XRootD
XrdCryptoX509 Class Referenceabstract

#include <XrdCryptoX509.hh>

+ Inheritance diagram for XrdCryptoX509:
+ Collaboration diagram for XrdCryptoX509:

Public Types

enum  EX509Type {
  kUnknown = -1 ,
  kCA = 0 ,
  kEEC = 1 ,
  kProxy = 2
}
 

Public Member Functions

 XrdCryptoX509 ()
 
virtual ~XrdCryptoX509 ()
 
virtual int BitStrength ()
 
virtual void Dump ()
 
virtual int DumpExtensions (bool=0)
 
virtual XrdSutBucketExport ()
 
virtual XrdCryptoX509data GetExtension (const char *oid)
 
virtual bool IsExpired (int when=0)
 
virtual const char * Issuer ()
 
const char * IssuerHash ()
 
virtual const char * IssuerHash (int)
 
virtual bool IsValid (int when=0)
 
virtual bool MatchesSAN (const char *fqdn, bool &hasSAN)=0
 
virtual time_t NotAfter ()
 
virtual time_t NotBefore ()
 
virtual XrdCryptoX509data Opaque ()
 
virtual const char * ParentFile ()
 
virtual XrdCryptoRSAPKI ()
 
virtual const char * ProxyType () const
 
virtual kXR_int64 SerialNumber ()
 
virtual XrdOucString SerialNumberString ()
 
virtual void SetPKI (XrdCryptoX509data pki)
 
virtual const char * Subject ()
 
const char * SubjectHash ()
 
virtual const char * SubjectHash (int)
 
const char * Type (EX509Type t=kUnknown) const
 
virtual bool Verify (XrdCryptoX509 *ref)
 

Static Public Member Functions

static bool MatchHostnames (const char *match_pattern, const char *fqdn)
 

Public Attributes

EX509Type type
 

Detailed Description

Definition at line 51 of file XrdCryptoX509.hh.

Member Enumeration Documentation

◆ EX509Type

Enumerator
kUnknown 
kCA 
kEEC 
kProxy 

Definition at line 55 of file XrdCryptoX509.hh.

Constructor & Destructor Documentation

◆ XrdCryptoX509()

XrdCryptoX509::XrdCryptoX509 ( )
inline

Definition at line 59 of file XrdCryptoX509.hh.

59 { type = kUnknown; }
EX509Type type

References kUnknown, and type.

◆ ~XrdCryptoX509()

virtual XrdCryptoX509::~XrdCryptoX509 ( )
inlinevirtual

Definition at line 60 of file XrdCryptoX509.hh.

60 { }

Member Function Documentation

◆ BitStrength()

int XrdCryptoX509::BitStrength ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 97 of file XrdCryptoX509.cc.

98 {
99  // Return number of bits in key
100  ABSTRACTMETHOD("XrdCryptoX509::BitStrength");
101  return -1;
102 }
#define ABSTRACTMETHOD(x)
Definition: XrdCryptoAux.hh:41

References ABSTRACTMETHOD.

Referenced by Display(), and main().

+ Here is the caller graph for this function:

◆ Dump()

void XrdCryptoX509::Dump ( )
virtual

Definition at line 49 of file XrdCryptoX509.cc.

50 {
51  // Dump content
52  EPNAME("X509::Dump");
53 
54  // Time strings
55  struct tm tst;
56  char stbeg[256] = {0};
57  time_t tbeg = NotBefore();
58  localtime_r(&tbeg,&tst);
59  asctime_r(&tst,stbeg);
60  stbeg[strlen(stbeg)-1] = 0;
61  char stend[256] = {0};
62  time_t tend = NotAfter();
63  localtime_r(&tend,&tst);
64  asctime_r(&tst,stend);
65  stend[strlen(stend)-1] = 0;
66 
67  PRINT("+++++++++++++++ X509 dump +++++++++++++++++++++++");
68  PRINT("+");
69  PRINT("+ File: "<<ParentFile());
70  PRINT("+");
71  PRINT("+ Type: "<<Type());
72  PRINT("+ Serial Number: "<<SerialNumber());
73  PRINT("+ Subject: "<<Subject());
74  PRINT("+ Subject hash: "<<SubjectHash(0));
75  PRINT("+ Issuer: "<<Issuer());
76  PRINT("+ Issuer hash: "<<IssuerHash(0));
77  PRINT("+");
78  if (IsExpired()) {
79  PRINT("+ Validity: (expired!)");
80  } else {
81  PRINT("+ Validity:");
82  }
83  PRINT("+ NotBefore: "<<tbeg<<" UTC - "<<stbeg);
84  PRINT("+ NotAfter: "<<tend<<" UTC - "<<stend);
85  PRINT("+");
86  if (PKI()) {
87  PRINT("+ PKI: "<<PKI()->Status());
88  } else {
89  PRINT("+ PKI: missing");
90  }
91  PRINT("+");
92  PRINT("+++++++++++++++++++++++++++++++++++++++++++++++++");
93 }
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
#define PRINT(y)
const char * IssuerHash()
virtual const char * Subject()
const char * Type(EX509Type t=kUnknown) const
virtual XrdCryptoRSA * PKI()
virtual time_t NotBefore()
const char * SubjectHash()
virtual bool IsExpired(int when=0)
virtual const char * Issuer()
virtual kXR_int64 SerialNumber()
virtual const char * ParentFile()
virtual time_t NotAfter()

