Add PEMFileFactory and Enhance Certificate Handling

- Introduced `PEMFileFactory` class for handling PEM format certificates.
- Updated `certs/Makefile` to include `pemfilefactory.cpp` and `certfilefactory.cpp`.
- Refactored certificate retrieval and key management logic.
- Enhanced certificate creation functions to handle missing certificates and keys more robustly.
- Integrated `CertFileFactory` as a unified interface for handling both PEM and PKCS#12 (P12) files.
- Updated `createCaCertificate` and `ensureServerCertificateExists` functions to utilize the new factory classes.
- Modified error handling and logging for certificate operations.

certs/Makefile

@@ -13,6 +13,8 @@ USR_CPPFLAGS += -DPVXS_ENABLE_OPENSSL
 AUTHN = $(TOP)/certs/authn
 SRC_DIRS += $(TOP)/src
 SRCS += p12filefactory.cpp
+SRCS += pemfilefactory.cpp
+SRCS += certfilefactory.cpp
 SRCS += certfactory.cpp
 
 PROD_LIBS = pvxs Com

certs/authn/auth.cpp

@@ -15,6 +15,7 @@
 #include "ccrmanager.h"
 #include "ownedptr.h"
 #include "security.h"
+#include "certfactory.h"
 #include "p12filefactory.h"
 
 namespace pvxs {
@@ -79,11 +80,10 @@ std::string Auth::processCertificateCreationRequest(const std::shared_ptr<CertCr
 
 std::shared_ptr<KeyPair> Auth::createKeyPair(const ConfigCommon &config) {
     // Create a key pair
-    const auto key_pair(P12FileFactory::createKeyPair());
+    const auto key_pair(CertFileFactory::createKeyPair());
 
     // Create PKCS#12 file containing private key
-    P12FileFactory p12file_factory(config.tls_private_key_filename, config.tls_private_key_password, key_pair);
-    p12file_factory.writePKCS12File();
+    CertFileFactory::create(config.tls_private_key_filename, config.tls_private_key_password, key_pair)->writeCertFile();
     return key_pair;
 }
 }  // namespace certs

certs/authn/std/authnstd.cpp

@@ -4,14 +4,16 @@
  * in file LICENSE that is included with this distribution.
  */
 
+#include "authnstd.h"
+
 #include <ifaddrs.h>
 #include <osiProcess.h>
 
 #include <pvxs/log.h>
 
-#include "authnstd.h"
-#include "openssl.h"
+#include "certfilefactory.h"
 #include "configstd.h"
+#include "openssl.h"
 #include "p12filefactory.h"
 #include "utilpvt.h"
 
@@ -21,18 +23,21 @@ namespace pvxs {
 namespace certs {
 
 void usage(const char *argv0) {
-    std::cerr << "Usage: " << argv0 << " <opts> \n"
-                                       "\n"
-                                       " -v                   Make more noise.\n";
+    std::cerr << "Usage: " << argv0
+              << " <opts> \n"
+                 "\n"
+                 " -v                   Make more noise.\n";
 }
 
 int readOptions(ConfigStd &config, int argc, char *argv[], bool &verbose) {
     int opt;
     while ((opt = getopt(argc, argv, "v")) != -1) {
         switch (opt) {
-            case 'v':verbose = true;
+            case 'v':
+                verbose = true;
                 break;
-            default:usage(argv[0]);
+            default:
+                usage(argv[0]);
                 std::cerr << "\nUnknown argument: -" << char(optopt) << std::endl;
                 return 2;
         }
@@ -150,8 +155,7 @@ std::shared_ptr<Credentials> AuthStd::getCredentials(const ConfigStd &config) co
         }
     }
 
-    log_debug_printf(auths, "X.509 Credentials retrieved for: %s@%s\n", x509_credentials->name.c_str(),
-                     x509_credentials->organization.c_str());
+    log_debug_printf(auths, "X.509 Credentials retrieved for: %s@%s\n", x509_credentials->name.c_str(), x509_credentials->organization.c_str());
 
     return x509_credentials;
 };
@@ -169,16 +173,14 @@ std::shared_ptr<Credentials> AuthStd::getCredentials(const ConfigStd &config) co
  * @param usage certificate usage
  * @return A managed shared CertCreationRequest object.
  */
-std::shared_ptr<CertCreationRequest> AuthStd::createCertCreationRequest(
-  const std::shared_ptr<Credentials> &credentials, const std::shared_ptr<KeyPair> &key_pair, const uint16_t &usage) const {
+std::shared_ptr<CertCreationRequest> AuthStd::createCertCreationRequest(const std::shared_ptr<Credentials> &credentials,
+                                                                        const std::shared_ptr<KeyPair> &key_pair, const uint16_t &usage) const {
     auto cert_creation_request = Auth::createCertCreationRequest(credentials, key_pair, usage);
 
     return cert_creation_request;
 };
 
-bool AuthStd::verify(const Value ccr, std::function<bool(const std::string &, const std::string &)>) const {
-    return true;
-}
+bool AuthStd::verify(const Value ccr, std::function<bool(const std::string &, const std::string &)>) const { return true; }
 }  // namespace certs
 }  // namespace pvxs
 
@@ -209,7 +211,7 @@ int main(int argc, char *argv[]) {
             // Get key pair
             try {
                 // Check if the key pair exists
-                key_pair = P12FileFactory::getKeyFromFile(config.tls_private_key_filename, config.tls_private_key_password);
+                key_pair = CertFileFactory::create(config.tls_private_key_filename, config.tls_private_key_password)->getKeyFromFile();
             } catch (std::exception &e) {
                 // Make a new key pair file
                 try {
@@ -220,7 +222,6 @@ int main(int argc, char *argv[]) {
                 }
             }
 
-
             // Create a certificate creation request using the credentials and
             // key pair
             auto cert_creation_request = authenticator.createCertCreationRequest(credentials, key_pair, pvxs::ssl::kForClient);
@@ -233,31 +234,29 @@ int main(int argc, char *argv[]) {
 
             // If the certificate was created successfully,
             if (!p12PemString.empty()) {
-                log_debug_printf(auths, "Cert generated by PVACMS and successfully received: %s\n",
-                                 p12PemString.c_str());
+                log_debug_printf(auths, "Cert generated by PVACMS and successfully received: %s\n", p12PemString.c_str());
 
                 // Attempt to write the certificate and private key
-                // to a PKCS#12 file protected by the configured password
-                P12FileFactory p12_file_factory(config.tls_cert_filename, config.tls_cert_password, key_pair, p12PemString);
+                // to a cert file protected by the configured password
+                auto file_factory =
+                    CertFileFactory::create(config.tls_cert_filename, config.tls_cert_password, key_pair, nullptr, nullptr, "certificate", p12PemString);
+                file_factory->writeCertFile();
 
-                p12_file_factory.writePKCS12File();
-
-                log_info_printf(auths, "New P12 File created using %s: %s\n", METHOD_STRING(authenticator.type_).c_str(), config.tls_cert_filename.c_str());
-                std::cout << "Certificate created with "
-                          << ((authenticator.type_ == PVXS_DEFAULT_AUTH_TYPE) ? "basic" : authenticator.type_)
+                log_info_printf(auths, "New Cert File created using %s: %s\n", METHOD_STRING(authenticator.type_).c_str(), config.tls_cert_filename.c_str());
+                std::cout << "Certificate created with " << ((authenticator.type_ == PVXS_DEFAULT_AUTH_TYPE) ? "basic" : authenticator.type_)
                           << " credentials and stored in:" << config.tls_cert_filename << "\n";
 
                 // Create the root certificate if it is not already there so
                 // that the user can trust it
-                if (p12_file_factory.writeRootPemFile(p12PemString)) {
+                if (file_factory->writeRootPemFile(p12PemString)) {
                     return CertAvailability::OK;
                 } else {
                     return CertAvailability::ROOT_CERT_INSTALLED;
                 }
             }
         }
     } catch (std::exception &e) {
-        if ( retrieved_credentials ) log_warn_printf(auths, "%s\n", e.what());
+        if (retrieved_credentials) log_warn_printf(auths, "%s\n", e.what());
     }
-    return  0;
+    return 0;
 }