xrootd
XrdCryptoX509.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_X509_H__
2 #define __CRYPTO_X509_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o X 5 0 9 . h h */
6 /* */
7 /* (c) 2005 G. Ganis , CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* Abstract interface for X509 certificates. */
34 /* Allows to plug-in modules based on different crypto implementation */
35 /* (OpenSSL, Botan, ...) */
36 /* */
37 /* ************************************************************************** */
38 
39 #include "XProtocol/XPtypes.hh"
40 #include "XrdSut/XrdSutBucket.hh"
42 
43 typedef void * XrdCryptoX509data;
44 
45 // ---------------------------------------------------------------------------//
46 //
47 // X509 interface
48 // Describes one certificate
49 //
50 // ---------------------------------------------------------------------------//
52 public:
53 
54  // Certificate type
55  enum EX509Type { kUnknown = -1, kCA = 0, kEEC = 1, kProxy = 2 };
57 
58 
60  virtual ~XrdCryptoX509() { }
61 
62  // Status
63  virtual bool IsValid(int when = 0); // object correctly loaded
64  virtual bool IsExpired(int when = 0); // Expired
65 
66  // Access underlying data (in opaque form: used in chains)
67  virtual XrdCryptoX509data Opaque();
68 
69  // Access certificate key
70  virtual XrdCryptoRSA *PKI();
71  virtual void SetPKI(XrdCryptoX509data pki);
72 
73  // Export in form of bucket (for transfers)
74  virtual XrdSutBucket *Export();
75 
76  // Dump information
77  virtual void Dump();
78  virtual int DumpExtensions(bool = 0); // extensions
79 
80  const char *Type(EX509Type t = kUnknown) const
81  { return ((t == kUnknown) ? ctype[type+1] : ctype[t+1]); }
82  virtual const char *ParentFile();
83  virtual const char *ProxyType() const { return ""; }
84 
85  // Key strength
86  virtual int BitStrength();
87 
88  // Serial number
89  virtual kXR_int64 SerialNumber();
91 
92  // Validity interval
93  virtual time_t NotBefore(); // begin-validity time in secs since Epoch
94  virtual time_t NotAfter(); // end-validity time in secs since Epoch
95 
96  // Issuer of top certificate
97  virtual const char *Issuer();
98  virtual const char *IssuerHash(int); // hash
99  const char *IssuerHash() { return IssuerHash(0); } // hash
100 
101  // Subject of bottom certificate
102  virtual const char *Subject();
103  virtual const char *SubjectHash(int); // hash
104  const char *SubjectHash() { return SubjectHash(0); } // hash
105 
106  // Returns true if the certificate has a subject alt name which matches
107  // the given hostnem. If it fals and hasSAN is false, there is no SAN extn.
108  virtual bool MatchesSAN(const char * fqdn, bool &hasSAN) = 0;
109 
110  // Retrieve a given extension if there (in opaque form)
111  virtual XrdCryptoX509data GetExtension(const char *oid);
112 
113  // Verify signature
114  virtual bool Verify(XrdCryptoX509 *ref);
115 
116  // Compare two hostnames, handling wildcards as appropriate. Necessary
117  // for support for accepting connections where the remote X509 certificate
118  // is a wildcard certificate.
119  //
120  // Returns true if the FQDN matches the specified pattern
121  static bool MatchHostnames(const char *match_pattern, const char *fqdn);
122 
123 private:
124 
125  static const char *ctype[4]; // Names of types
126 };
127 
128 #endif
Definition: XrdCryptoRSA.hh:50
EX509Type type
Definition: XrdCryptoX509.hh:56
Definition: XrdCryptoX509.hh:55
virtual void Dump()
virtual bool MatchesSAN(const char *fqdn, bool &hasSAN)=0
static bool MatchHostnames(const char *match_pattern, const char *fqdn)
virtual XrdOucString SerialNumberString()
virtual const char * ParentFile()
virtual XrdCryptoX509data Opaque()
EX509Type
Definition: XrdCryptoX509.hh:55
virtual bool Verify(XrdCryptoX509 *ref)
virtual bool IsExpired(int when=0)
Definition: XrdCryptoX509.hh:55
virtual const char * ProxyType() const
Definition: XrdCryptoX509.hh:83
virtual XrdCryptoX509data GetExtension(const char *oid)
virtual bool IsValid(int when=0)
virtual int DumpExtensions(bool=0)
virtual int BitStrength()
virtual const char * Subject()
static const char * ctype[4]
Definition: XrdCryptoX509.hh:125
virtual time_t NotAfter()
virtual XrdCryptoRSA * PKI()
const char * IssuerHash()
Definition: XrdCryptoX509.hh:99
virtual const char * Issuer()
virtual kXR_int64 SerialNumber()
Definition: XrdCryptoX509.hh:55
void * XrdCryptoX509data
Definition: XrdCryptoX509.hh:43
Definition: XrdSutBucket.hh:43
virtual time_t NotBefore()
virtual ~XrdCryptoX509()
Definition: XrdCryptoX509.hh:60
const char * Type(EX509Type t=kUnknown) const
Definition: XrdCryptoX509.hh:80
const char * SubjectHash()
Definition: XrdCryptoX509.hh:104
virtual XrdSutBucket * Export()
long long kXR_int64
Definition: XPtypes.hh:98
Definition: XrdCryptoX509.hh:51
Definition: XrdOucString.hh:254
Definition: XrdCryptoX509.hh:55
virtual void SetPKI(XrdCryptoX509data pki)
XrdCryptoX509()
Definition: XrdCryptoX509.hh:59