References EPNAME, IsExpired(), Issuer(), IssuerHash(), NotAfter(), NotBefore(), ParentFile(), PKI(), PRINT, SerialNumber(), Subject(), SubjectHash(), and Type().

Referenced by main().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DumpExtensions()

int XrdCryptoX509::DumpExtensions ( bool  = 0)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 245 of file XrdCryptoX509.cc.

246 {
247  // Dump extensions, if any
248  ABSTRACTMETHOD("XrdCryptoX509::DumpExtensions");
249  return -1;
250 }

References ABSTRACTMETHOD.

Referenced by Display().

+ Here is the caller graph for this function:

◆ Export()

XrdSutBucket * XrdCryptoX509::Export ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 229 of file XrdCryptoX509.cc.

230 {
231  // EXport in form of bucket
232  ABSTRACTMETHOD("XrdCryptoX509::Export");
233  return (XrdSutBucket *)0;
234 }

References ABSTRACTMETHOD.

Referenced by XrdSecProtocolgsi::Authenticate().

+ Here is the caller graph for this function:

◆ GetExtension()

XrdCryptoX509data XrdCryptoX509::GetExtension ( const char *  oid)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 221 of file XrdCryptoX509.cc.

222 {
223  // Return issuer name
224  ABSTRACTMETHOD("XrdCryptoX509::GetExtension");
225  return (XrdCryptoX509data)0;
226 }
void * XrdCryptoX509data

References ABSTRACTMETHOD.

Referenced by XrdCryptosslX509Crl::XrdCryptosslX509Crl(), Display(), main(), and XrdCryptogsiX509Chain::Verify().

+ Here is the caller graph for this function:

◆ IsExpired()

bool XrdCryptoX509::IsExpired ( int  when = 0)
virtual

Definition at line 115 of file XrdCryptoX509.cc.

116 {
117  // Check expiration at UTC time 'when'. Use when =0 (default) to check
118  // at present time.
119 
120  int now = (when > 0) ? when : (int)time(0);
121  return (now > NotAfter());
122 }

References NotAfter().

Referenced by Dump().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Issuer()

const char * XrdCryptoX509::Issuer ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 157 of file XrdCryptoX509.cc.

158 {
159  // Return issuer name
160  ABSTRACTMETHOD("XrdCryptoX509::Issuer");
161  return (const char *)0;
162 }

References ABSTRACTMETHOD.

Referenced by Display(), Dump(), XrdCryptoX509Chain::FindIssuer(), main(), XrdCryptoX509Chain::Reorder(), XrdCryptosslX509ChainToFile(), and XrdCryptosslX509ExportChain().

+ Here is the caller graph for this function:

◆ IssuerHash() [1/2]

const char* XrdCryptoX509::IssuerHash ( )
inline

Definition at line 99 of file XrdCryptoX509.hh.

99 { return IssuerHash(0); } // hash

References IssuerHash().

Referenced by Dump(), and IssuerHash().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ IssuerHash() [2/2]

const char * XrdCryptoX509::IssuerHash ( int  )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 173 of file XrdCryptoX509.cc.

174 {
175  // Return issuer name
176  ABSTRACTMETHOD("XrdCryptoX509::IssuerHash");
177  return (const char *)0;
178 }

References ABSTRACTMETHOD.

Referenced by XrdCryptoX509Chain::Dump(), XrdSecProtocolgsi::getCredentials(), main(), XrdCryptoX509Chain::SetEffectiveCA(), and XrdCryptosslX509ExportChain().

+ Here is the caller graph for this function:

◆ IsValid()

bool XrdCryptoX509::IsValid ( int  when = 0)
virtual

Definition at line 105 of file XrdCryptoX509.cc.

106 {
107  // Check validity at UTC time 'when'. Use when =0 (default) to check
108  // at present time.
109 
110  int now = (when > 0) ? when : (int)time(0);
111  return (now >= (NotBefore()-kAllowedSkew) && now <= NotAfter());
112 }
#define kAllowedSkew

References kAllowedSkew, NotAfter(), and NotBefore().

Referenced by XrdCryptoX509Chain::CheckValidity(), and XrdCryptoX509Chain::Verify().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ MatchesSAN()

virtual bool XrdCryptoX509::MatchesSAN ( const char *  fqdn,
bool &  hasSAN 
)
pure virtual

Implemented in XrdCryptosslX509.

