ANSCENTER/ANSLibs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
74ad349c0f9da8c31f46c225c2c68868c5b08e20
ANSLibs/chilkat/include/CkPfxW.h

712 lines
30 KiB
C++
Raw Blame History

// CkPfxW.h: interface for the CkPfxW class.
//
//////////////////////////////////////////////////////////////////////
// This header is generated for Chilkat 11.3.0
#ifndef _CkPfxW_H
#define _CkPfxW_H
#include "chilkatDefs.h"
#include "CkString.h"
#include "CkWideCharBase.h"
class CkCertW;
class CkPrivateKeyW;
class CkCertChainW;
class CkJsonObjectW;
class CkBinDataW;
class CkByteData;
class CkJavaKeyStoreW;
class CkXmlCertVaultW;
#if !defined(__sun__) && !defined(__sun)
#pragma pack (push, 8)
#endif
// CLASS: CkPfxW
class CK_VISIBLE_PUBLIC CkPfxW : public CkWideCharBase
{
private:
// Don't allow assignment or copying these objects.
CkPfxW(const CkPfxW &);
CkPfxW &operator=(const CkPfxW &);
public:
CkPfxW(void);
virtual ~CkPfxW(void);
static CkPfxW *createNew(void);
void CK_VISIBLE_PRIVATE inject(void *impl);
// May be called when finished with the object to free/dispose of any
// internal resources held by the object.
void dispose(void);
// BEGIN PUBLIC INTERFACE
// ----------------------
// Properties
// ----------------------
// The encryption algorithm to be used when writing a PFX. After loading a PFX,
// this property is set to the encryption algorithm used by the loaded PFX. (This
// is the algorithm used for the shrouded key bag , which is internal to the PFX.)
//
// The default value (for backward compatibility) is
// pbeWithSHAAnd3_KeyTripleDES_CBC . Can be set to pbes2 , in which case the
// Pbes2CryptAlg and Pbes2HmacAlg properies will be set to the algorithms to be
// used when writing, or the algorithms used by the loaded PFX.
//
void get_AlgorithmId(CkString &str);
// The encryption algorithm to be used when writing a PFX. After loading a PFX,
// this property is set to the encryption algorithm used by the loaded PFX. (This
// is the algorithm used for the shrouded key bag , which is internal to the PFX.)
//
// The default value (for backward compatibility) is
// pbeWithSHAAnd3_KeyTripleDES_CBC . Can be set to pbes2 , in which case the
// Pbes2CryptAlg and Pbes2HmacAlg properies will be set to the algorithms to be
// used when writing, or the algorithms used by the loaded PFX.
//
const wchar_t *algorithmId(void);
// The encryption algorithm to be used when writing a PFX. After loading a PFX,
// this property is set to the encryption algorithm used by the loaded PFX. (This
// is the algorithm used for the shrouded key bag , which is internal to the PFX.)
//
// The default value (for backward compatibility) is
// pbeWithSHAAnd3_KeyTripleDES_CBC . Can be set to pbes2 , in which case the
// Pbes2CryptAlg and Pbes2HmacAlg properies will be set to the algorithms to be
// used when writing, or the algorithms used by the loaded PFX.
//
void put_AlgorithmId(const wchar_t *newVal);
// The number of certificates contained in the PFX.
int get_NumCerts(void);
// The number of private keys contained in the PFX.
int get_NumPrivateKeys(void);
// If the AlgorithmId property equals pbes2 , then this is the encryption algorithm
// to be used when writing the PFX, or used by the PFX that was loaded. If the
// AlgorithmId is not equal to pbes2 , then the value of this property is
// meaningless.
//
// Possible values are:
// * aes256-cbc
// * aes192-cbc
// * aes128-cbc
// * 3des-cbc
//
// The default value (for writing) is aes256-cbc . Note: The algorithm specified by
// this property is only used when the Algorithmid = pbes2 .
//
void get_Pbes2CryptAlg(CkString &str);
// If the AlgorithmId property equals pbes2 , then this is the encryption algorithm
// to be used when writing the PFX, or used by the PFX that was loaded. If the
// AlgorithmId is not equal to pbes2 , then the value of this property is
// meaningless.
