1 #ifndef __ARC_CREDENTIAL_H__
2 #define __ARC_CREDENTIAL_H__
8 #include <openssl/asn1.h>
9 #include <openssl/pem.h>
10 #include <openssl/x509.h>
11 #include <openssl/x509v3.h>
12 #include <openssl/pkcs12.h>
13 #include <openssl/err.h>
15 #include <arc/Logger.h>
16 #include <arc/DateTime.h>
17 #include <arc/UserConfig.h>
19 #include <arc/credential/CertUtil.h>
40 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
79 Credential(
const std::string& CAfile,
const std::string& CAkey,
80 const std::string& CAserial,
81 const std::string& extfile,
const std::string& extsect,
82 const std::string& passphrase4key);
124 int keybits = 1024, std::string proxyversion =
"rfc",
125 std::string policylang =
"inheritAll", std::string policy =
"",
126 int pathlength = -1);
142 Credential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
143 const std::string& cafile,
const std::string& passphrase4key =
"",
144 const bool is_file =
true);
167 static std::string NoPassword(
void) {
return std::string(
"\0",1); };
174 void InitCredential(
const std::string& cert,
const std::string& key,
const std::string& cadir,
175 const std::string& cafile,
const std::string& passphrase4key,
const bool is_file);
178 void loadKeyString(
const std::string& key, EVP_PKEY* &pkey,
const std::string& passphrase =
"");
179 void loadKeyFile(
const std::string& keyfile, EVP_PKEY* &pkey,
const std::string& passphrase =
"");
185 void loadCertificateString(
const std::string& cert, X509* &x509,
STACK_OF(X509)** certchain);
186 void loadCertificateFile(
const std::string& certfile, X509* &x509,
STACK_OF(X509)** certchain);
190 void InitVerification(
void);
203 X509_EXTENSION* CreateExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
212 bool SetProxyPeriod(X509* tosign, X509* issuer,
const Time& start,
const Period& lifetime);
217 bool SignRequestAssistant(
Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
242 STACK_OF(X509)* GetCertChain(
void)
const;
253 Credformat
getFormat_BIO(BIO * in,
const bool is_file =
true)
const;
254 Credformat getFormat_str(
const std::string& source)
const;
257 std::string
GetDN(
void)
const;
283 void SetProxyPolicy(
const std::string& proxyversion,
const std::string& policylang,
284 const std::string& policy,
int pathlength);
291 bool OutputPrivatekey(std::string &content,
bool encryption =
false,
const std::string& passphrase =
"");
337 bool AddExtension(
const std::string& name,
const std::string& data,
bool crit =
false);
353 bool AddExtension(
const std::string& name,
char** binary);
371 bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent,
const std::string& dn =
"");
374 bool GenerateEECRequest(
const char* request_filename,
const char* key_filename,
const std::string& dn =
"");
396 bool InquireRequest(BIO* reqbio,
bool if_eec =
false,
bool if_der =
false);
399 bool InquireRequest(std::string &content,
bool if_eec =
false,
bool if_der =
false);
402 bool InquireRequest(
const char* filename,
bool if_eec =
false,
bool if_der =
false);
433 bool SelfSignEECRequest(
const std::string& dn,
const char* extfile,
const std::string& extsect,
const char* certfile);
448 std::string cacertfile_;
449 std::string cacertdir_;
450 std::string certfile_;
451 std::string keyfile_;
457 bool verification_valid;
467 ArcCredential::PROXYCERTINFO* proxy_cert_info_;
475 EVP_MD* signing_alg_;
479 std::string proxyversion_;
481 std::string policylang_;
486 STACK_OF(X509_EXTENSION)* extensions_;
489 std::string CAserial_;
490 std::string extfile_;
491 std::string extsect_;
493 static X509_NAME *parse_name(
char *subject,
long chtype,
int multirdn);