◆ MatchHostnames()

bool XrdCryptoX509::MatchHostnames ( const char *  match_pattern,
const char *  fqdn 
)
static

Definition at line 253 of file XrdCryptoX509.cc.

254 {
255  // Compare two hostnames and see if they are the same, including wildcards.
256  //
257  // For example,
258  //
259  // - foo.example.com and foo.example.com are considered equal.
260  // - bar.example.com and foo.example.com are not equal.
261  // - *.example.com and foo.example.com are equal.
262  // - *.example.com and foo.bar.example.com are NOT equal (wildcard applies to a single label).
263  // - FOO.example.com and foo.EXAMPLE.COM are equal (comparison is not case sensitive).
264  // - F*.com and foo.com are equal
265  //
266  // Returns true if the hostnames are considered a match
267 
268  XrdOucString mpatt(match_pattern), hname(hostname);
269 
270  // Not empty
271  if (!mpatt.length() || !hname.length()) return false;
272 
273  // Create a lowercase copy of both hostnames
274  mpatt.lower(0);
275  hname.lower(0);
276 
277  // Are they equal?
278  if (mpatt == hname) return true;
279 
280  bool theydomatch = false;
281 
282  // Get first token of both strings
283 // int mfrom = -1, hfrom = -1;
284  int mfrom = 0, hfrom = 0;
285  XrdOucString mfirst, hfirst;
286  if (((mfrom = mpatt.tokenize(mfirst, mfrom, '.')) != -1) &&
287  ((hfrom = hname.tokenize(hfirst, hfrom, '.')) != -1)) {
288  if (hfirst.matches(mfirst.c_str())) {
289  // First tokens matches, the rest should match without wildcards
290  mpatt.erasefromstart(mfrom);
291  hname.erasefromstart(hfrom);
292  if ((hname == mpatt) ||
293  (!hname.length() && !mpatt.length())) theydomatch = true;
294  }
295  }
296 
297  return theydomatch;
298 }
const char * c_str() const
int erasefromstart(int sz=0)
int matches(const char *s, char wch=' *')

References XrdOucString::c_str(), XrdOucString::erasefromstart(), XrdOucString::length(), XrdOucString::lower(), XrdOucString::matches(), and XrdOucString::tokenize().

Referenced by XrdCryptosslX509::MatchesSAN().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ NotAfter()

time_t XrdCryptoX509::NotAfter ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 133 of file XrdCryptoX509.cc.

134 {
135  // End-validity time in secs since Epoch
136  ABSTRACTMETHOD("XrdCryptoX509::NotAfter");
137  return -1;
138 }

References ABSTRACTMETHOD.

Referenced by XrdSecProtocolgsi::Authenticate(), Display(), Dump(), IsExpired(), IsValid(), and main().

+ Here is the caller graph for this function:

◆ NotBefore()

time_t XrdCryptoX509::NotBefore ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 125 of file XrdCryptoX509.cc.

126 {
127  // Begin-validity time in secs since Epoch
128  ABSTRACTMETHOD("XrdCryptoX509::NotBefore");
129  return -1;
130 }

References ABSTRACTMETHOD.

Referenced by Dump(), and IsValid().

+ Here is the caller graph for this function:

◆ Opaque()

XrdCryptoX509data XrdCryptoX509::Opaque ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 181 of file XrdCryptoX509.cc.

182 {
183  // Return underlying certificate in raw format
184  ABSTRACTMETHOD("XrdCryptoX509::Opaque");
185  return (XrdCryptoX509data)0;
186 }

References ABSTRACTMETHOD.

Referenced by XrdCryptosslX509::Verify(), XrdCryptosslX509Crl::Verify(), XrdVomsFun::VOMSFun(), XrdCryptosslFactory::X509(), XrdCryptosslX509ChainToFile(), XrdCryptosslX509ExportChain(), XrdCryptosslX509ParseBucket(), XrdCryptosslX509ParseFile(), XrdCryptosslX509ToFile(), XrdCryptosslX509VerifyCert(), and XrdCryptosslX509VerifyChain().

+ Here is the caller graph for this function:

◆ ParentFile()

const char * XrdCryptoX509::ParentFile ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 149 of file XrdCryptoX509.cc.

150 {
151  // Return parent file name
152  ABSTRACTMETHOD("XrdCryptoX509::ParentFile");
153  return (const char *)0;
154 }

References ABSTRACTMETHOD.

Referenced by Dump().

+ Here is the caller graph for this function:

◆ PKI()

XrdCryptoRSA * XrdCryptoX509::PKI ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 189 of file XrdCryptoX509.cc.

