This package is the public Yast2 API to the CA management.
Returns a list of available CAs
Example 44.
my $caList = YaPI::CaManagement->ReadCAList();
if(not defined $caList) {
#error
}
foreach my $ca (@$caList) {
print $ca."\n";
}Returns a list of lists of the available CAs containing the issuer caName.
Example 45.
my $caList = YaPI::CaManagement->ReadCATree();
if(not defined $caList) {
#error
}
print Data::Dumper->Dump([$ca])."\n";Create a new selfsigned root CA and creates the whole needed infrastructure.
Example 46.
my $data = {
'caName' => 'My_CA',
'keyPasswd' => 'system',
'commonName' => 'My CA',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '3650',
'countryName' => 'US',
'localityName' => 'New York',
'organizationName' => 'My Inc.',
};
my $res = YaPI::CaManagement->AddRootCA($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}In $valueMap you can define the following keys:
Example 47.
use Data::Dumper;
my $data = {
'caName' => 'My_CA',
'certType' => 'client'
}
$certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data)
if( not defined $certValueMap ) {
# error
} else {
print Data::Dumper->Dump([$certValueMap])."\n";
}Write the default values for the available certificate types. Keys which are not present, will be removed if they are available in the configuration file.
Example 48.
my $data = {
'caName' => 'My_CA',
'certType' => 'server',
'nsComment' => '"My Server Certificate"'
};
my $res = YaPI::CaManagement->WriteCertificateDefaults($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}
}Returns a CA certificate as plain text or parsed map.
Example 49.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type
};
my $res = YaPI::CaManagement->ReadCA($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Create a request for a special CA and returns the name.
Example 50.
my $data = {
'caName' => 'My_CA',
'keyPasswd' => 'system',
'commonName' => 'My New Request',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '365',
'countryName' => 'DE',
'localityName' => 'Nuremberg',
'stateOrProvinceName' => 'Bavaria',
'organizationName' => 'My Linux AG',
'nsComment' => "YaST Generated Certificate"
};
my $res = YaPI::CaManagement->AddRequest($data);
if( not defined $res ) {
# error
} else {
print "OK Name of the request is: '$res'\n";
}Issue a certificate and returns the name of the new certificate.
Example 51.
my $data = {
'caName' => 'My_CA',
'request' => $request,
'certType' => 'client',
'caPasswd' => 'system',
'days' => '365',
'crlDistributionPoints' => "URI:ldap://my.linux.tux/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
'nsComment' => "YaST Generated Certificate",
};
my $res = YaPI::CaManagement->IssueCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK: '$res'\n";
}Create a new Certificate and returns the name
Example 52.
my $data = {
'caName' => 'My_CA',
'certType' => 'client',
'keyPasswd' => 'system',
'caPasswd' => 'system',
'commonName' => 'John Doe',
'emailAddress' => 'John.Doe@example.com',
'keyLength' => '2048',
'days' => '365',
'countryName' => 'US',
'localityName' => 'New York',
'organizationalUnitName'=> 'IT',
'organizationName' => 'My Inc.',
'crlDistributionPoints' => "URI:ldap://ldap.example.com/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
'nsComment' => "YaST Generated Certificate",
};
my $res = YaPI::CaManagement->AddCertificate($data);
if( not defined $res ) {
# error
} else {
print "OK: '$res'\n";
}Returns a list of maps with all certificates of the defined CA.
Example 53.
use Data::Dumper;
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system'
};
my $res = YaPI::CaManagement->ReadCertificateList($data);
if( not defined $res ) {
# error
} else {
my $certificateName = $res->[0]->{'certificate'};
print Data::Dumper->Dump([$res])."\n";
}Update the internal openssl database.
Example 54.
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system'
};
my $res = YaPI::CaManagement->UpdateDB($data);
if( not defined $res ) {
# error
} else {
print "OK \n";
}Returns a certificate as plain text or parsed map.
Example 55.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
'certificate' => $certName
};
my $res = YaPI::CaManagement->ReadCertificate($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Revoke a certificate.
Example 56.
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'certificate' => $certName,
'crlReason' => 'keyCompromise'
};
my $res = YaPI::CaManagement->RevokeCertificate($data);
if( not defined $res ) {
# error
} else {
print "Revoke successful\n";
}Create a new CRL.
Example 57.
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'days' => 8
};
my $res = YaPI::CaManagement->AddCRL($data);
if( not defined $res ) {
# error
} else {
print "AddCRL successful\n";
}Returns a CRL as plain text or parsed map.
Example 58.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
};
my $res = YaPI::CaManagement->ReadCRL($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Export a CA to a file or returns it in different formats.
Example 59.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 60.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
my $data = {
'caName' => 'My_CA',
'exportFormat' => $ef,
'caPasswd' => "system",
};
if($ef =~ /^PKCS12/) {
$data->{'P12Password'} = "p12pass";
}
my $res = YaPI::CaManagement->ExportCA($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/$ef")) {
print STDERR "OPEN_FAILED\n";
exit 1;
}
print OUT $res;
close OUT;
}
}Export a certificate to a file or returns it in different formats.
Example 61.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 62.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
my $data = {
'caName' => 'My_CA',
'certificate' => $certName,
'exportFormat' => $ef,
'keyPasswd' => "system",
};
if($ef =~ /^PKCS12/) {
$data->{'P12Password'} = "p12pass";
}
my $res = YaPI::CaManagement->ExportCertificate($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/$ef")) {
print STDERR "OPEN_FAILED\n";
exit 1;
}
print OUT $res;
close OUT;
}
}Export a CRL to a file or returns it in different formats.
