00001 #ifndef __ARC_CREDENTIAL_H__
00002 #define __ARC_CREDENTIAL_H__
00003
00004 #include <stdlib.h>
00005 #include <stdexcept>
00006 #include <iostream>
00007 #include <string>
00008 #include <openssl/asn1.h>
00009 #include <openssl/pem.h>
00010 #include <openssl/x509.h>
00011 #include <openssl/x509v3.h>
00012 #include <openssl/pkcs12.h>
00013 #include <openssl/err.h>
00014
00015 #include <arc/Logger.h>
00016 #include <arc/DateTime.h>
00017 #include <arc/UserConfig.h>
00018
00019 #include <arc/credential/CertUtil.h>
00020
00021 namespace Arc {
00022
00026 class CredentialError : public std::runtime_error {
00027 public:
00028
00032 CredentialError(const std::string& what="");
00033 };
00034
00035 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
00036
00038 extern Logger CredentialLogger;
00039
00053 class Credential {
00054 public:
00058 Credential();
00059
00063 Credential(int keybits);
00064
00065 virtual ~Credential();
00066
00070 Credential(const std::string& CAfile, const std::string& CAkey,
00071 const std::string& CAserial,
00072 const std::string& extfile, const std::string& extsect,
00073 const std::string& passphrase4key);
00074
00097 Credential(Time start, Period lifetime = Period("PT12H"),
00098 int keybits = 1024, std::string proxyversion = "rfc",
00099 std::string policylang = "inheritAll", std::string policy = "",
00100 int pathlength = -1);
00101
00112 Credential(const std::string& cert, const std::string& key, const std::string& cadir,
00113 const std::string& cafile, const std::string& passphrase4key = "",
00114 const bool is_file = true);
00115
00123 Credential(const UserConfig& usercfg, const std::string& passphrase4key = "");
00124
00126 static void InitProxyCertInfo(void);
00127
00132 static bool IsCredentialsValid(const UserConfig& usercfg);
00133
00135 void AddCertExtObj(std::string& sn, std::string& oid);
00136
00137 static std::string NoPassword(void) { return std::string("\0",1); };
00138
00139 private:
00140
00142 Credential(const Credential& ) { };
00143
00144 void InitCredential(const std::string& cert, const std::string& key, const std::string& cadir,
00145 const std::string& cafile, const std::string& passphrase4key, const bool is_file);
00146
00148 void loadKeyString(const std::string& key, EVP_PKEY* &pkey, const std::string& passphrase = "");
00149 void loadKeyFile(const std::string& keyfile, EVP_PKEY* &pkey, const std::string& passphrase = "");
00150
00151
00155 void loadCertificateString(const std::string& cert, X509* &x509, STACK_OF(X509)** certchain);
00156 void loadCertificateFile(const std::string& certfile, X509* &x509, STACK_OF(X509)** certchain);
00157
00158
00160 void InitVerification(void);
00161
00166 bool Verify(void);
00167
00173 X509_EXTENSION* CreateExtension(const std::string& name, const std::string& data, bool crit = false);
00174
00182 bool SetProxyPeriod(X509* tosign, X509* issuer, const Time& start, const Period& lifetime);
00183
00187 bool SignRequestAssistant(Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
00188
00189 public:
00191 void LogError(void) const;
00192
00193
00194
00195
00197 bool GetVerification(void) const {return verification_valid; };
00198
00200 EVP_PKEY* GetPrivKey(void) const;
00201
00203 EVP_PKEY* GetPubKey(void) const;
00204
00206 X509* GetCert(void) const;
00207
00209 X509_REQ* GetCertReq(void) const;
00210
00212 STACK_OF(X509)* GetCertChain(void) const;
00213
00217 int GetCertNumofChain(void) const;
00218
00223 Credformat getFormat_BIO(BIO * in, const bool is_file = true) const;
00224 Credformat getFormat_str(const std::string& source) const;
00225
00227 std::string GetDN(void) const;
00228
00232 std::string GetIdentityName(void) const;
00233
00235 ArcCredential::certType GetType(void) const;