190 {
191  // Return PKI key of the certificate
192  ABSTRACTMETHOD("XrdCryptoX509::PKI");
193  return (XrdCryptoRSA *)0;
194 }

References ABSTRACTMETHOD.

Referenced by Dump(), main(), XrdCryptosslX509ChainToFile(), XrdCryptosslX509ExportChain(), XrdCryptosslX509ParseBucket(), and XrdCryptosslX509ParseFile().

+ Here is the caller graph for this function:

◆ ProxyType()

virtual const char* XrdCryptoX509::ProxyType ( ) const
inlinevirtual

Reimplemented in XrdCryptosslX509.

Definition at line 83 of file XrdCryptoX509.hh.

83 { return ""; }

Referenced by Display().

+ Here is the caller graph for this function:

◆ SerialNumber()

kXR_int64 XrdCryptoX509::SerialNumber ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 205 of file XrdCryptoX509.cc.

206 {
207  // Return issuer name
208  ABSTRACTMETHOD("XrdCryptoX509::SerialNumber");
209  return -1;
210 }

References ABSTRACTMETHOD.

Referenced by Dump().

+ Here is the caller graph for this function:

◆ SerialNumberString()

XrdOucString XrdCryptoX509::SerialNumberString ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 213 of file XrdCryptoX509.cc.

214 {
215  // Return issuer name
216  ABSTRACTMETHOD("XrdCryptoX509::SerialNumberString");
217  return XrdOucString("");
218 }

References ABSTRACTMETHOD.

Referenced by XrdCryptoX509Chain::Verify().

+ Here is the caller graph for this function:

◆ SetPKI()

void XrdCryptoX509::SetPKI ( XrdCryptoX509data  pki)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 197 of file XrdCryptoX509.cc.

198 {
199  // Set PKI
200 
201  ABSTRACTMETHOD("XrdCryptoX509::SetPKI");
202 }

References ABSTRACTMETHOD.

Referenced by main(), XrdCryptosslX509ParseBucket(), and XrdCryptosslX509ParseFile().

+ Here is the caller graph for this function:

◆ Subject()

const char * XrdCryptoX509::Subject ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 141 of file XrdCryptoX509.cc.

142 {
143  // Return subject name
144  ABSTRACTMETHOD("XrdCryptoX509::Subject");
145  return (const char *)0;
146 }

References ABSTRACTMETHOD.

Referenced by XrdCryptoX509Chain::XrdCryptoX509Chain(), XrdCryptoX509Chain::CheckCA(), Display(), Dump(), XrdCryptoX509Chain::EECname(), XrdCryptoX509Chain::FindSubject(), main(), XrdCryptoX509Chain::Reorder(), XrdCryptoX509Chain::SetEffectiveCA(), XrdCryptosslX509ExportChain(), XrdCryptosslX509ParseFile(), and XrdSecgsiAuthzKey().

+ Here is the caller graph for this function:

◆ SubjectHash() [1/2]

const char* XrdCryptoX509::SubjectHash ( )
inline

Definition at line 104 of file XrdCryptoX509.hh.

104 { return SubjectHash(0); } // hash

References SubjectHash().

Referenced by Dump(), and SubjectHash().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SubjectHash() [2/2]

const char * XrdCryptoX509::SubjectHash ( int  )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 165 of file XrdCryptoX509.cc.

166 {
167  // Return subject name
168  ABSTRACTMETHOD("XrdCryptoX509::SubjectHash");
169  return (const char *)0;
170 }

References ABSTRACTMETHOD.

Referenced by XrdCryptosslX509Crl::XrdCryptosslX509Crl(), XrdCryptoX509Chain::XrdCryptoX509Chain(), XrdCryptoX509Chain::CheckCA(), XrdCryptoX509Chain::Dump(), XrdCryptoX509Chain::EEChash(), XrdSecProtocolgsi::getCredentials(), XrdCryptoX509Chain::SetEffectiveCA(), and XrdCryptosslX509ExportChain().

+ Here is the caller graph for this function:

◆ Type()

const char* XrdCryptoX509::Type ( EX509Type  t = kUnknown) const
inline

Definition at line 80 of file XrdCryptoX509.hh.

81  { return ((t == kUnknown) ? ctype[type+1] : ctype[t+1]); }

References kUnknown, and type.

Referenced by Display(), Dump(), and XrdCryptoX509Chain::Dump().

+ Here is the caller graph for this function:

◆ Verify()

bool XrdCryptoX509::Verify ( XrdCryptoX509 ref)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 237 of file XrdCryptoX509.cc.

238 {
239  // Verify certificate signature with pub key of ref cert
240  ABSTRACTMETHOD("XrdCryptoX509::Verify");
241  return 0;
242 }

References ABSTRACTMETHOD.

Referenced by main(), and XrdCryptoX509Chain::Verify().

+ Here is the caller graph for this function:

Member Data Documentation

◆ type


The documentation for this class was generated from the following files: