xrootd
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
XrdCryptoFactory.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_FACTORY_H__
2 #define __CRYPTO_FACTORY_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o F a c t o r y . h h */
6 /* */
7 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
8 /* Produced by Gerri Ganis for CERN */
9 /* */
10 /* This file is part of the XRootD software suite. */
11 /* */
12 /* XRootD is free software: you can redistribute it and/or modify it under */
13 /* the terms of the GNU Lesser General Public License as published by the */
14 /* Free Software Foundation, either version 3 of the License, or (at your */
15 /* option) any later version. */
16 /* */
17 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20 /* License for more details. */
21 /* */
22 /* You should have received a copy of the GNU Lesser General Public License */
23 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25 /* */
26 /* The copyright holder's institutional names and contributor's names may not */
27 /* be used to endorse or promote products derived from this software without */
28 /* specific prior written permission of the institution or contributor. */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* Abstract interface for a crypto factory */
34 /* Allows to plug-in modules based on different crypto implementation */
35 /* (OpenSSL, Botan, ...) */
36 /* */
37 /* ************************************************************************** */
38 
40 
41 #define MAXFACTORYNAMELEN 10
42 // ---------------------------------------------------------------------------//
43 //
44 // Abstract Crypto Factory
45 //
46 // ---------------------------------------------------------------------------//
47 
48 class XrdSutBucket;
49 class XrdOucString;
50 class XrdCryptoCipher;
51 class XrdCryptoMsgDigest;
52 class XrdCryptoRSA;
53 class XrdCryptoX509;
54 class XrdCryptoX509Chain;
56 class XrdCryptoX509Crl;
57 class XrdCryptoX509Req;
58 class XrdTlsPeerCerts;
59 
60 //
61 // Prototypes for some Utility Functions
62 
63 // Key derivation function
64 typedef int (*XrdCryptoKDFunLen_t)();
65 typedef int (*XrdCryptoKDFun_t)(const char *pass, int plen,
66  const char *salt, int slen,
67  char *key, int klen);
68 
69 // X509 manipulation: certificate verification
71 // chain verification
73  int &errcode);
74 // chain export
75 typedef XrdSutBucket *(*XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool);
76 
77 // chain to file
78 typedef int (*XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *);
79 
80 // certificates from file parsing
81 typedef int (*XrdCryptoX509ParseFile_t)(const char *fname,
82  XrdCryptoX509Chain *, const char *);
83 
84 // certificates from STACK_OF(X509*)
87 
88 // certificates from bucket parsing
91 // Proxies
92 // The OID of the extension
93 #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222"
94 #define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14"
95 // check presence of proxyCertInfo extension (RFC 3820)
96 typedef bool (*XrdCryptoProxyCertInfo_t)(const void *, int &, bool *);
97 // set path length constraint
98 typedef void (*XrdCryptoSetPathLenConstraint_t)(void *, int);
99 // create a proxy certificate
100 typedef struct {
101  int bits; // Number of bits in the RSA key [512]
102  int valid; // Duration validity in secs [43200 (12 hours)]
103  int depthlen; // Maximum depth of the path of proxy certificates
104  // that can signed by this proxy certificates
