api_docs_2025-0/IdentityStore_8hpp_source.html

//

//  Copyright Phoenix Contact GmbH & Co. KG

//

#pragma once

#include "Arp/System/Core/Arp.h"

#include "Arp/System/Commons/Logging.h"

#include "Arp/System/Commons/Io/Path.hpp"

#include "Arp/System/Commons/Security/KeyPair.hpp"

#include "Arp/System/Commons/Security/Certificate.hpp"

#include "Arp/System/Commons/Security/SecurityListType.hpp"

#include "Arp/System/Commons/Security/ItemInfo.hpp"

#include "Arp/System/Commons/Security/KeyPairType.hpp"

#include "Arp/System/Commons/Security/SecurityConfigurationError.hpp"

#include <map>

#include <vector>

#include <openssl/evp.h>


namespace Arp { namespace System { namespace Commons { namespace Security

{


class IdentityStore : private Loggable<IdentityStore>

{

public: // type definitions

    enum KeyMustExist : bool

    {

        IgnoreMissingKey = false,

        RequireKeyExists = true

    };


public: // construction/destruction

    IdentityStore(const String& basePath, const String& name, KeyMustExist requireKeyExists = RequireKeyExists);

    IdentityStore(const IdentityStore& arg) = delete;

    IdentityStore& operator=(const IdentityStore& arg) = delete;

    ~IdentityStore(void) = default;


public: // operators


public: // static operations


public: // setter/getter operations

    String GetName(void) const;

    String GetFullCertificateFileName(void) const;

    String GetFullKeyFileName(void) const;

    String GetFullTpmKeyFileName(void) const;

    bool HasCertificate(void);

    const std::shared_ptr<KeyPair>& GetKeyPair(void);

    KeyPairType GetKeyType(void);


public: // operations

    void InitSslContext(SSL_CTX* pSslCtx)const;

    std::vector<byte> GetPublicKey(void);

    SecurityConfigurationError SetKeyPair(const std::vector<byte>& pemData);

    SecurityConfigurationError SetCertificate(const std::vector<byte>& pemData);

    std::vector<byte> GetPemCertificate(void);

    const Certificate& GetCertificate(void) const;

    const std::vector<Certificate>& GetIssuerCertificates(void) const;

    std::vector<byte> GetDerCertificate(void);

    std::vector<byte> GetPemCertificateWithChain(void);

    std::vector<byte> GetDerCertificateWithChain(void);

    std::vector<std::vector<byte>> GetIssuerPemCertificates(void);

    void CreateAllDirectories(void);

    SecurityConfigurationError ListContent(SecurityListType type, std::vector<ItemInfo>& result);

    SecurityConfigurationError AddElement(SecurityListType type, const std::vector<byte>& pemData);

    SecurityConfigurationError DeleteElement(SecurityListType type, const String& identifier);

    SecurityConfigurationError GenerateKeyPair(KeyPairType type);

    std::vector<byte> GenerateCSR();

    bool VerifyCertMatchesWithPrivateKey(void);


protected: // operations


private: // static methods


private: // methods

    void loadKeyPair(KeyMustExist requireKeyExists);

    bool LoadSoftwareKeyPair();

    bool LoadHardwareKeyPair();

    void loadCertWithChain(const String& file);

    void listIssuerList(std::vector<ItemInfo>& result);

    void listIdentityCert(std::vector<ItemInfo>& result);

    void save(void);


private: // fields

    String  storePath;

    std::shared_ptr<KeyPair> keyPair;

    Certificate cert;

    std::vector<Certificate> issuers;


private: // static fields

    static const String CertificateFileName;

    static const String KeyFileName;

    static const String TpmKeyFileName;

    static const String DirectorySeparator;

};


}}}} // end of namespace Arp::System::Commons::Security

Arp.h

Arp::Base::Core::String
This class represents the Arp String. The implementation is based on std::string.
Definition: String.hpp:39

Arp::System::Commons::Diagnostics::Logging::Loggable
Derive from this class to inherit logging functionality.
Definition: Loggable.hxx:28

Arp::System::Commons::Security::Certificate
Class to handle x.509 certificates
Definition: Certificate.hpp:25

Arp::System::Commons::Security::IdentityStore
Class with represents a Identity (Certificate with Chain and private Key) and is able to initialize a...
Definition: IdentityStore.hpp:28

Arp::System::Commons::Security::IdentityStore::CreateAllDirectories
void CreateAllDirectories(void)
Creates all needed directories inside the folder of this IdentityStore
Definition: IdentityStore.cpp:56

Arp::System::Commons::Security::IdentityStore::GetKeyPair
const std::shared_ptr< KeyPair > & GetKeyPair(void)
Returns a shared_ptr to the KeyPair of this IdentityStore
Definition: IdentityStore.cpp:661

Arp::System::Commons::Security::IdentityStore::GetName
String GetName(void) const
Returns the name of the IdentityStore
Definition: IdentityStore.cpp:687

Arp::System::Commons::Security::IdentityStore::GenerateKeyPair
SecurityConfigurationError GenerateKeyPair(KeyPairType type)
Generate a new KeyPair for this IdentityStore
Definition: IdentityStore.cpp:566

Arp::System::Commons::Security::IdentityStore::DeleteElement
SecurityConfigurationError DeleteElement(SecurityListType type, const String &identifier)
Delete an elements from the list referenced by ListType, identified by identifier
Definition: IdentityStore.cpp:520

Arp::System::Commons::Security::IdentityStore::KeyMustExist
KeyMustExist
Enum which dicates if the key in the IdentityStore must exist or if this can be ignored
Definition: IdentityStore.hpp:34

Arp::System::Commons::Security::IdentityStore::SetKeyPair
SecurityConfigurationError SetKeyPair(const std::vector< byte > &pemData)
Sets or overwrites the keypair from the PEM encoded given bytes
Definition: IdentityStore.cpp:234

Arp::System::Commons::Security::IdentityStore::IdentityStore
IdentityStore(const IdentityStore &arg)=delete
Copy constructor.

