App::CamelPKI::Controller::CA - Camel-PKI Certiciate Authority controller.
Index
Code Index:
NAME
App::CamelPKI::Controller::CA - Camel-PKI Certiciate Authority controller.
DESCRIPTION
This controller provides the CA-wide actions that are independent of
any given certificate template.
Actions with name ending by _pem don't use App::CamelPKI::View::JSON,
but rather transmit directly their data in text/plain; this enables
operation with very basic clients (e.g. 'wget'). Most of these
text/plain actions do not require a client certificate and are
publicly accessible.
- certificate_pem
-
Returns the AC certicate, in PEM format.
Note: the Content-Type is text/plain, and not
application/pkix-cert (as mentioned in RFC2585), because it
would seem that the latter is intended for DER format.
- certificate_chain_pem
-
Returns a list of certificates in PEM format concatenated
together. The first of these certificates is the same that
certicate_pem; the whole list constitues a valid certification
chain in the sense of RFC3280 section 6.
- gen_crl
-
Immediately generates a new CRL, and returns it in PEM format.
Note: the Content-Type is text/plain, and not
application/pkix-cert (as mentioned in RFC2585), because it would
seem that the latter is intended for DER format.
- current_crl
-
Returns the last CRL issued by gen_crl, unless it is set to expire
shortly, in which case a new CRL is generated, stored and returned.
- examine_crl
-
Sends the right template in order to consult the CRL.
- download_crl
-
Sends back in a text file in DER format the CRL.
- list_issued_certificates
-
Gets the list of Certificates wich are currently issued and not revoked yet.
- list_revoked_certificates
-
Gets the list of Certificates wich are currently revoked.
package App::CamelPKI::Controller::CA;
use strict;
use warnings;
use base 'Catalyst::Controller';
use App::CamelPKI::CA;
sub certificate_pem : Local {
my ($self, $c) = @_;
$c->response->content_type("text/plain");
$c->response->body($c->model("CA")->instance->certificate->serialize);
}
sub certificate_chain_pem : Local {
my ($self, $c) = @_;
$c->response->content_type("text/plain");
my $ca = $c->model("CA");
$c->response->body
(join("", $ca->instance->certificate->serialize,
map { $_->serialize } ($ca->certification_chain)));
}
sub gen_crl : Local {
my ($self, $c) = @_;
$c->response->content_type("text/plain");
$c->response->body($c->model("CA")->instance->issue_crl->serialize);
}
sub current_crl : Local {
my ($self, $c) = @_;
$c->forward("gen_crl"); # FIXME: implement caching.
}
sub examine_crl : Local {
my ($self, $c) = @_;
$c->stash->{crl} = $c->model("CA")->instance->issue_crl->serialize;
$c->stash->{template} = "crl/consult.tt2";
}
sub download_crl : Local{
my ($self, $c) = @_;
$c->response->content_type("application/octet-stream");
my $crl = App::CamelPKI::CRL->parse(
$c->model("CA")->instance->issue_crl->serialize,
-format => "PEM");
$c->response->body($crl->serialize(-format => "DER"));
}
sub list_issued_certificates : Local{
my ($self, $c) = @_;
my @certs = $c->model("CA")->instance->get_certificates_issued;
foreach my $myCert (@certs){
push @{$c->stash->{certs}},
{
serial => $myCert->get_serial,
subject => $myCert->get_subject_DN->to_string,
notBefore => $myCert->get_notBefore,
notAfter => $myCert->get_notAfter,
};
}
$c->stash->{template} = "certificate/list_issued.tt2";
}
sub list_revoked_certificates : Local{
my ($self, $c) = @_;
my @certs = $c->model("CA")->instance->get_certificates_revoked;
foreach my $myCert (@certs){
push @{$c->stash->{certs}},
{
serial => $myCert->get_serial,
subject => $myCert->get_subject_DN->to_string,
notBefore => $myCert->get_notBefore,
notAfter => $myCert->get_notAfter,
public_key => $myCert->get_public_key->serialize,
};
}
$c->stash->{template} = "certificate/list_revoked.tt2";
}
1;