#include <XrdCryptosslX509.hh>
Definition at line 54 of file XrdCryptosslX509.hh.
◆ XrdCryptosslX509() [1/3]
XrdCryptosslX509::XrdCryptosslX509 |
( |
const char * |
cf, |
|
|
const char * |
kf = 0 |
|
) |
| |
Definition at line 66 of file XrdCryptosslX509.cc.
71 EPNAME(
"X509::XrdCryptosslX509_file");
90 DEBUG(
"file name undefined");
95 int fd =
open(cf, O_RDONLY);
98 if (errno == ENOENT) {
99 DEBUG(
"file "<<cf<<
" does not exist - do nothing");
101 DEBUG(
"cannot open file "<<cf<<
" (errno: "<<errno<<
")");
106 if (
fstat(fd, &st) != 0) {
107 DEBUG(
"cannot stat file "<<cf<<
" (errno: "<<errno<<
")");
113 FILE *fc = fdopen(fd,
"r");
115 DEBUG(
"cannot fdopen file "<<cf<<
" (errno: "<<errno<<
")");
121 if (!PEM_read_X509(fc, &cert, 0, 0)) {
122 DEBUG(
"Unable to load certificate from file");
125 DEBUG(
"certificate successfully loaded");
143 int fd =
open(kf, O_RDONLY);
145 DEBUG(
"cannot open file "<<kf<<
" (errno: "<<errno<<
")");
148 if (
fstat(fd, &st) == -1) {
149 DEBUG(
"cannot stat private key file "<<kf<<
" (errno:"<<errno<<
")");
153 if (!S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) ||
154 (st.st_mode & (S_IROTH | S_IWOTH)) != 0 ||
155 (st.st_mode & (S_IWGRP)) != 0) {
156 DEBUG(
"private key file "<<kf<<
" has wrong permissions "<<
157 (st.st_mode & 0777) <<
" (should be at most 0640)");
162 FILE *fk = fdopen(fd,
"r");
164 DEBUG(
"cannot open file "<<kf<<
" (errno: "<<errno<<
")");
169 if ((evpp = PEM_read_PrivateKey(fk,0,0,0))) {
170 DEBUG(
"RSA key completed ");
172 auto tmprsa = std::make_unique<XrdCryptosslRSA>(evpp, 1);
175 pki = tmprsa.release();
178 DEBUG(
"cannot read the key from file");
int stat(const char *path, struct stat *buf)
int open(const char *path, int oflag,...)
int fstat(int fildes, struct stat *buf)
References close, DEBUG, EPNAME, fclose(), fstat(), Issuer(), XrdCryptoRSA::kComplete, open(), stat(), and Subject().
◆ XrdCryptosslX509() [2/3]
Definition at line 190 of file XrdCryptosslX509.cc.
193 EPNAME(
"X509::XrdCryptosslX509_bio");
212 DEBUG(
"got undefined opaque buffer");
218 BIO *bmem = BIO_new(BIO_s_mem());
220 DEBUG(
"unable to create BIO for memory operations");
225 int nw = BIO_write(bmem,(
const void *)(buck->buffer),buck->size);
226 if (nw != buck->size) {
227 DEBUG(
"problems writing data to memory BIO (nw: "<<nw<<
")");
232 if (!(cert = PEM_read_bio_X509(bmem,0,0,0))) {
233 DEBUG(
"unable to read certificate to memory BIO");
247 EVP_PKEY *evpp = X509_get_pubkey(cert);
254 DEBUG(
"could not access the public key");
References XrdSutBucket::buffer, DEBUG, EPNAME, Issuer(), XrdSutBucket::size, and Subject().
◆ XrdCryptosslX509() [3/3]
XrdCryptosslX509::XrdCryptosslX509 |
( |
X509 * |
cert | ) |
|
◆ ~XrdCryptosslX509()
XrdCryptosslX509::~XrdCryptosslX509 |
( |
| ) |
|
|
virtual |
◆ BitStrength()
int XrdCryptosslX509::BitStrength |
( |
| ) |
|
|
inlinevirtual |
◆ DumpExtensions()
int XrdCryptosslX509::DumpExtensions |
( |
bool |
dumpunknown = 0 | ) |
|
|
virtual |
Reimplemented from XrdCryptoX509.
Definition at line 814 of file XrdCryptosslX509.cc.
