xrootd
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
XrdCryptosslX509Crl.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_SSLX509CRL_H__
2 #define __CRYPTO_SSLX509CRL_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o s s l X 5 0 9 C r l . h h */
6 /* */
7 /* (c) 2005 G. Ganis , CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 #include <openssl/x509v3.h>
31 
32 /* ************************************************************************** */
33 /* */
34 /* OpenSSL X509 CRL implementation . */
35 /* */
36 /* ************************************************************************** */
37 
38 #include "XrdSut/XrdSutCache.hh"
40 
41 // ---------------------------------------------------------------------------//
42 //
43 // X509 CRL interface
44 // Describes one CRL certificate
45 //
46 // ---------------------------------------------------------------------------//
47 
48 class XrdCryptoX509;
49 
51 public:
52 
53  XrdCryptosslX509Crl(const char *crlf, int opt = 0);
54  XrdCryptosslX509Crl(FILE *, const char *crlf);
56  virtual ~XrdCryptosslX509Crl();
57 
58  // Status
59  bool IsValid() { return (crl != 0); }
60 
61  // Access underlying data (in opaque form: used in chains)
63 
64  // Dump information
65  void Dump();
66  const char *ParentFile() { return (const char *)(srcfile.c_str()); }
67 
68  // Validity interval
69  time_t LastUpdate(); // time when last updated
70  time_t NextUpdate(); // time foreseen for next update
71 
72  // Issuer of top certificate
73  const char *Issuer();
74  const char *IssuerHash(int); // hash
75 
76  // Chec certificate revocation
77  bool IsRevoked(int serialnumber, int when = 0);
78  bool IsRevoked(const char *sernum, int when = 0);
79 
80  // Verify signature
81  bool Verify(XrdCryptoX509 *ref);
82 
83  // Dump CRL object to a file.
84  bool ToFile(FILE *fh);
85 
86 private:
87  X509_CRL *crl{nullptr}; // The CRL object
88  time_t lastupdate{-1}; // time of last update
89  time_t nextupdate{-1}; // time of next update
90  XrdOucString issuer; // issuer name;
91  XrdOucString issuerhash; // hash of issuer name (default algorithm);
92  XrdOucString issueroldhash; // hash of issuer name (md5 algorithm);
93  XrdOucString srcfile; // source file name, if any;
94  XrdOucString crluri; // URI from where to get the CRL file, if any;
95 
96  int nrevoked{0}; // Number of certificates revoked
97  XrdSutCache cache; // cached infor about revoked certificates
98 
99  int GetFileType(const char *crlfn); //Determine file type
100  int LoadCache(); // Load the cache
101  int Init(const char *crlf); // Init from file
102  int Init(FILE *fc, const char *crlf); // Init from file handle
103  int InitFromURI(const char *uri, const char *hash); // Init from URI
104 };
105 
106 #endif
int GetFileType(const char *crlfn)
Definition: XrdSutCache.hh:49
const char * c_str() const
Definition: XrdOucString.hh:280
time_t nextupdate
Definition: XrdCryptosslX509Crl.hh:89
bool ToFile(FILE *fh)
virtual ~XrdCryptosslX509Crl()
XrdOucString srcfile
Definition: XrdCryptosslX509Crl.hh:93
int nrevoked
Definition: XrdCryptosslX509Crl.hh:96
bool IsValid()
Definition: XrdCryptosslX509Crl.hh:59
std::size_t hash(const BasicJsonType &j)
hash a JSON value
Definition: XrdOucJson.hh:5221
int Init(const char *crlf)
bool Verify(XrdCryptoX509 *ref)
void * XrdCryptoX509Crldata
Definition: XrdCryptoX509Crl.hh:41
XrdCryptosslX509Crl(const char *crlf, int opt=0)
const char * Issuer()
XrdSutCache cache
Definition: XrdCryptosslX509Crl.hh:97
XrdOucString issuer
Definition: XrdCryptosslX509Crl.hh:90
time_t lastupdate
Definition: XrdCryptosslX509Crl.hh:88
const char * ParentFile()
Definition: XrdCryptosslX509Crl.hh:66
bool IsRevoked(int serialnumber, int when=0)
Definition: XrdCryptosslX509Crl.hh:50
int InitFromURI(const char *uri, const char *hash)
Definition: XrdCryptoX509Crl.hh:49
XrdOucString issuerhash
Definition: XrdCryptosslX509Crl.hh:91
XrdCryptoX509Crldata Opaque()
Definition: XrdCryptosslX509Crl.hh:62
XrdOucString issueroldhash
Definition: XrdCryptosslX509Crl.hh:92
XrdOucString crluri
Definition: XrdCryptosslX509Crl.hh:94
Definition: XrdCryptoX509.hh:51
const char * IssuerHash()
Definition: XrdCryptoX509Crl.hh:73
Definition: XrdOucString.hh:254