//
// Possible values are:
// * aes256-cbc
// * aes192-cbc
// * aes128-cbc
// * 3des-cbc
//
// The default value (for writing) is aes256-cbc . Note: The algorithm specified by
// this property is only used when the Algorithmid = pbes2 .
//
const wchar_t *pbes2CryptAlg(void);
// If the AlgorithmId property equals pbes2 , then this is the encryption algorithm
// to be used when writing the PFX, or used by the PFX that was loaded. If the
// AlgorithmId is not equal to pbes2 , then the value of this property is
// meaningless.
//
// Possible values are:
// * aes256-cbc
// * aes192-cbc
// * aes128-cbc
// * 3des-cbc
//
// The default value (for writing) is aes256-cbc . Note: The algorithm specified by
// this property is only used when the Algorithmid = pbes2 .
//
void put_Pbes2CryptAlg(const wchar_t *newVal);
// If the AlgorithmId property equals pbes2 , then this is the HMAC hash algorithm
// to be used when writing the PFX, or used by the PFX that was loaded. If the
// AlgorithmId is not equal to pbes2 , then the value of this property is
// meaningless.
//
// Possible values are:
// * hmacWithSha256
// * hmacWithSha384
// * hmacWithSha512
// * hmacWithSha1
//
// The default value (for writing) is hmacWithSha256 . Note: The algorithm
// specified by this property is only used when the Algorithmid = pbes2 .
//
void get_Pbes2HmacAlg(CkString &str);
// If the AlgorithmId property equals pbes2 , then this is the HMAC hash algorithm
// to be used when writing the PFX, or used by the PFX that was loaded. If the
// AlgorithmId is not equal to pbes2 , then the value of this property is
// meaningless.
//
// Possible values are:
// * hmacWithSha256
// * hmacWithSha384
// * hmacWithSha512
// * hmacWithSha1
//
// The default value (for writing) is hmacWithSha256 . Note: The algorithm
// specified by this property is only used when the Algorithmid = pbes2 .
//
const wchar_t *pbes2HmacAlg(void);
// If the AlgorithmId property equals pbes2 , then this is the HMAC hash algorithm
// to be used when writing the PFX, or used by the PFX that was loaded. If the
// AlgorithmId is not equal to pbes2 , then the value of this property is
// meaningless.
//
// Possible values are:
// * hmacWithSha256
// * hmacWithSha384
// * hmacWithSha512
// * hmacWithSha1
//
// The default value (for writing) is hmacWithSha256 . Note: The algorithm
// specified by this property is only used when the Algorithmid = pbes2 .
//
void put_Pbes2HmacAlg(const wchar_t *newVal);
// This is a catch-all property to be used for uncommon needs. This property
// defaults to the empty string and should typically remain empty.
//
// Can be set to a list of the following comma separated keywords:
// * LegacyOrder - Introduced in v9.5.0.83. Write the internal ContentInfos in
// the order Chilkat traditionally used in previous versions.
// * NoTruncatePfxPassword64 - Introduced in v9.5.0.87. Microsoft systems/tools
// such as certmgr.msc would typically truncate extremely long passwords to 64
// bytes/chars. Other systems did not. Chilkat will by default truncate passwords
// to 64 chars. Add this keyword to prevent truncation.
//
void get_UncommonOptions(CkString &str);
// This is a catch-all property to be used for uncommon needs. This property
// defaults to the empty string and should typically remain empty.
//
// Can be set to a list of the following comma separated keywords:
// * LegacyOrder - Introduced in v9.5.0.83. Write the internal ContentInfos in
// the order Chilkat traditionally used in previous versions.
// * NoTruncatePfxPassword64 - Introduced in v9.5.0.87. Microsoft systems/tools
// such as certmgr.msc would typically truncate extremely long passwords to 64
// bytes/chars. Other systems did not. Chilkat will by default truncate passwords
// to 64 chars. Add this keyword to prevent truncation.
//
const wchar_t *uncommonOptions(void);
// This is a catch-all property to be used for uncommon needs. This property
// defaults to the empty string and should typically remain empty.
