00001 #ifndef __ARC_CERTUTIL_H__
00002 #define __ARC_CERTUTIL_H__
00003
00004 #include <string>
00005 #include <openssl/pem.h>
00006 #include <openssl/x509.h>
00007 #include <openssl/stack.h>
00008
00009 #include <arc/credential/Proxycertinfo.h>
00010
00011 namespace ArcCredential {
00012
00013 #define PROXYCERTINFO_V3 "1.3.6.1.4.1.3536.1.222"
00014 #ifdef HAVE_OPENSSL_PROXY
00015 #define PROXYCERTINFO_V4 "1.3.6.1.5.5.7.1.1400"
00016 #else
00017 #define PROXYCERTINFO_V4 "1.3.6.1.5.5.7.1.14"
00018 #endif
00019 #define PROXYCERTINFO_OPENSSL "1.3.6.1.5.5.7.1.14"
00020
00021
00022
00023 typedef enum {
00025 CERT_TYPE_EEC,
00027 CERT_TYPE_CA,
00029 CERT_TYPE_GSI_3_IMPERSONATION_PROXY,
00031 CERT_TYPE_GSI_3_INDEPENDENT_PROXY,
00033 CERT_TYPE_GSI_3_LIMITED_PROXY,
00035 CERT_TYPE_GSI_3_RESTRICTED_PROXY,
00037 CERT_TYPE_GSI_2_PROXY,
00039 CERT_TYPE_GSI_2_LIMITED_PROXY,
00041 CERT_TYPE_RFC_IMPERSONATION_PROXY,
00043 CERT_TYPE_RFC_INDEPENDENT_PROXY,
00045 CERT_TYPE_RFC_LIMITED_PROXY,
00047 CERT_TYPE_RFC_RESTRICTED_PROXY,
00049 CERT_TYPE_RFC_ANYLANGUAGE_PROXY
00050 } certType;
00051
00053 #define CERT_IS_PROXY(cert_type) \
00054 (cert_type == CERT_TYPE_GSI_3_IMPERSONATION_PROXY || \
00055 cert_type == CERT_TYPE_GSI_3_INDEPENDENT_PROXY || \
00056 cert_type == CERT_TYPE_GSI_3_LIMITED_PROXY || \
00057 cert_type == CERT_TYPE_GSI_3_RESTRICTED_PROXY || \
00058 cert_type == CERT_TYPE_RFC_IMPERSONATION_PROXY || \
00059 cert_type == CERT_TYPE_RFC_INDEPENDENT_PROXY || \
00060 cert_type == CERT_TYPE_RFC_LIMITED_PROXY || \
00061 cert_type == CERT_TYPE_RFC_RESTRICTED_PROXY || \
00062 cert_type == CERT_TYPE_RFC_ANYLANGUAGE_PROXY || \
00063 cert_type == CERT_TYPE_GSI_2_PROXY || \
00064 cert_type == CERT_TYPE_GSI_2_LIMITED_PROXY)
00065
00067 #define CERT_IS_RFC_PROXY(cert_type) \
00068 (cert_type == CERT_TYPE_RFC_IMPERSONATION_PROXY || \
00069 cert_type == CERT_TYPE_RFC_INDEPENDENT_PROXY || \
00070 cert_type == CERT_TYPE_RFC_LIMITED_PROXY || \
00071 cert_type == CERT_TYPE_RFC_RESTRICTED_PROXY || \
00072 cert_type == CERT_TYPE_RFC_ANYLANGUAGE_PROXY)
00073
00075 #define CERT_IS_GSI_3_PROXY(cert_type) \
00076 (cert_type == CERT_TYPE_GSI_3_IMPERSONATION_PROXY || \
00077 cert_type == CERT_TYPE_GSI_3_INDEPENDENT_PROXY || \
00078 cert_type == CERT_TYPE_GSI_3_LIMITED_PROXY || \
00079 cert_type == CERT_TYPE_GSI_3_RESTRICTED_PROXY)
00080
00082 #define CERT_IS_GSI_2_PROXY(cert_type) \
00083 (cert_type == CERT_TYPE_GSI_2_PROXY || \
00084 cert_type == CERT_TYPE_GSI_2_LIMITED_PROXY)
00085
00086 #define CERT_IS_INDEPENDENT_PROXY(cert_type) \
00087 (cert_type == CERT_TYPE_RFC_INDEPENDENT_PROXY || \
00088 cert_type == CERT_TYPE_GSI_3_INDEPENDENT_PROXY)
00089
00090 #define CERT_IS_RESTRICTED_PROXY(cert_type) \
00091 (cert_type == CERT_TYPE_RFC_RESTRICTED_PROXY || \
00092 cert_type == CERT_TYPE_GSI_3_RESTRICTED_PROXY)
00093
00094 #define CERT_IS_LIMITED_PROXY(cert_type) \
00095 (cert_type == CERT_TYPE_RFC_LIMITED_PROXY || \
00096 cert_type == CERT_TYPE_GSI_3_LIMITED_PROXY || \
00097 cert_type == CERT_TYPE_GSI_2_LIMITED_PROXY)
00098
00099 #define CERT_IS_IMPERSONATION_PROXY(cert_type) \
00100 (cert_type == CERT_TYPE_RFC_IMPERSONATION_PROXY || \
00101 cert_type == CERT_TYPE_RFC_LIMITED_PROXY || \
00102 cert_type == CERT_TYPE_GSI_3_IMPERSONATION_PROXY || \
00103 cert_type == CERT_TYPE_GSI_3_LIMITED_PROXY || \
00104 cert_type == CERT_TYPE_GSI_2_PROXY || \
00105 cert_type == CERT_TYPE_GSI_2_LIMITED_PROXY)
00106
00107
00108
00109
00110
00111 #define VERIFY_CTX_STORE_EX_DATA_IDX 1
00112
00113 typedef struct {
00114 X509_STORE_CTX * cert_store;
00115 int cert_depth;
00116 int proxy_depth;
00117 int max_proxy_depth;
00118 int limited_proxy;
00119 certType cert_type;
00120 STACK_OF(X509) * cert_chain;
00121 std::string ca_dir;
00122 std::string ca_file;
00123 std::string proxy_policy;
00124 } cert_verify_context;
00125
00126 int verify_cert_chain(X509* cert, STACK_OF(X509)** certchain, cert_verify_context* vctx);
00127 bool check_cert_type(X509* cert, certType& type);
00128 const char* certTypeToString(certType type);
00129
00130 }
00131
00132 #endif // __ARC_CERTUTIL_H__
00133