code/13.11/Credential_8h_source.html

#ifndef __ARC_CREDENTIAL_H__

#define __ARC_CREDENTIAL_H__


#include <stdlib.h>

#include <stdexcept>

#include <iostream>

#include <string>

#include <openssl/asn1.h>

#include <openssl/pem.h>

#include <openssl/x509.h>

#include <openssl/x509v3.h>

#include <openssl/pkcs12.h>

#include <openssl/err.h>


#include <arc/Logger.h>

#include <arc/DateTime.h>

#include <arc/UserConfig.h>


#include <arc/credential/CertUtil.h>

#include <arc/credential/PasswordSource.h>


namespace Arc {


class CredentialError : public std::runtime_error {

  public:

    // Constructor

    CredentialError(const std::string& what="");

};


typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;


typedef enum { SIGN_DEFAULT = 0, SIGN_SHA1, SIGN_SHA224, SIGN_SHA256, SIGN_SHA384, SIGN_SHA512 } Signalgorithm;


extern Logger CredentialLogger;


class Credential {

  public:

    Credential();


    Credential(int keybits);


    virtual ~Credential();


    Credential(const std::string& CAfile, const std::string& CAkey,

               const std::string& CAserial,

               const std::string& extfile, const std::string& extsect,

               const std::string& passphrase4key);


    Credential(const std::string& CAfile, const std::string& CAkey,

               const std::string& CAserial,

               const std::string& extfile, const std::string& extsect,

               PasswordSource& passphrase4key);


    Credential(Time start, Period lifetime = Period("PT12H"),

              int keybits = 1024, std::string proxyversion = "rfc",

              std::string policylang = "inheritAll", std::string policy = "",

              int pathlength = -1);


    Credential(const std::string& cert, const std::string& key, const std::string& cadir,

               const std::string& cafile, const std::string& passphrase4key = "",

               const bool is_file = true);


    Credential(const std::string& cert, const std::string& key, const std::string& cadir,

               const std::string& cafile, PasswordSource& passphrase4key,

               const bool is_file = true);


    Credential(const UserConfig& usercfg, const std::string& passphrase4key = "");


    Credential(const UserConfig& usercfg, PasswordSource& passphrase4key);


    static void InitProxyCertInfo(void);


    static bool IsCredentialsValid(const UserConfig& usercfg);


    void AddCertExtObj(std::string& sn, std::string& oid);


    void SetSigningAlgorithm(Signalgorithm signing_algorithm = SIGN_DEFAULT);


    void SetKeybits(int keybits = 0);


    static std::string NoPassword(void) { return std::string("\0",1); };


  private:


    Credential(const Credential&);


    void InitCredential(const std::string& cert, const std::string& key, const std::string& cadir,

               const std::string& cafile, PasswordSource& passphrase4key, const bool is_file);


    //void loadKeyString(const std::string& key, EVP_PKEY* &pkey, const std::string& passphrase = "");

    void loadKeyString(const std::string& key, EVP_PKEY* &pkey, PasswordSource& passphrase);

    //void loadKeyFile(const std::string& keyfile, EVP_PKEY* &pkey, const std::string& passphrase = "");

    void loadKeyFile(const std::string& keyfile, EVP_PKEY* &pkey, PasswordSource& passphrase);

    //void loadKey(BIO* bio, EVP_PKEY* &pkey, const std::string& passphrase = "", const std::string& prompt_info = "", const bool is_file = true);


    void loadCertificateString(const std::string& cert, X509* &x509, STACK_OF(X509)** certchain);

    void loadCertificateFile(const std::string& certfile, X509* &x509, STACK_OF(X509)** certchain);

    //void loadCertificate(BIO* bio, X509* &x509, STACK_OF(X509)** certchain, const bool is_file=true);


    void InitVerification(void);


    bool Verify(void);


    X509_EXTENSION* CreateExtension(const std::string& name, const std::string& data, bool crit = false);


    bool SetProxyPeriod(X509* tosign, X509* issuer, const Time& start, const Period& lifetime);


    bool SignRequestAssistant(Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);


  public:

    void LogError(void) const;


    /************************************/

    /*****Get information from "this" object**/


    bool GetVerification(void) const {return verification_valid; };


    EVP_PKEY* GetPrivKey(void) const;


    EVP_PKEY* GetPubKey(void) const;


    X509* GetCert(void) const;


    X509_REQ* GetCertReq(void) const;


    STACK_OF(X509)* GetCertChain(void) const;


    int GetCertNumofChain(void) const;


    Credformat getFormat_BIO(BIO * in, const bool is_file = true) const;

    Credformat getFormat_str(const std::string& source) const;


    std::string GetDN(void) const;


    std::string GetIdentityName(void) const;


    ArcCredential::certType GetType(void) const;


    std::string GetIssuerName(void) const;


    std::string GetCAName(void) const;


    Signalgorithm GetSigningAlgorithm(void) const;


    int GetKeybits(void) const;


    std::string GetProxyPolicy(void) const;


    void SetProxyPolicy(const std::string& proxyversion, const std::string& policylang,

        const std::string& policy, int pathlength);


    bool OutputPrivatekey(std::string &content,  bool encryption = false, const std::string& passphrase ="");


    bool OutputPrivatekey(std::string &content,  bool encryption, PasswordSource& passphrase);


    bool OutputPublickey(std::string &content);


    bool OutputCertificate(std::string &content, bool is_der=false);


    bool OutputCertificateChain(std::string &content, bool is_der=false);


    Period GetLifeTime(void) const;


    Time GetStartTime() const;


    Time GetEndTime() const;


    void SetLifeTime(const Period& period);


    void SetStartTime(const Time& start_time);


    bool IsValid(void);


    /************************************/

    /*****Generate certificate request, add certificate extension, inquire certificate request,

    *and sign certificate request

    **/


    bool AddExtension(const std::string& name, const std::string& data, bool crit = false);


    bool AddExtension(const std::string& name, char** binary);


    std::string GetExtension(const std::string& name);


    bool GenerateEECRequest(BIO* reqbio, BIO* keybio, const std::string& dn = "");


    bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent, const std::string& dn = "");


    bool GenerateEECRequest(const char* request_filename, const char* key_filename, const std::string& dn = "");


    bool GenerateRequest(BIO* bio, bool if_der = false);


    bool GenerateRequest(std::string &content, bool if_der = false);


    bool GenerateRequest(const char* filename, bool if_der = false);


    bool InquireRequest(BIO* reqbio, bool if_eec = false, bool if_der = false);


    bool InquireRequest(std::string &content, bool if_eec = false, bool if_der = false);


    bool InquireRequest(const char* filename, bool if_eec = false, bool if_der = false);


    bool SignRequest(Credential* proxy, BIO* outputbio, bool if_der = false);


    bool SignRequest(Credential* proxy, std::string &content, bool if_der = false);


    bool SignRequest(Credential* proxy, const char* filename, bool if_der = false);


    bool SelfSignEECRequest(const std::string& dn, const char* extfile, const std::string& extsect, const char* certfile);


    //The following three methods is about signing an EEC certificate by implementing the same

    //functionality as a normal CA

    bool SignEECRequest(Credential* eec, const std::string& dn, BIO* outputbio);


    bool SignEECRequest(Credential* eec, const std::string& dn, std::string &content);


    bool SignEECRequest(Credential* eec, const std::string& dn, const char* filename);


  private:

    // PKI files

    std::string cacertfile_;

    std::string cacertdir_;

    std::string certfile_;

    std::string keyfile_;


    // Verification context

    ArcCredential::cert_verify_context verify_ctx_;


    //Verification result

    bool verification_valid;


    //Certificate structures

    X509 *           cert_;    //certificate

    ArcCredential::certType cert_type_;

    EVP_PKEY *       pkey_;    //private key

    STACK_OF(X509) * cert_chain_;  //certificates chain which is parsed

                                   //from the certificate, after

                                   //verification, the ca certificate

                                   //will be included

    ArcCredential::PROXYCERTINFO* proxy_cert_info_;

    Credformat       format;

    Time        start_;

    Period      lifetime_;


    //Certificate request

    X509_REQ* req_;

    RSA* rsa_key_;

    EVP_MD* signing_alg_;

    int keybits_;


    //Proxy policy

    std::string proxyversion_;

    std::string policy_;

    std::string policylang_;

    int proxyver_;

    int pathlength_;


    //Extensions for certificate, such as certificate policy, attributes, etc.

    STACK_OF(X509_EXTENSION)* extensions_;


    //CA functionality related information

    std::string CAserial_;

    std::string extfile_;

    std::string extsect_;


    static X509_NAME *parse_name(char *subject, long chtype, int multirdn);

};


}// namespace Arc


#endif /* __ARC_CREDENTIAL_H__ */