Example 64.
foreach my $ef ("PEM", "DER") {
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'exportFormat' => $ef,
};
my $res = YaPI::CaManagement->ExportCRL($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/CRL_$ef")) {
print STDERR "OPEN_FAILED\n";
}
print OUT $res;
close OUT;
}
}Verify a certificate.
Example 65.
$data = {
'caName' => 'My_CA',
'certificate' => $certName
};
my $Vret = YaPI::CaManagement->Verify($data);
if(not defined $Vret) {
# verification failed
} else {
print "OK \n";
}create a new CA signed by another CA.
Example 66.
my $data = {
'caName' => 'My_CA',
'newCaName' => 'My_New_Sub_CA',
'keyPasswd' => 'newPasswd',
'caPasswd' => 'system',
'commonName' => 'My CA New Sub CA',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '3000',
'countryName' => 'US',
'localityName' => 'New York',
'organizationName' => 'My Inc.',
'basicConstraints' => 'CA:TRUE',
'crlDistributionPoints' => 'URI:http://my.example.com/',
};
my $res = YaPI::CaManagement->AddSubCA($data);
if( not defined $res ) {
# error
} else {
print "OK '$res'\n";
}Export a CA in a LDAP Directory.
Example 67.
my $data = {
caName => 'My_CA',
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCAToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Export a CRL in a LDAP Directory
Example 68.
my $data = {
caName => 'My_CA',
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCRLToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Return the defaults for export CA, CRL or certificates to LDAP. If an error ocured with code = LDAP_CONFIG_NEEDED, you have to call InitLDAPcaManagement() first.
Example 69.
use Data::Dumper;
my $data = {
'caName' => 'My_CA',
'type' => 'ca'
};
my $res = YaPI::CaManagement->ReadLDAPExportDefaults($data);Creates the default configuration structure in LDAP
Example 70.
my $data = {
'ldapPasswd' => 'system'
};
my $res = YaPI::CaManagement->InitLDAPcaManagement($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}Export a Certificate in a LDAP Directory. This function is designed for exporting user certificates. The destination entry must have the objectClass 'inetOrgPerson'.
Example 71.
my $data = {
caName => 'My_CA',
certificate => $certificateName,
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "uid=me,ou=people,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCertificateToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Delete a Certificate. This function removes also the request and the private key.
Example 72.
my $data = {
caName => 'My_CA',
certificate => $certificateName,
caPasswd => 'system'
};
my $res = YaPI::CaManagement->DeleteCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Import a server certificate plus correspondenting CA and copy them to a place where other YaST modules look for such a common certificate.
Example 73.
my $data = {
inFile => '/media/floppy/YaST-Servercert.p12',
passwd => 'system'
};
my $res = YaPI::CaManagement->ImportCommonServerCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Returns a certificate or CRL as plain text or parsed map.
Example 74.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'datatype' => "CERTIFICATE",
'inFile' => '/path/to/a/certificate.pem',
'inForm' => "PEM"
'type' => $type,
};
my $res = YaPI::CaManagement->ReadFile($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Returns a request as plain text or parsed map.
Example 75.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
'request' => $certName
};
my $res = YaPI::CaManagement->ReadRequest($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Returns a list of maps with all requests of the defined CA.
Example 76.
use Data::Dumper;
my $data = {
'caName' => 'My_CA'
};
my $res = YaPI::CaManagement->ReadRequestList($data);
if( not defined $res ) {
# error
} else {
my $requestName = $res->[0]->{'request'};
print Data::Dumper->Dump([$res])."\n";
}Import a request in a CA repository.
Example 77.
my $data = {
caName => 'My_CA',
inFile => '/media/floppy/my_request.pem',
importFormat => 'PEM'
};
my $res = YaPI::CaManagement->ImportRequest($data);
if( not defined $res ) {
# error
} else {
print STDERR "$res\n";
}Delete a Request. This function removes also the private key if one is available.
Example 78.
my $data = {
caName => 'My_CA',
request => $requestName,
caPasswd => 'system'
};
my $res = YaPI::CaManagement->DeleteRequest($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Import a CA certificate and private key and creates a infrastructure.
Example 79.
my $data = {
caName => 'My_CA',
caCertificate => /path/to/cacert.pem,
caKey => /path/to/cacert.key,
caPasswd => "secret"
};
my $res = YaPI::CaManagement->ImportCA($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}In $valueMap you can define the following keys:
Example 81.
my $data = {
caName => 'My_CA',
caPasswd => 'system,
};
my $res = YaPI::CaManagement->DeleteCA($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Read the default values for a CRL. In $valueMap you can define the following keys:
Example 82.
use Data::Dumper;
my $data = {
'caName' => 'My_CA'
}
$crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data)
if( not defined $crlValueMap ) {
# error
} else {
print Data::Dumper->Dump([$crlValueMap])."\n";
}Write the default values for creating a CRL. Keys which are not present, will be removed if they are available in the configuration file except for the 'days' key.
Example 83.
my $data = {
'caName' => 'My_CA',
'days' => '7'
};
my $res = YaPI::CaManagement->WriteCRLDefaults($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}
}