ARC SDK
|
Data Structures | |
class | Arc::CredentialError |
An exception class for the Credential class. More... | |
class | Arc::Credential |
Class for handling X509 credentials. More... | |
class | Arc::PasswordSource |
Obtain password from some source. More... | |
class | Arc::PasswordSourceNone |
No password. More... | |
class | Arc::PasswordSourceString |
Obtain password from a string. More... | |
class | Arc::PasswordSourceStream |
Obtain password from stream. More... | |
class | Arc::PasswordSourceInteractive |
Obtain password through OpenSSL user interface. More... | |
class | Arc::VOMSACInfo |
Represents VOMS attribute part of a credential. More... | |
class | Arc::VOMSTrustList |
Stores definitions for making decision if VOMS server is trusted. More... | |
Typedefs | |
typedef std::vector< std::string > | Arc::VOMSTrustChain |
typedef std::string | Arc::VOMSTrustRegex |
Functions | |
void | Arc::InitVOMSAttribute (void) |
bool | Arc::createVOMSAC (std::string &codedac, Credential &issuer_cred, Credential &holder_cred, std::vector< std::string > &fqan, std::vector< std::string > &targets, std::vector< std::string > &attributes, std::string &voname, std::string &uri, int lifetime) |
bool | Arc::addVOMSAC (ArcCredential::AC **&aclist, std::string &acorder, std::string &decodedac) |
bool | Arc::parseVOMSAC (X509 *holder, const std::string &ca_cert_dir, const std::string &ca_cert_file, const std::string &vomsdir, VOMSTrustList &vomscert_trust_dn, std::vector< VOMSACInfo > &output, bool verify=true, bool reportall=false) |
bool | Arc::parseVOMSAC (const Credential &holder_cred, const std::string &ca_cert_dir, const std::string &ca_cert_file, const std::string &vomsdir, VOMSTrustList &vomscert_trust_dn, std::vector< VOMSACInfo > &output, bool verify=true, bool reportall=false) |
bool | Arc::parseVOMSAC (const std::string &cert_str, const std::string &ca_cert_dir, const std::string &ca_cert_file, const std::string &vomsdir, VOMSTrustList &vomscert_trust_dn, std::vector< VOMSACInfo > &output, bool verify=true, bool reportall=false) |
char * | Arc::VOMSDecode (const char *data, int size, int *j) |
char * | Arc::VOMSEncode (const char *data, int size, int *j) |
std::string | Arc::getCredentialProperty (const Arc::Credential &u, const std::string &property, const std::string &ca_cert_dir=std::string(""), const std::string &ca_cert_file=std::string(""), const std::string &vomsdir=std::string(""), const std::vector< std::string > &voms_trust_list=std::vector< std::string >()) |
std::string | Arc::VOMSFQANToFull (const std::string &vo, const std::string &fqan) |
std::string | Arc::VOMSFQANFromFull (const std::string &attribute) |
bool | Arc::VOMSACSeqEncode (const std::string &ac_seq, std::string &asn1) |
bool | Arc::VOMSACSeqEncode (const std::list< std::string > acs, std::string &asn1) |
Certificate Types.
bool Arc::addVOMSAC | ( | ArcCredential::AC **& | aclist, |
std::string & | acorder, | ||
std::string & | decodedac | ||
) |
Add decoded AC string into a list of AC objects
aclist | The list of AC objects (output) |
acorder | The order of AC objects (output) |
decodedac | The AC string that is decoded from the string returned from voms server (input) |
bool Arc::createVOMSAC | ( | std::string & | codedac, |
Credential & | issuer_cred, | ||
Credential & | holder_cred, | ||
std::vector< std::string > & | fqan, | ||
std::vector< std::string > & | targets, | ||
std::vector< std::string > & | attributes, | ||
std::string & | voname, | ||
std::string & | uri, | ||
int | lifetime | ||
) |
Create AC(Attribute Certificate) with voms specific format.
codedac | The coded AC as output of this method |
issuer_cred | The issuer credential which is used to sign the AC |
holder_cred | The holder credential, the holder certificate is the one which carries AC |
fqan | The AC_IETFATTR. According to the definition of voms, the fqan will be like /Role=Employee/Group=Tester/Capability=NULL |
targets | The list of targets which are supposed to consume this AC |
attributes | The AC_FULL_ATTRIBUTES. Accoding to the definition of voms, the attributes will be like "qualifier::name=value" |
voname | The vo name |
uri | The uri of this vo, together with voname, it will be as the granter of this AC |
lifetime | The lifetime of this AC * |
std::string Arc::getCredentialProperty | ( | const Arc::Credential & | u, |
const std::string & | property, | ||
const std::string & | ca_cert_dir = std::string("") , |
||
const std::string & | ca_cert_file = std::string("") , |
||
const std::string & | vomsdir = std::string("") , |
||
const std::vector< std::string > & | voms_trust_list = std::vector< std::string >() |
||
) |
Extract the needed field from the certificate.
u | The proxy certificate which includes the voms specific formatted AC. |
property | The property that caller would get, including: dn, voms:vo, voms:role, voms:group |
ca_cert_dir | |
ca_cert_file | |
vomsdir | |
voms_trust_list | the dn chain that is trusted when parsing voms AC |
bool Arc::parseVOMSAC | ( | X509 * | holder, |
const std::string & | ca_cert_dir, | ||
const std::string & | ca_cert_file, | ||
const std::string & | vomsdir, | ||
VOMSTrustList & | vomscert_trust_dn, | ||
std::vector< VOMSACInfo > & | output, | ||
bool | verify = true , |
||
bool | reportall = false |
||
) |
Parse the certificate, and output the attributes.
holder | The proxy certificate which includes the voms specific formatted AC. |
ca_cert_dir | The trusted certificates which are used to verify the certificate which is used to sign the AC |
ca_cert_file | The same as ca_cert_dir except it is a file instead of a directory. Only one of them need to be set |
vomsdir | The directory which include *.lsc file for each vo. For instance, a vo called "knowarc.eu" should have file vomsdir/knowarc/voms.knowarc.eu.lsc which contains on the first line the DN of the VOMS server, and on the second line the corresponding CA DN: /O=Grid/O=NorduGrid/OU=KnowARC/CN=voms.knowarc.eu /O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority See more in : https://twiki.cern.ch/twiki/bin/view/LCG/VomsFAQforServiceManagers |
vomscert_trust_dn | List of VOMS trust chains |
output | The parsed attributes (Role and Generic Attribute) . Each attribute is stored in element of a vector as a string. It is up to the consumer to understand the meaning of the attribute. There are two types of attributes stored in VOMS AC: AC_IETFATTR, AC_FULL_ATTRIBUTES. The AC_IETFATTR will be like /Role=Employee/Group=Tester/Capability=NULL The AC_FULL_ATTRIBUTES will be like knowarc:Degree=PhD (qualifier::name=value) In order to make the output attribute values be identical, the voms server information is added as prefix of the original attributes in AC. for AC_FULL_ATTRIBUTES, the voname + hostname is added: /voname=knowarc.eu/hostname=arthur.hep.lu.se:15001//knowarc.eu/coredev:attribute1=1 for AC_IETFATTR, the 'VO' (voname) is added: /VO=knowarc.eu/Group=coredev/Role=NULL/Capability=NULL /VO=knowarc.eu/Group=testers/Role=NULL/Capability=NULL some other redundant attributes is provided: voname=knowarc.eu/hostname=arthur.hep.lu.se:15001 |
verify | true: Verify the voms certificate is trusted based on the ca_cert_dir/ca_cert_file which specifies the CA certificates, and the vomscert_trust_dn which specifies the trusted DN chain from voms server certificate to CA certificate. false: Not verify, which means the issuer of AC (voms server certificate is supposed to be trusted by default). In this case the parameters 'ca_cert_dir', 'ca_cert_file' and 'vomscert_trust_dn' will not effect, and may be left empty. This case is specifically used by 'arcproxy –info' to list all of the attributes in AC, and not to need to verify if the AC's issuer is trusted. |
reportall | If set to true fills output with all attributes including those which failed passing test procedures. Validity of attributes can be checked through status members of output items. Combination of verify=true and reportall=true provides most information. |
bool Arc::parseVOMSAC | ( | const Credential & | holder_cred, |
const std::string & | ca_cert_dir, | ||
const std::string & | ca_cert_file, | ||
const std::string & | vomsdir, | ||
VOMSTrustList & | vomscert_trust_dn, | ||
std::vector< VOMSACInfo > & | output, | ||
bool | verify = true , |
||
bool | reportall = false |
||
) |
Parse the certificate. Similar to above one, but collects information From all certificates in a chain.
bool Arc::parseVOMSAC | ( | const std::string & | cert_str, |
const std::string & | ca_cert_dir, | ||
const std::string & | ca_cert_file, | ||
const std::string & | vomsdir, | ||
VOMSTrustList & | vomscert_trust_dn, | ||
std::vector< VOMSACInfo > & | output, | ||
bool | verify = true , |
||
bool | reportall = false |
||
) |
Parse the certificate or a chain of certificates, in string format
bool Arc::VOMSACSeqEncode | ( | const std::string & | ac_seq, |
std::string & | asn1 | ||
) |
Encode the VOMS AC list into ASN1, so that the result can be used to insert into X509 as extension.
ac_seq | The input string includes a list of AC with VOMS_AC_HEADER and VOMS_AC_TRAILER as separator |
asn1 | The encoded value as output |
bool Arc::VOMSACSeqEncode | ( | const std::list< std::string > | acs, |
std::string & | asn1 | ||
) |
Encode the VOMS AC list into ASN1, so that the result can be used to insert into X509 as extension.
acs | The input list includes a list of AC |
asn1 | The encoded value as output |
char* Arc::VOMSDecode | ( | const char * | data, |
int | size, | ||
int * | j | ||
) |
Decode the data which is encoded by voms server. Since voms code uses some specific coding method (not base64 encoding), we simply copy the method from voms code to here
char* Arc::VOMSEncode | ( | const char * | data, |
int | size, | ||
int * | j | ||
) |
Encode the data with base64 encoding