00236
00238 std::string GetIssuerName(void) const;
00239
00243 std::string GetCAName(void) const;
00244
00248 std::string GetProxyPolicy(void) const;
00249
00253 void SetProxyPolicy(const std::string& proxyversion, const std::string& policylang,
00254 const std::string& policy, int pathlength);
00255
00260 bool OutputPrivatekey(std::string &content, bool encryption = false, const std::string& passphrase ="");
00261
00263 bool OutputPublickey(std::string &content);
00264
00268 bool OutputCertificate(std::string &content, bool is_der=false);
00269
00273 bool OutputCertificateChain(std::string &content, bool is_der=false);
00274
00276 Period GetLifeTime(void) const;
00277
00279 Time GetStartTime() const;
00280
00282 Time GetEndTime() const;
00283
00285 void SetLifeTime(const Period& period);
00286
00288 void SetStartTime(const Time& start_time);
00289
00291 bool IsValid(void);
00292
00293
00294
00295
00296
00297
00303 bool AddExtension(const std::string& name, const std::string& data, bool crit = false);
00304
00317 bool AddExtension(const std::string& name, char** binary);
00318
00324 std::string GetExtension(const std::string& name);
00325
00332 bool GenerateEECRequest(BIO* reqbio, BIO* keybio, const std::string& dn = "");
00333
00335 bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent, const std::string& dn = "");
00336
00338 bool GenerateEECRequest(const char* request_filename, const char* key_filename, const std::string& dn = "");
00339
00344 bool GenerateRequest(BIO* bio, bool if_der = false);
00345
00347 bool GenerateRequest(std::string &content, bool if_der = false);
00348
00350 bool GenerateRequest(const char* filename, bool if_der = false);
00351
00358 bool InquireRequest(BIO* reqbio, bool if_eec = false, bool if_der = false);
00359
00361 bool InquireRequest(std::string &content, bool if_eec = false, bool if_der = false);
00362
00364 bool InquireRequest(const char* filename, bool if_eec = false, bool if_der = false);
00365
00370 bool SignRequest(Credential* proxy, BIO* outputbio, bool if_der = false);
00371
00375 bool SignRequest(Credential* proxy, std::string &content, bool if_der = false);
00376
00380 bool SignRequest(Credential* proxy, const char* filename, bool foamat = false);
00381
00389 bool SelfSignEECRequest(const std::string& dn, const char* extfile, const std::string& extsect, const char* certfile);
00390
00391
00392
00394 bool SignEECRequest(Credential* eec, const std::string& dn, BIO* outputbio);
00395
00397 bool SignEECRequest(Credential* eec, const std::string& dn, std::string &content);
00398
00400 bool SignEECRequest(Credential* eec, const std::string& dn, const char* filename);
00401
00402 private:
00403
00404 std::string cacertfile_;
00405 std::string cacertdir_;
00406 std::string certfile_;
00407 std::string keyfile_;
00408
00409
00410 ArcCredential::cert_verify_context verify_ctx_;
00411
00412
00413 bool verification_valid;
00414
00415
00416 X509 * cert_;
00417 ArcCredential::certType cert_type_;
00418 EVP_PKEY * pkey_;
00419 STACK_OF(X509) * cert_chain_;
00420
00421
00422
00423 ArcCredential::PROXYCERTINFO* proxy_cert_info_;
00424 Credformat format;
00425 Time start_;
00426 Period lifetime_;
00427
00428
00429 X509_REQ* req_;
00430 RSA* rsa_key_;
00431 EVP_MD* signing_alg_;
00432 int keybits_;
00433
00434
00435 std::string proxyversion_;
00436 std::string policy_;
00437 std::string policylang_;
00438 int proxyver_;
00439 int pathlength_;
00440
00441
00442 STACK_OF(X509_EXTENSION)* extensions_;
00443
00444
00445 std::string CAserial_;
00446 std::string extfile_;
00447 std::string extsect_;
00448
00449 static X509_NAME *parse_name(char *subject, long chtype, int multirdn);
00450 };
00451
00452 }
00453
00454 #endif
00455