xrootd
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
XrdCryptosslX509.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_SSLX509_H__
2 #define __CRYPTO_SSLX509_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o s s l X 5 0 9 . h h */
6 /* */
7 /* (c) 2005 G. Ganis , CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* OpenSSL implementation of XrdCryptoX509 */
34 /* */
35 /* ************************************************************************** */
36 
38 
39 #include <openssl/x509v3.h>
40 #include <openssl/bio.h>
41 #include <openssl/evp.h>
42 
43 #if OPENSSL_VERSION_NUMBER >= 0x0090800f
44 # define XRDGSI_CONST const
45 #else
46 # define XRDGSI_CONST
47 #endif
48 
49 // ---------------------------------------------------------------------------//
50 //
51 // OpenSSL X509 implementation
52 //
53 // ---------------------------------------------------------------------------//
55 {
56 
57 public:
58  XrdCryptosslX509(const char *cf, const char *kf = 0);
60  XrdCryptosslX509(X509 *cert);
61  virtual ~XrdCryptosslX509();
62 
63  // Access underlying data (in opaque form: used in chains)
65 
66  // Dump extensions
67  int DumpExtensions(bool dumpunknown = 0);
68 
69  // Access certificate key
70  XrdCryptoRSA *PKI() { return pki; }
72 
73  // Export in form of bucket (for transfers)
75 
76  // Parent file
77  const char *ParentFile() { return (const char *)(srcfile.c_str()); }
78 
79  // Proxy type
80  const char *ProxyType() const { return cpxytype[pxytype]; }
81 
82  // Key strength
83  int BitStrength() { return ((cert) ? EVP_PKEY_bits(X509_get_pubkey(cert)) : -1);}
84 
85  // Serial number
88 
89  // Validity
90  time_t NotBefore(); // get begin-validity time in secs since Epoch
91  time_t NotAfter(); // get end-validity time in secs since Epoch
92 
93  // Relevant Names
94  const char *Subject(); // get subject name
95  const char *Issuer(); // get issuer name
96 
97  // Relevant hashes
98  const char *SubjectHash(int = 0); // get hash of subject name
99  const char *IssuerHash(int = 0); // get hash of issuer name
100 
101  // Check SANs
102  virtual bool MatchesSAN(const char *, bool &);
103 
104  // Retrieve a given extension if there (in opaque form)
105  XrdCryptoX509data GetExtension(const char *oid);
106 
107  // Verify signature
108  bool Verify(XrdCryptoX509 *ref);
109 
110 private:
111  X509 *cert; // The certificate object
112  time_t notbefore; // begin-validity time in secs since Epoch
113  time_t notafter; // end-validity time in secs since Epoch
114  XrdOucString subject; // subject;
115  XrdOucString issuer; // issuer name;
116  XrdOucString subjecthash; // Default hash of subject;
117  XrdOucString issuerhash; // Default hash of issuer name;
118  XrdOucString subjectoldhash; // Old (md5) hash of subject if v >= 1.0.0;
119  XrdOucString issueroldhash; // Old (md5) hash of issuer name if v >= 1.0.0;
120  XrdOucString srcfile; // source file name, if any;
121  XrdSutBucket *bucket; // Bucket for export operations
122  XrdCryptoRSA *pki; // PKI of the certificate
123  int pxytype; // Type of proxy (RFC, gsi 3, legacy gsi 2)
124 
125  int FillUnknownExt(XRDGSI_CONST unsigned char **pp, long length, bool dump = 0);
126  int Asn1PrintInfo(int tag, int xclass, int constructed, int indent);
127  void CertType();
128 
129  static const char *cpxytype[5]; // Names of types
130 };
131 
132 #endif
XrdSutBucket * Export()
int pxytype
Definition: XrdCryptosslX509.hh:123
const char * Issuer()
Definition: XrdCryptoRSA.hh:50
int BitStrength()
Definition: XrdCryptosslX509.hh:83
virtual bool MatchesSAN(const char *, bool &)
const char * c_str() const
Definition: XrdOucString.hh:280
const char * Subject()
time_t notafter
Definition: XrdCryptosslX509.hh:113
XrdCryptoRSA * PKI()
Definition: XrdCryptosslX509.hh:70
XrdOucString subjectoldhash
Definition: XrdCryptosslX509.hh:118
virtual ~XrdCryptosslX509()
XrdOucString issuerhash
Definition: XrdCryptosslX509.hh:117
const char * ProxyType() const
Definition: XrdCryptosslX509.hh:80
const char * ParentFile()
Definition: XrdCryptosslX509.hh:77
int DumpExtensions(bool dumpunknown=0)
int FillUnknownExt(XRDGSI_CONST unsigned char **pp, long length, bool dump=0)
X509 * cert
Definition: XrdCryptosslX509.hh:111
XrdCryptosslX509(const char *cf, const char *kf=0)
XrdSutBucket * bucket
Definition: XrdCryptosslX509.hh:121
kXR_int64 SerialNumber()
void SetPKI(XrdCryptoX509data pki)
Definition: XrdCryptosslX509.hh:54
XrdOucString srcfile
Definition: XrdCryptosslX509.hh:120
XrdCryptoX509data Opaque()
Definition: XrdCryptosslX509.hh:64
static const char * cpxytype[5]
Definition: XrdCryptosslX509.hh:129
XrdCryptoRSA * pki
Definition: XrdCryptosslX509.hh:122
const char * IssuerHash()
Definition: XrdCryptoX509.hh:99
XrdOucString issuer
Definition: XrdCryptosslX509.hh:115
time_t NotBefore()
XrdOucString SerialNumberString()
void * XrdCryptoX509data
Definition: XrdCryptoX509.hh:43
Definition: XrdSutBucket.hh:43
bool Verify(XrdCryptoX509 *ref)
XrdOucString issueroldhash
Definition: XrdCryptosslX509.hh:119
const char * SubjectHash()
Definition: XrdCryptoX509.hh:104
#define XRDGSI_CONST
Definition: XrdCryptosslX509.hh:46
XrdOucString subject
Definition: XrdCryptosslX509.hh:114
time_t notbefore
Definition: XrdCryptosslX509.hh:112
int Asn1PrintInfo(int tag, int xclass, int constructed, int indent)
XrdOucString subjecthash
Definition: XrdCryptosslX509.hh:116
long long kXR_int64
Definition: XPtypes.hh:98
Definition: XrdCryptoX509.hh:51
Definition: XrdOucString.hh:254
XrdCryptoX509data GetExtension(const char *oid)