificate file

static void limal::ca_mgm::CA::deleteCA	(	const String &	caName,
		const String &	caPasswd,
		bool	force = `false`,
		const String &	repos = `REPOSITORY`
	)		`[static]`

Delete a Certificate Authority infrastructure

Normaly you can only delete a CA if the CA certificate is expired or you have never signed a certificate with this CA. In all other cases you have to set the force parameter to "true" if you realy want to delete the CA and you know what you do. On error this function throws exceptions.

Parameters:

caName	the name of the CA to delete
caPasswd	the password of the CA
force	no checks, simply delete the CA
repos	the path to the repository root directory

void limal::ca_mgm::CA::deleteCertificate	(	const String &	certificateName,
		bool	requestToo = `true`
	)

Delete the specified certificate together with the corresponding request and private key if requestToo is set to true. This function works only for revoked or expired certificates. On error this method throws exceptions.

Parameters:

certificateName	the certificate to delete
requestToo	if set to true also request and key file will be deleted if they exists

void limal::ca_mgm::CA::deleteRequest ( const String & requestName )

Delete a Request. This function removes also the private key if one is available. On error this method throws exceptions.

Parameters:

requestName the name of the request

limal::ByteBuffer limal::ca_mgm::CA::exportCAasPKCS12	(	const String &	p12Password,
		bool	withChain = `false`
	)

Return the CA certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.

Parameters:

p12Password	the password for the private key
withChain	should the certificate chain be included set this to true, otherwise set this to false

Returns:: the data in PKCS12 format

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCACert ( FormatType exportType )

Return the CA certificate in PEM or DER format. On error this method throws exceptions.

Parameters:

exportType the type in which the CA should be exported

Returns:: this CA certificate

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsDER ( )

Return the CA private key in DER format. The private Key is decrypted. On error this method throws exceptions.

Returns:: the private key of the CA in DER format

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCAKeyAsPEM ( const String & newPassword )

Return the CA private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.

Parameters:

newPassword the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted.

Returns:: the private key of the CA in PEM format

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificate	(	const String &	certificateName,
		FormatType	exportType
	)

Return the specified certificate in PEM or DER format On error this method throws exceptions.

Parameters:

certificateName	the name of the certificate
exportType	the format in which the certificate should be exported

Returns:: the certificate data

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificateAsPKCS12	(	const String &	certificateName,
		const String &	keyPassword,
		const String &	p12Password,
		bool	withChain = `false`
	)

Return the certificate in PKCS12 format. If withChain is true, all issuer certificates will be included. On error this method throws exceptions.

Parameters:

certificateName	the name of the certificate
keyPassword	the current password of the key.
p12Password	the password for the private key
withChain	should the certificate chain be included set this to true, otherwise set this to false

Returns:: the data in PKCS12 format

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsDER	(	const String &	certificateName,
		const String &	keyPassword
	)

Return the certificate private key in DER format. The private Key is decrypted. On error this method throws exceptions.

Parameters:

certificateName	the name of the certificate
keyPassword	the current password of the key.

Returns:: the private key in DER format

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCertificateKeyAsPEM	(	const String &	certificateName,
		const String &	keyPassword,
		const String &	newPassword
	)

Return the certificate private key in PEM format. If a new Password is given, the key will be encrypted using the newPassword. If newPassword is empty the returned key is decrypted. On error this method throws exceptions.

Parameters:

certificateName	the name of the certificate
keyPassword	the current password of the key.
newPassword	the password to encrypt the private key. If newPassword is empty, the key will be returned decrypted.

Returns:: the private key of the certificate in PEM format

Examples:: Export.cpp.

limal::ByteBuffer limal::ca_mgm::CA::exportCRL ( FormatType exportType )

Export the CRL of this CA in the requested format type. On error this method throws exceptions.

Parameters:

exportType the format type

Returns:: the CRL in the requested format

Examples:: Export.cpp.

CertificateData limal::ca_mgm::CA::getCA ( )

Parse this CA and return the data. On error this method throws exceptions.

Returns:: the CA data

static BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::String> limal::ca_mgm::CA::getCAList ( const String & repos = REPOSITORY ) [static]

Get a list of available CAs On error this function throws exceptions.

Parameters:

repos the path to the repository root directory

Returns:: Array of Strings of available CAs

static BLOCXX_NAMESPACE::List<BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::String> > limal::ca_mgm::CA::getCATree ( const String & repos = REPOSITORY ) [static]

Return a table of the available CAs and its issuer. If the CA is self-signed the issuer field is empty.

caName	issuer caName
RootCA
UserCA	RootCA
IPSecCA	UserCA

On error this function throws exceptions.

Parameters:

repos the path to the repository root directory

Returns:: a list of lists of the available CAs

CertificateData limal::ca_mgm::CA::getCertificate ( const String & certificateName )

Parse a certificate and return the data. On error this method throws exceptions.

Parameters:

certificateName the name of the certificate

Returns:: the certificate data

BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::Map<BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String> > limal::ca_mgm::CA::getCertificateList ( )

Get an Array of maps with all certificates of the defined CA. On error this method throws exceptions.

Returns:

a list of maps with all certificates in this CA. the map keys are:

certificate (the name of the certificate)
commonName
emailAddress
countryName
stateOrProvinceName
localityName
organizationName
organizationalUnitName
status (The status of the certificate: "valid", "revoked", "expired")

CAConfig* limal::ca_mgm::CA::getConfig ( )

Return the current config object

Returns:: the config object

CRLData limal::ca_mgm::CA::getCRL ( )

Parse the current CRL of this CA and return the data. On error this method throws exceptions.

Returns:: the CRL data

CRLGenerationData limal::ca_mgm::CA::getCRLDefaults ( )

Get a CRLGenerationData object with current default settings for this CA. On error this method throws exceptions.

Returns:: a CRLGenerationData object with the current defaults

Examples:: RevokeCertificateAndCreateCRL.cpp.

CertificateIssueData limal::ca_mgm::CA::getIssueDefaults ( Type type )

Get a CertificateIssueData object with current signing default settings for this CA and the specific type. On error this method throws exceptions.

Parameters:

type	the requested certificate type

Returns:: a CertificateIssueData object with the current defaults

Examples:: CreateCertificate.cpp, and RevokeCertificateAndCreateCRL.cpp.

RequestData limal::ca_mgm::CA::getRequest ( const String & requestName )

Parse a request and return the data. On error this method throws exceptions.

Parameters:

requestName the name of the Request

Returns:: the request data

RequestGenerationData limal::ca_mgm::CA::getRequestDefaults ( Type type )

Get a RequestGenerationData object with current request default settings for this CA and the specific type. On error this method throws exceptions.

Parameters:

type	the requested certificate type

Returns:: a RequestGenerationData object with the current defaults

Examples:: CreateCertificate.cpp, and RevokeCertificateAndCreateCRL.cpp.

BLOCXX_NAMESPACE::Array<BLOCXX_NAMESPACE::Map<BLOCXX_NAMESPACE::String, BLOCXX_NAMESPACE::String> > limal::ca_mgm::CA::getRequestList ( )

Get an Array of maps with all requests of the defined CA. On error this method throws exceptions.

Returns:

a list of maps with all requests in this CA. the map keys are:

request (the name of the request)
commonName
emailAddress
countryName
stateOrProvinceName
localityName
organizationName
organizationalUnitName
date

static CertificateIssueData limal::ca_mgm::CA::getRootCAIssueDefaults ( const String & repos = REPOSITORY ) [static]

Get a CertificateIssueData object with current signing default settings for a Root CA. On error this function throws exceptions.

Parameters:

repos the path to the repository root directory

Returns:: a CertificateIssueData object with the current defaults

static RequestGenerationData limal::ca_mgm::CA::getRootCARequestDefaults ( const String & repos = REPOSITORY ) [static]

Get a RequestGenerationData object with current request default settings for a Root CA. On error this function throws exceptions.

