38 #include <sys/types.h>
64 #define PRT(x) {std::cerr <<x <<std::endl;}
121 int main(
int argc,
char **argv )
166 PRT(
"cannot attach to X509ParseFile function!");
170 PRT(
"cannot attach to X509CreateProxy function!");
174 PRT(
"cannot attach to ProxyCertInfo function!");
178 PRT(
"cannot attach to X509GetVOMSAttr function!");
195 pxopt.
valid = secValid;
204 xPXp = cPXp->Begin();
208 PRT(
": proxy certificate not found");
211 PRT(
": problems creating proxy");
218 perror(
"xrdgsiproxy");
232 PRT(
"proxy files must have at least two certificates"
233 " (found only: "<<nci<<
")");
238 xPXp = cPXp->Begin();
242 if (strstr(xPXp->
Subject(),
"CN=limited proxy")) {
243 xPXPp = cPXp->SearchBySubject(xPXp->
Issuer());
247 PRT(
"WARNING: found 'limited proxy' but not the associated proxy!");
253 int tl = xPXp->
NotAfter() -(int)time(0);
255 PRT(
"secValid: " << secValid<<
", tl: "<<tl<<
", ClockSkew:"<<
ClockSkew);
272 PRT(
": proxy certificate not found");
290 if (argc < 0 || !argv[0]) {
291 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
292 PRT(
"+ Insufficient number or arguments! +");
293 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
303 while ((argc >= 0) && (*argv)) {
307 if(*(argv)[0] ==
'-') {
323 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
326 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
327 PRT(
"+ Option '-f' requires a proxy file name: ignoring +");
328 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
335 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
338 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
339 PRT(
"+ Option '-file' requires a proxy file name: ignoring +");
340 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
347 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
350 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
351 PRT(
"+ Option '-out' requires a proxy file name: ignoring +");
352 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
359 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
362 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
363 PRT(
"+ Option '-cert' requires a cert file name: ignoring +");
364 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
371 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
374 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
375 PRT(
"+ Option '-key' requires a key file name: ignoring +");
376 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
383 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
386 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
387 PRT(
"+ Option '-certdir' requires a dir path: ignoring +");
388 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
395 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
398 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
399 PRT(
"+ Option '-valid' requires a time string: ignoring +");
400 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
407 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
410 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
411 PRT(
"+ Option '-path-length' requires a number >= -1: ignoring +");
412 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
417 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
418 PRT(
"+ Option '-path-length' requires a number >= -1: ignoring +");
419 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
426 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
427 Bits = strtol(*argv, 0, 10);
429 if (errno == ERANGE) {
430 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
431 PRT(
"+ Option '-bits' requires a number: ignoring +");
432 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
437 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
438 PRT(
"+ Option '-bits' requires a number: ignoring +");
439 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
446 if (argc >= 0 && (*argv && *(argv)[0] !=
'-')) {
449 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
450 PRT(
"+ Option '-clockskew' requires a number >= -1: ignoring +");
451 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
456 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
457 PRT(
"+ Option '-clockskew' requires a number >= -1: ignoring +");
458 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
465 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
466 PRT(
"+ Ignoring unrecognized option: "<<*argv);
467 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
483 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
484 PRT(
"+ Ignoring unrecognized keyword mode: "<<opt.
c_str());
485 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
506 struct passwd *pw = 0;
513 if (!pw && !(pw = thePwd.
Get(getuid()))) {
515 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
516 PRT(
"+ Cannot get info about current user - exit ");
517 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
529 if (errno != ENOENT) {
531 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
533 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
539 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
541 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
559 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
561 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
566 if (!pw && !(pw = thePwd.
Get(getuid()))) {
568 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
569 PRT(
"+ Cannot get info about current user - exit ");
570 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
576 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
578 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
590 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
592 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
597 if (!pw && !(pw = thePwd.