//
// Can be set to a list of the following comma separated keywords:
// * LegacyOrder - Introduced in v9.5.0.83. Write the internal ContentInfos in
// the order Chilkat traditionally used in previous versions.
// * NoTruncatePfxPassword64 - Introduced in v9.5.0.87. Microsoft systems/tools
// such as certmgr.msc would typically truncate extremely long passwords to 64
// bytes/chars. Other systems did not. Chilkat will by default truncate passwords
// to 64 chars. Add this keyword to prevent truncation.
//
void put_UncommonOptions(const wchar_t *newVal);
// ----------------------
// Methods
// ----------------------
// Adds a certificate, its private key (if it exists), and potentially its
// certificate chain to the PFX. If includeChain is true, then the certificate must have
// a private key. The certificate's private key is automatically obtained
// (internally) via the cert's ExportPrivateKey method. If the certificate's chain
// of authentication is to be added, it is automatically constructed and added
// using whatever resources are at hand (such as certs provided via the
// UseCertVault method, the trusted roots from Chilkat's TrustedRoots class, etc.
// If a certificate chain is to be added, which is the typical case, then the chain
// must be completed to the root to succeed.
bool AddCert(CkCertW &cert, bool includeChain);
// Adds a private key and certificate chain to the PFX. The private key should be
// such that it is associated with the 1st certificate in the chain. In other
// words, the 1st certificate in the chain has a public key (embedded within the
// X.509 structure of the cert itself) that is the counterpart to the private key.
bool AddPrivateKey(CkPrivateKeyW &privKey, CkCertChainW &certChain);
// Returns in cert the Nth certificate in the PFX. The 1st certificate is at index
// 0.
bool CertAt(int index, CkCertW &cert);
// Finds and returns the certificate to cert that has a cert bag localKeyId attribute
// with the specified value. The localKeyId is specified using the encoding such as decimal ,
// base64 , hex .
bool CertByLocalKeyId(const wchar_t *localKeyId, const wchar_t *encoding, CkCertW &cert);
// This method is deprecated. Applications should instead call CertByLocalKeyId .
//
// Finds and returns the certificate (in the PFX) that has a cert bag localKeyId
// attribute with the specified value. The localKeyId is specifid using the encoding
// (such as decimal , base64 , hex ) specified by encoding.
//
// The caller is responsible for deleting the object returned by this method.
CkCertW *FindCertByLocalKeyId(const wchar_t *localKeyId, const wchar_t *encoding);
// This method is deprecated. Applications should instead call CertAt .
//
// Returns the Nth certificate in the PFX. (The 1st certificate is at index 0.)
//
// The caller is responsible for deleting the object returned by this method.
CkCertW *GetCert(int index);
// Provides information about what happened in the last method called.
void GetLastJsonData(CkJsonObjectW &json);
// This method is deprecated. Applications should instead call PrivateKeyAt .
//
// Returns the Nth private key in the PFX. (The 1st private key is at index 0.)
//
// The caller is responsible for deleting the object returned by this method.
CkPrivateKeyW *GetPrivateKey(int index);
// Can be called to get one of the following safebag attributes for the Nth private
// key or certificate in the PFX. forPrivateKey should be true for a private key, and
// false for a certificate. The index is the index of the certificate or key in
// the PFX. The attrName can be one of the following:
//
// * localKeyId : Returns the decimal representation of the local key ID. The
// local key ID is used to associate the certificate contained in the PFX with this
// private key. (The certificate will include a localKeyId attribute in its
// cert bag of attributes within the PFX.)
// * keyContainerName : Returns the key container name (or key name) of the
// private key. For more information about the directories where the Windows OS
// stores private keys, see
// https://docs.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval
// * storageProvider : Returns the name of the Cryptographic Storage Provider
// to be used for the key.
//
// Note: It is not required that any of the above attributes are present in the
// PFX.