Parameters:

repos the path to the repository root directory

Returns:: a RequestGenerationData object with the current defaults

static void limal::ca_mgm::CA::importCA	(	const String &	caName,
		const limal::ByteBuffer &	caCertificate,
		const limal::ByteBuffer &	caKey,
		const String &	caPasswd = `String()`,
		const String &	repos = `REPOSITORY`
	)		`[static]`

Import a CA certificate and private key and creates a infrastructure. On error this function throws exceptions.

Parameters:

caName	the name of the CA
caCertificate	the CA certificate data in PEM format
caKey	the private key in PEM format
caPasswd	password of the private key or a new password if the key is unencrypted
repos	the path to the repository root directory

String limal::ca_mgm::CA::importRequest	(	const String &	requestFile,
		FormatType	formatType = `E_PEM`
	)

Import a request in a CA repository. On error this method throws exceptions.

Parameters:

requestFile	the request file
formatType	the input format type

Returns:: the name of the request

String limal::ca_mgm::CA::importRequestData	(	const limal::ByteBuffer &	request,
		FormatType	formatType = `E_PEM`
	)

Import a request in a CA repository. On error this method throws exceptions.

Parameters:

request	the request data
formatType	the input format type

Returns:: the name of the request

String limal::ca_mgm::CA::initConfigFile ( ) [private]

Initialize the config file On error this method throws exceptions.

Copy the template to a configfile and create the config object

Returns:: the name of the config file

String limal::ca_mgm::CA::issueCertificate	(	const String &	requestName,
		const CertificateIssueData &	issueData,
		Type	certType
	)

Issue a certificate in the specified CA On error this method throws exceptions.

Parameters:

requestName	the name of the request which sould be signed
issueData	the issuing data
certType	the type of the certificate

Returns:: the name of the certificate

Examples:: CreateCertificate.cpp.

CA& limal::ca_mgm::CA::operator= ( const CA & ) [private]

void limal::ca_mgm::CA::removeDefaultsFromConfig ( ) [private]

remove _default values from configfile

void limal::ca_mgm::CA::revokeCertificate	(	const String &	certificateName,
		const CRLReason &	crlReason = `CRLReason()`
	)

Revoke a certificate. On error this method throws exceptions.

Note:: This function does not create a new CRL.

Parameters:

certificateName	the name of the certificate to revoke
crlReason	a crlReason object which describes the reason why this certificate is revoked.

Examples:: RevokeCertificateAndCreateCRL.cpp.

void limal::ca_mgm::CA::setCRLDefaults ( const CRLGenerationData & defaults )

Set CRL defaults for this CA On error this method throws exceptions.

Parameters:

defaults the new CRL defaults

void limal::ca_mgm::CA::setIssueDefaults	(	Type	type,
		const CertificateIssueData &	defaults
	)

Set the signing defaults for this CA and the specific certType On error this method throws exceptions.

Parameters:

type	the requested certificate type
defaults	the new certificate defaults

void limal::ca_mgm::CA::setRequestDefaults	(	Type	type,
		const RequestGenerationData &	defaults
	)

Set the request defaults for this CA and the specific certType On error this method throws exceptions.

Parameters:

type	the requested certificate type
defaults	the new certificate defaults

void limal::ca_mgm::CA::updateDB ( )

Update the internal openssl database. On error this method throws exceptions.

bool limal::ca_mgm::CA::verifyCertificate	(	const String &	certificateName,
		bool	crlCheck = `true`,
		const String &	purpose = `String("any")`
	)

Verify a certificate. On error this method throws exceptions.

Parameters:

certificateName	the name of the certificate
crlCheck	verify against the CRLs
purpose	check for a specific certificate purpose valid purpose string are: sslclient sslserver nssslserver smimesign smimeencrypt crlsign ocsphelper any (default)

Returns:: true if the certificate is valid, otherwise false.

Member Data Documentation

BLOCXX_NAMESPACE::COWIntrusiveReference<CAImpl> limal::ca_mgm::CA::m_impl [private]

The documentation for this class was generated from the following file:

CA.hpp

Public Member Functions

Static Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation