XRootD
XrdCryptosslAux.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_SSLAUX_H__
2 #define __CRYPTO_SSLAUX_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o S s l A u x . h h */
6 /* */
7 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
8 /* Produced by Gerri Ganis for CERN */
9 /* */
10 /* This file is part of the XRootD software suite. */
11 /* */
12 /* XRootD is free software: you can redistribute it and/or modify it under */
13 /* the terms of the GNU Lesser General Public License as published by the */
14 /* Free Software Foundation, either version 3 of the License, or (at your */
15 /* option) any later version. */
16 /* */
17 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20 /* License for more details. */
21 /* */
22 /* You should have received a copy of the GNU Lesser General Public License */
23 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25 /* */
26 /* The copyright holder's institutional names and contributor's names may not */
27 /* be used to endorse or promote products derived from this software without */
28 /* specific prior written permission of the institution or contributor. */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* OpenSSL utility functions */
34 /* */
35 /* ************************************************************************** */
36 
40 #include <openssl/asn1.h>
41 
42 #define kSslKDFunDefLen 24
43 
45 class XrdTlsPeerCerts;
46 
47 //
48 // Password-Based Key Derivation Function 2, specified in PKCS #5
49 //
50 int XrdCryptosslKDFunLen(); // default buffer length
51 int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen,
52  char *key, int len);
53 //
54 // X509 manipulation: certificate verification
56 // chain verification
57 bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode);
58 // chain export to bucket
60 // chain export to file (proxy file creation)
61 int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *c, const char *fn);
62 // export single certificate to file; fname is solely for debug message purposes
63 extern "C" int XrdCryptosslX509ToFile(XrdCryptoX509 *x509, FILE *file, const char *fname);
64 // certificates from file parsing
65 int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *c, const char *fkey = 0);
66 // certificates from FILE object; fname is solely for debug message purposes
67 extern "C" int XrdCryptosslX509ParseFile(FILE *file, XrdCryptoX509Chain *c, const char *fname, const char *fkey = 0);
68 // certificates from bucket parsing
70 // certificates from STACK_OF(X509*)
72 //
73 // Function to convert from ASN1 time format into UTC since Epoch (Jan 1, 1970)
74 time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1);
75 
76 // Function to convert X509_NAME into a one-line human readable string
77 void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s);
78 
79 //
80 // X509 proxy auxilliary functions
81 // Function to check presence of a proxyCertInfo and retrieve the path length
82 // constraint. Written following RFC3820 and examples in openssl-<vers>/crypto
83 // source code. Extracts the policy field but ignores it contents.
84 bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0);
85 void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen);
86 // Create proxy certificates
87 int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *,
88  XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
89 // Create a proxy certificate request
92 // Sign a proxy certificate request
95 // Check a proxy certificate GSI 3
97 // Get VOMS attributes, if any
99 
100 /******************************************************************************/
101 /* E r r o r L o g g i n g / T r a c i n g F l a g s */
102 /******************************************************************************/
103 #define sslTRACE_ALL 0x0007
104 #define sslTRACE_Dump 0x0004
105 #define sslTRACE_Debug 0x0002
106 #define sslTRACE_Notify 0x0001
107 
108 /******************************************************************************/
109 /* E r r o r s i n P r o x y M a n i p u l a t i o n s */
110 /******************************************************************************/
111 #define kErrPX_Error 1 // Generic error condition
112 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file
113 #define kErrPX_BadEECkey 3 // Inconsistent EEC key
114 #define kErrPX_ExpiredEEC 4 // EEC is expired
115 #define kErrPX_NoResources 5 // Unable to create new objects
116 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute
117 #define kErrPX_SetPathDepth 7 // Unable to set path depth
118 #define kErrPX_Signing 8 // Problems signing
119 #define kErrPX_GenerateKey 9 // Problem generating the RSA key
120 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file
121 #define kErrPX_BadNames 11 // Names in certificates are bad
122 #define kErrPX_BadSerial 12 // Problems resolving serial number
123 #define kErrPX_BadExtension 13 // Problems with the extensions
124 
125 #endif
126 
void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen)
void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &)
int XrdCryptosslKDFunLen()
int XrdCryptosslX509ToFile(XrdCryptoX509 *x509, FILE *file, const char *fname)
int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen, char *key, int len)
bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *c, XrdCryptoX509 *r)
int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy=0)
XrdSutBucket * XrdCryptosslX509ExportChain(XrdCryptoX509Chain *c, bool key=0)
int XrdCryptosslX509ParseStack(XrdTlsPeerCerts *pc, XrdCryptoX509Chain *chain)
int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *c, const char *fn)
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *c)
int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &)
bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode)
int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *c, const char *fkey=0)