//
//
// References:
// 1: https://docs.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval
bool GetSafeBagAttr(bool forPrivateKey, int index, const wchar_t *attrName, CkString &outStr);
// Can be called to get one of the following safebag attributes for the Nth private
// key or certificate in the PFX. forPrivateKey should be true for a private key, and
// false for a certificate. The index is the index of the certificate or key in
// the PFX. The attrName can be one of the following:
//
// * localKeyId : Returns the decimal representation of the local key ID. The
// local key ID is used to associate the certificate contained in the PFX with this
// private key. (The certificate will include a localKeyId attribute in its
// cert bag of attributes within the PFX.)
// * keyContainerName : Returns the key container name (or key name) of the
// private key. For more information about the directories where the Windows OS
// stores private keys, see
// https://docs.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval
// * storageProvider : Returns the name of the Cryptographic Storage Provider
// to be used for the key.
//
// Note: It is not required that any of the above attributes are present in the
// PFX.
//
//
// References:
// 1: https://docs.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval
const wchar_t *getSafeBagAttr(bool forPrivateKey, int index, const wchar_t *attrName);
// Can be called to get one of the following safebag attributes for the Nth private
// key or certificate in the PFX. forPrivateKey should be true for a private key, and
// false for a certificate. The index is the index of the certificate or key in
// the PFX. The attrName can be one of the following:
//
// * localKeyId : Returns the decimal representation of the local key ID. The
// local key ID is used to associate the certificate contained in the PFX with this
// private key. (The certificate will include a localKeyId attribute in its
// cert bag of attributes within the PFX.)
// * keyContainerName : Returns the key container name (or key name) of the
// private key. For more information about the directories where the Windows OS
// stores private keys, see
// https://docs.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval
// * storageProvider : Returns the name of the Cryptographic Storage Provider
// to be used for the key.
//
// Note: It is not required that any of the above attributes are present in the
// PFX.
//
//
// References:
// 1: https://docs.microsoft.com/en-us/windows/win32/seccng/key-storage-and-retrieval
const wchar_t *safeBagAttr(bool forPrivateKey, int index, const wchar_t *attrName);
// Imports the certificates and private keys contained in the PFX to the MacOS/iOS
// keychain.
bool ImportToKeychain(CkJsonObjectW &opts);
// Imports the certificates and private keys contained in the PFX to Windows
// certificate store(s).
//
// If exportable is true, imported keys are marked as exportable.
//
// If userProtected is true, the user is to be notified through a dialog box or other
// method when certain attempts to use this key are made. The precise behavior is
// specified by the cryptographic service provider (CSP) being used.
//
// If machineKeyset is true, the private keys are stored under the local computer and not
// under the current user.
//
// If allowOverwriteKey is true, allow overwrite of the existing key. Specify this flag when
// you encounter a scenario in which you must import a PFX file that contains a key
// name that already exists. For example, when you import a PFX file, it is
// possible that a container of the same name is already present because there is
// no unique namespace for key containers. If you have created a TestKey on your
// computer, and then you import a PFX file that also has TestKey as the key
// container, this flag allows the key to be overwritten.
//
// if allowExport is true, then the key is marked as exportable, which allows for it to
// be re-exported to a PFX.
//
// The leafStore, intermediateStore, and rootStore are the Windows certificate store names indicating
// where to import certificates of each given type. A leafStore is a certificate that is
// not the issuer of any other certificate in the PFX. An intermediateStore is any certificate
// that is not a root (or self-signed) but is also the issuer of some other
// certificate in the PFX. A rootStore is a self-signed or root certificate.
//
// The possible store names for leafStore, intermediateStore, and rootStore are as follows:
// * None : Do not import certificates of the given type into any Windows
// certicate store.
// * AddressBook : Certificate store for other users.
// * AuthRoot : Certificate store for third-party certification authorities
// (CAs).
// * CertificationAuthority : Certificate store for intermediate certification
// authorities (CAs).
// * My : Certificate store for personal certificates. (Leaf certificates are
// typically imported into this store.)
// * Root : Certificate store for trusted root certification authorities (CAs).
// * TrustedPeople : Certificate store for directly trusted people and
// resources.
// * TrustedPublisher : Certificate store for directly trusted publishers.
//
// The rootStore is reserved for any future options that may be needed. At this time,
// pass an empty string.