822 X509 *xpi = (X509 *)
Opaque();
826 PRINT(
"we are empty! Do nothing");
832 X509_EXTENSION *xpiext = 0;
833 int npiext = X509_get_ext_count(xpi);
834 PRINT(
"found "<<npiext<<
" extensions ");
836 for (i = 0; i< npiext; i++) {
837 xpiext = X509_get_ext(xpi, i);
839 OBJ_obj2txt(s,
sizeof(s), X509_EXTENSION_get_object(xpiext), 1);
840 int crit = X509_EXTENSION_get_critical(xpiext);
842 PRINT(i <<
": found extension '"<<s<<
"', critical: " << crit);
846 long length = X509_EXTENSION_get_data(xpiext)->length;
847 int ret = FillUnknownExt(&pp, length, dumpunknown);
848 PRINT(
"ret: " << ret);
XrdCryptoX509data Opaque()
References EPNAME, Opaque(), PRINT, and XRDGSI_CONST.
◆ Export()
Reimplemented from XrdCryptoX509.
Definition at line 724 of file XrdCryptosslX509.cc.
731 DEBUG(
"serialization already performed:"
732 " return previous result ("<<bucket->
size<<
" bytes)");
738 DEBUG(
"certificate is not initialized");
744 BIO *bmem = BIO_new(BIO_s_mem());
746 DEBUG(
"unable to create BIO for memory operations");
751 if (!PEM_write_bio_X509(bmem, cert)) {
752 DEBUG(
"unable to write certificate to memory BIO");
758 int blen = BIO_get_mem_data(bmem, &bdata);
759 DEBUG(
"BIO data: "<<blen<<
" bytes at 0x"<<(
int *)bdata);
765 bucket->
SetBuf(bdata, blen);
766 DEBUG(
"result of serialization: "<<bucket->
size<<
" bytes");
768 DEBUG(
"unable to create bucket for serialized format");
int SetBuf(const char *nb=0, int ns=0)
References DEBUG, EPNAME, kXRS_x509, XrdSutBucket::SetBuf(), and XrdSutBucket::size.
◆ GetExtension()
Reimplemented from XrdCryptoX509.
Definition at line 661 of file XrdCryptosslX509.cc.
665 EPNAME(
"X509::GetExtension");
670 DEBUG(
"OID string not defined");
676 DEBUG(
"certificate is not initialized");
681 int numext = X509_get_ext_count(cert);
683 DEBUG(
"certificate has got no extensions");
686 DEBUG(
"certificate has "<<numext<<
" extensions");
690 int nid = OBJ_sn2nid(oid);
691 bool usenid = (nid > 0);
695 X509_EXTENSION *wext = 0;
696 for (i = 0; i< numext; i++) {
697 wext = X509_get_ext(cert, i);
699 int enid = OBJ_obj2nid(X509_EXTENSION_get_object(wext));
705 OBJ_obj2txt(s,
sizeof(s), X509_EXTENSION_get_object(wext), 1);
715 DEBUG(
"Extension "<<oid<<
" not found");
References DEBUG, and EPNAME.
◆ Issuer()
const char * XrdCryptosslX509::Issuer |
( |
| ) |
|
|
virtual |
◆ IssuerHash()
const char * XrdCryptosslX509::IssuerHash |
( |
int |
alg = 0 | ) |
|
|
virtual |
Reimplemented from XrdCryptoX509.
Definition at line 531 of file XrdCryptosslX509.cc.
536 EPNAME(
"X509::IssuerHash");
538 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(__APPLE__))
541 if (issueroldhash.
length() <= 0) {
544 char chash[30] = {0};
545 snprintf(chash,
sizeof(chash),
546 "%08lx.0",X509_NAME_hash_old(X509_get_issuer_name(cert)));
547 issueroldhash = chash;
549 DEBUG(
"WARNING: no certificate available - cannot extract issuer hash (md5)");
553 return (issueroldhash.
length() > 0) ? issueroldhash.
c_str() : (
const char *)0;
560 if (issuerhash.
length() <= 0) {
564 char chash[30] = {0};
565 snprintf(chash,
sizeof(chash),
566 "%08lx.0",X509_NAME_hash(X509_get_issuer_name(cert)));
569 DEBUG(
"WARNING: no certificate available - cannot extract issuer hash (default)");
574 return (issuerhash.
length() > 0) ? issuerhash.
c_str() : (
const char *)0;
References XrdOucString::c_str(), DEBUG, EPNAME, and XrdOucString::length().
