43 #define LOCDUMP(y) { std::cerr << epname << ":" << y << std::endl; }
47 "no error condition occurred",
48 "chain is inconsistent",
49 "size exceeds max allowed depth",
50 "invalid or missing CA",
51 "certificate missing",
52 "unexpected certificate type",
53 "names invalid or missing",
54 "certificate has been revoked",
55 "certificate expired",
56 "extension not found",
57 "signature verification failed",
58 "issuer had no signing rights",
59 "CA issued by another CA",
60 "invalid or missing EEC",
205 if (!CAok && (ecode !=
kVerifyFail || checkselfsigned)) {
242 for (; nd; nd = nd->
Next()) {
327 if (!curr || curr->
Cert() != c || (prev && curr != prev->
Next())) {
331 for (; curr; curr = curr->
Next()) {
332 if (curr->
Cert() == c)
364 }
else if (curr ==
begin) {
451 const char *pi = c->
Issuer();
453 if (mode == kExact) {
454 if (!strcmp(pi, issuer))
456 }
else if (mode == kBegin) {
457 if (strstr(pi, issuer) == c->
Issuer())
459 }
else if (mode == kEnd) {
460 int ibeg = strlen(pi) - strlen(issuer);
461 if (!strcmp(pi + ibeg, issuer))
472 *prev = (cn) ? cp : 0;
496 const char *ps = c ? c->
Subject() : 0;
498 if (mode == kExact) {
499 if (!strcmp(ps, subject))
501 }
else if (mode == kBegin) {
502 if (strstr(ps, subject) == ps)
504 }
else if (mode == kEnd) {
505 int sbeg = strlen(ps) - strlen(subject);
506 if (!strcmp(ps + sbeg, subject))
516 *prev = (cn) ? cp : 0;
526 EPNAME(
"X509Chain::Dump");
528 LOCDUMP(
"//------------------Dumping X509 chain content ------------------//");
530 LOCDUMP(
"// Chain instance: "<<
this);
557 LOCDUMP(
"//---------------------------- END ------------------------------//")
566 EPNAME(
"X509Chain::Reorder");
569 DEBUG(
"Nothing to reorder (size: "<<
size<<
")");
583 if (!(nn =
FindSubject(nr->Cert()->Issuer(),kExact,&npp)) ||
591 if (nr && nr !=
begin) {
603 caname = nr->Cert()->Subject();
604 cahash = nr->Cert()->SubjectHash();
617 eechash = np->Cert()->SubjectHash();
645 DEBUG(
"Inconsistency found: "<<left<<
646 " certificates could not be correctly enchained!");
681 EPNAME(
"X509Chain::Verify");
686 DEBUG(
"Nothing to verify (size: "<<
size<<
")");
701 int when = (vopt) ? vopt->
when : (
int)time(0);
702 int plen = (vopt) ? vopt->
pathlen : -1;
707 if (plen > -1 && plen <
size) {
753 EPNAME(
"X509Chain::CheckValidity");
758 DEBUG(
"Nothing to verify (size: "<<
size<<
")");
770 DEBUG(
"invalid certificate found");
776 DEBUG(
"found node without certificate");
825 if (when >= 0 && !(xcer->
IsValid(when))) {
833 if (!xsig || !(xcer->
Verify(xsig))) {
848 EPNAME(
"X509Chain::CAname");
854 DEBUG(
"CA not found in chain");
855 return (
const char *)0;
867 EPNAME(
"X509Chain::EECname");
881 DEBUG(
"EEC not found in chain");
882 return (
const char *)0;
894 EPNAME(
"X509Chain::CAhash");
900 DEBUG(
"CA not found in chain");
901 return (
const char *)0;
913 EPNAME(
"X509Chain::EEChash");
927 DEBUG(
"EEC not found in chain");
928 return (
const char *)0;
static const char * X509ChainErrStr[]
const int kOptsCheckSelfSigned
XrdCryptoX509 * Cert() const
void SetNext(XrdCryptoX509ChainNode *n)
XrdCryptoX509ChainNode * Next() const
virtual bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)
void InsertAfter(XrdCryptoX509 *c, XrdCryptoX509 *cp)
bool CheckCA(bool checkselfsigned=1)
virtual ~XrdCryptoX509Chain()
virtual int CheckValidity(bool outatfirst=1, int when=0)
XrdCryptoX509ChainNode * end
XrdCryptoX509ChainNode * FindIssuer(const char *issuer, ESearchMode mode=kExact, XrdCryptoX509ChainNode **p=0)
XrdCryptoX509ChainNode * FindSubject(const char *subject, ESearchMode mode=kExact, XrdCryptoX509ChainNode **p=0)
XrdCryptoX509ChainNode * begin
void Cleanup(bool keepCA=0)
void Remove(XrdCryptoX509 *c)
XrdCryptoX509 * SearchByIssuer(const char *issuer, ESearchMode mode=kExact)
ECAStatus StatusCA() const
XrdCryptoX509ChainNode * previous
XrdCryptoX509ChainNode * current
void PushBack(XrdCryptoX509 *c)
const char * X509ChainError(EX509ChainErr e)
XrdCryptoX509 * EffCA() const
const char * LastError() const
XrdCryptoX509 * SearchBySubject(const char *subject, ESearchMode mode=kExact)
void PutInFront(XrdCryptoX509 *c)
XrdCryptoX509ChainNode * effca
XrdCryptoX509ChainNode * Find(XrdCryptoX509 *c)
XrdCryptoX509Chain(XrdCryptoX509 *c=0)
virtual bool IsRevoked(int serialnumber, int when)
virtual bool Verify(XrdCryptoX509 *ref)
virtual const char * Subject()
const char * Type(EX509Type t=kUnknown) const
virtual const char * SubjectHash(int)
virtual const char * IssuerHash(int)
virtual const char * Issuer()
virtual bool IsValid(int when=0)
virtual XrdOucString SerialNumberString()
const char * c_str() const