503 lines
19 KiB
C++
503 lines
19 KiB
C++
// CkPem.h: interface for the CkPem class.
|
|
//
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
// This header is generated for Chilkat 11.3.0
|
|
|
|
#define _CkVersion 11.3.0
|
|
|
|
#ifndef _CkPem_H
|
|
#define _CkPem_H
|
|
|
|
#include "chilkatDefs.h"
|
|
#include "CkString.h"
|
|
#include "CkMultiByteBase.h"
|
|
|
|
class CkCert;
|
|
class CkBinData;
|
|
class CkPrivateKey;
|
|
class CkCertChain;
|
|
class CkPublicKey;
|
|
class CkByteData;
|
|
class CkTask;
|
|
class CkJavaKeyStore;
|
|
class CkPfx;
|
|
|
|
|
|
|
|
#if !defined(__sun__) && !defined(__sun)
|
|
#pragma pack (push, 8)
|
|
#endif
|
|
|
|
|
|
#undef Copy
|
|
|
|
// CLASS: CkPem
|
|
class CK_VISIBLE_PUBLIC CkPem : public CkMultiByteBase
|
|
{
|
|
private:
|
|
|
|
// Don't allow assignment or copying these objects.
|
|
CkPem(const CkPem &);
|
|
CkPem &operator=(const CkPem &);
|
|
|
|
public:
|
|
CkPem(void);
|
|
virtual ~CkPem(void);
|
|
|
|
static CkPem *createNew(void);
|
|
static CkPem *createNew2(int progLang);
|
|
void CK_VISIBLE_PRIVATE inject(void *impl);
|
|
|
|
// May be called when finished with the object to free/dispose of any
|
|
// internal resources held by the object.
|
|
void dispose(void);
|
|
|
|
|
|
|
|
|
|
|
|
// BEGIN PUBLIC INTERFACE
|
|
|
|
// ----------------------
|
|
// Properties
|
|
// ----------------------
|
|
// When set to true, each of the Load* methods appends to the current contents of
|
|
// this PEM object. When set to false, a Load* method replaces the contents of
|
|
// this PEM object. The default is false.
|
|
bool get_AppendMode(void);
|
|
// When set to true, each of the Load* methods appends to the current contents of
|
|
// this PEM object. When set to false, a Load* method replaces the contents of
|
|
// this PEM object. The default is false.
|
|
void put_AppendMode(bool newVal);
|
|
|
|
// The interval in milliseconds between each AbortCheck event callback, which
|
|
// enables an application to abort certain method calls before they complete. By
|
|
// default, HeartbeatMs is set to 0 , meaning no AbortCheck event callbacks will
|
|
// trigger.
|
|
//
|
|
// References:
|
|
// 1: #AbortCheck
|
|
int get_HeartbeatMs(void);
|
|
// The interval in milliseconds between each AbortCheck event callback, which
|
|
// enables an application to abort certain method calls before they complete. By
|
|
// default, HeartbeatMs is set to 0 , meaning no AbortCheck event callbacks will
|
|
// trigger.
|
|
//
|
|
// References:
|
|
// 1: #AbortCheck
|
|
void put_HeartbeatMs(int newVal);
|
|
|
|
// The number of certificates in the loaded PEM. To get the 1st certificate, call
|
|
// GetCert(0).
|
|
int get_NumCerts(void);
|
|
|
|
// The number of certificate revocation lists (CRLs) in the loaded PEM.
|
|
int get_NumCrls(void);
|
|
|
|
// The number of certificate signing requests (CSRs) in the loaded PEM.
|
|
int get_NumCsrs(void);
|
|
|
|
// The number of private keys in the loaded PEM. To get the 1st private key, call
|
|
// GetPrivateKey(0).
|
|
int get_NumPrivateKeys(void);
|
|
|
|
// The number of public keys in the loaded PEM. To get the 1st public key, call
|
|
// GetPublicKey(0).
|
|
int get_NumPublicKeys(void);
|
|
|
|
// Controls the format to be used for unencrypted private keys when writing a PEM.
|
|
// Possible values are pkcs1 and pkcs8 . (OpenSSL typically uses the pkcs8 format.)
|
|
// When writing encrypted private keys to PEM, the format is always PKCS8, and the
|
|
// PEM header is BEGIN ENCRYPTED PRIVATE KEY . The default is pkcs8 .
|
|
//
|
|
// The PKCS1 format uses the PEM header: BEGIN RSA PRIVATE KEY.
