API » History » Version 5
Felix Tiede, 02/23/2013 11:12 AM
Requests are signed with their private keys, needs a digest parameter.
1 | 1 | Felix Tiede | h1. Public API |
---|---|---|---|
2 | |||
3 | The real code is documented, of course. See header files in source:src. |
||
4 | For a history of how it was created, see ticket #34. |
||
5 | |||
6 | Regardless of the files the API is split into, in C++ it looks like this: |
||
7 | <pre><code class="cplusplus">namespace Kca |
||
8 | { |
||
9 | namespace OpenSSL |
||
10 | { |
||
11 | enum Digest { |
||
12 | RIPEMD160, |
||
13 | SHA1, |
||
14 | SHA256, |
||
15 | SHA384, |
||
16 | SHA512, |
||
17 | }; |
||
18 | |||
19 | enum RevocationReason { |
||
20 | Unspecified, |
||
21 | KeyCompromise, |
||
22 | CACompromise, |
||
23 | AffilitionChanged, |
||
24 | Superseded, |
||
25 | CessationOfOperation, |
||
26 | CertificateHold, |
||
27 | RemoveFromCRL = 8 |
||
28 | }; |
||
29 | |||
30 | 4 | Felix Tiede | class X509Extension { |
31 | 1 | Felix Tiede | bool replace; |
32 | bool critical; |
||
33 | QString name; |
||
34 | QString value; |
||
35 | 4 | Felix Tiede | |
36 | X509Extension(const QString& name, const QString& value, |
||
37 | bool critical=false, bool replace=false); |
||
38 | 1 | Felix Tiede | }; |
39 | typedef QList< X509Extension > ExtensionList; |
||
40 | |||
41 | struct CRLEntry { |
||
42 | quint64 serial; |
||
43 | RevocationReason reason; |
||
44 | QDateTime timestamp; |
||
45 | }; |
||
46 | typedef QList< CRLEntry > CRL; |
||
47 | |||
48 | 2 | Felix Tiede | QString version(); |
49 | QString build_information(); |
||
50 | |||
51 | 3 | Felix Tiede | quint64 random(); |
52 | 1 | Felix Tiede | const QSslKey generateKeyPair(const unsigned int length = 2048); |
53 | const QByteArray generateRequest(const QSslKey& key, |
||
54 | const QString& subject, |
||
55 | 5 | Felix Tiede | const ExtensionList& extensions, |
56 | Digest digest = SHA256); |
||
57 | 1 | Felix Tiede | |
58 | ExtensionList emailCertExtensions(); |
||
59 | |||
60 | QString requestSubject(const QByteArray& request); |
||
61 | ExtensionList requestExtensions(const QByteArray& request); |
||
62 | |||
63 | |||
64 | class SigningException : public std::exception |
||
65 | { |
||
66 | public: |
||
67 | enum Operation { |
||
68 | SignCsr, |
||
69 | SignCrl, |
||
70 | }; |
||
71 | |||
72 | enum Failure { |
||
73 | NoCACertificate, |
||
74 | KeyMismatch, |
||
75 | TimeConstraint, |
||
76 | ExtensionError, |
||
77 | ObjectError, |
||
78 | }; |
||
79 | |||
80 | ~SigningException() throw(); |
||
81 | |||
82 | const Operation operation() const throw(); |
||
83 | const Failure failure() const throw(); |
||
84 | const QString description() const throw(); |
||
85 | |||
86 | protected: |
||
87 | SigningException(Operation operation, Failure failure, const QString& description) throw(); |
||
88 | |||
89 | void setFailure(Failure failure) throw(); |
||
90 | void setDescription(const QString& description) throw(); |
||
91 | }; |
||
92 | |||
93 | |||
94 | class Certificate : public QSslCertificate |
||
95 | { |
||
96 | public: |
||
97 | struct SignatureDetails { |
||
98 | quint64 serial; |
||
99 | Digest digest; |
||
100 | QDateTime effectiveDate; |
||
101 | QDateTime expiryDate; |
||
102 | }; |
||
103 | |||
104 | Certificate(const QSslKey& key, const QString& subject, |
||
105 | const SignatureDetails& details, const ExtensionList& extensions) throw(SigningException); |
||
106 | |||
107 | bool isCA() const; |
||
108 | bool keyMatch(const QSslKey& key) const; |
||
109 | |||
110 | const QSslCertificate sign(const QByteArray& request, const QSslKey& signingKey, |
||
111 | const SignatureDetails& details, |
||
112 | const ExtensionList& extensions) const throw(SigningException); |
||
113 | |||
114 | const QByteArray sign(const CRL& crl, const QSslKey& signingKey, |
||
115 | const SignatureDetails& details, |
||
116 | const ExtensionList& extensions) const throw(SigningException); |
||
117 | }; |
||
118 | |||
119 | }; |
||
120 | };</code></pre> |