xrootd
XrdCryptosslgsiAux.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_SSLGSIAUX_H__
2 #define __CRYPTO_SSLGSIAUX_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o s s l g s i A u x . h h */
6 /* */
7 /* (c) 2005, G. Ganis / CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* GSI utility functions */
34 /* */
35 /* ************************************************************************** */
36 #include "XrdCrypto/XrdCryptosslgsiX509Chain.hh"
39 #include "XrdOuc/XrdOucString.hh"
40 
41 // The OID of the extension
42 #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222"
43 #define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14"
44 
45 //
46 // Function to check presence of a proxyCertInfo and retrieve the path length
47 // constraint. Written following RFC3820 and examples in openssl-<vers>/crypto
48 // source code. Extracts the policy field but ignores it contents.
49 bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0);
50 void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen);
51 
52 //
53 // Proxies
54 //
55 typedef struct {
56  int bits; // Number of bits in the RSA key [512]
57  int valid; // Duration validity in secs [43200 (12 hours)]
58  int depthlen; // Maximum depth of the path of proxy certificates
59  // that can signed by this proxy certificates
60  // [-1 (== unlimited)]
62 //
63 // Create proxy certificates
64 int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *,
65  XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *);
66 //
67 // Create a proxy certificate request
70 //
71 // Sign a proxy certificate request
74 //
75 // Dump extensions
77 //
78 // Get VOMS attributes, if any
80 //
81 // Check GSI 3 proxy info extension
83 
84 /******************************************************************************/
85 /* E r r o r s i n P r o x y M a n i p u l a t i o n s */
86 /******************************************************************************/
87 #define kErrPX_Error 1 // Generic error condition
88 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file
89 #define kErrPX_BadEECkey 3 // Inconsistent EEC key
90 #define kErrPX_ExpiredEEC 4 // EEC is expired
91 #define kErrPX_NoResources 5 // Unable to create new objects
92 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute
93 #define kErrPX_SetPathDepth 7 // Unable to set path depth
94 #define kErrPX_Signing 8 // Problems signing
95 #define kErrPX_GenerateKey 9 // Problem generating the RSA key
96 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file
97 #define kErrPX_BadNames 11 // Names in certificates are bad
98 #define kErrPX_BadSerial 12 // Problems resolving serial number
99 #define kErrPX_BadExtension 13 // Problems with the extensions
100 
101 #endif
102 
int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *)
Definition: XrdCryptoRSA.hh:50
int XrdSslgsiX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
Definition: XrdCryptoFactory.hh:100
Definition: XrdCryptoX509Req.hh:50
int XrdSslgsiX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
int XrdSslgsiX509DumpExtensions(XrdCryptoX509 *)
bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy=0)
int XrdSslgsiX509CheckProxy3(XrdCryptoX509 *, XrdOucString &)
void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen)
int XrdSslgsiX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &)
Definition: XrdCryptoX509.hh:51
Definition: XrdOucString.hh:254