Detailed Description

Data Structures
class	Arc::CredentialError
	An exception class for the Credential class. More...

class	Arc::Credential
	Class for handling X509 credentials. More...

class	Arc::PasswordSource
	Obtain password from some source. More...

class	Arc::PasswordSourceNone
	No password. More...

class	Arc::PasswordSourceString
	Obtain password from a string. More...

class	Arc::PasswordSourceStream
	Obtain password from stream. More...

class	Arc::PasswordSourceInteractive
	Obtain password through OpenSSL user interface. More...

class	Arc::VOMSACInfo
	Represents VOMS attribute part of a credential. More...

class	Arc::VOMSTrustList
	Stores definitions for making decision if VOMS server is trusted. More...

Typedefs
typedef std::vector< std::string >	Arc::VOMSTrustChain

typedef std::string	Arc::VOMSTrustRegex

Enumerations
enum	ArcCredential::certType { ArcCredential::CERT_TYPE_EEC, ArcCredential::CERT_TYPE_CA, ArcCredential::CERT_TYPE_GSI_3_IMPERSONATION_PROXY, ArcCredential::CERT_TYPE_GSI_3_INDEPENDENT_PROXY, ArcCredential::CERT_TYPE_GSI_3_LIMITED_PROXY, ArcCredential::CERT_TYPE_GSI_3_RESTRICTED_PROXY, ArcCredential::CERT_TYPE_GSI_2_PROXY, ArcCredential::CERT_TYPE_GSI_2_LIMITED_PROXY, ArcCredential::CERT_TYPE_RFC_IMPERSONATION_PROXY, ArcCredential::CERT_TYPE_RFC_INDEPENDENT_PROXY, ArcCredential::CERT_TYPE_RFC_LIMITED_PROXY, ArcCredential::CERT_TYPE_RFC_RESTRICTED_PROXY, ArcCredential::CERT_TYPE_RFC_ANYLANGUAGE_PROXY }
	Certificate Types. More...

Functions
void	Arc::InitVOMSAttribute (void)

bool	Arc::createVOMSAC (std::string &codedac, Credential &issuer_cred, Credential &holder_cred, std::vector< std::string > &fqan, std::vector< std::string > &targets, std::vector< std::string > &attributes, std::string &voname, std::string &uri, int lifetime)

bool	Arc::addVOMSAC (ArcCredential::AC **&aclist, std::string &acorder, std::string &decodedac)

bool	Arc::parseVOMSAC (X509 *holder, const std::string &ca_cert_dir, const std::string &ca_cert_file, const std::string &vomsdir, VOMSTrustList &vomscert_trust_dn, std::vector< VOMSACInfo > &output, bool verify=true, bool reportall=false)

bool	Arc::parseVOMSAC (const Credential &holder_cred, const std::string &ca_cert_dir, const std::string &ca_cert_file, const std::string &vomsdir, VOMSTrustList &vomscert_trust_dn, std::vector< VOMSACInfo > &output, bool verify=true, bool reportall=false)

bool	Arc::parseVOMSAC (const std::string &cert_str, const std::string &ca_cert_dir, const std::string &ca_cert_file, const std::string &vomsdir, VOMSTrustList &vomscert_trust_dn, std::vector< VOMSACInfo > &output, bool verify=true, bool reportall=false)

char *	Arc::VOMSDecode (const char data, int size, int j)

char *	Arc::VOMSEncode (const char data, int size, int j)

std::string	Arc::getCredentialProperty (const Arc::Credential &u, const std::string &property, const std::string &ca_cert_dir=std::string(""), const std::string &ca_cert_file=std::string(""), const std::string &vomsdir=std::string(""), const std::vector< std::string > &voms_trust_list=std::vector< std::string >())

std::string	Arc::VOMSFQANToFull (const std::string &vo, const std::string &fqan)

std::string	Arc::VOMSFQANFromFull (const std::string &attribute)

bool	Arc::VOMSACSeqEncode (const std::string &ac_seq, std::string &asn1)

bool	Arc::VOMSACSeqEncode (const std::list< std::string > acs, std::string &asn1)

Enumeration Type Documentation

◆ certType

enum ArcCredential::certType

Certificate Types.

Enumerator
CERT_TYPE_EEC	A end entity certificate
CERT_TYPE_CA	A CA certificate
CERT_TYPE_GSI_3_IMPERSONATION_PROXY	A X.509 Proxy Certificate Profile (pre-RFC) compliant impersonation proxy - obsolete
CERT_TYPE_GSI_3_INDEPENDENT_PROXY	A X.509 Proxy Certificate Profile (pre-RFC) compliant independent proxy - obsolete
CERT_TYPE_GSI_3_LIMITED_PROXY	A X.509 Proxy Certificate Profile (pre-RFC) compliant limited proxy - obsolete
CERT_TYPE_GSI_3_RESTRICTED_PROXY	A X.509 Proxy Certificate Profile (pre-RFC) compliant restricted proxy - obsolete
CERT_TYPE_GSI_2_PROXY	A legacy Globus impersonation proxy - obsolete
CERT_TYPE_GSI_2_LIMITED_PROXY	A legacy Globus limited impersonation proxy - obsolete
CERT_TYPE_RFC_IMPERSONATION_PROXY	A X.509 Proxy Certificate Profile RFC compliant impersonation proxy; RFC inheritAll proxy
CERT_TYPE_RFC_INDEPENDENT_PROXY	A X.509 Proxy Certificate Profile RFC compliant independent proxy; RFC independent proxy
CERT_TYPE_RFC_LIMITED_PROXY	A X.509 Proxy Certificate Profile RFC compliant limited proxy
CERT_TYPE_RFC_RESTRICTED_PROXY	A X.509 Proxy Certificate Profile RFC compliant restricted proxy
CERT_TYPE_RFC_ANYLANGUAGE_PROXY	RFC anyLanguage proxy

Function Documentation

◆ addVOMSAC()

bool Arc::addVOMSAC	(	ArcCredential::AC **&	aclist,
		std::string &	acorder,
		std::string &	decodedac
	)

Add decoded AC string into a list of AC objects

Parameters

aclist	The list of AC objects (output)
acorder	The order of AC objects (output)
decodedac	The AC string that is decoded from the string returned from voms server (input)

◆ createVOMSAC()

bool Arc::createVOMSAC	(	std::string &	codedac,
		Credential &	issuer_cred,
		Credential &	holder_cred,
		std::vector< std::string > &	fqan,
		std::vector< std::string > &	targets,
		std::vector< std::string > &	attributes,
		std::string &	voname,
		std::string &	uri,
		int	lifetime
	)

Create AC(Attribute Certificate) with voms specific format.

Parameters

codedac	The coded AC as output of this method
issuer_cred	The issuer credential which is used to sign the AC
holder_cred	The holder credential, the holder certificate is the one which carries AC
fqan	The AC_IETFATTR. According to the definition of voms, the fqan will be like /Role=Employee/Group=Tester/Capability=NULL
targets	The list of targets which are supposed to consume this AC
attributes	The AC_FULL_ATTRIBUTES. Accoding to the definition of voms, the attributes will be like "qualifier::name=value"
voname	The vo name
uri	The uri of this vo, together with voname, it will be as the granter of this AC
lifetime	The lifetime of this AC *

◆ getCredentialProperty()

std::string Arc::getCredentialProperty	(	const Arc::Credential &	u,
		const std::string &	property,
		const std::string &	ca_cert_dir = `std::string("")`,
		const std::string &	ca_cert_file = `std::string("")`,
		const std::string &	vomsdir = `std::string("")`,
		const std::vector< std::string > &	voms_trust_list = `std::vector< std::string >()`
	)

Extract the needed field from the certificate.

Parameters

u	The proxy certificate which includes the voms specific formatted AC.
property	The property that caller would get, including: dn, voms:vo, voms:role, voms:group
ca_cert_dir
ca_cert_file
vomsdir
voms_trust_list	the dn chain that is trusted when parsing voms AC

Since: Changed in 4.1.0. Provide ability to query credential for VOMS nickname attribute.

◆ parseVOMSAC() [1/3]

bool Arc::parseVOMSAC	(	X509 *	holder,
		const std::string &	ca_cert_dir,
		const std::string &	ca_cert_file,
		const std::string &	vomsdir,
		VOMSTrustList &	vomscert_trust_dn,
		std::vector< VOMSACInfo > &	output,
		bool	verify = `true`,
		bool	reportall = `false`
	)

Parse the certificate, and output the attributes.

Parameters

holder	The proxy certificate which includes the voms specific formatted AC.
ca_cert_dir	The trusted certificates which are used to verify the certificate which is used to sign the AC
ca_cert_file	The same as ca_cert_dir except it is a file instead of a directory. Only one of them need to be set
vomsdir	The directory which include *.lsc file for each vo. For instance, a vo called "knowarc.eu" should have file vomsdir/knowarc/voms.knowarc.eu.lsc which contains on the first line the DN of the VOMS server, and on the second line the corresponding CA DN: /O=Grid/O=NorduGrid/OU=KnowARC/CN=voms.knowarc.eu /O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority See more in : https://twiki.cern.ch/twiki/bin/view/LCG/VomsFAQforServiceManagers
vomscert_trust_dn	List of VOMS trust chains
output	The parsed attributes (Role and Generic Attribute) . Each attribute is stored in element of a vector as a string. It is up to the consumer to understand the meaning of the attribute. There are two types of attributes stored in VOMS AC: AC_IETFATTR, AC_FULL_ATTRIBUTES. The AC_IETFATTR will be like /Role=Employee/Group=Tester/Capability=NULL The AC_FULL_ATTRIBUTES will be like knowarc:Degree=PhD (qualifier::name=value) In order to make the output attribute values be identical, the voms server information is added as prefix of the original attributes in AC. for AC_FULL_ATTRIBUTES, the voname + hostname is added: /voname=knowarc.eu/hostname=arthur.hep.lu.se:15001//knowarc.eu/coredev:attribute1=1 for AC_IETFATTR, the 'VO' (voname) is added: /VO=knowarc.eu/Group=coredev/Role=NULL/Capability=NULL /VO=knowarc.eu/Group=testers/Role=NULL/Capability=NULL some other redundant attributes is provided: voname=knowarc.eu/hostname=arthur.hep.lu.se:15001
verify	true: Verify the voms certificate is trusted based on the ca_cert_dir/ca_cert_file which specifies the CA certificates, and the vomscert_trust_dn which specifies the trusted DN chain from voms server certificate to CA certificate. false: Not verify, which means the issuer of AC (voms server certificate is supposed to be trusted by default). In this case the parameters 'ca_cert_dir', 'ca_cert_file' and 'vomscert_trust_dn' will not effect, and may be left empty. This case is specifically used by 'arcproxy –info' to list all of the attributes in AC, and not to need to verify if the AC's issuer is trusted.
reportall	If set to true fills output with all attributes including those which failed passing test procedures. Validity of attributes can be checked through status members of output items. Combination of verify=true and reportall=true provides most information.

◆ parseVOMSAC() [2/3]

bool Arc::parseVOMSAC	(	const Credential &	holder_cred,
		const std::string &	ca_cert_dir,
		const std::string &	ca_cert_file,
		const std::string &	vomsdir,
		VOMSTrustList &	vomscert_trust_dn,
		std::vector< VOMSACInfo > &	output,
		bool	verify = `true`,
		bool	reportall = `false`
	)

Parse the certificate. Similar to above one, but collects information From all certificates in a chain.

◆ parseVOMSAC() [3/3]

bool Arc::parseVOMSAC	(	const std::string &	cert_str,
		const std::string &	ca_cert_dir,
		const std::string &	ca_cert_file,
		const std::string &	vomsdir,
		VOMSTrustList &	vomscert_trust_dn,
		std::vector< VOMSACInfo > &	output,
		bool	verify = `true`,
		bool	reportall = `false`
	)

Parse the certificate or a chain of certificates, in string format

◆ VOMSACSeqEncode() [1/2]

bool Arc::VOMSACSeqEncode	(	const std::string &	ac_seq,
		std::string &	asn1
	)

Encode the VOMS AC list into ASN1, so that the result can be used to insert into X509 as extension.

Parameters

ac_seq	The input string includes a list of AC with VOMS_AC_HEADER and VOMS_AC_TRAILER as separator
asn1	The encoded value as output

◆ VOMSACSeqEncode() [2/2]

bool Arc::VOMSACSeqEncode	(	const std::list< std::string >	acs,
		std::string &	asn1
	)

Encode the VOMS AC list into ASN1, so that the result can be used to insert into X509 as extension.

Parameters

acs	The input list includes a list of AC
asn1	The encoded value as output

◆ VOMSDecode()

char* Arc::VOMSDecode	(	const char *	data,
		int	size,
		int *	j
	)

Decode the data which is encoded by voms server. Since voms code uses some specific coding method (not base64 encoding), we simply copy the method from voms code to here

◆ VOMSEncode()

char* Arc::VOMSEncode	(	const char *	data,
		int	size,
		int *	j
	)

Encode the data with base64 encoding

Detailed Description

Data Structures

Typedefs

Enumerations

Functions

Enumeration Type Documentation

◆ certType

Function Documentation

◆ addVOMSAC()

◆ createVOMSAC()

◆ getCredentialProperty()

◆ parseVOMSAC() [1/3]

◆ parseVOMSAC() [2/3]

◆ parseVOMSAC() [3/3]

◆ VOMSACSeqEncode() [1/2]

◆ VOMSACSeqEncode() [2/2]

◆ VOMSDecode()

◆ VOMSEncode()