105  // [-1 (== unlimited)]
106 } XrdProxyOpt_t;
107 typedef int (*XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *,
108  XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
109 // create a proxy certificate request
112 // sign a proxy certificate request
115 // check consistency of a GSI 3 compliant proxy
117 
118 // get VOMS attributes
120 
122 {
123 private:
125  int fID;
126 public:
127  XrdCryptoFactory(const char *n = "Unknown", int id = -1);
128  virtual ~XrdCryptoFactory() { }
129 
130  // Set trace flags
131  virtual void SetTrace(kXR_int32 trace);
132 
133  // Get the factory name
134  char *Name() const { return (char *)&name[0]; }
135  int ID() const { return fID; }
136 
137  // Get the right factory
138  static XrdCryptoFactory *GetCryptoFactory(const char *factoryname);
139 
140  // Any possible notification
141  virtual void Notify() { }
142 
143  // Hook to a Key Derivation Function (PBKDF2 when possible)
144  virtual XrdCryptoKDFunLen_t KDFunLen(); // Length of buffer
145  virtual XrdCryptoKDFun_t KDFun();
146 
147  // Cipher constructors
148  virtual bool SupportedCipher(const char *t);
149  virtual bool HasPaddingSupport();
150  virtual XrdCryptoCipher *Cipher(const char *t, int l = 0);
151  virtual XrdCryptoCipher *Cipher(const char *t, int l, const char *k,
152  int liv, const char *iv);
153  virtual XrdCryptoCipher *Cipher(XrdSutBucket *b);
154  virtual XrdCryptoCipher *Cipher(int bits, char *pub, int lpub, const char *t = 0);
155  virtual XrdCryptoCipher *Cipher(bool padded, int bits, char *pub, int lpub, const char *t);
156  virtual XrdCryptoCipher *Cipher(const XrdCryptoCipher &c);
157 
158  // MsgDigest constructors
159  virtual bool SupportedMsgDigest(const char *dgst);
160  virtual XrdCryptoMsgDigest *MsgDigest(const char *dgst);
161 
162  // RSA constructors
163  virtual XrdCryptoRSA *RSA(int b = 0, int e = 0);
164  virtual XrdCryptoRSA *RSA(const char *p, int l = 0);
165  virtual XrdCryptoRSA *RSA(const XrdCryptoRSA &r);
166 
167  // X509 constructors
168  virtual XrdCryptoX509 *X509(const char *cf, const char *kf = 0);
169  virtual XrdCryptoX509 *X509(XrdSutBucket *b);
170 
171  // X509 CRL constructors
172  virtual XrdCryptoX509Crl *X509Crl(const char *crlfile, int opt = 0);
173  virtual XrdCryptoX509Crl *X509Crl(XrdCryptoX509 *cacert);
174 
175  // X509 REQ constructors
176  virtual XrdCryptoX509Req *X509Req(XrdSutBucket *bck);
177 
178  // Hooks to handle X509 certificates
186 
187  // Hooks to handle X509 proxy certificates
195 
196  // Equality operator
197  bool operator==(const XrdCryptoFactory factory);
198 };
199 #endif
virtual bool HasPaddingSupport()
virtual XrdCryptoX509CreateProxy_t X509CreateProxy()
int(* XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *)
Definition: XrdCryptoFactory.hh:78
virtual XrdCryptoX509VerifyCert_t X509VerifyCert()
Definition: XrdCryptoRSA.hh:50
virtual XrdCryptoX509 * X509(const char *cf, const char *kf=0)
Definition: XrdCryptoMsgDigest.hh:46
XrdSutBucket *(* XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool)
Definition: XrdCryptoFactory.hh:75
Definition: XrdCryptoCipher.hh:47
virtual XrdCryptoX509Req * X509Req(XrdSutBucket *bck)
int(* XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &)
Definition: XrdCryptoFactory.hh:119
bool(* XrdCryptoX509VerifyCert_t)(XrdCryptoX509 *c, XrdCryptoX509 *r)
Definition: XrdCryptoFactory.hh:70
virtual XrdCryptoCipher * Cipher(const char *t, int l=0)
