PLCnext API Documentation 25.9.0.13
IdentityStore.hpp
1
2//
3// Copyright Phoenix Contact GmbH & Co. KG
4//
6#pragma once
8#include "Arp/System/Commons/Logging.h"
9#include "Arp/System/Commons/Io/Path.hpp"
10#include "Arp/System/Commons/Security/KeyPair.hpp"
11#include "Arp/System/Commons/Security/Certificate.hpp"
12#include "Arp/System/Commons/Security/SecurityListType.hpp"
13#include "Arp/System/Commons/Security/ItemInfo.hpp"
14#include "Arp/System/Commons/Security/KeyPairType.hpp"
15#include "Arp/System/Commons/Security/SecurityConfigurationError.hpp"
16#include <map>
17#include <vector>
18#include <openssl/evp.h>
19
20namespace Arp { namespace System { namespace Commons { namespace Security
21{
22
27class IdentityStore : private Loggable<IdentityStore>
28{
29public: // type definitions
33 enum KeyMustExist : bool
34 {
35 IgnoreMissingKey = false,
36 RequireKeyExists = true
37 };
38
39public: // construction/destruction
40 IdentityStore(const String& basePath, const String& name, KeyMustExist requireKeyExists = RequireKeyExists);
42 IdentityStore(const IdentityStore& arg) = delete;
44 IdentityStore& operator=(const IdentityStore& arg) = delete;
46 ~IdentityStore(void) = default;
47
48public: // operators
49
50public: // static operations
51
52public: // setter/getter operations
53 String GetName(void) const;
55 String GetFullKeyFileName(void) const;
56 String GetFullTpmKeyFileName(void) const;
57 bool HasCertificate(void);
58 const std::shared_ptr<KeyPair>& GetKeyPair(void);
59 KeyPairType GetKeyType(void);
60
61public: // operations
62 void InitSslContext(SSL_CTX* pSslCtx)const;
63 std::vector<byte> GetPublicKey(void);
64 SecurityConfigurationError SetKeyPair(const std::vector<byte>& pemData);
65 SecurityConfigurationError SetCertificate(const std::vector<byte>& pemData);
66 std::vector<byte> GetPemCertificate(void);
67 const Certificate& GetCertificate(void) const;
68 const std::vector<Certificate>& GetIssuerCertificates(void) const;
69 std::vector<byte> GetDerCertificate(void);
70 std::vector<byte> GetPemCertificateWithChain(void);
71 std::vector<byte> GetDerCertificateWithChain(void);
72 std::vector<std::vector<byte>> GetIssuerPemCertificates(void);
73 void CreateAllDirectories(void);
74 SecurityConfigurationError ListContent(SecurityListType type, std::vector<ItemInfo>& result);
75 SecurityConfigurationError AddElement(SecurityListType type, const std::vector<byte>& pemData);
76 SecurityConfigurationError DeleteElement(SecurityListType type, const String& identifier);
78 std::vector<byte> GenerateCSR();
80
81protected: // operations
82
83private: // static methods
84
85private: // methods
86 void loadKeyPair(KeyMustExist requireKeyExists);
87 bool LoadSoftwareKeyPair();
88 bool LoadHardwareKeyPair();
89 void loadCertWithChain(const String& file);
90 void listIssuerList(std::vector<ItemInfo>& result);
91 void listIdentityCert(std::vector<ItemInfo>& result);
92 void save(void);
93
94private: // fields
95 String storePath;
96 std::shared_ptr<KeyPair> keyPair;
97 Certificate cert;
98 std::vector<Certificate> issuers;
99
100private: // static fields
101 static const String CertificateFileName;
102 static const String KeyFileName;
103 static const String TpmKeyFileName;
104 static const String DirectorySeparator;
105};
106
107}}}} // end of namespace Arp::System::Commons::Security
This class represents the Arp String. The implementation is based on std::string.
Definition: String.hpp:39
Derive from this class to inherit logging functionality.
Definition: Loggable.hxx:28
Class to handle x.509 certificates
Definition: Certificate.hpp:25
Class with represents a Identity (Certificate with Chain and private Key) and is able to initialize a...