|
|
// The PKCS8 format uses the PEM header: BEGIN PRIVATE KEY.
|
|
//
|
|
void get_PrivateKeyFormat(CkString &str);
|
|
// Controls the format to be used for unencrypted private keys when writing a PEM.
|
|
// Possible values are pkcs1 and pkcs8 . (OpenSSL typically uses the pkcs8 format.)
|
|
// When writing encrypted private keys to PEM, the format is always PKCS8, and the
|
|
// PEM header is BEGIN ENCRYPTED PRIVATE KEY . The default is pkcs8 .
|
|
//
|
|
// The PKCS1 format uses the PEM header: BEGIN RSA PRIVATE KEY.
|
|
// The PKCS8 format uses the PEM header: BEGIN PRIVATE KEY.
|
|
//
|
|
const char *privateKeyFormat(void);
|
|
// Controls the format to be used for unencrypted private keys when writing a PEM.
|
|
// Possible values are pkcs1 and pkcs8 . (OpenSSL typically uses the pkcs8 format.)
|
|
// When writing encrypted private keys to PEM, the format is always PKCS8, and the
|
|
// PEM header is BEGIN ENCRYPTED PRIVATE KEY . The default is pkcs8 .
|
|
//
|
|
// The PKCS1 format uses the PEM header: BEGIN RSA PRIVATE KEY.
|
|
// The PKCS8 format uses the PEM header: BEGIN PRIVATE KEY.
|
|
//
|
|
void put_PrivateKeyFormat(const char *newVal);
|
|
|
|
// Controls the format to be used for public keys when writing a PEM. Possible
|
|
// values are pkcs1 and pkcs8 . (OpenSSL typically uses the pkcs8 format.) The
|
|
// default is pkcs8 .
|
|
//
|
|
// The PKCS1 format uses the PEM header: BEGIN RSA PUBLIC KEY.
|
|
// The PKCS8 format uses the PEM header: BEGIN PUBLIC KEY.
|
|
//
|
|
void get_PublicKeyFormat(CkString &str);
|
|
// Controls the format to be used for public keys when writing a PEM. Possible
|
|
// values are pkcs1 and pkcs8 . (OpenSSL typically uses the pkcs8 format.) The
|
|
// default is pkcs8 .
|
|
//
|
|
// The PKCS1 format uses the PEM header: BEGIN RSA PUBLIC KEY.
|
|
// The PKCS8 format uses the PEM header: BEGIN PUBLIC KEY.
|
|
//
|
|
const char *publicKeyFormat(void);
|
|
// Controls the format to be used for public keys when writing a PEM. Possible
|
|
// values are pkcs1 and pkcs8 . (OpenSSL typically uses the pkcs8 format.) The
|
|
// default is pkcs8 .
|
|
//
|
|
// The PKCS1 format uses the PEM header: BEGIN RSA PUBLIC KEY.
|
|
// The PKCS8 format uses the PEM header: BEGIN PUBLIC KEY.
|
|
//
|
|
void put_PublicKeyFormat(const char *newVal);
|
|
|
|
|
|
|
|
// ----------------------
|
|
// Methods
|
|
// ----------------------
|
|
// Adds a certificate, and potentially the certs in its chain of authentication to
|
|
// the PEM. If includeChain is true, then certificates in the cert's chain of
|
|
// authentication up to and including the root are automatically added.
|
|
bool AddCert(CkCert &cert, bool includeChain);
|
|
|
|
|
|
// Adds a certificate, private key, public key, or csr to the PEM. The possible
|
|
// values for itemType are certificate (or cert ), privateKey , publicKey , or csr .
|
|
// The encoding can be Base64 , modBase64 , Base32 , QP (for quoted-printable), URL
|
|
// (for url-encoding), Hex , url_oauth , url_rfc1738 , url_rfc2396 , and
|
|
// url_rfc3986 . The itemData contains the ASN.1 data in string format according to the
|
|
// encoding specified in encoding.
|
|
bool AddItem(const char *itemType, const char *encoding, const char *itemData);
|
|
|
|
|
|
// Loads the PEM from the contents of an PKCS7 container (.p7b) contained in bd.
|
|
//
|
|
// A .p7b (or .p7c) file contains a PKCS#7 container, which may include:
|
|
// * One or more X.509 certificates (a certificate chain)
|
|
// * Optionally, CRLs (Certificate Revocation Lists)
|
|
// * No private key
|
|
//
|
|
// Common Use: Used to bundle intermediate and root certificates for things like
|
|
// SSL certificate chains.