Arp::System::Commons::Security::IdentityStore::AddElement
SecurityConfigurationError AddElement(SecurityListType type, const std::vector< byte > &pemData)
Adds an element into the list referenced by SecurityListType
Definition: IdentityStore.cpp:485

Arp::System::Commons::Security::IdentityStore::HasCertificate
bool HasCertificate(void)
checks if a certificate is available for this IdentityStore
Definition: IdentityStore.cpp:655

Arp::System::Commons::Security::IdentityStore::GetPemCertificateWithChain
std::vector< byte > GetPemCertificateWithChain(void)
Gets the certificate as byte array in PEM format with issuer certificates appended
Definition: IdentityStore.cpp:369

Arp::System::Commons::Security::IdentityStore::GetDerCertificateWithChain
std::vector< byte > GetDerCertificateWithChain(void)
Get the certificate as byte array in DER format with issuer certificates appended
Definition: IdentityStore.cpp:391

Arp::System::Commons::Security::IdentityStore::InitSslContext
void InitSslContext(SSL_CTX *pSslCtx) const
Initializes a OpenSSL SSL_CTX Structure with the private key and certificate
Definition: IdentityStore.cpp:187

Arp::System::Commons::Security::IdentityStore::GetFullTpmKeyFileName
String GetFullTpmKeyFileName(void) const
Returns the absolute path to the tpm key file
Definition: IdentityStore.cpp:705

Arp::System::Commons::Security::IdentityStore::GetPemCertificate
std::vector< byte > GetPemCertificate(void)
Gets the certificate as byte array in PEM format
Definition: IdentityStore.cpp:327

Arp::System::Commons::Security::IdentityStore::GetPublicKey
std::vector< byte > GetPublicKey(void)
Reads the public key in PEM format
Definition: IdentityStore.cpp:226

Arp::System::Commons::Security::IdentityStore::SetCertificate
SecurityConfigurationError SetCertificate(const std::vector< byte > &pemData)
Sets or overwrites the certificate from the PEM encoded given bytes
Definition: IdentityStore.cpp:286

Arp::System::Commons::Security::IdentityStore::GetKeyType
KeyPairType GetKeyType(void)
Returns the type of the key pair
Definition: IdentityStore.cpp:711

Arp::System::Commons::Security::IdentityStore::GenerateCSR
std::vector< byte > GenerateCSR()
Generate a Certificate Signing Request (CSR) for the Key Pair of this IdentityStore
Definition: IdentityStore.cpp:615

Arp::System::Commons::Security::IdentityStore::GetFullCertificateFileName
String GetFullCertificateFileName(void) const
Returns the absolute path to the certificate file
Definition: IdentityStore.cpp:693

Arp::System::Commons::Security::IdentityStore::operator=
IdentityStore & operator=(const IdentityStore &arg)=delete
Assignment operator.

Arp::System::Commons::Security::IdentityStore::GetIssuerPemCertificates
std::vector< std::vector< byte > > GetIssuerPemCertificates(void)
Get the issuer certificates in PEM format
Definition: IdentityStore.cpp:412

Arp::System::Commons::Security::IdentityStore::ListContent
SecurityConfigurationError ListContent(SecurityListType type, std::vector< ItemInfo > &result)
Lists all elements in the list referenced by their SecurityListType
Definition: IdentityStore.cpp:428

Arp::System::Commons::Security::IdentityStore::VerifyCertMatchesWithPrivateKey
bool VerifyCertMatchesWithPrivateKey(void)
Verifies if the certificates matches with the key pair
Definition: IdentityStore.cpp:668

Arp::System::Commons::Security::IdentityStore::GetDerCertificate
std::vector< byte > GetDerCertificate(void)
Gets the certificate as byte array in DER format
Definition: IdentityStore.cpp:353

Arp::System::Commons::Security::IdentityStore::~IdentityStore
~IdentityStore(void)=default
Destructs this instance and frees all resources.

Arp::System::Commons::Security::IdentityStore::IdentityStore
IdentityStore(const String &basePath, const String &name, KeyMustExist requireKeyExists=RequireKeyExists)
Constructs an IdentityStore instance.
Definition: IdentityStore.cpp:39

Arp::System::Commons::Security::IdentityStore::GetFullKeyFileName
String GetFullKeyFileName(void) const
Returns the absolute path to the key file
Definition: IdentityStore.cpp:699

Arp::System::Commons::Security::SecurityConfigurationError
SecurityConfigurationError
Enumeration of possible error codes when interacting with classes in the Security namespace
Definition: SecurityConfigurationError.hpp:17

Arp
Root namespace for the PLCnext API