//
bool ImportToWindows(bool exportable, bool userProtected, bool machineKeyset, bool allowOverwriteKey, bool allowExport, const wchar_t *leafStore, const wchar_t *intermediateStore, const wchar_t *rootStore, const wchar_t *extraOptions);
// This method is deprecated. Call GetLastJsonData instead.
//
// Provides information about what happened in the last method called.
//
// The caller is responsible for deleting the object returned by this method.
CkJsonObjectW *LastJsonData(void);
// Loads a PFX from a PEM formatted string. The PEM can contain the private key,
// the certificate, and certificates in the chain of authentication up to the CA
// root. For example: -----BEGIN RSA PRIVATE KEY-----
// ...
// ... the private key associated with the main certificate.
// ...
// -----END RSA PRIVATE KEY-----
// -----BEGIN CERTIFICATE-----
// ...
// ... the main certificate
// ...
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// ...
// ... an intermediate CA certificate (if present)
// ...
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// ...
// ... the root CA certificate
// ...
// -----END CERTIFICATE-----
bool LoadPem(const wchar_t *pemStr, const wchar_t *password);
// Loads a PFX from the contents of bd.
//
// If the .pfx/.p12 uses different passwords for integrity and private keys, then
// the password argument may contain JSON to specify the passwords. See the LoadPfxFile
// method (below) for details.
//
bool LoadPfxBd(CkBinDataW &bd, const wchar_t *password);
// Loads a PFX from in-memory bytes.
//
// If the .pfx/.p12 uses different passwords for integrity and private keys, then
// the password argument may contain JSON to specify the passwords. See the LoadPfxFile
// method (below) for details.
//
bool LoadPfxBytes(CkByteData &pfxData, const wchar_t *password);
// Loads a PFX from encoded byte data. The encoding can by any encoding, such as Base64
// , modBase64 , Base32 , UU , QP (for quoted-printable), URL (for url-encoding),
// Hex , Q , B , url_oath , url_rfc1738 , url_rfc2396 , and url_rfc3986 .
//
// If the .pfx/.p12 uses different passwords for integrity and private keys, then
// the encoding argument may contain JSON to specify the passwords. See the LoadPfxFile
// method (below) for details.
//
bool LoadPfxEncoded(const wchar_t *encodedData, const wchar_t *encoding, const wchar_t *password);
// Loads a PFX from a file.
//
// Starting in v9.5.0.75, a .pfx/.p12 file with different passwords for integrity
// and private keys can be loaded by passing the following JSON for the password. {
// "integrity": "password1",
// "privKeys": "password2",
// }
// If it is desired to open the .pfx/.p12 without access to the private keys, then
// add skipPrivateKeys like this: {
// "integrity": "password1",
// "privKeys": "not used",
// "skipPrivateKeys": true
// }
//
bool LoadPfxFile(const wchar_t *path, const wchar_t *password);
// Returns the Nth private key in privKey. (The 1st private key is at index 0.)
bool PrivateKeyAt(int index, CkPrivateKeyW &privKey);
// Sets a safe bag attribute for the Nth private key or certificate in the PFX.
// Safe bag attributes can be added by calling this method once for each attribute
// to be added to each certificate or key. forPrivateKey should be true for a private key,
// and false for a certificate. The index is the index of the certificate or key
// in the PFX. (The 1st item is at index 0.) See the example below for more
// information. The encoding indicates a binary encoding such as base64 , hex , decimal
// , fingerprint , etc if the value contains binary (non-text) data.
//
// A safe bag attribute can be removed by passing an empty string for the value.
//
bool SetSafeBagAttr(bool forPrivateKey, int index, const wchar_t *name, const wchar_t *value, const wchar_t *encoding);
// Write the PFX to bd.
bool ToBd(const wchar_t *password, CkBinDataW &bd);
// Write the PFX to in-memory bytes.
bool ToBinary(const wchar_t *password, CkByteData &outBytes);
// Write the PFX to an encoded string. The encoding can be any encoding such as base64
// or hex .
bool ToEncodedString(const wchar_t *password, const wchar_t *encoding, CkString &outStr);
// Write the PFX to an encoded string. The encoding can be any encoding such as base64
// or hex .
const wchar_t *toEncodedString(const wchar_t *password, const wchar_t *encoding);
// Write the PFX to a file. PFX and PKCS12 are essentially the same. Standard
// filename extensions are .pfx or .p12 .
bool ToFile(const wchar_t *password, const wchar_t *path);
// Applications should instead call ToJksObj .
