Project

General

Profile

API » History » Version 5

Felix Tiede, 02/23/2013 11:12 AM
Requests are signed with their private keys, needs a digest parameter.

1 1 Felix Tiede
h1. Public API
2
3
The real code is documented, of course. See header files in source:src.
4
For a history of how it was created, see ticket #34.
5
6
Regardless of the files the API is split into, in C++ it looks like this:
7
<pre><code class="cplusplus">namespace Kca
8
{
9
namespace OpenSSL
10
{
11
  enum Digest {
12
    RIPEMD160,
13
    SHA1,
14
    SHA256,
15
    SHA384,
16
    SHA512,
17
  };
18
19
  enum RevocationReason {
20
    Unspecified,
21
    KeyCompromise,
22
    CACompromise,
23
    AffilitionChanged,
24
    Superseded,
25
    CessationOfOperation,
26
    CertificateHold,
27
    RemoveFromCRL = 8
28
  };
29
30 4 Felix Tiede
  class X509Extension {
31 1 Felix Tiede
    bool replace;
32
    bool critical;
33
    QString name;
34
    QString value;
35 4 Felix Tiede
36
    X509Extension(const QString& name, const QString& value,
37
                  bool critical=false, bool replace=false);
38 1 Felix Tiede
  };
39
  typedef QList< X509Extension > ExtensionList;
40
41
  struct CRLEntry {
42
    quint64 serial;
43
    RevocationReason reason;
44
    QDateTime timestamp;
45
  };
46
  typedef QList< CRLEntry > CRL;
47
48 2 Felix Tiede
  QString version();
49
  QString build_information();
50
51 3 Felix Tiede
  quint64 random();
52 1 Felix Tiede
  const QSslKey generateKeyPair(const unsigned int length = 2048);
53
  const QByteArray generateRequest(const QSslKey& key,
54
                                   const QString& subject,
55 5 Felix Tiede
                                   const ExtensionList& extensions,
56
                                   Digest digest = SHA256);
57 1 Felix Tiede
58
  ExtensionList emailCertExtensions();
59
60
  QString requestSubject(const QByteArray& request);
61
  ExtensionList requestExtensions(const QByteArray& request);
62
63
64
  class SigningException : public std::exception
65
  {
66
    public:
67
      enum Operation {
68
        SignCsr,
69
        SignCrl,
70
      };
71
72
      enum Failure {
73
        NoCACertificate,
74
        KeyMismatch,
75
        TimeConstraint,
76
        ExtensionError,
77
        ObjectError,
78
      };
79
80
      ~SigningException() throw();
81
82
      const Operation operation() const throw();
83
      const Failure failure() const throw();
84
      const QString description() const throw();
85
86
    protected:
87
      SigningException(Operation operation, Failure failure, const QString& description) throw();
88
89
      void setFailure(Failure failure) throw();
90
      void setDescription(const QString& description) throw();
91
  };
92
93
94
  class Certificate : public QSslCertificate
95
  {
96
    public:
97
      struct SignatureDetails {
98
        quint64 serial;
99
        Digest digest;
100
        QDateTime effectiveDate;
101
        QDateTime expiryDate;
102
      };
103
104
      Certificate(const QSslKey& key, const QString& subject,
105
                  const SignatureDetails& details, const ExtensionList& extensions) throw(SigningException);
106
107
      bool isCA() const;
108
      bool keyMatch(const QSslKey& key) const;
109
110
      const QSslCertificate sign(const QByteArray& request, const QSslKey& signingKey,
111
                                 const SignatureDetails& details,
112
                                 const ExtensionList& extensions) const throw(SigningException);
113
114
      const QByteArray sign(const CRL& crl, const QSslKey& signingKey,
115
                            const SignatureDetails& details,
116
                            const ExtensionList& extensions) const throw(SigningException);
117
  };
118
119
};
120
};</code></pre>