XRootD
XrdCryptosslX509Crl.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_SSLX509CRL_H__
2 #define __CRYPTO_SSLX509CRL_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o s s l X 5 0 9 C r l . h h */
6 /* */
7 /* (c) 2005 G. Ganis , CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 #include <openssl/x509v3.h>
31 
32 /* ************************************************************************** */
33 /* */
34 /* OpenSSL X509 CRL implementation . */
35 /* */
36 /* ************************************************************************** */
37 
38 #include "XrdSut/XrdSutCache.hh"
40 
41 // ---------------------------------------------------------------------------//
42 //
43 // X509 CRL interface
44 // Describes one CRL certificate
45 //
46 // ---------------------------------------------------------------------------//
47 
48 class XrdCryptoX509;
49 
51 public:
52 
53  XrdCryptosslX509Crl(const char *crlf, int opt = 0);
54  XrdCryptosslX509Crl(FILE *, const char *crlf);
56  virtual ~XrdCryptosslX509Crl();
57 
58  // Status
59  bool IsValid() { return (crl != 0); }
60 
61  // Access underlying data (in opaque form: used in chains)
63 
64  // Dump information
65  void Dump();
66  const char *ParentFile() { return (const char *)(srcfile.c_str()); }
67 
68  // Validity interval
69  time_t LastUpdate(); // time when last updated
70  time_t NextUpdate(); // time foreseen for next update
71 
72  // Issuer of top certificate
73  const char *Issuer();
74  const char *IssuerHash(int); // hash
75 
76  // Chec certificate revocation
77  bool IsRevoked(int serialnumber, int when = 0);
78  bool IsRevoked(const char *sernum, int when = 0);
79 
80  // Verify signature
81  bool Verify(XrdCryptoX509 *ref);
82 
83  // Dump CRL object to a file.
84  bool ToFile(FILE *fh);
85 
86  //Returns true if the CRL certificate has critical extension, false otherwise
87  bool hasCriticalExtension();
88 
89 private:
90  X509_CRL *crl{nullptr}; // The CRL object
91  time_t lastupdate{-1}; // time of last update
92  time_t nextupdate{-1}; // time of next update
93  XrdOucString issuer; // issuer name;
94  XrdOucString issuerhash; // hash of issuer name (default algorithm);
95  XrdOucString issueroldhash; // hash of issuer name (md5 algorithm);
96  XrdOucString srcfile; // source file name, if any;
97  XrdOucString crluri; // URI from where to get the CRL file, if any;
98 
99  int nrevoked{0}; // Number of certificates revoked
100  XrdSutCache cache; // cached infor about revoked certificates
101 
102  int GetFileType(const char *crlfn); //Determine file type
103  int LoadCache(); // Load the cache
104  int Init(const char *crlf); // Init from file
105  int Init(FILE *fc, const char *crlf); // Init from file handle
106  int InitFromURI(const char *uri, const char *hash); // Init from URI
107 };
108 
109 #endif
void * XrdCryptoX509Crldata
const char * IssuerHash()
XrdCryptoX509Crldata Opaque()
XrdCryptosslX509Crl(const char *crlf, int opt=0)
bool IsRevoked(int serialnumber, int when=0)
bool Verify(XrdCryptoX509 *ref)
const char * c_str() const