ARC SDK
Credential.h
1 #ifndef __ARC_CREDENTIAL_H__
2 #define __ARC_CREDENTIAL_H__
3 
4 #include <stdlib.h>
5 #include <stdexcept>
6 #include <iostream>
7 #include <string>
8 #include <openssl/asn1.h>
9 #include <openssl/pem.h>
10 #include <openssl/x509.h>
11 #include <openssl/x509v3.h>
12 #include <openssl/pkcs12.h>
13 #include <openssl/rsa.h>
14 #include <openssl/bn.h>
15 #include <openssl/err.h>
16 
17 #include <arc/Logger.h>
18 #include <arc/DateTime.h>
19 #include <arc/UserConfig.h>
20 
21 #include <arc/credential/CertUtil.h>
22 #include <arc/credential/PasswordSource.h>
23 
24 namespace Arc {
25 
28 
34 class CredentialError : public std::runtime_error {
35  public:
36  // Constructor
40  CredentialError(const std::string& what="");
41 };
42 
43 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
45 
48 typedef enum { SIGN_DEFAULT = 0,
49  SIGN_SHA1,
50  SIGN_SHA224,
51  SIGN_SHA256,
52  SIGN_SHA384,
53  SIGN_SHA512
54  } Signalgorithm;
55 
57 extern Logger CredentialLogger;
58 
60 
76 class Credential {
77  public:
81  Credential();
82 
86  Credential(int keybits);
87 
88  virtual ~Credential();
89 
93  Credential(const std::string& CAfile, const std::string& CAkey,
94  const std::string& CAserial,
95  const std::string& extfile, const std::string& extsect,
96  const std::string& passphrase4key);
97 
102  Credential(const std::string& CAfile, const std::string& CAkey,
103  const std::string& CAserial,
104  const std::string& extfile, const std::string& extsect,
105  PasswordSource& passphrase4key);
106 
146  Credential(Time start, Period lifetime = Period("PT12H"),
147  int keybits = 2048, std::string proxyversion = "rfc",
148  std::string policylang = "inheritAll", std::string policy = "",
149  int pathlength = -1);
150 
165  Credential(const std::string& cert, const std::string& key, const std::string& cadir,
166  const std::string& cafile, const std::string& passphrase4key = "",
167  const bool is_file = true);
168 
173  Credential(const std::string& cert, const std::string& key, const std::string& cadir,
174  const std::string& cafile, PasswordSource& passphrase4key,
175  const bool is_file = true);
176 
184  Credential(const UserConfig& usercfg, const std::string& passphrase4key = "");
185 
190  Credential(const UserConfig& usercfg, PasswordSource& passphrase4key);
191 
193  static void InitProxyCertInfo(void);
194 
199  static bool IsCredentialsValid(const UserConfig& usercfg);
200 
202  static void AddCertExtObj(std::string& sn, std::string& oid);
203 
205 
208  void SetSigningAlgorithm(Signalgorithm signing_algorithm = SIGN_DEFAULT);
209 
211 
214  void SetKeybits(int keybits = 0);
215 
216  static std::string NoPassword(void) { return std::string("\0",1); };
217 
218  private:
219 
221  Credential(const Credential&);
222 
223  void InitCredential(const std::string& cert, const std::string& key, const std::string& cadir,
224  const std::string& cafile, PasswordSource& passphrase4key, const bool is_file);
225 
227  //void loadKeyString(const std::string& key, EVP_PKEY* &pkey, const std::string& passphrase = "");
228  void loadKeyString(const std::string& key, EVP_PKEY* &pkey, PasswordSource& passphrase);
229  //void loadKeyFile(const std::string& keyfile, EVP_PKEY* &pkey, const std::string& passphrase = "");
230  void loadKeyFile(const std::string& keyfile, EVP_PKEY* &pkey, PasswordSource& passphrase);
231  //void loadKey(BIO* bio, EVP_PKEY* &pkey, const std::string& passphrase = "", const std::string& prompt_info = "", const bool is_file = true);
232 
236  void loadCertificateString(const std::string& cert, X509* &x509, STACK_OF(X509)** certchain);
237  void loadCertificateFile(const std::string& certfile, X509* &x509, STACK_OF(X509)** certchain);
238  //void loadCertificate(BIO* bio, X509* &x509, STACK_OF(X509)** certchain, const bool is_file=true);
239 
244  bool Verify(void);
245 
251  X509_EXTENSION* CreateExtension(const std::string& name, const std::string& data, bool crit = false);
252 
260  static bool SetProxyPeriod(X509* tosign, X509* issuer, const Time& start, const Period& lifetime);
261 
265  bool SignRequestAssistant(Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
266 
267  public:
269  void LogError(void) const;
270 
271  /************************************/
272  /*****Get information from "this" object**/
273 
275  bool GetVerification(void) const {return verification_valid; };
276 
278  EVP_PKEY* GetPrivKey(void) const;
279 
281  EVP_PKEY* GetPubKey(void) const;
282 
284  X509* GetCert(void) const;
285 
287  X509_REQ* GetCertReq(void) const;
288 
290  STACK_OF(X509)* GetCertChain(void) const;
291 
295  int GetCertNumofChain(void) const;
296 
301  Credformat getFormat_BIO(BIO * in, const bool is_file = true) const;
302  Credformat getFormat_str(const std::string& source) const;
303 
305  std::string GetDN(void) const;
306 
310  std::string GetIdentityName(void) const;
311 
313  ArcCredential::certType GetType(void) const;
314 
316  std::string GetIssuerName(void) const;
317 
321  std::string GetCAName(void) const;
322 
326  Signalgorithm GetSigningAlgorithm(void) const;
327 
331  int GetKeybits(void) const;
332 
336  std::string GetProxyPolicy(void) const;
337 
341  void SetProxyPolicy(const std::string& proxyversion, const std::string& policylang,
342  const std::string& policy, int pathlength);
343 
349  bool OutputPrivatekey(std::string &content, bool encryption = false, const std::string& passphrase ="");
350 
357  bool OutputPrivatekey(std::string &content, bool encryption, PasswordSource& passphrase);
358 
360  bool OutputPublickey(std::string &content);
361 
366  bool OutputCertificate(std::string &content, bool is_der=false);
367 
372  bool OutputCertificateChain(std::string &content, bool is_der=false);
373 
375  Period GetLifeTime(void) const;
376 
378  Time GetStartTime() const;
379 
381  Time GetEndTime() const;
382 
384  void SetLifeTime(const Period& period);
385 
387  void SetStartTime(const Time& start_time);
388 
390  bool IsValid(void);
391 
392  /************************************/
393  /*****Generate certificate request, add certificate extension, inquire certificate request,
394  *and sign certificate request
395  **/
396 
403  bool AddExtension(const std::string& name, const std::string& data, bool crit = false, int type = -1);
404 
419  bool AddExtension(const std::string& name, char** binary);
420 
426  std::string GetExtension(const std::string& name);
427 
434  bool GenerateEECRequest(BIO* reqbio, BIO* keybio, const std::string& dn = "");
435 
437  bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent, const std::string& dn = "");
438 
440  bool GenerateEECRequest(const char* request_filename, const char* key_filename, const std::string& dn = "");
441 
446  bool GenerateRequest(BIO* bio, bool if_der = false);
447 
449  bool GenerateRequest(std::string &content, bool if_der = false);
450 
452  bool GenerateRequest(const char* filename, bool if_der = false);
453 
462  bool InquireRequest(BIO* reqbio, bool if_eec = false, bool if_der = false);
463 
465  bool InquireRequest(std::string &content, bool if_eec = false, bool if_der = false);
466 
468  bool InquireRequest(const char* filename, bool if_eec = false, bool if_der = false);
469 
476  bool SignRequest(Credential* proxy, BIO* outputbio, bool if_der = false);
477 
483  bool SignRequest(Credential* proxy, std::string &content, bool if_der = false);
484 
490  bool SignRequest(Credential* proxy, const char* filename, bool if_der = false);
491 
499  bool SelfSignEECRequest(const std::string& dn, const char* extfile, const std::string& extsect, const char* certfile);
500 
501  //The following three methods is about signing an EEC certificate by implementing the same
502  //functionality as a normal CA
504  bool SignEECRequest(Credential* eec, const std::string& dn, BIO* outputbio);
505 
507  bool SignEECRequest(Credential* eec, const std::string& dn, std::string &content);
508 
510  bool SignEECRequest(Credential* eec, const std::string& dn, const char* filename);
511 
512  private:
513  // PKI files
514  std::string cacertfile_;
515  std::string cacertdir_;
516  std::string certfile_;
517  std::string keyfile_;
518 
519  //Verification result
520  bool verification_valid;
521  std::string verification_proxy_policy;
522 
523  //Certificate structures
524  X509 * cert_; //certificate
525  ArcCredential::certType cert_type_;
526  EVP_PKEY * pkey_; //private key
527  STACK_OF(X509) * cert_chain_; //certificates chain which is parsed
528  //from the certificate, after
529  //verification, the ca certificate
530  //will be included
531  PROXY_CERT_INFO_EXTENSION* proxy_cert_info_;
532  Credformat format;
533  Time start_;
534  Period lifetime_;
535 
536  //Certificate request
537  X509_REQ* req_;
538  RSA* rsa_key_;
539  EVP_MD* signing_alg_;
540  int keybits_;
541 
542  //Proxy policy
543  std::string proxyversion_;
544  std::string policy_;
545  int proxyver_;
546  int pathlength_;
547 
548  //Extensions for certificate, such as certificate policy, attributes, etc.
549  STACK_OF(X509_EXTENSION)* extensions_;
550 
551  //CA functionality related information
552  std::string CAserial_;
553  std::string extfile_;
554  std::string extsect_;
555 
556  static X509_NAME *parse_name(char *subject, long chtype, int multirdn);
557 };
558 
559 }// namespace Arc
560 
561 #endif /* __ARC_CREDENTIAL_H__ */
562 
Arc
Arc namespace contains all core ARC classes.
Definition: ArcConfig.h:11
Arc::UserConfig
User configuration class
Definition: UserConfig.h:196
Arc::Credential::SetStartTime
void SetStartTime(const Time &start_time)
Arc::Credential::SetKeybits
void SetKeybits(int keybits=0)
Set key bits.
Arc::Credential::GetVerification
bool GetVerification(void) const
Definition: Credential.h:275
Arc::Credential::AddCertExtObj
static void AddCertExtObj(std::string &sn, std::string &oid)
Arc::Credential::IsValid
bool IsValid(void)
Arc::Credential::GetDN
std::string GetDN(void) const
Arc::Credential::OutputCertificate
bool OutputCertificate(std::string &content, bool is_der=false)
Arc::Credential::GetIdentityName
std::string GetIdentityName(void) const
Arc::Credential::GetKeybits
int GetKeybits(void) const
Arc::Credential::GetPrivKey
EVP_PKEY * GetPrivKey(void) const
Arc::Credential::GetExtension
std::string GetExtension(const std::string &name)
Arc::Time
A class for storing and manipulating times.
Definition: DateTime.h:125
Arc::Credential::GetIssuerName
std::string GetIssuerName(void) const
Arc::Credential::SelfSignEECRequest
bool SelfSignEECRequest(const std::string &dn, const char *extfile, const std::string &extsect, const char *certfile)
Arc::Credential::InitProxyCertInfo
static void InitProxyCertInfo(void)
Arc::Credential::GetEndTime
Time GetEndTime() const
Arc::CredentialError::CredentialError
CredentialError(const std::string &what="")
Arc::Credential::GetSigningAlgorithm
Signalgorithm GetSigningAlgorithm(void) const
ArcCredential::certType
certType
Certificate Types.
Definition: CertUtil.h:15
Arc::Credential::LogError
void LogError(void) const
Arc::Credential::SetSigningAlgorithm
void SetSigningAlgorithm(Signalgorithm signing_algorithm=SIGN_DEFAULT)
Set signing algorithm.
Arc::Credential::GetStartTime
Time GetStartTime() const
Arc::Credential::GetCert
X509 * GetCert(void) const
Arc::Credential::GenerateRequest
bool GenerateRequest(BIO *bio, bool if_der=false)
Arc::Credential::IsCredentialsValid
static bool IsCredentialsValid(const UserConfig &usercfg)
Arc::Credential::getFormat_BIO
Credformat getFormat_BIO(BIO *in, const bool is_file=true) const
Arc::Credential
Class for handling X509 credentials.
Definition: Credential.h:76
Arc::Credential::GenerateEECRequest
bool GenerateEECRequest(BIO *reqbio, BIO *keybio, const std::string &dn="")
Arc::Credential::GetCertReq
X509_REQ * GetCertReq(void) const
Arc::Credential::OutputCertificateChain
bool OutputCertificateChain(std::string &content, bool is_der=false)
Arc::Credential::SignEECRequest
bool SignEECRequest(Credential *eec, const std::string &dn, BIO *outputbio)
Arc::Credential::OutputPublickey
bool OutputPublickey(std::string &content)
Arc::Period
A Period represents a length of time.
Definition: DateTime.h:48
Arc::Credential::SetProxyPolicy
void SetProxyPolicy(const std::string &proxyversion, const std::string &policylang, const std::string &policy, int pathlength)
Arc::CredentialError
An exception class for the Credential class.
Definition: Credential.h:34
Arc::Credential::STACK_OF
STACK_OF(X509) *GetCertChain(void) const
Arc::Credential::InquireRequest
bool InquireRequest(BIO *reqbio, bool if_eec=false, bool if_der=false)
Arc::Credential::GetPubKey
EVP_PKEY * GetPubKey(void) const
Arc::Credential::AddExtension
bool AddExtension(const std::string &name, const std::string &data, bool crit=false, int type=-1)
Arc::Credential::GetLifeTime
Period GetLifeTime(void) const
Arc::CredentialLogger
Logger CredentialLogger
Arc::Credential::OutputPrivatekey
bool OutputPrivatekey(std::string &content, bool encryption=false, const std::string &passphrase="")
Arc::Signalgorithm
Signalgorithm
Signal algorithm.
Definition: Credential.h:48
Arc::Credential::GetType
ArcCredential::certType GetType(void) const
Arc::Credential::SignRequest
bool SignRequest(Credential *proxy, BIO *outputbio, bool if_der=false)
Arc::Credential::GetProxyPolicy
std::string GetProxyPolicy(void) const
Arc::PasswordSource
Obtain password from some source.
Definition: PasswordSource.h:17
Arc::Credential::GetCertNumofChain
int GetCertNumofChain(void) const
Arc::Credential::GetCAName
std::string GetCAName(void) const
Arc::Credential::SetLifeTime
void SetLifeTime(const Period &period)
Generated on Tue Oct 19 2021 17:47:05 for ARC SDK by   doxygen 1.8.14