| 3. YaPI::CaManagement | ||
|---|---|---|
 |  | |
| 3. YaPI::CaManagement | ||
|---|---|---|
| | | |
This package is the public Yast2 API to the CA management.
Returns a list of available CAs
Returns a list of lists of the available CAs containing the issuer caName.
Create a new selfsigned root CA and creates the whole needed infrastructure.
Example 40.
my $data = {
'caName' => 'My_CA',
'keyPasswd' => 'system',
'commonName' => 'My CA',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '3650',
'countryName' => 'US',
'localityName' => 'New York',
'organizationName' => 'My Inc.',
};
my $res = YaPI::CaManagement->AddRootCA($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}In $valueMap you can define the following keys:
Write the default values for the available certificate types. Keys which are not present, will be removed if they are available in the configuration file.
Returns a CA certificate as plain text or parsed map.
Create a request for a special CA and returns the name.
Example 44.
my $data = {
'caName' => 'My_CA',
'keyPasswd' => 'system',
'commonName' => 'My New Request',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '365',
'countryName' => 'DE',
'localityName' => 'Nuremberg',
'stateOrProvinceName' => 'Bavaria',
'organizationName' => 'My Linux AG',
'nsComment' => "YaST Generated Certificate"
};
my $res = YaPI::CaManagement->AddRequest($data);
if( not defined $res ) {
# error
} else {
print "OK Name of the request is: '$res'\n";
}Issue a certificate and returns the name of the new certificate.
Example 45.
my $data = {
'caName' => 'My_CA',
'request' => $request,
'certType' => 'client',
'caPasswd' => 'system',
'days' => '365',
'crlDistributionPoints' => "URI:ldap://my.linux.tux/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
'nsComment' => "YaST Generated Certificate",
};
my $res = YaPI::CaManagement->IssueCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK: '$res'\n";
}Create a new Certificate and returns the name
Example 46.
my $data = {
'caName' => 'My_CA',
'certType' => 'client',
'keyPasswd' => 'system',
'caPasswd' => 'system',
'commonName' => 'John Doe',
'emailAddress' => 'John.Doe@example.com',
'keyLength' => '2048',
'days' => '365',
'countryName' => 'US',
'localityName' => 'New York',
'organizationalUnitName'=> 'IT',
'organizationName' => 'My Inc.',
'crlDistributionPoints' => "URI:ldap://ldap.example.com/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
'nsComment' => "YaST Generated Certificate",
};
my $res = YaPI::CaManagement->AddCertificate($data);
if( not defined $res ) {
# error
} else {
print "OK: '$res'\n";
}Returns a list of maps with all certificates of the defined CA.
Update the internal openssl database.
Returns a certificate as plain text or parsed map.
Example 49.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
'certificate' => $certName
};
my $res = YaPI::CaManagement->ReadCertificate($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Revoke a certificate.
Create a new CRL.
Returns a CRL as plain text or parsed map.
Export a CA to a file or returns it in different formats.
Example 53.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 54.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
my $data = {
'caName' => 'My_CA',
'exportFormat' => $ef,
'caPasswd' => "system",
};
if($ef =~ /^PKCS12/) {
$data->{'P12Password'} = "p12pass";
}
my $res = YaPI::CaManagement->ExportCA($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/$ef")) {
print STDERR "OPEN_FAILED\n";
exit 1;
}
print OUT $res;
close OUT;
}
}Export a certificate to a file or returns it in different formats.
Example 55.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 56.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
my $data = {
'caName' => 'My_CA',
'certificate' => $certName,
'exportFormat' => $ef,
'keyPasswd' => "system",
};
if($ef =~ /^PKCS12/) {
$data->{'P12Password'} = "p12pass";
}
my $res = YaPI::CaManagement->ExportCertificate($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/$ef")) {
print STDERR "OPEN_FAILED\n";
exit 1;
}
print OUT $res;
close OUT;
}
}Export a CRL to a file or returns it in different formats.
Example 58.
foreach my $ef ("PEM", "DER") {
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'exportFormat' => $ef,
};
my $res = YaPI::CaManagement->ExportCRL($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/CRL_$ef")) {
print STDERR "OPEN_FAILED\n";
}
print OUT $res;
close OUT;
}
}Verify a certificate.
create a new CA signed by another CA.
Example 60.
my $data = {
'caName' => 'My_CA',
'newCaName' => 'My_New_Sub_CA',
'keyPasswd' => 'newPasswd',
'caPasswd' => 'system',
'commonName' => 'My CA New Sub CA',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '3000',
'countryName' => 'US',
'localityName' => 'New York',
'organizationName' => 'My Inc.',
'basicConstraints' => 'CA:TRUE',
'crlDistributionPoints' => 'URI:http://my.example.com/',
};
my $res = YaPI::CaManagement->AddSubCA($data);
if( not defined $res ) {
# error
} else {
print "OK '$res'\n";
}Export a CA in a LDAP Directory.
Example 61.
my $data = {
caName => 'My_CA',
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCAToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Export a CRL in a LDAP Directory
Example 62.
my $data = {
caName => 'My_CA',
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCRLToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Return the defaults for export CA, CRL or certificates to LDAP. If an error ocured with code = LDAP_CONFIG_NEEDED, you have to call InitLDAPcaManagement() first.
Creates the default configuration structure in LDAP
Export a Certificate in a LDAP Directory. This function is designed for exporting user certificates. The destination entry must have the objectclass 'inetOrgPerson'.
Example 65.
my $data = {
caName => 'My_CA',
certificate => $certificateName,
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "uid=me,ou=people,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCertificateToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Delete a Certificate. This function removes also the request and the private key.
Import a server certificate plus correspondenting CA and copy them to a place where other YaST modules look for such a common certificate.
Returns a certificate or CRL as plain text or parsed map.
Example 68.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'datatype' => "CERTIFICATE",
'inFile' => '/path/to/a/certificate.pem',
'inForm' => "PEM"
'type' => $type,
};
my $res = YaPI::CaManagement->ReadFile($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Returns a request as plain text or parsed map.
Returns a list of maps with all requests of the defined CA.
Import a request in a CA repository.
Delete a Request. This function removes also the private key if one is available.
Import a CA certificate and private key and creates a infrastructure.
In $valueMap you can define the following keys:
Read the default values for a CRL. In $valueMap you can define the following keys:
Write the default values for creating a CRL. Keys which are not present, will be removed if they are available in the configuration file except for the 'days' key.
| | | |
| 2. YaPI |  | 4. YaPI::DHCPD |