PLCnext API Documentation  20.6.0.30321
IdentityStore.hpp
1 //
3 // Copyright PHOENIX CONTACT Electronics GmbH
4 //
6 #pragma once
7 #include "Arp/System/Core/Arp.h"
8 #include "Arp/System/Core/AppDomainSingleton.hxx"
9 #include "Arp/System/Commons/Logging.h"
10 #include "Arp/System/Commons/Io/Path.hpp"
11 #include "Arp/System/Commons/Security/KeyPair.hpp"
12 #include "Arp/System/Commons/Security/Certificate.hpp"
13 #include "Arp/System/Commons/Security/SecurityListType.hpp"
14 #include "Arp/System/Commons/Security/ItemInfo.hpp"
15 #include "Arp/System/Commons/Security/KeyPairType.hpp"
16 #include "Arp/System/Commons/Security/SecurityConfigurationError.hpp"
17 #include <map>
18 #include <vector>
19 #include <openssl/evp.h>
20 
21 namespace Arp { namespace System { namespace Commons { namespace Security
22 {
23 
26 class IdentityStore : private Loggable<IdentityStore>
27 {
28 public: // type definitions
29  enum KeyMustExist : bool
30  {
31  IgnoreMissingKey = false,
32  RequireKeyExists = true
33  };
34 
35 public: // construction/destruction
37  IdentityStore(const String& basePath, const String& name, KeyMustExist requireKeyExists = RequireKeyExists);
39  IdentityStore(const IdentityStore& arg) = delete;
41  IdentityStore& operator=(const IdentityStore& arg) = delete;
43  ~IdentityStore(void) = default;
44 
45 public: // operators
46 
47 public: // static operations
48 
49 public: // setter/getter operations
51  String GetName(void) const;
53  String GetFullCertificateFileName(void) const;
55  String GetFullKeyFileName(void) const;
57  String GetFullTpmKeyFileName(void) const;
59  bool HasCertificate(void);
61  const std::shared_ptr<KeyPair>& GetKeyPair(void);
63  KeyPairType GetKeyType(void);
64 
65 public: // operations
68  void InitSslContext(SSL_CTX* pSslCtx)const;
69 
72  std::vector<byte> GetPublicKey(void);
73 
77  SecurityConfigurationError SetKeyPair(const std::vector<byte>& pemData);
78 
82  SecurityConfigurationError SetCertificate(const std::vector<byte>& pemData);
83 
86  std::vector<byte> GetPemCertificate(void);
87 
90  std::vector<byte> GetDerCertificate(void);
91 
94  std::vector<byte> GetPemCertificateWithChain(void);
95 
98  std::vector<byte> GetDerCertificateWithChain(void);
99 
101  std::vector<std::vector<byte>> GetIssuerPemCertificates(void);
102 
104  void CreateAllDirectories(void);
105 
107 
109  SecurityConfigurationError ListContent(SecurityListType type, std::vector<ItemInfo>& result);
110 
112 
114  SecurityConfigurationError AddElement(SecurityListType type, const std::vector<byte>& pemData);
115 
117 
119  SecurityConfigurationError DeleteElement(SecurityListType type, const String& identifier);
120 
122 
124  SecurityConfigurationError GenerateKeyPair(KeyPairType type);
125 
128  std::vector<byte> GenerateCSR();
129 
132  bool VerifyCertMatchesWithPrivateKey(void);
133 
134 protected: // operations
135 
136 private: // static methods
137 
138 private: // methods
139  void loadKeyPair(KeyMustExist requireKeyExists);
140  void loadCertWithChain(const String& file);
141 
142  void listIssuerList(std::vector<ItemInfo>& result);
143  void listIdentityCert(std::vector<ItemInfo>& result);
144 
145  void save(void);
146 
147 private: // fields
148  String storePath;
149 
150  std::shared_ptr<KeyPair> keyPair;
151  Certificate cert;
152  std::vector<Certificate> issuers;
153 
154 private: // static fields
155 
156  static const String CertificateFileName;
157  static const String KeyFileName;
158  static const String TpmKeyFileName;
159  static const String DirectorySeparator;
160 };
161 
163 // inline methods of class CertificateStore
164 
165 inline String IdentityStore::GetName(void) const
166 {
167  return Io::Path::GetFileName(this->storePath);
168 }
169 
170 inline String IdentityStore::GetFullCertificateFileName(void) const
171 {
172  return this->storePath + DirectorySeparator + CertificateFileName;
173 }
174 
175 inline String IdentityStore::GetFullKeyFileName(void) const
176 {
177  return this->storePath + DirectorySeparator + KeyFileName;
178 }
179 
180 inline String IdentityStore::GetFullTpmKeyFileName(void) const
181 {
182  return this->storePath + DirectorySeparator + TpmKeyFileName;
183 }
184 
185 inline KeyPairType IdentityStore::GetKeyType(void)
186 {
187  return this->keyPair->GetKeyType();
188 }
189 
190 }}}} // end of namespace Arp::System::Commons::Security
Arp::System::Commons::Security::IdentityStore::GetPemCertificate
std::vector< byte > GetPemCertificate(void)
Arp::System::Commons::Security::IdentityStore::~IdentityStore
~IdentityStore(void)=default
Destructs this instance and frees all resources.
