Task #34: Generate API information - kCA certificate helper library - Redmine

Actions

Copy link

Task #34

closed

Generate API information

Added by Felix Tiede over 12 years ago. Updated almost 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Felix Tiede

Target version:

2.0.0

Start date:

02/08/2013

Due date:

02/13/2013

% Done:

100%

Estimated time:

Spent time:

7:06 h

Description

Create definitve API from which to start development of the library's unit tests and internal coding.

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Updated by Felix Tiede over 12 years ago

Due date changed from 02/11/2013 to 02/18/2013
Status changed from New to In Progress
% Done changed from 0 to 10

Definitely required is the following API:

namespace Kca {
namespace OpenSSL {

enum Digest;
enum RevocationReason;

struct X509Extension {
  bool replace;
  bool critical;
  QString name;
  QString value;
};
typedef QList< X509Extension > ExtensionList;

struct CRLEntry {
  quint64 serial;
  RevocationReason reason;
  QDateTime revoked;
};
typedef QList< CRLEntry > CRL;

quint64 random();
const QSslKey generateKeyPair(const int length=2048);
const ExtensionList emailCertExtensions();

const QString requestSubject(const QByteArray& request);
const ExtensionList requestExtensions(const QByteArray& request);

class Certificate : public QSslCertificate
{
  public:
    struct SignatureDetails {
      quint64 serial;
      Digest digest;
      QDateTime effectiveDate;
      QDateTime expiryDate;
    };

    const QSslCertificate sign(const QByteArray& request, const QSslKey& signingKey,
                               const SignatureDetails& details,
                               const ExtensionList& extensions) const;
    const QByteArray sign(const CRL& crl, const QSslKey& signingkey,
                          const SignatureDetails& details,
                          const ExtensionList& extensions) const;
}; // End class Certificate

}; // End namespace OpenSSL
}; // End namespace Kca

Actions

Copy link

Updated by Felix Tiede over 12 years ago

Due date changed from 02/18/2013 to 02/11/2013
Status changed from In Progress to Completed
% Done changed from 10 to 100

Added methods to extract information from certificate signing requests, see #34-1 (comment 1).

Actions

Copy link

Updated by Felix Tiede over 12 years ago

Due date set to 02/13/2013
Status changed from Completed to In Progress
% Done changed from 0 to 80

It might be a good idea - based on what can wrong during signing operations to create an exception which carries detailed information back to the caller about what went wrong.

Something like this:

namespace Kca {
namespace OpenSSL {
class SignatureException : public exception {
public:
  enum Operation {
    signCsr,
    signCrl,
  };
  enum Failure {
    KeyMismatch,
    Timeconstraint,
    ObjectError,
  };

  Operation operation();
  Failure failure();
  char* description();
};

};
};