1 #ifndef __ARC_CREDENTIAL_H__ 2 #define __ARC_CREDENTIAL_H__ 8 #include <openssl/asn1.h> 9 #include <openssl/pem.h> 10 #include <openssl/x509.h> 11 #include <openssl/x509v3.h> 12 #include <openssl/pkcs12.h> 13 #include <openssl/rsa.h> 14 #include <openssl/bn.h> 15 #include <openssl/err.h> 17 #include <arc/Logger.h> 18 #include <arc/DateTime.h> 19 #include <arc/UserConfig.h> 21 #include <arc/credential/CertUtil.h> 22 #include <arc/credential/PasswordSource.h> 43 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
48 typedef enum { SIGN_DEFAULT = 0,
93 Credential(
const std::string& CAfile,
const std::string& CAkey,
94 const std::string& CAserial,
95 const std::string& extfile,
const std::string& extsect,
96 const std::string& passphrase4key);
102 Credential(
const std::string& CAfile,
const std::string& CAkey,
103 const std::string& CAserial,
104 const std::string& extfile,
const std::string& extsect,
147 int keybits = 2048, std::string proxyversion =
"rfc",
148 std::string policylang =
"inheritAll", std::string policy =
"",
149 int pathlength = -1);
165 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
166 const std::string& cafile,
const std::string& passphrase4key =
"",
167 const bool is_file =
true);
173 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
175 const bool is_file =
true);
202 static void AddCertExtObj(std::string& sn, std::string& oid);
216 static std::string NoPassword(
void) {
return std::string(
"\0",1); };
223 void InitCredential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
224 const std::string& cafile,
PasswordSource& passphrase4key,
const bool is_file);
228 void loadKeyString(
const std::string& key, EVP_PKEY* &pkey,
PasswordSource& passphrase);
230 void loadKeyFile(
const std::string& keyfile, EVP_PKEY* &pkey,
PasswordSource& passphrase);
236 void loadCertificateString(
const std::string& cert, X509* &x509,
STACK_OF(X509)** certchain);
237 void loadCertificateFile(
const std::string& certfile, X509* &x509,
STACK_OF(X509)** certchain);
251 X509_EXTENSION* CreateExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
260 static bool SetProxyPeriod(X509* tosign, X509* issuer,
const Time& start,
const Period& lifetime);
265 bool SignRequestAssistant(
Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
290 STACK_OF(X509)* GetCertChain(
void)
const;
301 Credformat
getFormat_BIO(BIO * in,
const bool is_file =
true)
const;
302 Credformat getFormat_str(
const std::string& source)
const;
305 std::string
GetDN(
void)
const;
341 void SetProxyPolicy(
const std::string& proxyversion,
const std::string& policylang,
342 const std::string& policy,
int pathlength);
349 bool OutputPrivatekey(std::string &content,
bool encryption =
false,
const std::string& passphrase =
"");
403 bool AddExtension(
const std::string& name,
const std::string& data,
bool crit =
false,
int type = -1);
419 bool AddExtension(
const std::string& name,
char** binary);
437 bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent,
const std::string& dn =
"");
440 bool GenerateEECRequest(
const char* request_filename,
const char* key_filename,
const std::string& dn =
"");
462 bool InquireRequest(BIO* reqbio,
bool if_eec =
false,
bool if_der =
false);
465 bool InquireRequest(std::string &content,
bool if_eec =
false,
bool if_der =
false);
468 bool InquireRequest(
const char* filename,
bool if_eec =
false,
bool if_der =
false);
499 bool SelfSignEECRequest(
const std::string& dn,
const char* extfile,
const std::string& extsect,
const char* certfile);
514 std::string cacertfile_;
515 std::string cacertdir_;
516 std::string certfile_;
517 std::string keyfile_;
520 bool verification_valid;
521 std::string verification_proxy_policy;
531 PROXY_CERT_INFO_EXTENSION* proxy_cert_info_;
539 EVP_MD* signing_alg_;
543 std::string proxyversion_;
549 STACK_OF(X509_EXTENSION)* extensions_;
552 std::string CAserial_;
553 std::string extfile_;
554 std::string extsect_;
556 static X509_NAME *parse_name(
char *subject,
long chtype,
int multirdn);
Arc namespace contains all core ARC classes.
Definition: ArcConfig.h:11
User configuration class
Definition: UserConfig.h:196
void SetStartTime(const Time &start_time)
void SetKeybits(int keybits=0)
Set key bits.
bool GetVerification(void) const
Definition: Credential.h:275
static void AddCertExtObj(std::string &sn, std::string &oid)
std::string GetDN(void) const
bool OutputCertificate(std::string &content, bool is_der=false)
std::string GetIdentityName(void) const
int GetKeybits(void) const
EVP_PKEY * GetPrivKey(void) const
std::string GetExtension(const std::string &name)
A class for storing and manipulating times.
Definition: DateTime.h:125
std::string GetIssuerName(void) const
bool SelfSignEECRequest(const std::string &dn, const char *extfile, const std::string &extsect, const char *certfile)
static void InitProxyCertInfo(void)
CredentialError(const std::string &what="")
Signalgorithm GetSigningAlgorithm(void) const
certType
Certificate Types.
Definition: CertUtil.h:15
void LogError(void) const
void SetSigningAlgorithm(Signalgorithm signing_algorithm=SIGN_DEFAULT)
Set signing algorithm.
Time GetStartTime() const
X509 * GetCert(void) const
bool GenerateRequest(BIO *bio, bool if_der=false)
static bool IsCredentialsValid(const UserConfig &usercfg)
Credformat getFormat_BIO(BIO *in, const bool is_file=true) const
Class for handling X509 credentials.
Definition: Credential.h:76
bool GenerateEECRequest(BIO *reqbio, BIO *keybio, const std::string &dn="")
X509_REQ * GetCertReq(void) const
bool OutputCertificateChain(std::string &content, bool is_der=false)
bool SignEECRequest(Credential *eec, const std::string &dn, BIO *outputbio)
bool OutputPublickey(std::string &content)
A Period represents a length of time.
Definition: DateTime.h:48
void SetProxyPolicy(const std::string &proxyversion, const std::string &policylang, const std::string &policy, int pathlength)
An exception class for the Credential class.
Definition: Credential.h:34
STACK_OF(X509) *GetCertChain(void) const
bool InquireRequest(BIO *reqbio, bool if_eec=false, bool if_der=false)
EVP_PKEY * GetPubKey(void) const
bool AddExtension(const std::string &name, const std::string &data, bool crit=false, int type=-1)
Period GetLifeTime(void) const
bool OutputPrivatekey(std::string &content, bool encryption=false, const std::string &passphrase="")
Signalgorithm
Signal algorithm.
Definition: Credential.h:48
ArcCredential::certType GetType(void) const
bool SignRequest(Credential *proxy, BIO *outputbio, bool if_der=false)
std::string GetProxyPolicy(void) const
Obtain password from some source.
Definition: PasswordSource.h:17
int GetCertNumofChain(void) const
std::string GetCAName(void) const
void SetLifeTime(const Period &period)