Arp::System::Commons::Security::IdentityStore::GetFullTpmKeyFileName
String GetFullTpmKeyFileName(void) const
summary>checks if a certificate is available for this IdentityStore
Definition: IdentityStore.hpp:180
Arp::System::Commons::Security::IdentityStore::GetDerCertificate
std::vector< byte > GetDerCertificate(void)
Arp::System::Commons::Security::IdentityStore::IdentityStore
IdentityStore(const String &basePath, const String &name, KeyMustExist requireKeyExists=RequireKeyExists)
Constructs an IdentityStore instance.
Arp::System::Commons::Security::Certificate
Class to handle x.509 certificates
Definition: Certificate.hpp:25
Arp::System::Commons::Security::IdentityStore::DeleteElement
SecurityConfigurationError DeleteElement(SecurityListType type, const String &identifier)
summary>Generate a new KeyPair for this IdentityStore
Arp::System::Commons::Security::IdentityStore::CreateAllDirectories
void CreateAllDirectories(void)
summary>list all elements in the list referenced by ListType
Arp::System::Commons::Security::IdentityStore::SetCertificate
SecurityConfigurationError SetCertificate(const std::vector< byte > &pemData)
Arp::System::Commons::Security::IdentityStore::InitSslContext
void InitSslContext(SSL_CTX *pSslCtx) const
Initializes a OpenSSL SSL_:CTX Structure with the private key and certificate
Arp::System::Commons::Security::IdentityStore::GetName
String GetName(void) const
Returns the name of the IdentityStore
Definition: IdentityStore.hpp:165
Arp::System::Commons::Security::IdentityStore::GetFullCertificateFileName
String GetFullCertificateFileName(void) const
summary>Returns the absolute path to the key file
Definition: IdentityStore.hpp:170
Arp
Root namespace for the PLCnext API
Arp::System::Commons::Security::IdentityStore
Class with represents a Identity (Certificate with Chain and private Key) and is able to initialze an...
Definition: IdentityStore.hpp:26
Arp::System::Commons::Security::IdentityStore::SetKeyPair
SecurityConfigurationError SetKeyPair(const std::vector< byte > &pemData)
Arp::System::Commons::Security::IdentityStore::GetKeyPair
const std::shared_ptr< KeyPair > & GetKeyPair(void)
summary>Returns the type of the key pair
Arp::System::Commons::Security::IdentityStore::GenerateKeyPair
SecurityConfigurationError GenerateKeyPair(KeyPairType type)
Arp::System::Commons::Security::IdentityStore::GetPemCertificateWithChain
std::vector< byte > GetPemCertificateWithChain(void)
Arp::System::Commons::Security::IdentityStore::GetIssuerPemCertificates
std::vector< std::vector< byte > > GetIssuerPemCertificates(void)
summary>creates all needed directories inside the folder of this IdentityStore
Arp::System::Acf::ComponentCategory::System
System components used by the System, Device, Plc or Io domains.
Arp::System::Commons::Security::IdentityStore::ListContent
SecurityConfigurationError ListContent(SecurityListType type, std::vector< ItemInfo > &result)
summary>add an element into the list referenced by ListType
Arp::System::Commons::Security::IdentityStore::GetDerCertificateWithChain
std::vector< byte > GetDerCertificateWithChain(void)
summary>get the issuer certificates in PEM format
Arp::System::Commons::Security::IdentityStore::operator=
IdentityStore & operator=(const IdentityStore &arg)=delete
Assignment operator.
Arp::System::Commons::Security::IdentityStore::AddElement
SecurityConfigurationError AddElement(SecurityListType type, const std::vector< byte > &pemData)
summary>delete an elements from the list referenced by ListType, identified by identifier
Arp::System::Commons::Security::IdentityStore::GetFullKeyFileName
String GetFullKeyFileName(void) const
summary>Returns the absolute path to the tpm key file
Definition: IdentityStore.hpp:175
Generated on Wed Jul 1 2020 07:43:33 for PLCnext API Documentation by   doxygen 1.8.13