4. YaPI::CaManagement

This package is the public Yast2 API to the CA management.

4.1. List of Global Functions

caName => <directory Name>
certType => <value>
newCaName <directory Name>
request => <filename>
certificate => <filename>
keyPasswd => <String>
caPasswd => <string>
commonName => <String>
emailAddress => <email-address>
keyLength => <integer>
days => <integer>
countryName => <two_letter_country_code>
stateOrProvinceName => <string>
localityName => <string>
organizationName => <string>
organizationalUnitName => <string>
challengePassword => <string>
unstructuredName => <string>
crlReason => <value>
basicConstraints => <values>
nsComment => <string>
nsCertType => <values>
keyUsage => <values>
subjectKeyIdentifier <values>
authorityKeyIdentifier => <values>
subjectAltName => <values>
issuerAltName => <values>
nsBaseUrl => <URL>
nsRevocationUrl => <URL>
nsCaRevocationUrl => <URL>
nsRenewalUrl => <URL>
nsCaPolicyUrl => <URL>
nsSslServerName => <domain_name>
extendedKeyUsage => <values>
authorityInfoAccess => <accessOID>;<location>
crlDistributionPoints URI:<URL>[,URI:<URL>,...]
$caList = ReadCAList()
$caList = ReadCATree()
$bool = AddRootCA($valueMap)
$certValueMap = ReadCertificateDefaults($valueMap)
$bool = WriteCertificateDefaults($valueMap)
$ca = ReadCA($valueMap)
$name = AddRequest($valueMap)
$name = IssueCertificate($valueMap)
$name = AddCertificate($valueMap)
$certList = ReadCertificateList($valueMap)
$bool = UpdateDB($valueMap)
$cert = ReadCertificate($valueMap)
$bool = RevokeCertificate($valueMap)
$bool = AddCRL($valueMap)
$crl = ReadCRL($valueMap)
$file = ExportCA($valueMap)
$file = ExportCertificate($valueMap)
$file = ExportCRL($valueMap)
$bool = Verify($valueMap)
$bool = AddSubCA($valueMap)
$bool = ExportCAToLDAP($valueMap)
$bool = ExportCRLToLDAP($valueMap)
$defaultsMap = ReadLDAPExportDefaults($valueMap)
$bool = InitLDAPcaManagement($valueMap)
$bool = ExportCertificateToLDAP($valueMap)
$bool = DeleteCertificate($valueMap)
$bool = ImportCommonServerCertificate($valueMap)
$bool = ReadFile($valueMap)
$cert = ReadRequest($valueMap)
$certList = ReadRequestList($valueMap)
$request = ImportRequest($valueMap)
$bool = DeleteRequest($valueMap)
$bool = ImportCA($valueMap)
$bool = DeleteCA($valueMap)
$crlValueMap = ReadCRLDefaults($valueMap)
$bool = WriteCRLDefaults($valueMap)
$bool = ChangePassword($valueMap)

4.2. Functions

4.2.1. $caList = ReadCAList()

Returns a list of available CAs

Example 44.

 my $caList = YaPI::CaManagement->ReadCAList();
 if(not defined $caList) {
     #error
 }

 foreach my $ca (@$caList) {
     print $ca."\n";
 }

4.2.2. $caList = ReadCATree()

Returns a list of lists of the available CAs containing the issuer caName.

Example 45.

 my $caList = YaPI::CaManagement->ReadCATree();
 if(not defined $caList) {
     #error
 }

 print Data::Dumper->Dump([$ca])."\n";

4.2.3. $bool = AddRootCA($valueMap)

Create a new selfsigned root CA and creates the whole needed infrastructure.

Example 46.

 my $data = {
             'caName'                => 'My_CA',
             'keyPasswd'             => 'system',
             'commonName'            => 'My CA',
             'emailAddress'          => 'my@example.com',
             'keyLength'             => '2048',
             'days'                  => '3650',
             'countryName'           => 'US',
             'localityName'          => 'New York',
             'organizationName'      => 'My Inc.',
            };

 my $res = YaPI::CaManagement->AddRootCA($data);
 if( not defined $res ) {
     # error  
 } else {
     print "OK\n";
 }

4.2.4. $certValueMap = ReadCertificateDefaults($valueMap)

In $valueMap you can define the following keys:

Example 47.

 use Data::Dumper;

 my $data = {
             'caName'   => 'My_CA',
             'certType' => 'client'
            }
 $certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data) 
 if( not defined $certValueMap ) {
     # error
 } else {
     print Data::Dumper->Dump([$certValueMap])."\n";
 }

4.2.5. $bool = WriteCertificateDefaults($valueMap)

Write the default values for the available certificate types. Keys which are not present, will be removed if they are available in the configuration file.

