KDE Certification Authority Tool » kCA certificate helper library

h1. Public API

The real code is documented, of course. See header files in source:src.

For a history of how it was created, see ticket #34.

Regardless of the files the API is split into, in C++ it looks like this:

<pre><code class="cplusplus">namespace Kca

{

namespace OpenSSL

{

  enum Digest {

    RIPEMD160,

    SHA1,

    SHA256,

    SHA384,

    SHA512,

  };

  enum RevocationReason {

    Unspecified,

    KeyCompromise,

    CACompromise,

    AffilitionChanged,

    Superseded,

    CessationOfOperation,

    CertificateHold,

    RemoveFromCRL = 8

  };

  class X509Extension {

    bool replace;

    bool critical;

    QString name;

    QString value;

    X509Extension(const QString& name, const QString& value,

                  bool critical=false, bool replace=false);

  };

  typedef QList< X509Extension > ExtensionList;

  struct CRLEntry {

    quint64 serial;

    RevocationReason reason;

    QDateTime timestamp;

  };

  typedef QList< CRLEntry > CRL;

  QString version();

  QString build_information();

  quint64 random();

  const QSslKey generateKeyPair(const unsigned int length = 2048);

  const QByteArray generateRequest(const QSslKey& key,

                                   const QString& subject,

                                   const ExtensionList& extensions);

  ExtensionList emailCertExtensions();

  QString requestSubject(const QByteArray& request);

  ExtensionList requestExtensions(const QByteArray& request);

  class SigningException : public std::exception

  {

    public:

      enum Operation {

        SignCsr,

        SignCrl,

      };

      enum Failure {

        NoCACertificate,

        KeyMismatch,

        TimeConstraint,

        ExtensionError,

        ObjectError,

      };

      ~SigningException() throw();

      const Operation operation() const throw();

      const Failure failure() const throw();

      const QString description() const throw();

    protected:

      SigningException(Operation operation, Failure failure, const QString& description) throw();

      void setFailure(Failure failure) throw();

      void setDescription(const QString& description) throw();

  };

  class Certificate : public QSslCertificate

  {

    public:

      struct SignatureDetails {

        quint64 serial;

        Digest digest;

        QDateTime effectiveDate;

        QDateTime expiryDate;

      };

      Certificate(const QSslKey& key, const QString& subject,

                  const SignatureDetails& details, const ExtensionList& extensions) throw(SigningException);

      bool isCA() const;

      bool keyMatch(const QSslKey& key) const;

      const QSslCertificate sign(const QByteArray& request, const QSslKey& signingKey,

                                 const SignatureDetails& details,

                                 const ExtensionList& extensions) const throw(SigningException);

      const QByteArray sign(const CRL& crl, const QSslKey& signingKey,

                            const SignatureDetails& details,

                            const ExtensionList& extensions) const throw(SigningException);

  };

};

};</code></pre>