◆ MatchesSAN()
bool XrdCryptosslX509::MatchesSAN |
( |
const char * |
fqdn, |
|
|
bool & |
hasSAN |
|
) |
| |
|
virtual |
Implements XrdCryptoX509.
Definition at line 1119 of file XrdCryptosslX509.cc.
1131 GENERAL_NAMES *gens =
static_cast<GENERAL_NAMES *
>(X509_get_ext_d2i(cert,
1132 NID_subject_alt_name, NULL, NULL));
1146 bool success =
false;
1147 for (
int idx = 0; idx < sk_GENERAL_NAME_num(gens); idx++) {
1150 gen = sk_GENERAL_NAME_value(gens, idx);
1151 if (gen->type != GEN_DNS)
1153 cstr = gen->d.dNSName;
1154 if (ASN1_STRING_type(cstr) != V_ASN1_IA5STRING)
1156 int san_fqdn_len = ASN1_STRING_length(cstr);
1157 if (san_fqdn_len > 255)
1159 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
1160 memcpy(san_fqdn, ASN1_STRING_get0_data(cstr), san_fqdn_len);
1162 memcpy(san_fqdn, ASN1_STRING_data(cstr), san_fqdn_len);
1164 san_fqdn[san_fqdn_len] =
'\0';
1165 if (strlen(san_fqdn) !=
static_cast<size_t>(san_fqdn_len))
1167 DEBUG(
"Comparing SAN " << san_fqdn <<
" with " << fqdn);
1169 DEBUG(
"SAN " << san_fqdn <<
" matches with " << fqdn);
1174 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
static bool MatchHostnames(const char *match_pattern, const char *fqdn)
References DEBUG, EPNAME, XrdCryptoX509::kEEC, XrdCryptoX509::MatchHostnames(), and XrdCryptoX509::type.
◆ NotAfter()
time_t XrdCryptosslX509::NotAfter |
( |
| ) |
|
|
virtual |
◆ NotBefore()
time_t XrdCryptosslX509::NotBefore |
( |
| ) |
|
|
virtual |
◆ Opaque()
◆ ParentFile()
const char* XrdCryptosslX509::ParentFile |
( |
| ) |
|
|
inlinevirtual |
◆ PKI()
◆ ProxyType()
const char* XrdCryptosslX509::ProxyType |
( |
| ) |
const |
|
inlinevirtual |
◆ SerialNumber()
Reimplemented from XrdCryptoX509.
Definition at line 625 of file XrdCryptosslX509.cc.
630 if (cert && X509_get_serialNumber(cert)) {
631 BIGNUM *bn = BN_new();
632 ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), bn);
633 char *sn = BN_bn2dec(bn);
634 sernum = strtoll(sn, 0, 10);
◆ SerialNumberString()
Reimplemented from XrdCryptoX509.
Definition at line 643 of file XrdCryptosslX509.cc.
648 if (cert && X509_get_serialNumber(cert)) {
649 BIGNUM *bn = BN_new();
650 ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), bn);
651 char *sn = BN_bn2hex(bn);
◆ SetPKI()
◆ Subject()
const char * XrdCryptosslX509::Subject |
( |
| ) |
|
|
virtual |
◆ SubjectHash()
const char * XrdCryptosslX509::SubjectHash |
( |
int |
alg = 0 | ) |
|
|
virtual |
Reimplemented from XrdCryptoX509.
Definition at line 578 of file XrdCryptosslX509.cc.
583 EPNAME(
"X509::SubjectHash");
585 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(__APPLE__))
588 if (subjectoldhash.
length() <= 0) {
591 char chash[30] = {0};
592 snprintf(chash,
sizeof(chash),
593 "%08lx.0",X509_NAME_hash_old(X509_get_subject_name(cert)));
594 subjectoldhash = chash;
596 DEBUG(
"WARNING: no certificate available - cannot extract subject hash (md5)");
600 return (subjectoldhash.
length() > 0) ? subjectoldhash.
c_str() : (
const char *)0;
607 if (subjecthash.
length() <= 0) {
611 char chash[30] = {0};
612 snprintf(chash,
sizeof(chash),
613 "%08lx.0",X509_NAME_hash(X509_get_subject_name(cert)));
616 DEBUG(
"WARNING: no certificate available - cannot extract subject hash (default)");
621 return (subjecthash.
length() > 0) ? subjecthash.
c_str() : (
const char *)0;
References XrdOucString::c_str(), DEBUG, EPNAME, and XrdOucString::length().
◆ Verify()
The documentation for this class was generated from the following files: