xrootd
XrdCryptosslAux.hh
Go to the documentation of this file.
1#ifndef __CRYPTO_SSLAUX_H__
2#define __CRYPTO_SSLAUX_H__
3/******************************************************************************/
4/* */
5/* X r d C r y p t o S s l A u x . h h */
6/* */
7/* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
8/* Produced by Gerri Ganis for CERN */
9/* */
10/* This file is part of the XRootD software suite. */
11/* */
12/* XRootD is free software: you can redistribute it and/or modify it under */
13/* the terms of the GNU Lesser General Public License as published by the */
14/* Free Software Foundation, either version 3 of the License, or (at your */
15/* option) any later version. */
16/* */
17/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20/* License for more details. */
21/* */
22/* You should have received a copy of the GNU Lesser General Public License */
23/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25/* */
26/* The copyright holder's institutional names and contributor's names may not */
27/* be used to endorse or promote products derived from this software without */
28/* specific prior written permission of the institution or contributor. */
29/******************************************************************************/
30
31/* ************************************************************************** */
32/* */
33/* OpenSSL utility functions */
34/* */
35/* ************************************************************************** */
36
37#include "XrdCrypto/XrdCryptoAux.hh"
38#include "XrdCrypto/XrdCryptoFactory.hh"
39#include "XrdCrypto/XrdCryptoX509Chain.hh"
40#include <openssl/asn1.h>
41
42#define kSslKDFunDefLen 24
43
45class XrdTlsPeerCerts;
46
47//
48// Password-Based Key Derivation Function 2, specified in PKCS #5
49//
50int XrdCryptosslKDFunLen(); // default buffer length
51int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen,
52 char *key, int len);
53//
54// X509 manipulation: certificate verification
55bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *c, XrdCryptoX509 *r);
56// chain verification
57bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode);
58// chain export to bucket
59XrdSutBucket *XrdCryptosslX509ExportChain(XrdCryptoX509Chain *c, bool key = 0);
60// chain export to file (proxy file creation)
61int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *c, const char *fn);
62// certificates from file parsing
63int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *c);
64// certificates from bucket parsing
65int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *c);
66// certificates from STACK_OF(X509*)
67int XrdCryptosslX509ParseStack(void* ssl, XrdCryptoX509Chain *chain);
68//
69// Function to convert from ASN1 time format into UTC since Epoch (Jan 1, 1970)
70time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1);
71
72// Function to convert X509_NAME into a one-line human readable string
73void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s);
74
75//
76// X509 proxy auxilliary functions
77// Function to check presence of a proxyCertInfo and retrieve the path length
78// constraint. Written following RFC3820 and examples in openssl-<vers>/crypto
79// source code. Extracts the policy field but ignores it contents.
80bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0);
81void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen);
82// Create proxy certificates
83int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *,
84 XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
85// Create a proxy certificate request
86int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *,
87 XrdCryptoX509Req **, XrdCryptoRSA **);
88// Sign a proxy certificate request
89int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *,
90 XrdCryptoX509Req *, XrdCryptoX509 **);
91// Check a proxy certificate GSI 3
92int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &);
93// Get VOMS attributes, if any
94int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &);
95
96/******************************************************************************/
97/* E r r o r L o g g i n g / T r a c i n g F l a g s */
98/******************************************************************************/
99#define sslTRACE_ALL 0x0007
100#define sslTRACE_Dump 0x0004
101#define sslTRACE_Debug 0x0002
102#define sslTRACE_Notify 0x0001
103
104/******************************************************************************/
105/* E r r o r s i n P r o x y M a n i p u l a t i o n s */
106/******************************************************************************/
107#define kErrPX_Error 1 // Generic error condition
108#define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file
109#define kErrPX_BadEECkey 3 // Inconsistent EEC key
110#define kErrPX_ExpiredEEC 4 // EEC is expired
111#define kErrPX_NoResources 5 // Unable to create new objects
112#define kErrPX_SetAttribute 6 // Unable to set a certificate attribute
113#define kErrPX_SetPathDepth 7 // Unable to set path depth
114#define kErrPX_Signing 8 // Problems signing
115#define kErrPX_GenerateKey 9 // Problem generating the RSA key
116#define kErrPX_ProxyFile 10 // Problem creating / updating proxy file
117#define kErrPX_BadNames 11 // Names in certificates are bad
118#define kErrPX_BadSerial 12 // Problems resolving serial number
119#define kErrPX_BadExtension 13 // Problems with the extensions
120
121#endif
122
XrdCryptosslSetPathLenConstraint
void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen)
XrdCryptosslNameOneLine
void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
XrdCryptosslX509CheckProxy3
int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &)
XrdCryptosslKDFunLen
int XrdCryptosslKDFunLen()
XrdCryptosslKDFun
int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen, char *key, int len)
XrdCryptosslX509VerifyCert
bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *c, XrdCryptoX509 *r)
XrdCryptosslX509SignProxyReq
int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
XrdCryptosslProxyCertInfo
bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy=0)
XrdCryptosslX509ChainToFile
int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *c, const char *fn)
XrdCryptosslX509ParseBucket
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *c)
XrdCryptosslX509CreateProxyReq
int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
XrdCryptosslX509ParseFile
int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *c)
XrdCryptosslX509CreateProxy
int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
XrdCryptosslASN1toUTC
time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
XrdCryptosslX509GetVOMSAttr
int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &)
XrdCryptosslX509ParseStack
int XrdCryptosslX509ParseStack(void *ssl, XrdCryptoX509Chain *chain)
XrdCryptosslX509ExportChain
XrdSutBucket * XrdCryptosslX509ExportChain(XrdCryptoX509Chain *c, bool key=0)
XrdCryptosslX509VerifyChain
bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode)
XrdCryptoRSA
Definition: XrdCryptoRSA.hh:51
XrdCryptoX509Chain
Definition: XrdCryptoX509Chain.hh:80
XrdCryptoX509Req
Definition: XrdCryptoX509Req.hh:50
XrdCryptoX509
Definition: XrdCryptoX509.hh:51
XrdCryptogsiX509Chain
Definition: XrdCryptogsiX509Chain.hh:50
XrdOucString
Definition: XrdOucString.hh:254
XrdSutBucket
Definition: XrdSutBucket.hh:44
XrdProxyOpt_t
Definition: XrdCryptoFactory.hh:100
Generated by doxygen 1.9.3