/*
* Copyright 1999-2006 University of Chicago
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file globus_gsi_credential.h
* @brief Globus GSI Credential Library
* @author Sam Lang, Sam Meder
*/
#ifndef GLOBUS_INCLUDE_GLOBUS_GSI_CREDENTIAL_H
#define GLOBUS_INCLUDE_GLOBUS_GSI_CREDENTIAL_H
#include "globus_common.h"
#include "globus_error_openssl.h"
#include "globus_gsi_cred_constants.h"
#include "globus_gsi_callback.h"
#include "globus_gsi_cert_utils.h"
#include "globus_gsi_cred_constants.h"
#include "openssl/x509.h"
#include "openssl/bio.h"
#include "openssl/ssl.h"
#include "globus_error_generic.h"
#include "globus_error_openssl.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifndef GLOBUS_GLOBAL_DOCUMENT_SET
/**
* @mainpage Globus GSI Credential
* @copydoc globus_gsi_credential
*/
#endif
/**
* @defgroup globus_gsi_credential Globus GSI Credential
* @brief Globus GSI Credential
*
* The Globus GSI Credential library. This library contains functions that
* provide support for handling X.509 based PKI credentials
*
* - @ref globus_gsi_credential_activation
* - @ref globus_gsi_cred_handle
* - @ref globus_gsi_cred_handle_attrs
* - @ref globus_gsi_cred_operations
* - @ref globus_gsi_credential_constants
*/
/**
* @defgroup globus_gsi_credential_activation Activation
* @ingroup globus_gsi_credential
* @brief Activation
*
* Globus GSI Credential uses standard Globus module activation and
* deactivation. Before any Globus GSI Credential functions are called, the
* following function must be called:
*
* @code
* globus_module_activate(GLOBUS_GSI_CREDENTIAL_MODULE)
* @endcode
*
*
* This function returns GLOBUS_SUCCESS if Globus GSI Credential was
* successfully initialized, and you are therefore allowed to
* subsequently call Globus GSI Credential functions. Otherwise, an error
* code is returned, and Globus GSI Credential functions should not be
* subsequently called. This function may be called multiple times.
*
* To deactivate Globus GSI Credential, the following function must be called:
*
* @code
* globus_module_deactivate(GLOBUS_GSI_CREDENTIAL_MODULE)
* @endcode
*
* This function should be called once for each time Globus GSI Credential
* was activated.
*
*/
/**
* Module descriptor
* @ingroup globus_gsi_credential_activation
* @hideinitializer
*/
#define GLOBUS_GSI_CREDENTIAL_MODULE (&globus_i_gsi_credential_module)
extern
globus_module_descriptor_t globus_i_gsi_credential_module;
#define _GCRSL(s) globus_common_i18n_get_string( \
GLOBUS_GSI_CREDENTIAL_MODULE, \
s)
/**
* @defgroup globus_gsi_cred_handle Credential Handle Management
* @ingroup globus_gsi_credential
* @brief Credential Handle Management
*
* Create/Destroy/Modify a GSI Credential Handle.
*
* Within the Globus GSI Credential Library, all credential operations
* require a handle parameter. Currently only one operation may be
* in progress at once per credential handle.
*
* This section defines operations to create, modify and destroy GSI
* Credential handles.
*/
/**
* @defgroup globus_gsi_cred_handle_attrs Credential Handle Attributes
* @ingroup globus_gsi_credential
* @brief Credential Handle Attributes
*
* Create/Destroy/Modify GSI Credential Handle Attributes.
*
* Within the Globus GSI Credential Library, all credential handles
* contain a attribute structure, which in turn contains handle instance
* independent attributes.
*
* This section defines operations to create, modify and destroy GSI
* Credential handle attributes.
*/
/**
* @defgroup globus_gsi_cred_operations Credential Operations
* @ingroup globus_gsi_credential
* @brief Credential Operations
*
* Read/Write a GSI Credential Handle.
*
* This section defines operations to read and write GSI
* Credential handles.
*/
/**
* GSI Credential Handle.
* @ingroup globus_gsi_cred_handle
*
* A GSI Credential handle keeps track of state relating to a credential.
* Handles can have immutable @ref globus_gsi_cred_handle_attrs_t "attributes"
* associated with them. All credential @link globus_gsi_cred_operations
* operations @endlink take a credential handle pointer as a parameter.
*
* @see globus_gsi_cred_handle_init(),
* globus_gsi_cred_handle_destroy(), globus_gsi_cred_handle_attrs_t
*/
typedef struct globus_l_gsi_cred_handle_s *
globus_gsi_cred_handle_t;
/**
* Credential Handle Attributes.
* @ingroup globus_gsi_cred_handle_attrs
*
* Credential handle attributes provide a set of immutable parameters
* for a credential handle
*
* @see globus_gsi_cred_handle_init
*/
typedef struct globus_l_gsi_cred_handle_attrs_s *
globus_gsi_cred_handle_attrs_t;
globus_result_t globus_gsi_cred_handle_init(
globus_gsi_cred_handle_t * handle,
globus_gsi_cred_handle_attrs_t handle_attrs);
globus_result_t globus_gsi_cred_handle_destroy(
globus_gsi_cred_handle_t handle);
globus_result_t globus_gsi_cred_handle_copy(
globus_gsi_cred_handle_t source,
globus_gsi_cred_handle_t * dest);
globus_result_t globus_gsi_cred_handle_attrs_init(
globus_gsi_cred_handle_attrs_t * handle_attrs);
globus_result_t globus_gsi_cred_handle_attrs_destroy(
globus_gsi_cred_handle_attrs_t handle_attrs);
globus_result_t globus_gsi_cred_handle_attrs_copy(
globus_gsi_cred_handle_attrs_t source,
globus_gsi_cred_handle_attrs_t * dest);
globus_result_t globus_gsi_cred_read(
globus_gsi_cred_handle_t handle,
X509_NAME * desired_subject);
globus_result_t globus_gsi_cred_read_proxy(
globus_gsi_cred_handle_t handle,
const char * proxy_filename);
globus_result_t globus_gsi_cred_read_proxy_bio(
globus_gsi_cred_handle_t handle,
BIO * bio);
globus_result_t globus_gsi_cred_read_key(
globus_gsi_cred_handle_t handle,
const char * key_filename,
int (*pw_cb)());
globus_result_t globus_gsi_cred_read_cert(
globus_gsi_cred_handle_t handle,
const char * cert_filename);
globus_result_t globus_gsi_cred_read_cert_bio(
globus_gsi_cred_handle_t handle,
BIO * bio);
globus_result_t globus_gsi_cred_read_cert_buffer(
const char * pem_buf,
globus_gsi_cred_handle_t * out_handle,
X509 ** out_cert,
STACK_OF(X509) ** out_cert_chain,
char ** out_subject);
globus_result_t globus_gsi_cred_read_pkcs12(
globus_gsi_cred_handle_t handle,
const char * pkcs12_filename);
globus_result_t globus_gsi_cred_write(
globus_gsi_cred_handle_t handle,
BIO * bio);
globus_result_t globus_gsi_cred_write_proxy(
globus_gsi_cred_handle_t handle,
const char * proxy_filename);
globus_result_t
globus_gsi_cred_verify_cert_chain(
globus_gsi_cred_handle_t cred_handle,
globus_gsi_callback_data_t callback_data);
globus_result_t
globus_gsi_cred_verify_cert_chain_when(
globus_gsi_cred_handle_t cred_handle,
globus_gsi_callback_data_t callback_data,
time_t check_time);
globus_result_t globus_gsi_cred_verify(
globus_gsi_cred_handle_t handle);
globus_result_t globus_gsi_cred_get_X509_subject_name(
globus_gsi_cred_handle_t handle,
X509_NAME ** subject_name);
globus_result_t globus_gsi_cred_get_subject_name(
globus_gsi_cred_handle_t handle,
char ** subject_name);
globus_result_t globus_gsi_cred_get_policies(
globus_gsi_cred_handle_t handle,
STACK_OF(OPENSSL_STRING) ** policies);
globus_result_t globus_gsi_cred_get_policy_languages(
globus_gsi_cred_handle_t handle,
STACK_OF(ASN1_OBJECT) ** languages);
globus_result_t globus_gsi_cred_get_path_lengths(
globus_gsi_cred_handle_t handle,
STACK_OF(ASN1_INTEGER) * integer);
globus_result_t globus_gsi_cred_get_X509_issuer_name(
globus_gsi_cred_handle_t handle,
X509_NAME ** issuer_name);
globus_result_t globus_gsi_cred_get_issuer_name(
globus_gsi_cred_handle_t handle,
char ** issuer_name);
globus_result_t globus_gsi_cred_get_X509_identity_name(
globus_gsi_cred_handle_t handle,
X509_NAME ** identity_name);
globus_result_t globus_gsi_cred_get_identity_name(
globus_gsi_cred_handle_t handle,
char ** identity_name);
globus_result_t globus_gsi_cred_set_cert(
globus_gsi_cred_handle_t handle,
X509 * cert);
globus_result_t globus_gsi_cred_set_key(
globus_gsi_cred_handle_t handle,
EVP_PKEY * key);
globus_result_t globus_gsi_cred_set_cert_chain(
globus_gsi_cred_handle_t handle,
STACK_OF(X509) * cert_chain);
globus_result_t globus_gsi_cred_get_cert(
globus_gsi_cred_handle_t handle,
X509 ** cert);
globus_result_t globus_gsi_cred_get_key(
globus_gsi_cred_handle_t handle,
EVP_PKEY ** key);
globus_result_t globus_gsi_cred_get_cert_chain(
globus_gsi_cred_handle_t handle,
STACK_OF(X509) ** cert_chain);
globus_result_t globus_gsi_cred_get_handle_attrs(
globus_gsi_cred_handle_t handle,
globus_gsi_cred_handle_attrs_t * handle_attrs);
globus_result_t globus_gsi_cred_get_lifetime(
globus_gsi_cred_handle_t handle,
time_t * lifetime);
globus_result_t globus_gsi_cred_get_goodtill(
globus_gsi_cred_handle_t handle,
time_t * goodtill);
globus_result_t globus_gsi_cred_get_cert_type(
globus_gsi_cred_handle_t handle,
globus_gsi_cert_utils_cert_type_t * type);
globus_result_t globus_gsi_cred_get_key_bits(
globus_gsi_cred_handle_t handle,
int * key_bits);
GLOBUS_DEPRECATED(
globus_result_t globus_gsi_cred_handle_attrs_set_ca_cert_dir(
globus_gsi_cred_handle_attrs_t handle_attrs,
const char * ca_cert_dir));
GLOBUS_DEPRECATED(
globus_result_t globus_gsi_cred_handle_attrs_get_ca_cert_dir(
globus_gsi_cred_handle_attrs_t handle_attrs,
char ** ca_cert_dir));
globus_result_t globus_gsi_cred_handle_attrs_set_search_order(
globus_gsi_cred_handle_attrs_t handle_attrs,
globus_gsi_cred_type_t search_order[]); /*{PROXY,USER,HOST}*/
globus_result_t globus_gsi_cred_handle_attrs_get_search_order(
globus_gsi_cred_handle_attrs_t handle_attrs,
globus_gsi_cred_type_t * search_order[]);/*{PROXY,USER,HOST}*/
#ifdef __cplusplus
}
#endif
#endif /* GLOBUS_INCLUDE_GLOBUS_GSI_CREDENTIAL_H */