PLCnext API Documentation 24.0.0.71
IdentityStore.hpp
1
2//
3// Copyright PHOENIX CONTACT Electronics GmbH
4//
6#pragma once
8#include "Arp/System/Commons/Logging.h"
9#include "Arp/System/Commons/Io/Path.hpp"
10#include "Arp/System/Commons/Security/KeyPair.hpp"
11#include "Arp/System/Commons/Security/Certificate.hpp"
12#include "Arp/System/Commons/Security/SecurityListType.hpp"
13#include "Arp/System/Commons/Security/ItemInfo.hpp"
14#include "Arp/System/Commons/Security/KeyPairType.hpp"
15#include "Arp/System/Commons/Security/SecurityConfigurationError.hpp"
16#include <map>
17#include <vector>
18#include <openssl/evp.h>
19
20namespace Arp { namespace System { namespace Commons { namespace Security
21{
22
27class IdentityStore : private Loggable<IdentityStore>
28{
29public: // type definitions
33 enum KeyMustExist : bool
34 {
35 IgnoreMissingKey = false,
36 RequireKeyExists = true
37 };
38
39public: // construction/destruction
41 IdentityStore(const String& basePath, const String& name, KeyMustExist requireKeyExists = RequireKeyExists);
43 IdentityStore(const IdentityStore& arg) = delete;
45 IdentityStore& operator=(const IdentityStore& arg) = delete;
47 ~IdentityStore(void) = default;
48
49public: // operators
50
51public: // static operations
52
53public: // setter/getter operations
55 String GetName(void) const;
59 String GetFullKeyFileName(void) const;
61 String GetFullTpmKeyFileName(void) const;
63 bool HasCertificate(void);
65 const std::shared_ptr<KeyPair>& GetKeyPair(void);
67 KeyPairType GetKeyType(void);
68
69public: // operations
72 void InitSslContext(SSL_CTX* pSslCtx)const;
73
76 std::vector<byte> GetPublicKey(void);
77
81 SecurityConfigurationError SetKeyPair(const std::vector<byte>& pemData);
82
86 SecurityConfigurationError SetCertificate(const std::vector<byte>& pemData);
87
90 std::vector<byte> GetPemCertificate(void);
91
94 std::vector<byte> GetDerCertificate(void);
95
98 std::vector<byte> GetPemCertificateWithChain(void);
99
102 std::vector<byte> GetDerCertificateWithChain(void);
103
105 std::vector<std::vector<byte>> GetIssuerPemCertificates(void);
106
109
114 SecurityConfigurationError ListContent(SecurityListType type, std::vector<ItemInfo>& result);
115
120 SecurityConfigurationError AddElement(SecurityListType type, const std::vector<byte>& pemData);
121
124 SecurityConfigurationError DeleteElement(SecurityListType type, const String& identifier);
125
131
134 std::vector<byte> GenerateCSR();
135
139
140protected: // operations
141
142private: // static methods
143
144private: // methods
145 void loadKeyPair(KeyMustExist requireKeyExists);
146 bool LoadSoftwareKeyPair();
147 bool LoadHardwareKeyPair();
148 void loadCertWithChain(const String& file);
149 void listIssuerList(std::vector<ItemInfo>& result);
150 void listIdentityCert(std::vector<ItemInfo>& result);
151
152 void save(void);
153
154private: // fields
155 String storePath;
156
157 std::shared_ptr<KeyPair> keyPair;
158 Certificate cert;
159 std::vector<Certificate> issuers;
160
161private: // static fields
162
163 static const String CertificateFileName;
164 static const String KeyFileName;
165 static const String TpmKeyFileName;
166 static const String DirectorySeparator;
167};
168
170// inline methods of class CertificateStore
171
173{
174 return Io::Path::GetFileName(this->storePath);
175}
176
178{
179 return this->storePath + DirectorySeparator + CertificateFileName;
180}
181
183{
184 return this->storePath + DirectorySeparator + KeyFileName;
185}
186
188{
189 return this->storePath + DirectorySeparator + TpmKeyFileName;
190}
191
192inline KeyPairType IdentityStore::GetKeyType(void)
193{
194 return this->keyPair->GetKeyType();
195}
196
197}}}} // end of namespace Arp::System::Commons::Security
static String GetFileName(const String &path)
Get name of a file.