Definition: IdentityStore.hpp:28
void CreateAllDirectories(void)
Creates all needed directories inside the folder of this IdentityStore
Definition: IdentityStore.cpp:56
const std::shared_ptr< KeyPair > & GetKeyPair(void)
Returns a shared_ptr to the KeyPair of this IdentityStore
Definition: IdentityStore.cpp:661
String GetName(void) const
Returns the name of the IdentityStore
Definition: IdentityStore.cpp:687
SecurityConfigurationError GenerateKeyPair(KeyPairType type)
Generate a new KeyPair for this IdentityStore
Definition: IdentityStore.cpp:566
SecurityConfigurationError DeleteElement(SecurityListType type, const String &identifier)
Delete an elements from the list referenced by ListType, identified by identifier
Definition: IdentityStore.cpp:520
KeyMustExist
Enum which dicates if the key in the IdentityStore must exist or if this can be ignored
Definition: IdentityStore.hpp:34
SecurityConfigurationError SetKeyPair(const std::vector< byte > &pemData)
Sets or overwrites the keypair from the PEM encoded given bytes
Definition: IdentityStore.cpp:234
IdentityStore(const IdentityStore &arg)=delete
Copy constructor.
SecurityConfigurationError AddElement(SecurityListType type, const std::vector< byte > &pemData)
Adds an element into the list referenced by SecurityListType
Definition: IdentityStore.cpp:485
bool HasCertificate(void)
checks if a certificate is available for this IdentityStore
Definition: IdentityStore.cpp:655
std::vector< byte > GetPemCertificateWithChain(void)
Gets the certificate as byte array in PEM format with issuer certificates appended
Definition: IdentityStore.cpp:369
std::vector< byte > GetDerCertificateWithChain(void)
Get the certificate as byte array in DER format with issuer certificates appended
Definition: IdentityStore.cpp:391
void InitSslContext(SSL_CTX *pSslCtx) const
Initializes a OpenSSL SSL_CTX Structure with the private key and certificate
Definition: IdentityStore.cpp:187
String GetFullTpmKeyFileName(void) const
Returns the absolute path to the tpm key file
Definition: IdentityStore.cpp:705
std::vector< byte > GetPemCertificate(void)
Gets the certificate as byte array in PEM format
Definition: IdentityStore.cpp:327
std::vector< byte > GetPublicKey(void)
Reads the public key in PEM format
Definition: IdentityStore.cpp:226
SecurityConfigurationError SetCertificate(const std::vector< byte > &pemData)
Sets or overwrites the certificate from the PEM encoded given bytes
Definition: IdentityStore.cpp:286
KeyPairType GetKeyType(void)
Returns the type of the key pair
Definition: IdentityStore.cpp:711
std::vector< byte > GenerateCSR()
Generate a Certificate Signing Request (CSR) for the Key Pair of this IdentityStore
Definition: IdentityStore.cpp:615
String GetFullCertificateFileName(void) const
Returns the absolute path to the certificate file
Definition: IdentityStore.cpp:693
IdentityStore & operator=(const IdentityStore &arg)=delete
Assignment operator.
std::vector< std::vector< byte > > GetIssuerPemCertificates(void)
Get the issuer certificates in PEM format
Definition: IdentityStore.cpp:412
SecurityConfigurationError ListContent(SecurityListType type, std::vector< ItemInfo > &result)
Lists all elements in the list referenced by their SecurityListType
Definition: IdentityStore.cpp:428
bool VerifyCertMatchesWithPrivateKey(void)
Verifies if the certificates matches with the key pair
Definition: IdentityStore.cpp:668
std::vector< byte > GetDerCertificate(void)
Gets the certificate as byte array in DER format
Definition: IdentityStore.cpp:353
~IdentityStore(void)=default
Destructs this instance and frees all resources.
IdentityStore(const String &basePath, const String &name, KeyMustExist requireKeyExists=RequireKeyExists)
Constructs an IdentityStore instance.
Definition: IdentityStore.cpp:39
String GetFullKeyFileName(void) const
Returns the absolute path to the key file
Definition: IdentityStore.cpp:699
SecurityConfigurationError
Enumeration of possible error codes when interacting with classes in the Security namespace
Definition: SecurityConfigurationError.hpp:17
Root namespace for the PLCnext API