current/html/XrdCryptoX509Chain_8hh_source.html

#ifndef __CRYPTO_X509CHAIN_H__

#define __CRYPTO_X509CHAIN_H__

/******************************************************************************/

/*                                                                            */

/*                   X r d C r y p t o X 5 0 9 C h a i n . h h                */

/*                                                                            */

/* (c) 2005 G. Ganis , CERN                                                   */

/*                                                                            */

/* This file is part of the XRootD software suite.                            */

/*                                                                            */

/* XRootD is free software: you can redistribute it and/or modify it under    */

/* the terms of the GNU Lesser General Public License as published by the     */

/* Free Software Foundation, either version 3 of the License, or (at your     */

/* option) any later version.                                                 */

/*                                                                            */

/* XRootD is distributed in the hope that it will be useful, but WITHOUT      */

/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or      */

/* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public       */

/* License for more details.                                                  */

/*                                                                            */

/* You should have received a copy of the GNU Lesser General Public License   */

/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file  */

/* COPYING (GPL license).  If not, see <http://www.gnu.org/licenses/>.        */

/*                                                                            */

/* The copyright holder's institutional names and contributor's names may not */

/* be used to endorse or promote products derived from this software without  */

/* specific prior written permission of the institution or contributor.       */

/*                                                                            */

/******************************************************************************/


/* ************************************************************************** */

/*                                                                            */

/* Chain of X509 certificates.                                                */

/*                                                                            */

/* ************************************************************************** */


#include "XrdSut/XrdSutBucket.hh"

#include "XrdCrypto/XrdCryptoX509.hh"

#include "XrdCrypto/XrdCryptoX509Crl.hh"


// ---------------------------------------------------------------------------//

//                                                                            //

// XrdCryptoX509Chain                                                         //

//                                                                            //

// Light single-linked list for managing stacks of XrdCryptoX509* objects     //

//                                                                            //

// ---------------------------------------------------------------------------//


//

// Description of options for verify


typedef struct {

   int  opt;            // option container

   int  when;           // time of verification (UTC)

   int  pathlen;        // max allowed path length of chain

   XrdCryptoX509Crl *crl; // CRL

} x509ChainVerifyOpt_t;


const int kOptsCheckSelfSigned = 0x2;    // CA ckecking option

const int kOptsCheckSubCA      = 0x4;    // CA-SubCA case (no EEC)


//

// Node definition

//


class XrdCryptoX509ChainNode {


private:

   XrdCryptoX509          *cert;

   XrdCryptoX509ChainNode *next;

public:


   XrdCryptoX509ChainNode(XrdCryptoX509 *c = 0, XrdCryptoX509ChainNode *n = 0)

        { cert = c; next = n;}


   virtual ~XrdCryptoX509ChainNode() { }


   XrdCryptoX509          *Cert() const { return cert; }

   XrdCryptoX509ChainNode *Next() const { return next; }


   void SetNext(XrdCryptoX509ChainNode *n) { next = n; }

};


class XrdCryptoX509Chain {


   enum ESearchMode { kExact = 0, kBegin = 1, kEnd = 2 };


public:

   XrdCryptoX509Chain(XrdCryptoX509 *c = 0);

   XrdCryptoX509Chain(XrdCryptoX509Chain *ch);

   virtual ~XrdCryptoX509Chain();


   // CA status

   enum ECAStatus { kUnknown = 0, kAbsent, kInvalid, kValid};


   // Error codes


   enum EX509ChainErr { kNone = 0, kInconsistent, kTooMany, kNoCA,

                        kNoCertificate, kInvalidType, kInvalidNames,

                        kRevoked, kExpired, kMissingExtension,

                        kVerifyFail, kInvalidSign, kCANotAutoSigned,

                        kNoEEC, kTooManyEEC, kInvalidProxy };


   // In case or error

   const char         *X509ChainError(EX509ChainErr e);

   const char         *LastError() const { return lastError.c_str(); }


   // Dump content

   void Dump();


   // Access information

   int                 Size() const { return size; }

   XrdCryptoX509      *End() const { return end->Cert(); }

   ECAStatus           StatusCA() const { return statusCA; }

   const char         *CAname();

   const char         *EECname();

   const char         *CAhash();

   const char         *EEChash();

   XrdCryptoX509      *EffCA() const { return effca ? effca->Cert() : (XrdCryptoX509 *)0; }


   // Modifiers

   void                InsertAfter(XrdCryptoX509 *c, XrdCryptoX509 *cp);

   void                PutInFront(XrdCryptoX509 *c);

   void                PushBack(XrdCryptoX509 *c);

   void                Remove(XrdCryptoX509 *c);

   bool                CheckCA(bool checkselfsigned = 1);

   void                Cleanup(bool keepCA = 0);

   void                SetStatusCA(ECAStatus st) { statusCA = st; }


   // Search

   XrdCryptoX509      *SearchByIssuer(const char *issuer,

                                      ESearchMode mode = kExact);

   XrdCryptoX509      *SearchBySubject(const char *subject,

                                       ESearchMode mode = kExact);


   // Check validity in time

   virtual int         CheckValidity(bool outatfirst = 1, int when = 0);


   // Reorder (C(n) issuer of C(n+1))

   virtual int         Reorder();


   // Verify chain

   virtual bool        Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt = 0);


   // Pseudo - iterator functionality

   XrdCryptoX509       *Begin();

   XrdCryptoX509       *Next();


protected:


   XrdCryptoX509ChainNode *begin;

   XrdCryptoX509ChainNode *current;

   XrdCryptoX509ChainNode *end;

   XrdCryptoX509ChainNode *previous;

   XrdCryptoX509ChainNode *effca;

   int                     size;

   XrdOucString            lastError;

   XrdOucString            caname;

   XrdOucString            eecname;

   XrdOucString            cahash;

   XrdOucString            eechash;

   ECAStatus               statusCA;


   XrdCryptoX509ChainNode *Find(XrdCryptoX509 *c);

   XrdCryptoX509ChainNode *FindIssuer(const char *issuer,

                                      ESearchMode mode = kExact,

                                      XrdCryptoX509ChainNode **p = 0);

   XrdCryptoX509ChainNode *FindSubject(const char *subject,

                                       ESearchMode mode = kExact,

                                       XrdCryptoX509ChainNode **p = 0);

   void SetEffectiveCA();

   bool Verify(EX509ChainErr &e, const char *msg,

               XrdCryptoX509::EX509Type type, int when,

               XrdCryptoX509 *xcer, XrdCryptoX509 *xsig,

               XrdCryptoX509Crl *crl = 0);


};


#endif

kOptsCheckSelfSigned
const int kOptsCheckSelfSigned
Definition XrdCryptoX509Chain.hh:58

kOptsCheckSubCA
const int kOptsCheckSubCA
Definition XrdCryptoX509Chain.hh:59

XrdCryptoX509Crl.hh

XrdCryptoX509.hh

XrdSutBucket.hh

XrdCryptoX509ChainNode
Definition XrdCryptoX509Chain.hh:64

XrdCryptoX509ChainNode::cert
XrdCryptoX509 * cert
Definition XrdCryptoX509Chain.hh:67

XrdCryptoX509ChainNode::XrdCryptoX509ChainNode
XrdCryptoX509ChainNode(XrdCryptoX509 *c=0, XrdCryptoX509ChainNode *n=0)
Definition XrdCryptoX509Chain.hh:70

XrdCryptoX509ChainNode::~XrdCryptoX509ChainNode
virtual ~XrdCryptoX509ChainNode()
Definition XrdCryptoX509Chain.hh:72

XrdCryptoX509ChainNode::next
XrdCryptoX509ChainNode * next
Definition XrdCryptoX509Chain.hh:68

XrdCryptoX509ChainNode::Cert
XrdCryptoX509 * Cert() const
Definition XrdCryptoX509Chain.hh:74

XrdCryptoX509ChainNode::Next
XrdCryptoX509ChainNode * Next() const
Definition XrdCryptoX509Chain.hh:75

XrdCryptoX509ChainNode::SetNext
void SetNext(XrdCryptoX509ChainNode *n)
Definition XrdCryptoX509Chain.hh:77

XrdCryptoX509Chain
Definition XrdCryptoX509Chain.hh:80

XrdCryptoX509Chain::InsertAfter
void InsertAfter(XrdCryptoX509 *c, XrdCryptoX509 *cp)

XrdCryptoX509Chain::CheckCA
bool CheckCA(bool checkselfsigned=1)

XrdCryptoX509Chain::Verify
bool Verify(EX509ChainErr &e, const char *msg, XrdCryptoX509::EX509Type type, int when, XrdCryptoX509 *xcer, XrdCryptoX509 *xsig, XrdCryptoX509Crl *crl=0)

XrdCryptoX509Chain::Next
XrdCryptoX509 * Next()