Class to handle x.509 certificates
Definition: Certificate.hpp:25
Class with represents a Identity (Certificate with Chain and private Key) and is able to initialize a...
Definition: IdentityStore.hpp:28
void CreateAllDirectories(void)
Creates all needed directories inside the folder of this IdentityStore
const std::shared_ptr< KeyPair > & GetKeyPair(void)
Returns a shared_ptr to the KeyPair of this IdentityStore
String GetName(void) const
Returns the name of the IdentityStore
Definition: IdentityStore.hpp:172
SecurityConfigurationError GenerateKeyPair(KeyPairType type)
Generate a new KeyPair for this IdentityStore
SecurityConfigurationError DeleteElement(SecurityListType type, const String &identifier)
Delete an elements from the list referenced by ListType, identified by identifier
KeyMustExist
Enum which dicates if the key in the IdentityStore must exist or if this can be ignored
Definition: IdentityStore.hpp:34
SecurityConfigurationError SetKeyPair(const std::vector< byte > &pemData)
Sets or overwrites the keypair from the PEM encoded given bytes
IdentityStore(const IdentityStore &arg)=delete
Copy constructor.
SecurityConfigurationError AddElement(SecurityListType type, const std::vector< byte > &pemData)
Adds an element into the list referenced by SecurityListType
bool HasCertificate(void)
checks if a certificate is available for this IdentityStore
std::vector< byte > GetPemCertificateWithChain(void)
Gets the certificate as byte array in PEM format with issuer certificates appended
std::vector< byte > GetDerCertificateWithChain(void)
Get the certificate as byte array in DER format with issuer certificates appended
void InitSslContext(SSL_CTX *pSslCtx) const
Initializes a OpenSSL SSL_CTX Structure with the private key and certificate
String GetFullTpmKeyFileName(void) const
Returns the absolute path to the tpm key file
Definition: IdentityStore.hpp:187
std::vector< byte > GetPemCertificate(void)
Gets the certificate as byte array in PEM format
std::vector< byte > GetPublicKey(void)
Reads the public key in PEM format
SecurityConfigurationError SetCertificate(const std::vector< byte > &pemData)
Sets or overwrites the certificate from the PEM encoded given bytes
KeyPairType GetKeyType(void)
Returns the type of the key pair
Definition: IdentityStore.hpp:192
std::vector< byte > GenerateCSR()
Generate a Certificate Signing Request (CSR) for the Key Pair of this IdentityStore
String GetFullCertificateFileName(void) const
Returns the absolute path to the certificate file
Definition: IdentityStore.hpp:177
IdentityStore & operator=(const IdentityStore &arg)=delete
Assignment operator.
std::vector< std::vector< byte > > GetIssuerPemCertificates(void)
Get the issuer certificates in PEM format
SecurityConfigurationError ListContent(SecurityListType type, std::vector< ItemInfo > &result)
Lists all elements in the list referenced by their SecurityListType
bool VerifyCertMatchesWithPrivateKey(void)
Verifies if the certificates matches with the key pair
std::vector< byte > GetDerCertificate(void)
Gets the certificate as byte array in DER format
~IdentityStore(void)=default
Destructs this instance and frees all resources.
IdentityStore(const String &basePath, const String &name, KeyMustExist requireKeyExists=RequireKeyExists)
Constructs an IdentityStore instance.
String GetFullKeyFileName(void) const
Returns the absolute path to the key file
Definition: IdentityStore.hpp:182
@ System
System components used by the System, Device, Plc or Io domains.
SecurityConfigurationError
Enumeration of possible error codes when interacting with classes in the Security namespace
Definition: SecurityConfigurationError.hpp:17
Root namespace for the PLCnext API