1 #ifndef __ARC_CREDENTIAL_H__
2 #define __ARC_CREDENTIAL_H__
8 #include <openssl/asn1.h>
9 #include <openssl/pem.h>
10 #include <openssl/x509.h>
11 #include <openssl/x509v3.h>
12 #include <openssl/pkcs12.h>
13 #include <openssl/err.h>
15 #include <arc/Logger.h>
16 #include <arc/DateTime.h>
17 #include <arc/UserConfig.h>
19 #include <arc/credential/CertUtil.h>
20 #include <arc/credential/PasswordSource.h>
41 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
46 typedef enum { SIGN_DEFAULT = 0,
48 #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
93 Credential(
const std::string& CAfile,
const std::string& CAkey,
94 const std::string& CAserial,
95 const std::string& extfile,
const std::string& extsect,
96 const std::string& passphrase4key);
102 Credential(
const std::string& CAfile,
const std::string& CAkey,
103 const std::string& CAserial,
104 const std::string& extfile,
const std::string& extsect,
147 int keybits = 1024, std::string proxyversion =
"rfc",
148 std::string policylang =
"inheritAll", std::string policy =
"",
149 int pathlength = -1);
165 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
166 const std::string& cafile,
const std::string& passphrase4key =
"",
167 const bool is_file =
true);
173 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
175 const bool is_file =
true);
216 static std::string NoPassword(
void) {
return std::string(
"\0",1); };
223 void InitCredential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
224 const std::string& cafile,
PasswordSource& passphrase4key,
const bool is_file);
228 void loadKeyString(
const std::string& key, EVP_PKEY* &pkey,
PasswordSource& passphrase);
230 void loadKeyFile(
const std::string& keyfile, EVP_PKEY* &pkey,
PasswordSource& passphrase);
236 void loadCertificateString(
const std::string& cert, X509* &x509,
STACK_OF(X509)** certchain);
237 void loadCertificateFile(
const std::string& certfile, X509* &x509,
STACK_OF(X509)** certchain);
241 void InitVerification(
void);
254 X509_EXTENSION* CreateExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
263 bool SetProxyPeriod(X509* tosign, X509* issuer,
const Time& start,
const Period& lifetime);
268 bool SignRequestAssistant(
Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
293 STACK_OF(X509)* GetCertChain(
void)
const;
304 Credformat
getFormat_BIO(BIO * in,
const bool is_file =
true)
const;
305 Credformat getFormat_str(
const std::string& source)
const;
308 std::string
GetDN(
void)
const;
344 void SetProxyPolicy(
const std::string& proxyversion,
const std::string& policylang,
345 const std::string& policy,
int pathlength);
352 bool OutputPrivatekey(std::string &content,
bool encryption =
false,
const std::string& passphrase =
"");
406 bool AddExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
422 bool AddExtension(
const std::string& name,
char** binary);
440 bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent,
const std::string& dn =
"");
443 bool GenerateEECRequest(
const char* request_filename,
const char* key_filename,
const std::string& dn =
"");
465 bool InquireRequest(BIO* reqbio,
bool if_eec =
false,
bool if_der =
false);
468 bool InquireRequest(std::string &content,
bool if_eec =
false,
bool if_der =
false);
471 bool InquireRequest(
const char* filename,
bool if_eec =
false,
bool if_der =
false);
502 bool SelfSignEECRequest(
const std::string& dn,
const char* extfile,
const std::string& extsect,
const char* certfile);
517 std::string cacertfile_;
518 std::string cacertdir_;
519 std::string certfile_;
520 std::string keyfile_;
526 bool verification_valid;
536 ArcCredential::PROXYCERTINFO* proxy_cert_info_;
544 EVP_MD* signing_alg_;
548 std::string proxyversion_;
550 std::string policylang_;
555 STACK_OF(X509_EXTENSION)* extensions_;
558 std::string CAserial_;
559 std::string extfile_;
560 std::string extsect_;
562 static X509_NAME *parse_name(
char *subject,
long chtype,
int multirdn);