xrootd
XrdCryptosslgsiAux.hh
Go to the documentation of this file.
1#ifndef __CRYPTO_SSLGSIAUX_H__
2#define __CRYPTO_SSLGSIAUX_H__
3/******************************************************************************/
4/* */
5/* X r d C r y p t o s s l g s i A u x . h h */
6/* */
7/* (c) 2005, G. Ganis / CERN */
8/* */
9/* This file is part of the XRootD software suite. */
10/* */
11/* XRootD is free software: you can redistribute it and/or modify it under */
12/* the terms of the GNU Lesser General Public License as published by the */
13/* Free Software Foundation, either version 3 of the License, or (at your */
14/* option) any later version. */
15/* */
16/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19/* License for more details. */
20/* */
21/* You should have received a copy of the GNU Lesser General Public License */
22/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24/* */
25/* The copyright holder's institutional names and contributor's names may not */
26/* be used to endorse or promote products derived from this software without */
27/* specific prior written permission of the institution or contributor. */
28/* */
29/******************************************************************************/
30
31/* ************************************************************************** */
32/* */
33/* GSI utility functions */
34/* */
35/* ************************************************************************** */
36#include "XrdCrypto/XrdCryptosslgsiX509Chain.hh"
40
41// The OID of the extension
42#define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222"
43#define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14"
44
45//
46// Function to check presence of a proxyCertInfo and retrieve the path length
47// constraint. Written following RFC3820 and examples in openssl-<vers>/crypto
48// source code. Extracts the policy field but ignores it contents.
49bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0);
50void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen);
51
52//
53// Proxies
54//
55typedef struct {
56 int bits; // Number of bits in the RSA key [512]
57 int valid; // Duration validity in secs [43200 (12 hours)]
58 int depthlen; // Maximum depth of the path of proxy certificates
59 // that can signed by this proxy certificates
60 // [-1 (== unlimited)]
62//
63// Create proxy certificates
64int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *,
65 XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *);
66//
67// Create a proxy certificate request
70//
71// Sign a proxy certificate request
74//
75// Dump extensions
77//
78// Get VOMS attributes, if any
80//
81// Check GSI 3 proxy info extension
83
84/******************************************************************************/
85/* E r r o r s i n P r o x y M a n i p u l a t i o n s */
86/******************************************************************************/
87#define kErrPX_Error 1 // Generic error condition
88#define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file
89#define kErrPX_BadEECkey 3 // Inconsistent EEC key
90#define kErrPX_ExpiredEEC 4 // EEC is expired
91#define kErrPX_NoResources 5 // Unable to create new objects
92#define kErrPX_SetAttribute 6 // Unable to set a certificate attribute
93#define kErrPX_SetPathDepth 7 // Unable to set path depth
94#define kErrPX_Signing 8 // Problems signing
95#define kErrPX_GenerateKey 9 // Problem generating the RSA key
96#define kErrPX_ProxyFile 10 // Problem creating / updating proxy file
97#define kErrPX_BadNames 11 // Names in certificates are bad
98#define kErrPX_BadSerial 12 // Problems resolving serial number
99#define kErrPX_BadExtension 13 // Problems with the extensions
100
101#endif
102
int XrdSslgsiX509CheckProxy3(XrdCryptoX509 *, XrdOucString &)
int XrdSslgsiX509DumpExtensions(XrdCryptoX509 *)
int XrdSslgsiX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &)
bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy=0)
int XrdSslgsiX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
int XrdSslgsiX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen)
int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *)
Definition: XrdCryptoRSA.hh:51
Definition: XrdCryptoX509Req.hh:50
Definition: XrdCryptoX509.hh:51
Definition: XrdOucString.hh:254
Definition: XrdCryptoFactory.hh:100