00001 #ifndef __CRYPTO_SSLAUX_H__
00002 #define __CRYPTO_SSLAUX_H__
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037 #include "XrdCrypto/XrdCryptoAux.hh"
00038 #include "XrdCrypto/XrdCryptoFactory.hh"
00039 #include "XrdCrypto/XrdCryptoX509Chain.hh"
00040 #include <openssl/asn1.h>
00041
00042 #define kSslKDFunDefLen 24
00043
00045 class XrdTlsPeerCerts;
00046
00047
00048
00049
00050 int XrdCryptosslKDFunLen();
00051 int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen,
00052 char *key, int len);
00053
00054
00055 bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *c, XrdCryptoX509 *r);
00056
00057 bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode);
00058
00059 XrdSutBucket *XrdCryptosslX509ExportChain(XrdCryptoX509Chain *c, bool key = 0);
00060
00061 int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *c, const char *fn);
00062
00063 int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *c);
00064
00065 int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *c);
00066
00067 int XrdCryptosslX509ParseStack(void* ssl, XrdCryptoX509Chain *chain);
00068
00069
00070 time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1);
00071
00072
00073 void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s);
00074
00075
00076
00077
00078
00079
00080 bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0);
00081 void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen);
00082
00083 int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *,
00084 XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
00085
00086 int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *,
00087 XrdCryptoX509Req **, XrdCryptoRSA **);
00088
00089 int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *,
00090 XrdCryptoX509Req *, XrdCryptoX509 **);
00091
00092 int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &);
00093
00094 int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &);
00095
00096
00097
00098
00099 #define sslTRACE_ALL 0x0007
00100 #define sslTRACE_Dump 0x0004
00101 #define sslTRACE_Debug 0x0002
00102 #define sslTRACE_Notify 0x0001
00103
00104
00105
00106
00107 #define kErrPX_Error 1 // Generic error condition
00108 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file
00109 #define kErrPX_BadEECkey 3 // Inconsistent EEC key
00110 #define kErrPX_ExpiredEEC 4 // EEC is expired
00111 #define kErrPX_NoResources 5 // Unable to create new objects
00112 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute
00113 #define kErrPX_SetPathDepth 7 // Unable to set path depth
00114 #define kErrPX_Signing 8 // Problems signing
00115 #define kErrPX_GenerateKey 9 // Problem generating the RSA key
00116 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file
00117 #define kErrPX_BadNames 11 // Names in certificates are bad
00118 #define kErrPX_BadSerial 12 // Problems resolving serial number
00119 #define kErrPX_BadExtension 13 // Problems with the extensions
00120
00121 #endif
00122