Get(getuid()))) {
599 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
600 PRT(
"+ Cannot get info about current user - exit ");
601 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
607 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
609 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
614 if (!S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) ||
615 (st.st_mode & (S_IWGRP | S_IWOTH)) != 0 ||
616 (st.st_mode & (S_IRGRP | S_IROTH)) != 0) {
617 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
618 PRT(
"+ Wrong permissions for file: "<<
EEkey.
c_str()<<
" (should be 0600)");
619 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
634 PRT(
" xrdgsiproxy: application to manage GSI proxies ");
638 PRT(
" xrdgsiproxy [-h] [<mode>] [options] ");
641 PRT(
" -h display this menu");
643 PRT(
" mode (info, init, destroy) [info]");
645 PRT(
" info: display content of existing proxy file");
647 PRT(
" init: create proxy certificate and related proxy file");
649 PRT(
" destroy: delete existing proxy file");
653 PRT(
" -debug Print more information while running this"
654 " query (use if something goes wrong) ");
656 PRT(
" -f,-file,-out <file> Non-standard location of proxy file");
658 PRT(
" init mode only:");
660 PRT(
" -certdir <dir> Non-standard location of directory"
661 " with information about known CAs");
662 PRT(
" -cert <file> Non-standard location of certificate"
663 " for which proxies are wanted");
664 PRT(
" -key <file> Non-standard location of the private"
665 " key to be used to sign the proxy");
666 PRT(
" -bits <bits> strength in bits of the key [2048]");
667 PRT(
" -valid <hh:mm> Time validity of the proxy certificate [12:00]");
668 PRT(
" -path-length <len> max number of descendent levels below"
670 PRT(
" -e,-exists [options] returns 0 if valid proxy exists, 1 otherwise;");
671 PRT(
" valid options: '-valid <hh:mm>', -bits <bits>");
672 PRT(
" -clockskew <secs> max clock-skewness allowed when checking time validity [30 secs]");
673 PRT(
" -extensions low-level dump of certificate extensions");
686 int lref = (ref) ? strlen(ref) : 0;
696 }
else if (opt == noref) {
708 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
710 PRT(
" Empty certificate! ");
728 int pathlen = 0;
bool b;
733 PRT(
"path length : "<<pathlen);
739 int hh = (tl >= 3600) ? (tl/3600) : 0; tl -= (hh*3600);
740 int mm = (tl >= 60) ? (tl/60) : 0; tl -= (mm*60);
741 int ss = (tl >= 0) ? tl : 0;
742 PRT(
"time left : "<<hh<<
"h:"<<mm<<
"m:"<<ss<<
"s");
743 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
748 while ((from = vatts.
tokenize(vat, from,
',')) != -1) {
749 if (vat.
length() > 0)
PRT(
"VOMS attributes: "<<vat);
751 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
757 PRT(
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
void XrdCryptoSetTrace(kXR_int32 trace)
#define cryptoTRACE_Debug
#define gsiProxyCertInfo_OID
int(* XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
int(* XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &)
int(* XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *, const char *)
bool(* XrdCryptoProxyCertInfo_t)(const void *, int &, bool *)
#define gsiProxyCertInfo_OLD_OID
int stat(const char *path, struct stat *buf)
int unlink(const char *path)
XrdCryptoProxyCertInfo_t ProxyCertInfo
bool CheckOption(XrdOucString opt, const char *ref, int &ival)
XrdCryptoX509ParseFile_t ParseFile
int main(int argc, char **argv)
static XrdSysError eDest(0,"proxy_")
XrdCryptoX509GetVOMSAttr_t GetVOMSAttr
static XrdSysLogger Logger
XrdCryptoFactory * gCryptoFactory
XrdCryptoX509CreateProxy_t CreateProxy
int ParseArguments(int argc, char **argv)
void Display(XrdCryptoX509 *xp)
int XrdSutParseTime(const char *tstr, int opt)
int XrdSutExpand(XrdOucString &path)
const char * XrdSutHome()
void XrdSutSetTrace(kXR_int32 trace)
virtual void SetTrace(kXR_int32 trace)
virtual XrdCryptoX509ParseFile_t X509ParseFile()
virtual XrdCryptoX509CreateProxy_t X509CreateProxy()
virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
virtual XrdCryptoX509data GetExtension(const char *oid)
virtual int BitStrength()
virtual const char * Subject()
const char * Type(EX509Type t=kUnknown) const
virtual int DumpExtensions(bool=0)
virtual const char * Issuer()
virtual const char * ProxyType() const
virtual time_t NotAfter()
void insert(const int i, int start=-1)
const char * c_str() const
int erase(int start=0, int size=0)
int tokenize(XrdOucString &tok, int from, char del=':')
XrdSysLogger * logger(XrdSysLogger *lp=0)
struct passwd * Get(const char *Usr)