00001 #ifndef __CRYPTO_SSLGSIAUX_H__ 00002 #define __CRYPTO_SSLGSIAUX_H__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d C r y p t o s s l g s i A u x . h h */ 00006 /* */ 00007 /* (c) 2005, G. Ganis / CERN */ 00008 /* */ 00009 /* This file is part of the XRootD software suite. */ 00010 /* */ 00011 /* XRootD is free software: you can redistribute it and/or modify it under */ 00012 /* the terms of the GNU Lesser General Public License as published by the */ 00013 /* Free Software Foundation, either version 3 of the License, or (at your */ 00014 /* option) any later version. */ 00015 /* */ 00016 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 00017 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 00018 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 00019 /* License for more details. */ 00020 /* */ 00021 /* You should have received a copy of the GNU Lesser General Public License */ 00022 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 00023 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 00024 /* */ 00025 /* The copyright holder's institutional names and contributor's names may not */ 00026 /* be used to endorse or promote products derived from this software without */ 00027 /* specific prior written permission of the institution or contributor. */ 00028 /* */ 00029 /******************************************************************************/ 00030 00031 /* ************************************************************************** */ 00032 /* */ 00033 /* GSI utility functions */ 00034 /* */ 00035 /* ************************************************************************** */ 00036 #include "XrdCrypto/XrdCryptosslgsiX509Chain.hh" 00037 #include "XrdCrypto/XrdCryptoX509Req.hh" 00038 #include "XrdCrypto/XrdCryptoRSA.hh" 00039 #include "XrdOuc/XrdOucString.hh" 00040 00041 // The OID of the extension 00042 #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222" 00043 #define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14" 00044 00045 // 00046 // Function to check presence of a proxyCertInfo and retrieve the path length 00047 // constraint. Written following RFC3820 and examples in openssl-<vers>/crypto 00048 // source code. Extracts the policy field but ignores it contents. 00049 bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0); 00050 void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen); 00051 00052 // 00053 // Proxies 00054 // 00055 typedef struct { 00056 int bits; // Number of bits in the RSA key [512] 00057 int valid; // Duration validity in secs [43200 (12 hours)] 00058 int depthlen; // Maximum depth of the path of proxy certificates 00059 // that can signed by this proxy certificates 00060 // [-1 (== unlimited)] 00061 } XrdProxyOpt_t; 00062 // 00063 // Create proxy certificates 00064 int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, 00065 XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *); 00066 // 00067 // Create a proxy certificate request 00068 int XrdSslgsiX509CreateProxyReq(XrdCryptoX509 *, 00069 XrdCryptoX509Req **, XrdCryptoRSA **); 00070 // 00071 // Sign a proxy certificate request 00072 int XrdSslgsiX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, 00073 XrdCryptoX509Req *, XrdCryptoX509 **); 00074 // 00075 // Dump extensions 00076 int XrdSslgsiX509DumpExtensions(XrdCryptoX509 *); 00077 // 00078 // Get VOMS attributes, if any 00079 int XrdSslgsiX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &); 00080 // 00081 // Check GSI 3 proxy info extension 00082 int XrdSslgsiX509CheckProxy3(XrdCryptoX509 *, XrdOucString &); 00083 00084 /******************************************************************************/ 00085 /* E r r o r s i n P r o x y M a n i p u l a t i o n s */ 00086 /******************************************************************************/ 00087 #define kErrPX_Error 1 // Generic error condition 00088 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file 00089 #define kErrPX_BadEECkey 3 // Inconsistent EEC key 00090 #define kErrPX_ExpiredEEC 4 // EEC is expired 00091 #define kErrPX_NoResources 5 // Unable to create new objects 00092 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute 00093 #define kErrPX_SetPathDepth 7 // Unable to set path depth 00094 #define kErrPX_Signing 8 // Problems signing 00095 #define kErrPX_GenerateKey 9 // Problem generating the RSA key 00096 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file 00097 #define kErrPX_BadNames 11 // Names in certificates are bad 00098 #define kErrPX_BadSerial 12 // Problems resolving serial number 00099 #define kErrPX_BadExtension 13 // Problems with the extensions 00100 00101 #endif 00102