Example 48.

     my $data = {
                 'caName'    => 'My_CA',
                 'certType'  => 'server',
                 'nsComment' => '"My Server Certificate"'
                };
     my $res = YaPI::CaManagement->WriteCertificateDefaults($data);
     if( not defined $res ) {
         # error
     } else {
         print "OK\n";
     }
 }

4.2.6. $ca = ReadCA($valueMap)

Returns a CA certificate as plain text or parsed map.

Example 49.

 use Data::Dumper;

 foreach my $type ("parsed", "plain", "extended") {
     my $data = {
                 'caName' => 'My_CA',
                 'type'   => $type
                };
     my $res = YaPI::CaManagement->ReadCA($data);
     if( not defined $res ) {
         # error
     } else {
         print Data::Dumper->Dump([$res])."\n";
     }
 }

4.2.7. $name = AddRequest($valueMap)

Create a request for a special CA and returns the name.

Example 50.

 my $data = {
             'caName'                => 'My_CA',
             'keyPasswd'             => 'system',
             'commonName'            => 'My New Request',
             'emailAddress'          => 'my@example.com',
             'keyLength'             => '2048',
             'days'                  => '365',
             'countryName'           => 'DE',
             'localityName'          => 'Nuremberg',
             'stateOrProvinceName'   => 'Bavaria',
             'organizationName'      => 'My Linux AG',
             'nsComment'             => "YaST Generated Certificate"
            };
 my $res = YaPI::CaManagement->AddRequest($data);
 if( not defined $res ) {
     # error 
 } else {
     print "OK Name of the request is: '$res'\n";
 }

4.2.8. $name = IssueCertificate($valueMap)

Issue a certificate and returns the name of the new certificate.

Example 51.

 my $data = {
             'caName'                => 'My_CA',
             'request'               => $request,
             'certType'              => 'client',
             'caPasswd'              => 'system',
             'days'                  => '365',
             'crlDistributionPoints' => "URI:ldap://my.linux.tux/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
             'nsComment'             => "YaST Generated Certificate",
            };
 my $res = YaPI::CaManagement->IssueCertificate($data);
 if( not defined $res ) {
     # error
 } else {
     print STDERR "OK: '$res'\n";
 }

4.2.9. $name = AddCertificate($valueMap)

Create a new Certificate and returns the name

Example 52.

 my $data = {
            'caName'                => 'My_CA',
            'certType'              => 'client',
            'keyPasswd'             => 'system',
            'caPasswd'              => 'system',
            'commonName'            => 'John Doe',
            'emailAddress'          => 'John.Doe@example.com',
            'keyLength'             => '2048',
            'days'                  => '365',
            'countryName'           => 'US',
            'localityName'          => 'New York',
            'organizationalUnitName'=> 'IT',
            'organizationName'      => 'My Inc.',
            'crlDistributionPoints' => "URI:ldap://ldap.example.com/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
            'nsComment'             => "YaST Generated Certificate",
            };

    my $res = YaPI::CaManagement->AddCertificate($data);
    if( not defined $res ) {
        # error
    } else {
        print "OK: '$res'\n";
    }

4.2.10. $certList = ReadCertificateList($valueMap)

Returns a list of maps with all certificates of the defined CA.

Example 53.

 use Data::Dumper;

 my $data = {
             'caName'   => 'My_CA',
             'caPasswd' => 'system'
            };

    my $res = YaPI::CaManagement->ReadCertificateList($data);
    if( not defined $res ) {
        # error
    } else {
        my $certificateName = $res->[0]->{'certificate'};
        print Data::Dumper->Dump([$res])."\n";
    }

4.2.11. $bool = UpdateDB($valueMap)

Update the internal openssl database.

Example 54.

 my $data = {
             'caName'   => 'My_CA',
             'caPasswd' => 'system'
            };

 my $res = YaPI::CaManagement->UpdateDB($data);
 if( not defined $res ) {
     # error
 } else {
     print "OK \n";
 }

4.2.12. $cert = ReadCertificate($valueMap)

Returns a certificate as plain text or parsed map.