XrdCryptoX509Chain::end
XrdCryptoX509ChainNode * end
Definition XrdCryptoX509Chain.hh:149

XrdCryptoX509Chain::CAname
const char * CAname()

XrdCryptoX509Chain::statusCA
ECAStatus statusCA
Definition XrdCryptoX509Chain.hh:158

XrdCryptoX509Chain::size
int size
Definition XrdCryptoX509Chain.hh:152

XrdCryptoX509Chain::LastError
const char * LastError() const
Definition XrdCryptoX509Chain.hh:101

XrdCryptoX509Chain::Begin
XrdCryptoX509 * Begin()

XrdCryptoX509Chain::eecname
XrdOucString eecname
Definition XrdCryptoX509Chain.hh:155

XrdCryptoX509Chain::ECAStatus
ECAStatus
Definition XrdCryptoX509Chain.hh:90

XrdCryptoX509Chain::kInvalid
@ kInvalid
Definition XrdCryptoX509Chain.hh:90

XrdCryptoX509Chain::kUnknown
@ kUnknown
Definition XrdCryptoX509Chain.hh:90

XrdCryptoX509Chain::kValid
@ kValid
Definition XrdCryptoX509Chain.hh:90

XrdCryptoX509Chain::kAbsent
@ kAbsent
Definition XrdCryptoX509Chain.hh:90

XrdCryptoX509Chain::FindIssuer
XrdCryptoX509ChainNode * FindIssuer(const char *issuer, ESearchMode mode=kExact, XrdCryptoX509ChainNode **p=0)

XrdCryptoX509Chain::EffCA
XrdCryptoX509 * EffCA() const
Definition XrdCryptoX509Chain.hh:114

XrdCryptoX509Chain::FindSubject
XrdCryptoX509ChainNode * FindSubject(const char *subject, ESearchMode mode=kExact, XrdCryptoX509ChainNode **p=0)

XrdCryptoX509Chain::begin
XrdCryptoX509ChainNode * begin
Definition XrdCryptoX509Chain.hh:147

XrdCryptoX509Chain::Cleanup
void Cleanup(bool keepCA=0)

XrdCryptoX509Chain::Reorder
virtual int Reorder()

XrdCryptoX509Chain::Dump
void Dump()

XrdCryptoX509Chain::caname
XrdOucString caname
Definition XrdCryptoX509Chain.hh:154

XrdCryptoX509Chain::SetEffectiveCA
void SetEffectiveCA()

XrdCryptoX509Chain::Remove
void Remove(XrdCryptoX509 *c)

XrdCryptoX509Chain::Size
int Size() const
Definition XrdCryptoX509Chain.hh:107

XrdCryptoX509Chain::CheckValidity
virtual int CheckValidity(bool outatfirst=1, int when=0)

XrdCryptoX509Chain::SearchByIssuer
XrdCryptoX509 * SearchByIssuer(const char *issuer, ESearchMode mode=kExact)

XrdCryptoX509Chain::SetStatusCA
void SetStatusCA(ECAStatus st)
Definition XrdCryptoX509Chain.hh:123

XrdCryptoX509Chain::StatusCA
ECAStatus StatusCA() const
Definition XrdCryptoX509Chain.hh:109

XrdCryptoX509Chain::previous
XrdCryptoX509ChainNode * previous
Definition XrdCryptoX509Chain.hh:150

XrdCryptoX509Chain::cahash
XrdOucString cahash
Definition XrdCryptoX509Chain.hh:156

XrdCryptoX509Chain::CAhash
const char * CAhash()

XrdCryptoX509Chain::current
XrdCryptoX509ChainNode * current
Definition XrdCryptoX509Chain.hh:148

XrdCryptoX509Chain::PushBack
void PushBack(XrdCryptoX509 *c)

XrdCryptoX509Chain::lastError
XrdOucString lastError
Definition XrdCryptoX509Chain.hh:153

XrdCryptoX509Chain::~XrdCryptoX509Chain
virtual ~XrdCryptoX509Chain()

XrdCryptoX509Chain::X509ChainError
const char * X509ChainError(EX509ChainErr e)

XrdCryptoX509Chain::XrdCryptoX509Chain
XrdCryptoX509Chain(XrdCryptoX509Chain *ch)

XrdCryptoX509Chain::EX509ChainErr
EX509ChainErr
Definition XrdCryptoX509Chain.hh:93

