1 #ifndef __ARC_CREDENTIAL_H__
2 #define __ARC_CREDENTIAL_H__
8 #include <openssl/asn1.h>
9 #include <openssl/pem.h>
10 #include <openssl/x509.h>
11 #include <openssl/x509v3.h>
12 #include <openssl/pkcs12.h>
13 #include <openssl/err.h>
15 #include <arc/Logger.h>
16 #include <arc/DateTime.h>
17 #include <arc/UserConfig.h>
19 #include <arc/credential/CertUtil.h>
20 #include <arc/credential/PasswordSource.h>
41 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
46 typedef enum { SIGN_DEFAULT = 0, SIGN_SHA1, SIGN_SHA224, SIGN_SHA256, SIGN_SHA384, SIGN_SHA512 }
Signalgorithm;
85 Credential(
const std::string& CAfile,
const std::string& CAkey,
86 const std::string& CAserial,
87 const std::string& extfile,
const std::string& extsect,
88 const std::string& passphrase4key);
94 Credential(
const std::string& CAfile,
const std::string& CAkey,
95 const std::string& CAserial,
96 const std::string& extfile,
const std::string& extsect,
139 int keybits = 1024, std::string proxyversion =
"rfc",
140 std::string policylang =
"inheritAll", std::string policy =
"",
141 int pathlength = -1);
157 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
158 const std::string& cafile,
const std::string& passphrase4key =
"",
159 const bool is_file =
true);
165 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
167 const bool is_file =
true);
208 static std::string NoPassword(
void) {
return std::string(
"\0",1); };
215 void InitCredential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
216 const std::string& cafile,
PasswordSource& passphrase4key,
const bool is_file);
220 void loadKeyString(
const std::string& key, EVP_PKEY* &pkey,
PasswordSource& passphrase);
222 void loadKeyFile(
const std::string& keyfile, EVP_PKEY* &pkey,
PasswordSource& passphrase);
228 void loadCertificateString(
const std::string& cert, X509* &x509,
STACK_OF(X509)** certchain);
229 void loadCertificateFile(
const std::string& certfile, X509* &x509,
STACK_OF(X509)** certchain);
233 void InitVerification(
void);
246 X509_EXTENSION* CreateExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
255 bool SetProxyPeriod(X509* tosign, X509* issuer,
const Time& start,
const Period& lifetime);
260 bool SignRequestAssistant(
Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
285 STACK_OF(X509)* GetCertChain(
void)
const;
296 Credformat
getFormat_BIO(BIO * in,
const bool is_file =
true)
const;
297 Credformat getFormat_str(
const std::string& source)
const;
300 std::string
GetDN(
void)
const;
336 void SetProxyPolicy(
const std::string& proxyversion,
const std::string& policylang,
337 const std::string& policy,
int pathlength);
344 bool OutputPrivatekey(std::string &content,
bool encryption =
false,
const std::string& passphrase =
"");
398 bool AddExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
414 bool AddExtension(
const std::string& name,
char** binary);
432 bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent,
const std::string& dn =
"");
435 bool GenerateEECRequest(
const char* request_filename,
const char* key_filename,
const std::string& dn =
"");
457 bool InquireRequest(BIO* reqbio,
bool if_eec =
false,
bool if_der =
false);
460 bool InquireRequest(std::string &content,
bool if_eec =
false,
bool if_der =
false);
463 bool InquireRequest(
const char* filename,
bool if_eec =
false,
bool if_der =
false);
494 bool SelfSignEECRequest(
const std::string& dn,
const char* extfile,
const std::string& extsect,
const char* certfile);
509 std::string cacertfile_;
510 std::string cacertdir_;
511 std::string certfile_;
512 std::string keyfile_;
518 bool verification_valid;
528 ArcCredential::PROXYCERTINFO* proxy_cert_info_;
536 EVP_MD* signing_alg_;
540 std::string proxyversion_;
542 std::string policylang_;
547 STACK_OF(X509_EXTENSION)* extensions_;
550 std::string CAserial_;
551 std::string extfile_;
552 std::string extsect_;
554 static X509_NAME *parse_name(
char *subject,
long chtype,
int multirdn);