xrootd
XrdCryptoX509Chain.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_X509CHAIN_H__
2 #define __CRYPTO_X509CHAIN_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o X 5 0 9 C h a i n . h h */
6 /* */
7 /* (c) 2005 G. Ganis , CERN */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* Chain of X509 certificates. */
34 /* */
35 /* ************************************************************************** */
36 
37 #include "XrdSut/XrdSutBucket.hh"
40 
41 // ---------------------------------------------------------------------------//
42 // //
43 // XrdCryptoX509Chain //
44 // //
45 // Light single-linked list for managing stacks of XrdCryptoX509* objects //
46 // //
47 // ---------------------------------------------------------------------------//
48 
49 //
50 // Description of options for verify
51 typedef struct {
52  int opt; // option container
53  int when; // time of verification (UTC)
54  int pathlen; // max allowed path length of chain
57 
58 const int kOptsCheckSelfSigned = 0x2; // CA ckecking option
59 const int kOptsCheckSubCA = 0x4; // CA-SubCA case (no EEC)
60 
61 //
62 // Node definition
63 //
65 
66 private:
69 public:
71  { cert = c; next = n;}
73 
74  XrdCryptoX509 *Cert() const { return cert; }
75  XrdCryptoX509ChainNode *Next() const { return next; }
76 
78 };
79 
81 
82  enum ESearchMode { kExact = 0, kBegin = 1, kEnd = 2 };
83 
84 public:
87  virtual ~XrdCryptoX509Chain();
88 
89  // CA status
91 
92  // Error codes
98 
99  // In case or error
100  const char *X509ChainError(EX509ChainErr e);
101  const char *LastError() const { return lastError.c_str(); }
102 
103  // Dump content
104  void Dump();
105 
106  // Access information
107  int Size() const { return size; }
108  XrdCryptoX509 *End() const { return end->Cert(); }
109  ECAStatus StatusCA() const { return statusCA; }
110  const char *CAname();
111  const char *EECname();
112  const char *CAhash();
113  const char *EEChash();
114  XrdCryptoX509 *EffCA() const { return effca ? effca->Cert() : (XrdCryptoX509 *)0; }
115 
116  // Modifiers
118  void PutInFront(XrdCryptoX509 *c);
119  void PushBack(XrdCryptoX509 *c);
120  void Remove(XrdCryptoX509 *c);
121  bool CheckCA(bool checkselfsigned = 1);
122  void Cleanup(bool keepCA = 0);
123  void SetStatusCA(ECAStatus st) { statusCA = st; }
124 
125  // Search
126  XrdCryptoX509 *SearchByIssuer(const char *issuer,
127  ESearchMode mode = kExact);
128  XrdCryptoX509 *SearchBySubject(const char *subject,
129  ESearchMode mode = kExact);
130 
131  // Check validity in time
132  virtual int CheckValidity(bool outatfirst = 1, int when = 0);
133 
134  // Reorder (C(n) issuer of C(n+1))
135  virtual int Reorder();
136 
137  // Verify chain
138  virtual bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt = 0);
139 
140  // Pseudo - iterator functionality
141  XrdCryptoX509 *Begin();
142  XrdCryptoX509 *Next();
143 
144 protected:
145 
146 
152  int size;
159 
161  XrdCryptoX509ChainNode *FindIssuer(const char *issuer,
162  ESearchMode mode = kExact,
163  XrdCryptoX509ChainNode **p = 0);
164  XrdCryptoX509ChainNode *FindSubject(const char *subject,
165  ESearchMode mode = kExact,
166  XrdCryptoX509ChainNode **p = 0);
167  void SetEffectiveCA();
168  bool Verify(EX509ChainErr &e, const char *msg,
169  XrdCryptoX509::EX509Type type, int when,
170  XrdCryptoX509 *xcer, XrdCryptoX509 *xsig,
171  XrdCryptoX509Crl *crl = 0);
172 
173 };
174 
175 #endif
ESearchMode
Definition: XrdCryptoX509Chain.hh:82
Definition: XrdCryptoX509Chain.hh:95
const char * X509ChainError(EX509ChainErr e)
void Remove(XrdCryptoX509 *c)
ECAStatus statusCA
Definition: XrdCryptoX509Chain.hh:158
Definition: XrdCryptoX509Chain.hh:95
XrdOucString lastError
Definition: XrdCryptoX509Chain.hh:153
Definition: XrdCryptoX509Chain.hh:96
Definition: XrdCryptoX509Chain.hh:64
void PutInFront(XrdCryptoX509 *c)