|
|
//
|
|
bool AddP7b(CkBinData &bd);
|
|
|
|
|
|
// Adds a private key to the PEM object.
|
|
bool AddPrivateKey(CkPrivateKey &privateKey);
|
|
|
|
|
|
// Adds a private key and it's associated certificate chain to the PEM object.
|
|
bool AddPrivateKey2(CkPrivateKey &privKey, CkCertChain &certChain);
|
|
|
|
|
|
// Adds a public key to the PEM object.
|
|
bool AddPublicKey(CkPublicKey &pubkey);
|
|
|
|
|
|
// Returns in cert the Nth certificate from the PEM. The first certificate is at
|
|
// index 0.
|
|
bool CertAt(int index, CkCert &cert);
|
|
|
|
|
|
// Removes all content from this PEM object.
|
|
bool Clear(void);
|
|
|
|
|
|
// This method is deprecated. Applications should instead call CertAt .
|
|
//
|
|
// Returns the Nth certificate from the PEM. The first certificate is at index 0.
|
|
//
|
|
// The caller is responsible for deleting the object returned by this method.
|
|
CkCert *GetCert(int index);
|
|
|
|
|
|
// Returns the encoded contents of the Nth item of a particular type (0-based
|
|
// index). The possible values for itemType are certificate (or cert ), privateKey ,
|
|
// publicKey , or csr . Input string args are case-insensitive. If the itemType is
|
|
// privateKey , the itemSubType may be der or pkcs8 . If the itemType is publicKey , the itemSubType
|
|
// may be der or pkcs1 . The itemSubType is ignored for other values of itemType. The valid
|
|
// encoding modes are Base64 , modBase64 , Base32 , Base58 , QP (for quoted-printable),
|
|
// URL (for url-encoding), Hex , url_oauth , url_rfc1738 , url_rfc2396 , and
|
|
// url_rfc3986 .
|
|
bool GetEncodedItem(const char *itemType, const char *itemSubType, const char *encoding, int index, CkString &outStr);
|
|
|
|
// Returns the encoded contents of the Nth item of a particular type (0-based
|
|
// index). The possible values for itemType are certificate (or cert ), privateKey ,
|
|
// publicKey , or csr . Input string args are case-insensitive. If the itemType is
|
|
// privateKey , the itemSubType may be der or pkcs8 . If the itemType is publicKey , the itemSubType
|
|
// may be der or pkcs1 . The itemSubType is ignored for other values of itemType. The valid
|
|
// encoding modes are Base64 , modBase64 , Base32 , Base58 , QP (for quoted-printable),
|
|
// URL (for url-encoding), Hex , url_oauth , url_rfc1738 , url_rfc2396 , and
|
|
// url_rfc3986 .
|
|
const char *getEncodedItem(const char *itemType, const char *itemSubType, const char *encoding, int index);
|
|
// Returns the encoded contents of the Nth item of a particular type (0-based
|
|
// index). The possible values for itemType are certificate (or cert ), privateKey ,
|
|
// publicKey , or csr . Input string args are case-insensitive. If the itemType is
|
|
// privateKey , the itemSubType may be der or pkcs8 . If the itemType is publicKey , the itemSubType
|
|
// may be der or pkcs1 . The itemSubType is ignored for other values of itemType. The valid
|
|
// encoding modes are Base64 , modBase64 , Base32 , Base58 , QP (for quoted-printable),
|
|
// URL (for url-encoding), Hex , url_oauth , url_rfc1738 , url_rfc2396 , and
|
|
// url_rfc3986 .
|
|
const char *encodedItem(const char *itemType, const char *itemSubType, const char *encoding, int index);
|
|
|
|
|
|
// This method is deprecated. Applications should instead call PrivateKeyAt .
|
|
//
|
|
// Returns the Nth private key from the PEM. The first private key is at index 0.
|
|
//
|
|
// The caller is responsible for deleting the object returned by this method.
|
|
CkPrivateKey *GetPrivateKey(int index);
|
|
|
|
|
|
// This method is deprecated. Applications should instead call PublicKeyAt .
|
|
//
|
|
// Returns the Nth public key from the PEM. The first public key is at index 0.
|
|
//
|
|
// The caller is responsible for deleting the object returned by this method.
|
|
CkPublicKey *GetPublicKey(int index);
|
|
|
|
|
|
// Loads the PEM from the contents of an in-memory PKCS7 container (.p7b).
