XRootD
XrdCryptogsiX509Chain.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_GSIX509CHAIN_H__
2 #define __CRYPTO_GSIX509CHAIN_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o g s i X 5 0 9 C h a i n . h h */
6 /* */
7 /* (c) 2014 G. Ganis , CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* Chain of X509 certificates following GSI policy(ies). */
34 /* */
35 /* ************************************************************************** */
36 
38 
39 // ---------------------------------------------------------------------------//
40 // //
41 // XrdCryptogsiX509Chain (was XrdCryptosslgsiX509Chain) //
42 // //
43 // Enforce GSI policies on X509 certificate chains //
44 // //
45 // ---------------------------------------------------------------------------//
46 
47 const int kOptsRfc3820 = 0x1;
48 
49 class XrdCryptoFactory;
51 
52 public:
54  XrdCryptoFactory *f = 0) : XrdCryptoX509Chain(c), cfact(f) { }
56  XrdCryptoFactory *f = 0) : XrdCryptoX509Chain(c), cfact(f) { }
57  virtual ~XrdCryptogsiX509Chain() { }
58 
59  // Verify chain
60  bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt = 0);
61 
62 private:
63 
64  // Proxy naming rules
65  bool SubjectOK(EX509ChainErr &e, XrdCryptoX509 *xcer);
66 
67  // Crypto factory
68  XrdCryptoFactory *cfact;
69 };
70 
71 #endif
const int kOptsRfc3820
XrdCryptogsiX509Chain(XrdCryptogsiX509Chain *c, XrdCryptoFactory *f=0)
XrdCryptogsiX509Chain(XrdCryptoX509 *c=0, XrdCryptoFactory *f=0)
bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)