#ifndef __CRYPTO_SSLGSIAUX_H__ #define __CRYPTO_SSLGSIAUX_H__ /******************************************************************************/ /* */ /* X r d C r y p t o s s l g s i A u x . h h */ /* */ /* (c) 2005, G. Ganis / CERN */ /* */ /* This file is part of the XRootD software suite. */ /* */ /* XRootD is free software: you can redistribute it and/or modify it under */ /* the terms of the GNU Lesser General Public License as published by the */ /* Free Software Foundation, either version 3 of the License, or (at your */ /* option) any later version. */ /* */ /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ /* License for more details. */ /* */ /* You should have received a copy of the GNU Lesser General Public License */ /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ /* COPYING (GPL license). If not, see . */ /* */ /* The copyright holder's institutional names and contributor's names may not */ /* be used to endorse or promote products derived from this software without */ /* specific prior written permission of the institution or contributor. */ /* */ /******************************************************************************/ /* ************************************************************************** */ /* */ /* GSI utility functions */ /* */ /* ************************************************************************** */ #include "XrdCrypto/XrdCryptosslgsiX509Chain.hh" #include "XrdCrypto/XrdCryptoX509Req.hh" #include "XrdCrypto/XrdCryptoRSA.hh" #include "XrdOuc/XrdOucString.hh" // The OID of the extension #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222" #define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14" // // Function to check presence of a proxyCertInfo and retrieve the path length // constraint. Written following RFC3820 and examples in openssl-/crypto // source code. Extracts the policy field but ignores it contents. bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0); void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen); // // Proxies // typedef struct { int bits; // Number of bits in the RSA key [512] int valid; // Duration validity in secs [43200 (12 hours)] int depthlen; // Maximum depth of the path of proxy certificates // that can signed by this proxy certificates // [-1 (== unlimited)] } XrdProxyOpt_t; // // Create proxy certificates int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *); // // Create a proxy certificate request int XrdSslgsiX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **); // // Sign a proxy certificate request int XrdSslgsiX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **); // // Dump extensions int XrdSslgsiX509DumpExtensions(XrdCryptoX509 *); // // Get VOMS attributes, if any int XrdSslgsiX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &); // // Check GSI 3 proxy info extension int XrdSslgsiX509CheckProxy3(XrdCryptoX509 *, XrdOucString &); /******************************************************************************/ /* E r r o r s i n P r o x y M a n i p u l a t i o n s */ /******************************************************************************/ #define kErrPX_Error 1 // Generic error condition #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file #define kErrPX_BadEECkey 3 // Inconsistent EEC key #define kErrPX_ExpiredEEC 4 // EEC is expired #define kErrPX_NoResources 5 // Unable to create new objects #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute #define kErrPX_SetPathDepth 7 // Unable to set path depth #define kErrPX_Signing 8 // Problems signing #define kErrPX_GenerateKey 9 // Problem generating the RSA key #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file #define kErrPX_BadNames 11 // Names in certificates are bad #define kErrPX_BadSerial 12 // Problems resolving serial number #define kErrPX_BadExtension 13 // Problems with the extensions #endif