App-CamelPKI
2 results

 view release on metacpan or  search on metacpan

lib/App/CamelPKI/Model/CA.pm  view on Meta::CPAN 

    my $ca = $self->_make_ca;
    
    $ca->set_keys (-certificate => $CA1, -key =>  $privKeyCA1);

    my $webserverkey = App::CamelPKI::PrivateKey->genrsa($self->{keysize});
    my $web_dns = exists($self->{dns_webserver}) ? 
    	 $self->{dns_webserver} : "undef";
    $ca->issue
        ("App::CamelPKI::CertTemplate::PKI1", $webserverkey->get_public_key,
         dns => $web_dns);
    my ($webservercert) = $ca->commit;
    $webserver->set_keys
        (-certificate => $webservercert,
         -key => $webserverkey,
         -certification_chain => [ $CA1, $CA0 ]);

    my ($admincert, $adminkey) = $self->make_admin_credentials;
    write_file(catfile($privdir, "admin.pem"), $admincert->serialize);
    write_file(catfile($privdir, "admin.key"), $adminkey->serialize);

    return $self;
}

=head2 make_admin_credentials

Regenerate an initial administrator certificate and private key, and
returns a pair ($cert, $key) which are respectively
L<App::CamelPKI::Certificate> and L<App::CamelPKI::PrivateKey> instances. Old
administrator certificates are revoked.

=cut

sub make_admin_credentials {
    my ($self) = @_;

    my $ca = $self->instance;
    my $adminkey = App::CamelPKI::PrivateKey->genrsa($self->{keysize});
    my $admintemplate = "App::CamelPKI::CertTemplate::PKI2";
    $ca->issue($admintemplate, $adminkey->get_public_key);
    $ca->revoke($admintemplate, $_)
        for $ca->database->search(template => $admintemplate);
    my ($admincert) = $ca->commit;
    return ($admincert, $adminkey);
}

=head2 certification_chain

Returns an L<App::CamelPKI::Certificate> objects list which represents
certificates that have been signed by this Certificate Authority, excluding
this CA certificate itself (which is accessible using
L<App::CamelPKI::CA/certificate>).
Returns an empty list for an autosigned Certicate Authority.

=cut

sub certification_chain {
    my ($self) = @_;
    return App::CamelPKI::Certificate->load($self->_root_ca_cert_path);
}

=head1 FACETS

=head2 facet_readonly

=head2 facet_crl_only

=head2 facet_certtemplate($template)

=head2 facet_operational

These methods create and return a new I<App::CamelPKI::Model::CA>
object with restricted rights, using the following way:

=over

=item L</do_ceremony>

This method is made inaccessible in all facets.

=item L</instance>

The underlying I<App::CamelPKI::CA> instance returned is restricted in
exactly the same ways as the facet of the same name in
L<App::CamelPKI::CA>.

=back

=cut

foreach my $method (qw(facet_readonly facet_crl_only facet_certtemplate
                       facet_operational)) {
    no strict "refs";
    *{$method} = sub {
        my $self = shift;
        my $facet = Class::Facet->make
            ("App::CamelPKI::Model::CA::FacetAny", $self);
        $facet->{instance} = $self->instance->$method(@_);
        return $facet;
    };
}

{
    package App::CamelPKI::Model::CA::FacetAny;

    sub instance { shift->{instance} }

    use Class::Facet from => "App::CamelPKI::Model::CA",
        delegate => [qw(db_dir certification_chain)];
}

=begin internals

=head2 _make_ca

Build the L<App::CamelPKI::CA> instance which is returned by
L</instance>.

=cut

sub _make_ca {
    my ($self) = @_;



( run in 0.836 second using v1.01-cache-2.11-cpan-5a3173703d6 )