Project

General

Profile

Actions
History

API » History » Revision 5

« Previous | Revision 5/11 (diff) | Next »
Felix Tiede, 02/23/2013 11:12 AM
Requests are signed with their private keys, needs a digest parameter.

Public API

The real code is documented, of course. See header files in source:src.
For a history of how it was created, see ticket #34.

Regardless of the files the API is split into, in C++ it looks like this:

namespace Kca
{
namespace OpenSSL
{
  enum Digest {
    RIPEMD160,
    SHA1,
    SHA256,
    SHA384,
    SHA512,
  };

  enum RevocationReason {
    Unspecified,
    KeyCompromise,
    CACompromise,
    AffilitionChanged,
    Superseded,
    CessationOfOperation,
    CertificateHold,
    RemoveFromCRL = 8
  };

  class X509Extension {
    bool replace;
    bool critical;
    QString name;
    QString value;

    X509Extension(const QString& name, const QString& value,
                  bool critical=false, bool replace=false);
  };
  typedef QList< X509Extension > ExtensionList;

  struct CRLEntry {
    quint64 serial;
    RevocationReason reason;
    QDateTime timestamp;
  };
  typedef QList< CRLEntry > CRL;

  QString version();
  QString build_information();

  quint64 random();
  const QSslKey generateKeyPair(const unsigned int length = 2048);
  const QByteArray generateRequest(const QSslKey& key,
                                   const QString& subject,
                                   const ExtensionList& extensions,
                                   Digest digest = SHA256);

  ExtensionList emailCertExtensions();

  QString requestSubject(const QByteArray& request);
  ExtensionList requestExtensions(const QByteArray& request);

  class SigningException : public std::exception
  {
    public:
      enum Operation {
        SignCsr,
        SignCrl,
      };

      enum Failure {
        NoCACertificate,
        KeyMismatch,
        TimeConstraint,
        ExtensionError,
        ObjectError,
      };

      ~SigningException() throw();

      const Operation operation() const throw();
      const Failure failure() const throw();
      const QString description() const throw();

    protected:
      SigningException(Operation operation, Failure failure, const QString& description) throw();

      void setFailure(Failure failure) throw();
      void setDescription(const QString& description) throw();
  };

  class Certificate : public QSslCertificate
  {
    public:
      struct SignatureDetails {
        quint64 serial;
        Digest digest;
        QDateTime effectiveDate;
        QDateTime expiryDate;
      };

      Certificate(const QSslKey& key, const QString& subject,
                  const SignatureDetails& details, const ExtensionList& extensions) throw(SigningException);

      bool isCA() const;
      bool keyMatch(const QSslKey& key) const;

      const QSslCertificate sign(const QByteArray& request, const QSslKey& signingKey,
                                 const SignatureDetails& details,
                                 const ExtensionList& extensions) const throw(SigningException);

      const QByteArray sign(const CRL& crl, const QSslKey& signingKey,
                            const SignatureDetails& details,
                            const ExtensionList& extensions) const throw(SigningException);
  };

};
};

Updated by Felix Tiede over 12 years ago · 11 revisions