|
|
bool LoadP7b(CkByteData &p7bData);
|
|
|
|
|
|
// Loads the contents of a PKCS7 container (.p7b file).
|
|
bool LoadP7bFile(const char *path);
|
|
|
|
|
|
// Loads the PEM from a PEM string. If encrypted, then the password is required for
|
|
// decryption. Otherwise, an empty string (or any string) may be passed for the
|
|
// password.
|
|
bool LoadPem(const char *pemContent, const char *password);
|
|
|
|
|
|
// Loads the PEM from a PEM file. If encrypted, then the password is required for
|
|
// decryption. Otherwise, an empty string (or any string) may be passed for the
|
|
// password.
|
|
bool LoadPemFile(const char *path, const char *password);
|
|
|
|
|
|
// Loads the caller of the task's async method.
|
|
bool LoadTaskCaller(CkTask &task);
|
|
|
|
|
|
// Returns in privKey the Nth private key from the PEM. The first private key is at
|
|
// index 0.
|
|
bool PrivateKeyAt(int index, CkPrivateKey &privKey);
|
|
|
|
|
|
// Returns in pubKey the Nth public key from the PEM. The first public key is at
|
|
// index 0.
|
|
bool PublicKeyAt(int index, CkPublicKey &pubKey);
|
|
|
|
|
|
// Removes the Nth certificate from the PEM. The first certificate is at index 0.
|
|
bool RemoveCert(int index);
|
|
|
|
|
|
// Removes the Nth private key from the PEM. The first private key is at index 0.
|
|
bool RemovePrivateKey(int index);
|
|
|
|
|
|
// Applications should instead call ToJksObj .
|
|
//
|
|
// Converts the PEM to JKS and returns the Java KeyStore object. If the alias is
|
|
// non-empty, the 1st object (private key or certificate) will use the alias, and
|
|
// all others (if any) will receive auto-generated aliases. The JKS returned will
|
|
// be encrypted using the provided password. If the PEM contains only certificates (no
|
|
// private keys), then the password is unused.
|
|
//
|
|
// The caller is responsible for deleting the object returned by this method.
|
|
CkJavaKeyStore *ToJks(const char *alias, const char *password);
|
|
|
|
|
|
// This function converts this PEM to a Java KeyStore (JKS) object and stores it in
|
|
// jksObj. If alias is provided, it will be used as the alias for the first object in
|
|
// the PEM (either a private key or certificate), while subsequent objects will
|
|
// receive autogenerated aliases. The resulting JKS will be encrypted with password,
|
|
// unless the PEM contains only certificates, in which case password is not used.
|
|
bool ToJksObj(const char *alias, const char *password, CkJavaKeyStore &jksObj);
|
|
|
|
|
|
// Write the PFX to a PEM formatted string. The resultant PEM will contain the
|
|
// private key, as well as the certs in the chain of authentication (or whatever
|
|
// certs are available in the PFX). For example: -----BEGIN RSA PRIVATE KEY-----
|
|
// ...
|
|
// ... the private key associated with the main certificate.
|
|
// ...
|
|
// -----END RSA PRIVATE KEY-----
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the main certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... an intermediate CA certificate (if present)
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the root CA certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
bool ToPem(CkString &outStr);
|
|
|
|
// Write the PFX to a PEM formatted string. The resultant PEM will contain the
|
|
// private key, as well as the certs in the chain of authentication (or whatever
|
|
// certs are available in the PFX). For example: -----BEGIN RSA PRIVATE KEY-----
|
|
// ...
|
|
// ... the private key associated with the main certificate.
|
|
// ...
|
|
// -----END RSA PRIVATE KEY-----
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the main certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... an intermediate CA certificate (if present)
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the root CA certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
const char *toPem(void);
|
|
|
|
// Write the PFX to a PEM formatted string. If extendedAttrs is true, then extended
|
|
// properties (Bag Attributes and Key Attributes) are output. If noKeys is true,
|
|
// then no private keys are output. If noCerts is true, then no certificates are
|
|
// output. If noCaCerts is true, then no CA certs or intermediate CA certs are output.
|
|
// If encryptAlg is not empty, it indicates the encryption algorithm to be used for
|
|
// encrypting the private keys (otherwise the private keys are output unencrypted).