XrdCryptoX509Chain::kNoCA
@ kNoCA
Definition XrdCryptoX509Chain.hh:93

XrdCryptoX509Chain::kNoCertificate
@ kNoCertificate
Definition XrdCryptoX509Chain.hh:94

XrdCryptoX509Chain::kInvalidSign
@ kInvalidSign
Definition XrdCryptoX509Chain.hh:96

XrdCryptoX509Chain::kNone
@ kNone
Definition XrdCryptoX509Chain.hh:93

XrdCryptoX509Chain::kInvalidProxy
@ kInvalidProxy
Definition XrdCryptoX509Chain.hh:97

XrdCryptoX509Chain::kVerifyFail
@ kVerifyFail
Definition XrdCryptoX509Chain.hh:96

XrdCryptoX509Chain::kExpired
@ kExpired
Definition XrdCryptoX509Chain.hh:95

XrdCryptoX509Chain::kMissingExtension
@ kMissingExtension
Definition XrdCryptoX509Chain.hh:95

XrdCryptoX509Chain::kInvalidNames
@ kInvalidNames
Definition XrdCryptoX509Chain.hh:94

XrdCryptoX509Chain::kCANotAutoSigned
@ kCANotAutoSigned
Definition XrdCryptoX509Chain.hh:96

XrdCryptoX509Chain::kInvalidType
@ kInvalidType
Definition XrdCryptoX509Chain.hh:94

XrdCryptoX509Chain::kInconsistent
@ kInconsistent
Definition XrdCryptoX509Chain.hh:93

XrdCryptoX509Chain::kRevoked
@ kRevoked
Definition XrdCryptoX509Chain.hh:95

XrdCryptoX509Chain::kTooMany
@ kTooMany
Definition XrdCryptoX509Chain.hh:93

XrdCryptoX509Chain::kTooManyEEC
@ kTooManyEEC
Definition XrdCryptoX509Chain.hh:97

XrdCryptoX509Chain::kNoEEC
@ kNoEEC
Definition XrdCryptoX509Chain.hh:97

XrdCryptoX509Chain::End
XrdCryptoX509 * End() const
Definition XrdCryptoX509Chain.hh:108

XrdCryptoX509Chain::SearchBySubject
XrdCryptoX509 * SearchBySubject(const char *subject, ESearchMode mode=kExact)

XrdCryptoX509Chain::eechash
XrdOucString eechash
Definition XrdCryptoX509Chain.hh:157

XrdCryptoX509Chain::EECname
const char * EECname()

XrdCryptoX509Chain::PutInFront
void PutInFront(XrdCryptoX509 *c)

XrdCryptoX509Chain::ESearchMode
ESearchMode
Definition XrdCryptoX509Chain.hh:82

XrdCryptoX509Chain::kEnd
@ kEnd
Definition XrdCryptoX509Chain.hh:82

XrdCryptoX509Chain::kBegin
@ kBegin
Definition XrdCryptoX509Chain.hh:82

XrdCryptoX509Chain::kExact
@ kExact
Definition XrdCryptoX509Chain.hh:82

XrdCryptoX509Chain::Verify
virtual bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)

XrdCryptoX509Chain::effca
XrdCryptoX509ChainNode * effca
Definition XrdCryptoX509Chain.hh:151

XrdCryptoX509Chain::EEChash
const char * EEChash()

XrdCryptoX509Chain::Find
XrdCryptoX509ChainNode * Find(XrdCryptoX509 *c)

XrdCryptoX509Chain::XrdCryptoX509Chain
XrdCryptoX509Chain(XrdCryptoX509 *c=0)

XrdCryptoX509Crl
Definition XrdCryptoX509Crl.hh:49

XrdCryptoX509
Definition XrdCryptoX509.hh:51

XrdCryptoX509::EX509Type
EX509Type
Definition XrdCryptoX509.hh:55

XrdOucString
Definition XrdOucString.hh:254

XrdOucString::c_str
const char * c_str() const
Definition XrdOucString.hh:280

x509ChainVerifyOpt_t
Definition XrdCryptoX509Chain.hh:51

x509ChainVerifyOpt_t::opt
int opt
Definition XrdCryptoX509Chain.hh:52

x509ChainVerifyOpt_t::crl
XrdCryptoX509Crl * crl
Definition XrdCryptoX509Chain.hh:55

x509ChainVerifyOpt_t::pathlen
int pathlen
Definition XrdCryptoX509Chain.hh:54

x509ChainVerifyOpt_t::when
int when
Definition XrdCryptoX509Chain.hh:53