Example 55.

 use Data::Dumper;

 foreach my $type ("parsed", "plain", "extended") {
     my $data = {
                 'caName'      => 'My_CA',
                 'type'        => $type,
                 'certificate' => $certName
                };

     my $res = YaPI::CaManagement->ReadCertificate($data);
     if( not defined $res ) {
         # error
     } else {
         print Data::Dumper->Dump([$res])."\n";
     }
 }

4.2.13. $bool = RevokeCertificate($valueMap)

Revoke a certificate.

Example 56.

 my $data = {
             'caName'      => 'My_CA',
             'caPasswd'    => 'system',
             'certificate' => $certName,
             'crlReason'   => 'keyCompromise'
            };

 my $res = YaPI::CaManagement->RevokeCertificate($data);
 if( not defined $res ) {
     # error
 } else {
     print "Revoke successful\n";
 }

4.2.14. $bool = AddCRL($valueMap)

Create a new CRL.

Example 57.

 my $data = {
             'caName'      => 'My_CA',
             'caPasswd'    => 'system',
             'days'        => 8
            };

 my $res = YaPI::CaManagement->AddCRL($data);
 if( not defined $res ) {
     # error
 } else {
     print "AddCRL successful\n";
 }

4.2.15. $crl = ReadCRL($valueMap)

Returns a CRL as plain text or parsed map.

Example 58.

 use Data::Dumper;

 foreach my $type ("parsed", "plain", "extended") {
     my $data = {
                 'caName' => 'My_CA',
                 'type'   => $type,
                };

     my $res = YaPI::CaManagement->ReadCRL($data);
     if( not defined $res ) {
         # error
     } else {
         print Data::Dumper->Dump([$res])."\n";
     }
 }

4.2.16. $file = ExportCA($valueMap)

Export a CA to a file or returns it in different formats.

Example 59.

  PEM_CERT (export only the Certificate im PEM format)

  PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format)

  PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format)

  DER_CERT (export the Certificate in DER Format)

  PKCS12 (export the Certificate and the Key in PKCS12 Format)

  PKCS12_CHAIN (like PKCS12 + include the CA Chain )

Example 60.

 foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
     my $data = {
                 'caName'       => 'My_CA',
                 'exportFormat' => $ef,
                 'caPasswd'     => "system",
                };
     if($ef =~ /^PKCS12/) {
         $data->{'P12Password'} = "p12pass";
     }

     my $res = YaPI::CaManagement->ExportCA($data);
     if( not defined $res ) {
         # error
     } else {
         if(! open(OUT, "> /tmp/certs/$ef")) {
             print STDERR "OPEN_FAILED\n";
             exit 1;
         }
         print OUT $res;
         close OUT;
     }
 }

4.2.17. $file = ExportCertificate($valueMap)

Export a certificate to a file or returns it in different formats.

Example 61.

  PEM_CERT (export only the Certificate im PEM format)

  PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format)

  PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format)

  DER_CERT (export the Certificate in DER Format)

  PKCS12 (export the Certificate and the Key in PKCS12 Format)

  PKCS12_CHAIN (like PKCS12 + include the CA Chain )

Example 62.

 foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
     my $data = {
                 'caName'       => 'My_CA',
                 'certificate'  => $certName,
                 'exportFormat' => $ef,
                 'keyPasswd'    => "system",
                };
     if($ef =~ /^PKCS12/) {
         $data->{'P12Password'} = "p12pass";
     }

     my $res = YaPI::CaManagement->ExportCertificate($data);
     if( not defined $res ) {
         # error
     } else {
         if(! open(OUT, "> /tmp/certs/$ef")) {
             print STDERR "OPEN_FAILED\n";
             exit 1;
         }
         print OUT $res;
         close OUT;
     }
 }

4.2.18. $file = ExportCRL($valueMap)

Export a CRL to a file or returns it in different formats.

Example 63.

  PEM - Export the CRL in PEM format

  DER - Export the CRL in DER format

Example 64.

 foreach my $ef ("PEM", "DER") {
     my $data = {
                 'caName'       => 'My_CA',
                 'caPasswd'     => 'system',
                 'exportFormat' => $ef,
                };
     
     my $res = YaPI::CaManagement->ExportCRL($data);
     if( not defined $res ) {
         # error
     } else {
         if(! open(OUT, "> /tmp/certs/CRL_$ef")) {
             print STDERR "OPEN_FAILED\n";
         }
         print OUT $res;
         close OUT;
     }
 }

4.2.19. $bool = Verify($valueMap)

Verify a certificate.

Example 65.

 $data = {
           'caName'      => 'My_CA',
           'certificate' => $certName
         };

 my $Vret = YaPI::CaManagement->Verify($data);
 if(not defined $Vret) {
     # verification failed
 } else {
     print "OK \n";
 }

4.2.20. $bool = AddSubCA($valueMap)

create a new CA signed by another CA.

Example 66.

 my $data = {
             'caName'                => 'My_CA',
             'newCaName'             => 'My_New_Sub_CA',
             'keyPasswd'             => 'newPasswd',
             'caPasswd'              => 'system',
             'commonName'            => 'My CA New Sub CA',
             'emailAddress'          => 'my@example.com',
             'keyLength'             => '2048',
             'days'                  => '3000',
             'countryName'           => 'US',
             'localityName'          => 'New York',
             'organizationName'      => 'My Inc.',
             'basicConstraints'      => 'CA:TRUE',
             'crlDistributionPoints' => 'URI:http://my.example.com/',
            };

 my $res = YaPI::CaManagement->AddSubCA($data);
 if( not defined $res ) {
     # error    
 } else {
     print "OK '$res'\n";
 }

4.2.21. $bool = ExportCAToLDAP($valueMap)

Export a CA in a LDAP Directory.

Example 67.

 my $data = {
             caName        => 'My_CA',
             ldapHostname  => 'myhost.example.com',
             ldapPort      => 389,
             destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
             BindDN        => "cn=Admin,dc=example,dc=com",
             ldapPasswd    => "system"
            };

    my $res = YaPI::CaManagement->ExportCAToLDAP($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.22. $bool = ExportCRLToLDAP($valueMap)

Export a CRL in a LDAP Directory

Example 68.

 my $data = {
             caName        => 'My_CA',
             ldapHostname  => 'myhost.example.com',
             ldapPort      => 389,
             destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
             BindDN        => "cn=Admin,dc=example,dc=com",
             ldapPasswd    => "system"
            };

    my $res = YaPI::CaManagement->ExportCRLToLDAP($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.23. $defaultsMap = ReadLDAPExportDefaults($valueMap)

Return the defaults for export CA, CRL or certificates to LDAP. If an error ocured with code = LDAP_CONFIG_NEEDED, you have to call InitLDAPcaManagement() first.

Example 69.

 use Data::Dumper;

 my $data = {
             'caName' => 'My_CA',
             'type'   => 'ca'
            };

 my $res = YaPI::CaManagement->ReadLDAPExportDefaults($data);

4.2.24. $bool = InitLDAPcaManagement($valueMap)

Creates the default configuration structure in LDAP

Example 70.

 my $data = {
             'ldapPasswd' => 'system'
            };

 my $res = YaPI::CaManagement->InitLDAPcaManagement($data);
 if( not defined $res ) {
     # error
 } else {
     print "OK\n";
 }

4.2.25. $bool = ExportCertificateToLDAP($valueMap)

Export a Certificate in a LDAP Directory. This function is designed for exporting user certificates. The destination entry must have the objectClass 'inetOrgPerson'.

Example 71.

 my $data = {
             caName        => 'My_CA',
             certificate   => $certificateName,
             ldapHostname  => 'myhost.example.com',
             ldapPort      => 389,
             destinationDN => "uid=me,ou=people,dc=suse,dc=de",
             BindDN        => "cn=Admin,dc=example,dc=com",
             ldapPasswd    => "system"
            };

    my $res = YaPI::CaManagement->ExportCertificateToLDAP($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.26. $bool = DeleteCertificate($valueMap)

Delete a Certificate. This function removes also the request and the private key.

Example 72.

 my $data = {
             caName        => 'My_CA',
             certificate   => $certificateName,
             caPasswd      => 'system'
            };

    my $res = YaPI::CaManagement->DeleteCertificate($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.27. $bool = ImportCommonServerCertificate($valueMap)

Import a server certificate plus correspondenting CA and copy them to a place where other YaST modules look for such a common certificate.

Example 73.

 my $data = {
             inFile        => '/media/floppy/YaST-Servercert.p12',
             passwd        => 'system'
            };

    my $res = YaPI::CaManagement->ImportCommonServerCertificate($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.28. $bool = ReadFile($valueMap)

Returns a certificate or CRL as plain text or parsed map.

Example 74.

 use Data::Dumper;

 foreach my $type ("parsed", "plain", "extended") {
     my $data = {
                 'datatype' => "CERTIFICATE",
                 'inFile' => '/path/to/a/certificate.pem',
                 'inForm' => "PEM"
                 'type'   => $type,
                };

     my $res = YaPI::CaManagement->ReadFile($data);
     if( not defined $res ) {
         # error
     } else {
         print Data::Dumper->Dump([$res])."\n";
     }
 }

4.2.29. $cert = ReadRequest($valueMap)

Returns a request as plain text or parsed map.

Example 75.

 use Data::Dumper;

 foreach my $type ("parsed", "plain", "extended") {
     my $data = {
                 'caName'      => 'My_CA',
                 'type'        => $type,
                 'request'     => $certName
                };

     my $res = YaPI::CaManagement->ReadRequest($data);
     if( not defined $res ) {
         # error
     } else {
         print Data::Dumper->Dump([$res])."\n";
     }
 }

4.2.30. $certList = ReadRequestList($valueMap)

Returns a list of maps with all requests of the defined CA.

Example 76.

 use Data::Dumper;

 my $data = {
             'caName'   => 'My_CA'
            };

    my $res = YaPI::CaManagement->ReadRequestList($data);
    if( not defined $res ) {
        # error
    } else {
        my $requestName = $res->[0]->{'request'};
        print Data::Dumper->Dump([$res])."\n";
    }

4.2.31. $request = ImportRequest($valueMap)

Import a request in a CA repository.

Example 77.

 my $data = {
             caName        => 'My_CA',
             inFile        => '/media/floppy/my_request.pem',
             importFormat  => 'PEM'
            };

    my $res = YaPI::CaManagement->ImportRequest($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "$res\n";
    }

4.2.32. $bool = DeleteRequest($valueMap)

Delete a Request. This function removes also the private key if one is available.

Example 78.

 my $data = {
             caName        => 'My_CA',
             request       => $requestName,
             caPasswd      => 'system'
            };

    my $res = YaPI::CaManagement->DeleteRequest($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.33. $bool = ImportCA($valueMap)

Import a CA certificate and private key and creates a infrastructure.

Example 79.

 my $data = {
             caName        => 'My_CA',
             caCertificate => /path/to/cacert.pem,
             caKey         => /path/to/cacert.key,
             caPasswd      => "secret"
            };

    my $res = YaPI::CaManagement->ImportCA($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.34. $bool = DeleteCA($valueMap)

In $valueMap you can define the following keys:

Example 80.

  Delete a Certificate Authority infrastructure

Example 81.

 my $data = {
             caName      => 'My_CA',
             caPasswd    => 'system,
            };

    my $res = YaPI::CaManagement->DeleteCA($data);
    if( not defined $res ) {
        # error
    } else {
        print STDERR "OK\n";
    }

4.2.35. $crlValueMap = ReadCRLDefaults($valueMap)

Read the default values for a CRL. In $valueMap you can define the following keys:

Example 82.

 use Data::Dumper;

 my $data = {
             'caName'   => 'My_CA'
            }
 $crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data) 
 if( not defined $crlValueMap ) {
     # error
 } else {
     print Data::Dumper->Dump([$crlValueMap])."\n";
 }

4.2.36. $bool = WriteCRLDefaults($valueMap)

Write the default values for creating a CRL. Keys which are not present, will be removed if they are available in the configuration file except for the 'days' key.

Example 83.

     my $data = {
                 'caName'    => 'My_CA',
                 'days'      => '7'                 
                };
     my $res = YaPI::CaManagement->WriteCRLDefaults($data);
     if( not defined $res ) {
         # error
     } else {
         print "OK\n";
     }
 }

4.2.37. $bool = ChangePassword($valueMap)

Change the password of a keyfile.

Example 84.

     my $data = {
                 'caName'      => 'My_CA',
                 'certificate' => $certName,
                 'oldPasswd'   => "old password",
                 'newPasswd'   => "new password"
                };
     my $res = YaPI::CaManagement->ChangePassword($data);
     if( not defined $res ) {
         # error
     } else {
         print "OK\n";
     }
 }


3. YaPI		5. YaPI::DHCPD