|
|
// The possible choices for the encryptAlg are des3 , aes128 , aes192 , and aes256 . (All
|
|
// encryption algorithm choices use CBC mode.) If the private keys are to be
|
|
// encrypted, then password is the password to be used. Otherwise, password may be left
|
|
// empty. For example:Bag Attributes
|
|
// Microsoft Local Key set: localKeyID: 01 00 00 00
|
|
// friendlyName: le-2b09a3d2-9037-4a05-95cc-4d44518e8607
|
|
// Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
|
|
// Key Attributes
|
|
// X509v3 Key Usage: 10
|
|
// -----BEGIN RSA PRIVATE KEY-----
|
|
// ...
|
|
// ... the private key associated with the main certificate.
|
|
// ...
|
|
// -----END RSA PRIVATE KEY-----
|
|
// Bag Attributes
|
|
// localKeyID: 01 00 00 00
|
|
// 1.3.6.1.4.1.311.17.3.92: 00 08 00 00
|
|
// 1.3.6.1.4.1.311.17.3.20: C2 53 54 F3 ...
|
|
// 1.3.6.1.4.1.311.17.3.71: 49 00 43 00 ...
|
|
// 1.3.6.1.4.1.311.17.3.75: 31 00 42 00 ...
|
|
// subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=something.com
|
|
// issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the main certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// ...
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... an intermediate CA certificate (if present)
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// ...
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the root CA certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
bool ToPemEx(bool extendedAttrs, bool noKeys, bool noCerts, bool noCaCerts, const char *encryptAlg, const char *password, CkString &outStr);
|
|
|
|
// Write the PFX to a PEM formatted string. If extendedAttrs is true, then extended
|
|
// properties (Bag Attributes and Key Attributes) are output. If noKeys is true,
|
|
// then no private keys are output. If noCerts is true, then no certificates are
|
|
// output. If noCaCerts is true, then no CA certs or intermediate CA certs are output.
|
|
// If encryptAlg is not empty, it indicates the encryption algorithm to be used for
|
|
// encrypting the private keys (otherwise the private keys are output unencrypted).
|
|
// The possible choices for the encryptAlg are des3 , aes128 , aes192 , and aes256 . (All
|
|
// encryption algorithm choices use CBC mode.) If the private keys are to be
|
|
// encrypted, then password is the password to be used. Otherwise, password may be left
|
|
// empty. For example:Bag Attributes
|
|
// Microsoft Local Key set: localKeyID: 01 00 00 00
|
|
// friendlyName: le-2b09a3d2-9037-4a05-95cc-4d44518e8607
|
|
// Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
|
|
// Key Attributes
|
|
// X509v3 Key Usage: 10
|
|
// -----BEGIN RSA PRIVATE KEY-----
|
|
// ...
|
|
// ... the private key associated with the main certificate.
|
|
// ...
|
|
// -----END RSA PRIVATE KEY-----
|
|
// Bag Attributes
|
|
// localKeyID: 01 00 00 00
|
|
// 1.3.6.1.4.1.311.17.3.92: 00 08 00 00
|
|
// 1.3.6.1.4.1.311.17.3.20: C2 53 54 F3 ...
|
|
// 1.3.6.1.4.1.311.17.3.71: 49 00 43 00 ...
|
|
// 1.3.6.1.4.1.311.17.3.75: 31 00 42 00 ...
|
|
// subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=something.com
|
|
// issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the main certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// ...
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... an intermediate CA certificate (if present)
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
// ...
|
|
// -----BEGIN CERTIFICATE-----
|
|
// ...
|
|
// ... the root CA certificate
|
|
// ...
|
|
// -----END CERTIFICATE-----
|
|
const char *toPemEx(bool extendedAttrs, bool noKeys, bool noCerts, bool noCaCerts, const char *encryptAlg, const char *password);
|
|
|
|
// Applications should instead call ToPfxObj .
|
|
//
|
|
// Converts this PEM object, which must contain at least one private key, to PKCS12
|
|
// and returns the PFX object. Typically, a PKCS12 file includes one private key,
|
|
// its associated certificate, and the certificate chain.
|
|
//
|
|
// The caller is responsible for deleting the object returned by this method.
|
|
CkPfx *ToPfx(void);
|
|
|
|
|
|
// Converts this PEM object, which must contain at least one private key, to PKCS12
|
|
// and returns the PFX in pfxObj. Typically, a PKCS12 file includes one private key,
|
|
// its associated certificate, and the certificate chain.
|
|
bool ToPfxObj(CkPfx &pfxObj);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// END PUBLIC INTERFACE
|
|
|
|
|
|
};
|
|
#if !defined(__sun__) && !defined(__sun)
|
|
#pragma pack (pop)
|
|
#endif
|
|
|
|
#endif
|