virtual XrdCryptoX509ParseStack_t X509ParseStack()
int(* XrdCryptoKDFunLen_t)()
Definition: XrdCryptoAux.hh:59
virtual void Notify()
Definition: XrdCryptoFactory.hh:141
virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
bool operator==(const XrdCryptoFactory factory)
#define MAXFACTORYNAMELEN
Definition: XrdCryptoFactory.hh:41
int bits
Definition: XrdCryptoFactory.hh:101
int(* XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
Definition: XrdCryptoFactory.hh:107
virtual XrdCryptoX509SignProxyReq_t X509SignProxyReq()
char * Name() const
Definition: XrdCryptoFactory.hh:134
virtual XrdCryptoX509ExportChain_t X509ExportChain()
virtual XrdCryptoX509CreateProxyReq_t X509CreateProxyReq()
virtual XrdCryptoX509CheckProxy3_t X509CheckProxy3()
XrdCryptoFactory(const char *n="Unknown", int id=-1)
int depthlen
Definition: XrdCryptoFactory.hh:103
int(* XrdCryptoX509CreateProxyReq_t)(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
Definition: XrdCryptoFactory.hh:110
Definition: XrdCryptoFactory.hh:100
void(* XrdCryptoSetPathLenConstraint_t)(void *, int)
Definition: XrdCryptoFactory.hh:98
virtual bool SupportedMsgDigest(const char *dgst)
virtual void SetTrace(kXR_int32 trace)
virtual XrdCryptoX509Crl * X509Crl(const char *crlfile, int opt=0)
virtual XrdCryptoMsgDigest * MsgDigest(const char *dgst)
virtual ~XrdCryptoFactory()
Definition: XrdCryptoFactory.hh:128
virtual XrdCryptoX509VerifyChain_t X509VerifyChain()
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
int valid
Definition: XrdCryptoFactory.hh:102
Definition: XrdCryptoX509Req.hh:50
int(* XrdCryptoKDFun_t)(const char *pass, int plen, const char *salt, int slen, char *key, int klen)
Definition: XrdCryptoAux.hh:60
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
int fID
Definition: XrdCryptoFactory.hh:125
virtual XrdCryptoX509ParseBucket_t X509ParseBucket()
char name[MAXFACTORYNAMELEN]
Definition: XrdCryptoFactory.hh:124
virtual XrdCryptoRSA * RSA(int b=0, int e=0)
j template void())
Definition: XrdOucJson.hh:4121
int(* XrdCryptoX509SignProxyReq_t)(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
Definition: XrdCryptoFactory.hh:113
virtual XrdCryptoX509ChainToFile_t X509ChainToFile()
Definition: XrdCryptoX509Crl.hh:49
virtual bool SupportedCipher(const char *t)
Definition: XrdCryptogsiX509Chain.hh:50
Definition: XrdSutBucket.hh:43
int(* XrdCryptoX509CheckProxy3_t)(XrdCryptoX509 *, XrdOucString &)
Definition: XrdCryptoFactory.hh:116
chain(pChain)
Definition: XrdTlsPeerCerts.hh:94
int kXR_int32
Definition: XPtypes.hh:89
Definition: XrdCryptoFactory.hh:121
int(* XrdCryptoX509ParseBucket_t)(XrdSutBucket *, XrdCryptoX509Chain *)
Definition: XrdCryptoFactory.hh:89
bool(* XrdCryptoProxyCertInfo_t)(const void *, int &, bool *)
Definition: XrdCryptoFactory.hh:96
virtual XrdCryptoX509ParseFile_t X509ParseFile()
int(* XrdCryptoX509ParseStack_t)(XrdTlsPeerCerts *pc, XrdCryptoX509Chain *c)
Definition: XrdCryptoFactory.hh:85
virtual XrdCryptoKDFunLen_t KDFunLen()
virtual XrdCryptoKDFun_t KDFun()
virtual XrdCryptoSetPathLenConstraint_t SetPathLenConstraint()
int(* XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *, const char *)
Definition: XrdCryptoFactory.hh:81
Definition: XrdCryptoX509.hh:51
Definition: XrdOucString.hh:254
int ID() const
Definition: XrdCryptoFactory.hh:135
bool(* XrdCryptoX509VerifyChain_t)(XrdCryptoX509Chain *chain, int &errcode)
Definition: XrdCryptoFactory.hh:72
Definition: XrdTlsPeerCerts.hh:34
Definition: XrdCryptoX509Chain.hh:80