|
xrootd
|
00001 // $Id$ 00002 #ifndef __CRYPTO_SSLGSIAUX_H__ 00003 #define __CRYPTO_SSLGSIAUX_H__ 00004 /******************************************************************************/ 00005 /* */ 00006 /* X r d C r y p t o s s l g s i A u x . h h */ 00007 /* */ 00008 /* (c) 2005, G. Ganis / CERN */ 00009 /* */ 00010 /******************************************************************************/ 00011 00012 /* ************************************************************************** */ 00013 /* */ 00014 /* GSI utility functions */ 00015 /* */ 00016 /* ************************************************************************** */ 00017 #include <XrdCrypto/XrdCryptosslgsiX509Chain.hh> 00018 #include <XrdCrypto/XrdCryptoX509Req.hh> 00019 #include <XrdCrypto/XrdCryptoRSA.hh> 00020 #include <XrdOuc/XrdOucString.hh> 00021 00022 // The OID of the extension 00023 #define gsiProxyCertInfo_OID "1.3.6.1.4.1.3536.1.222" 00024 00025 // 00026 // Function to check presence of a proxyCertInfo and retrieve the path length 00027 // constraint. Written following RFC3820 and examples in openssl-<vers>/crypto 00028 // source code. Extracts the policy field but ignores it contents. 00029 bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0); 00030 void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen); 00031 00032 // 00033 // Proxies 00034 // 00035 typedef struct { 00036 int bits; // Number of bits in the RSA key [512] 00037 int valid; // Duration validity in secs [43200 (12 hours)] 00038 int depthlen; // Maximum depth of the path of proxy certificates 00039 // that can signed by this proxy certificates 00040 // [-1 (== unlimited)] 00041 } XrdProxyOpt_t; 00042 // 00043 // Create proxy certificates 00044 int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, 00045 XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *); 00046 // 00047 // Create a proxy certificate request 00048 int XrdSslgsiX509CreateProxyReq(XrdCryptoX509 *, 00049 XrdCryptoX509Req **, XrdCryptoRSA **); 00050 // 00051 // Sign a proxy certificate request 00052 int XrdSslgsiX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, 00053 XrdCryptoX509Req *, XrdCryptoX509 **); 00054 // 00055 // Dump extensions 00056 int XrdSslgsiX509DumpExtensions(XrdCryptoX509 *); 00057 // 00058 // Get VOMS attributes, if any 00059 int XrdSslgsiX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &); 00060 00061 /******************************************************************************/ 00062 /* E r r o r s i n P r o x y M a n i p u l a t i o n s */ 00063 /******************************************************************************/ 00064 #define kErrPX_Error 1 // Generic error condition 00065 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file 00066 #define kErrPX_BadEECkey 3 // Inconsistent EEC key 00067 #define kErrPX_ExpiredEEC 4 // EEC is expired 00068 #define kErrPX_NoResources 5 // Unable to create new objects 00069 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute 00070 #define kErrPX_SetPathDepth 7 // Unable to set path depth 00071 #define kErrPX_Signing 8 // Problems signing 00072 #define kErrPX_GenerateKey 9 // Problem generating the RSA key 00073 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file 00074 #define kErrPX_BadNames 11 // Names in certificates are bad 00075 #define kErrPX_BadSerial 12 // Problems resolving serial number 00076 #define kErrPX_BadExtension 13 // Problems with the extensions 00077 00078 #endif 00079
1.7.5