XrdCryptoX509 * SearchByIssuer(const char *issuer, ESearchMode mode=kExact)
int opt
Definition: XrdCryptoX509Chain.hh:52
virtual ~XrdCryptoX509Chain()
XrdCryptoX509ChainNode * previous
Definition: XrdCryptoX509Chain.hh:150
Definition: XrdCryptoX509Chain.hh:94
Definition: XrdCryptoX509Chain.hh:93
XrdCryptoX509ChainNode * next
Definition: XrdCryptoX509Chain.hh:68
XrdOucString caname
Definition: XrdCryptoX509Chain.hh:154
bool CheckCA(bool checkselfsigned=1)
XrdOucString cahash
Definition: XrdCryptoX509Chain.hh:156
virtual int CheckValidity(bool outatfirst=1, int when=0)
XrdCryptoX509ChainNode * end
Definition: XrdCryptoX509Chain.hh:149
XrdOucString eecname
Definition: XrdCryptoX509Chain.hh:155
XrdCryptoX509 * cert
Definition: XrdCryptoX509Chain.hh:67
XrdCryptoX509ChainNode * Next() const
Definition: XrdCryptoX509Chain.hh:75
Definition: XrdCryptoX509Chain.hh:96
XrdCryptoX509 * Begin()
int size
Definition: XrdCryptoX509Chain.hh:152
Definition: XrdCryptoX509Chain.hh:93
XrdCryptoX509ChainNode * effca
Definition: XrdCryptoX509Chain.hh:151
XrdCryptoX509 * Cert() const
Definition: XrdCryptoX509Chain.hh:74
XrdCryptoX509 * EffCA() const
Definition: XrdCryptoX509Chain.hh:114
EX509Type
Definition: XrdCryptoX509.hh:55
virtual int Reorder()
Definition: XrdCryptoX509Chain.hh:95
Definition: XrdCryptoX509Chain.hh:82
EX509ChainErr
Definition: XrdCryptoX509Chain.hh:93
XrdCryptoX509ChainNode * current
Definition: XrdCryptoX509Chain.hh:148
XrdCryptoX509 * End() const
Definition: XrdCryptoX509Chain.hh:108
void PushBack(XrdCryptoX509 *c)
Definition: XrdCryptoX509Chain.hh:90
XrdCryptoX509Crl * crl
Definition: XrdCryptoX509Chain.hh:55
const char * CAhash()
Definition: XrdCryptoX509Chain.hh:94
const char * c_str() const
Definition: XrdOucString.hh:280
const char * LastError() const
Definition: XrdCryptoX509Chain.hh:101
XrdCryptoX509ChainNode * FindSubject(const char *subject, ESearchMode mode=kExact, XrdCryptoX509ChainNode **p=0)
const int kOptsCheckSelfSigned
Definition: XrdCryptoX509Chain.hh:58
ECAStatus StatusCA() const
Definition: XrdCryptoX509Chain.hh:109
XrdCryptoX509Chain(XrdCryptoX509 *c=0)
Definition: XrdCryptoX509Chain.hh:82
void InsertAfter(XrdCryptoX509 *c, XrdCryptoX509 *cp)
int when
Definition: XrdCryptoX509Chain.hh:53
virtual bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)
XrdCryptoX509ChainNode * FindIssuer(const char *issuer, ESearchMode mode=kExact, XrdCryptoX509ChainNode **p=0)
Definition: XrdCryptoX509Chain.hh:93
Definition: XrdCryptoX509Chain.hh:97
ECAStatus
Definition: XrdCryptoX509Chain.hh:90
Definition: XrdCryptoX509Chain.hh:51
Definition: XrdCryptoX509Chain.hh:90
XrdOucString eechash
Definition: XrdCryptoX509Chain.hh:157
Definition: XrdCryptoX509Crl.hh:49
Definition: XrdCryptoX509Chain.hh:93
const int kOptsCheckSubCA
Definition: XrdCryptoX509Chain.hh:59
virtual ~XrdCryptoX509ChainNode()
Definition: XrdCryptoX509Chain.hh:72
const char * EEChash()
XrdCryptoX509ChainNode * begin
Definition: XrdCryptoX509Chain.hh:147
Definition: XrdCryptoX509Chain.hh:82
Definition: XrdCryptoX509Chain.hh:90
Definition: XrdCryptoX509Chain.hh:96
void SetNext(XrdCryptoX509ChainNode *n)
Definition: XrdCryptoX509Chain.hh:77
XrdCryptoX509 * Next()
int pathlen
Definition: XrdCryptoX509Chain.hh:54
Definition: XrdCryptoX509Chain.hh:94
void SetStatusCA(ECAStatus st)
Definition: XrdCryptoX509Chain.hh:123
XrdCryptoX509ChainNode * Find(XrdCryptoX509 *c)
int Size() const
Definition: XrdCryptoX509Chain.hh:107
const char * EECname()
Definition: XrdCryptoX509Chain.hh:90
Definition: XrdCryptoX509.hh:51
Definition: XrdOucString.hh:254
Definition: XrdCryptoX509Chain.hh:97
const char * CAname()
void Cleanup(bool keepCA=0)
Definition: XrdCryptoX509Chain.hh:80
Definition: XrdCryptoX509Chain.hh:97
XrdCryptoX509 * SearchBySubject(const char *subject, ESearchMode mode=kExact)
XrdCryptoX509ChainNode(XrdCryptoX509 *c=0, XrdCryptoX509ChainNode *n=0)
Definition: XrdCryptoX509Chain.hh:70