//
// Converts the PFX (PKCS12) to a JavaKeyStore object. One JKS entry per private
// key found in the PKCS12 is added. The certs found within the PCKS12 are used to
// build the certificate chains for each private key. (A typical PFX file contains
// a single private key along with its associated certificate, and the certificates
// in the chain of authentication to the root CA cert.)
//
// The specified alias is applied to the 1st private key found. If the alias is
// empty, then the alias is obtained from the cert/PFX in the following order of
// preference:
// 1. Certificate's subject common name
// 2. Certificate's subject email address
// 3. Certificate's friendly name found in the PKCS9 attributes of the PKCS12
// 4. Certificate's serial number
//
// If multiple private keys are found in the PKCS12, then all but the first will
// automaticallly be assigned aliases using the preference just described.
//
// The caller is responsible for deleting the object returned by this method.
CkJavaKeyStoreW *ToJavaKeyStore(const wchar_t *alias, const wchar_t *password);
// Converts this object to a Java KeyStore (JKS) object in jksObj, creating one JKS
// entry for each private key found in the PFX. Certificates within the PFX are
// used to construct certificate chains for each private key. Typically, a PFX file
// contains a single private key along with its associated certificate and the
// certificates in its chain up to the root CA. The specified alias is assigned to
// the first private key. If no alias is provided, it is derived from the
// certificate/PFX using the following preferences, in order:
// 1. Certificate's subject common name
// 2. Certificate's subject email address
// 3. Certificate's friendly name found in the PKCS9 attributes
// 4. Certificate's serial number
//
// If the PFX contains multiple private keys, aliases for all keys except the first
// are automatically assigned using the same preference order.
//
bool ToJksObj(const wchar_t *alias, const wchar_t *password, CkJavaKeyStoreW &jksObj);
// Write the PFX to a PEM formatted string. The resultant PEM will contain the
// private key, as well as the certs in the chain of authentication (or whatever
// certs are available in the PFX). For example: -----BEGIN RSA PRIVATE KEY-----
// ...
// ... the private key associated with the main certificate.
// ...
// -----END RSA PRIVATE KEY-----
// -----BEGIN CERTIFICATE-----
// ...
// ... the main certificate
// ...
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// ...
// ... an intermediate CA certificate (if present)
// ...
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// ...
// ... the root CA certificate
// ...
// -----END CERTIFICATE-----
bool ToPem(CkString &outStr);
// Write the PFX to a PEM formatted string. The resultant PEM will contain the
// private key, as well as the certs in the chain of authentication (or whatever
// certs are available in the PFX). For example: -----BEGIN RSA PRIVATE KEY-----
// ...
// ... the private key associated with the main certificate.
// ...
// -----END RSA PRIVATE KEY-----
// -----BEGIN CERTIFICATE-----
// ...
// ... the main certificate
// ...
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// ...
// ... an intermediate CA certificate (if present)
// ...
// -----END CERTIFICATE-----
// -----BEGIN CERTIFICATE-----
// ...
// ... the root CA certificate
// ...
// -----END CERTIFICATE-----
const wchar_t *toPem(void);
// Write the PFX to a PEM formatted string. If extendedAttrs is true, then extended
// properties (Bag Attributes and Key Attributes) are output. If noKeys is true,
// then no private keys are output. If noCerts is true, then no certificates are
// output. If noCaCerts is true, then no CA certs or intermediate CA certs are output.
// If encryptAlg is not empty, it indicates the encryption algorithm to be used for
// encrypting the private keys (otherwise the private keys are output unencrypted).
