|
pure virtual |
Generate a X509 V3 certificate binding the pDN and publicKeyFile contents with a signature from the CA.
The CA is specified via the CACertFile and CAPrivateKeyFile.
This function can also be used to generate a CA's self-signed certificate. To do this pass the CA's distinguished name in for pDN and set the CACertFile to NULL. The resulting newCertFile can then be used as the CACertFile parameter in future calls.
To create a certificate with extensions requires that a CACertFile be available. So to do this requires a two step process. First create a CA cert without any extensions passing a NULL for the CACertFile parameter. Second, create a second (and main) CA cert with extensions using the first (and preliminary) CA cert for the CACertFile paramater.
pDN | [ in ] A distinguished name defined as an array of P6CERTRDN values. The distinguished name of the subject of the certificate. For self signed certificates this will be used for both subject and issuer. |
numDN | [IN} The number of entries in the pDN array. |
pPublicKey | [ in ] A pointer to the p6ICryptoKey interface for the public key (either RSA or DSA) to be stored in the new certificate. |
pPrivateKey | [ in ] A pointer to the p6ICryptoKey interface for the private key of the CA used to sign the new certificate. |
pCACertificate | [ in ] The CA's certificate containing the issuer's distinguished name and public key. This parameter MUST be NULL for self-signed certificates. |
secondsToExpire | [ in ] The life time of the certificate specified in seconds. |
pExtensionSet | [ in ] An array of extensions to be added to the V3 certificate. This pointer can be NULL if no extensions are required. |
numExtension | [ in ] The number of entries in pExtensionSet |
pCertificate | [ out ] Pointer to the generated certificate |
Success | P6R::eOk | |
Failure | P6R::eNotInitialized | A successful call to initialize was not made before this call. |
P6R::eFormatError | Unrecognized values for the distingished name (e.g., use "US" not "United States"). | |
P6R::eInvalidArg | One of the parameters is NULL, numDN is zero, or secondsToExpire is zero. | |
P6R::eNotFound | Cannot open to read either publicKeyFile, CAPrivateKeyFile, or CACertFile. | |
P6R::eIoError | Failure during reading either publicKeyFile, CAPrivateKeyFile, or CACertFile. Failure to write the newCertFile. | |
P6R::eInternalError | Failed to properly sign the newly generated certificate. | |
P6R::eInvalidDescriptor | The specified CAPrivateKeyFile is not either an RSA or DSA key. | |
P6R::eFail | Failure to set the secondsToExpire value on the newly generated certificate. | |
P6R::eInvalidState | Failure to properly assign values to the newly generated certificate. | |
P6R::eNoMemory | Insufficient memory to generate new certificate in RAM. | |
P6R::eUnsupported | If CACertFile is NULL but pExetnsionSet is non-NULL. That is, a CA cert is required to set V3 extensions. Or an unsupported extension has been passed in. |