// The possible choices for the encryptAlg are des3 , aes128 , aes192 , and aes256 . (All
// encryption algorithm choices use CBC mode.) If the private keys are to be
// encrypted, then password is the password to be used. Otherwise, password may be left
// empty. For example:Bag Attributes
// Microsoft Local Key set: localKeyID: 01 00 00 00
// friendlyName: le-2b09a3d2-9037-4a05-95cc-4d44518e8607
// Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
// Key Attributes
// X509v3 Key Usage: 10
// -----BEGIN RSA PRIVATE KEY-----
// ...
// ... the private key associated with the main certificate.
// ...
// -----END RSA PRIVATE KEY-----
// Bag Attributes
// localKeyID: 01 00 00 00
// 1.3.6.1.4.1.311.17.3.92: 00 08 00 00
// 1.3.6.1.4.1.311.17.3.20: C2 53 54 F3 ...
// 1.3.6.1.4.1.311.17.3.71: 49 00 43 00 ...
// 1.3.6.1.4.1.311.17.3.75: 31 00 42 00 ...
// subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=something.com
// issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
// -----BEGIN CERTIFICATE-----
// ...
// ... the main certificate
// ...
// -----END CERTIFICATE-----
// ...
// -----BEGIN CERTIFICATE-----
// ...
// ... an intermediate CA certificate (if present)
// ...
// -----END CERTIFICATE-----
// ...
// -----BEGIN CERTIFICATE-----
// ...
// ... the root CA certificate
// ...
// -----END CERTIFICATE-----
bool ToPemEx(bool extendedAttrs, bool noKeys, bool noCerts, bool noCaCerts, const wchar_t *encryptAlg, const wchar_t *password, CkString &outStr);
// Write the PFX to a PEM formatted string. If extendedAttrs is true, then extended
// properties (Bag Attributes and Key Attributes) are output. If noKeys is true,
// then no private keys are output. If noCerts is true, then no certificates are
// output. If noCaCerts is true, then no CA certs or intermediate CA certs are output.
// If encryptAlg is not empty, it indicates the encryption algorithm to be used for
// encrypting the private keys (otherwise the private keys are output unencrypted).
// The possible choices for the encryptAlg are des3 , aes128 , aes192 , and aes256 . (All
// encryption algorithm choices use CBC mode.) If the private keys are to be
// encrypted, then password is the password to be used. Otherwise, password may be left
// empty. For example:Bag Attributes
// Microsoft Local Key set: localKeyID: 01 00 00 00
// friendlyName: le-2b09a3d2-9037-4a05-95cc-4d44518e8607
// Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
// Key Attributes
// X509v3 Key Usage: 10
// -----BEGIN RSA PRIVATE KEY-----
// ...
// ... the private key associated with the main certificate.
// ...
// -----END RSA PRIVATE KEY-----
// Bag Attributes
// localKeyID: 01 00 00 00
// 1.3.6.1.4.1.311.17.3.92: 00 08 00 00
// 1.3.6.1.4.1.311.17.3.20: C2 53 54 F3 ...
// 1.3.6.1.4.1.311.17.3.71: 49 00 43 00 ...
// 1.3.6.1.4.1.311.17.3.75: 31 00 42 00 ...
// subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=something.com
// issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
// -----BEGIN CERTIFICATE-----
// ...
// ... the main certificate
// ...
// -----END CERTIFICATE-----
// ...
// -----BEGIN CERTIFICATE-----
// ...
// ... an intermediate CA certificate (if present)
// ...
// -----END CERTIFICATE-----
// ...
// -----BEGIN CERTIFICATE-----
// ...
// ... the root CA certificate
// ...
// -----END CERTIFICATE-----
const wchar_t *toPemEx(bool extendedAttrs, bool noKeys, bool noCerts, bool noCaCerts, const wchar_t *encryptAlg, const wchar_t *password);
// Adds an XML certificate vault to the object's internal list of sources to be
// searched for certificates for help in building certificate chains to a root
// certificate.
bool UseCertVault(CkXmlCertVaultW &vault);
// END PUBLIC INTERFACE
};
#if !defined(__sun__) && !defined(__sun)
#pragma pack (pop)
#endif
#endif
Reference in New Issue View Git Blame Copy Permalink