code/trunk-r27890/VOMSUtil_8h_source.html

#ifndef __ARC_VOMSUTIL_H__

#define __ARC_VOMSUTIL_H__


#include <vector>

#include <string>


#include <arc/ArcRegex.h>

#include <arc/credential/VOMSAttribute.h>

#include <arc/credential/Credential.h>


namespace Arc {


  typedef std::vector<std::string> VOMSTrustChain;


  typedef std::string VOMSTrustRegex;


  class VOMSACInfo {

   public:

    // Not all statuses are implemented

    typedef enum {

      Success = 0,

      CAUnknown = (1<<0), // Signed by VOMS certificate of unknow CA

      CertRevoked = (1<<1), // Signed by revoked VOMS certificate

      LSCFailed = (1<<2), // Failed while matching VOMS attr. against LSC files

      TrustFailed = (1<<2), // Failed matching VOMS attr. against specified trust list

      X509ParsingFailed = (1<<3), // Failed while parsing at X509 level

      ACParsingFailed = (1<<4), // Failed while parsing at AC level

      InternalParsingFailed = (1<<5), // Failed while parsing internal VOMS structures

      TimeValidFailed = (1<<6), // VOMS attributes are not valid yet or expired

      IsCritical = (1<<7), // VOMS extension was marked as critical (unusual but not error)

      ParsingError = (X509ParsingFailed | ACParsingFailed | InternalParsingFailed), // Mask to test if status represents any failure caused by failed parsing

      ValidationError = (CAUnknown | CertRevoked | LSCFailed | TrustFailed | TimeValidFailed), // Mask to test if status represents any failure caused by validation rules

      Error = (0xffff & ~IsCritical) // Mask to test if status represents any failure

    } status_t;

    std::string voname;

    std::string holder;

    std::string issuer;

    std::string target;

    std::vector<std::string> attributes;

    Time from;

    Time till;

    //Period validity;

    unsigned int status;

    VOMSACInfo(void):from(-1),till(-1),status(0) { };

  };


  class VOMSTrustList {

    private:

      std::vector<VOMSTrustChain> chains_;

      std::vector<RegularExpression*> regexs_;

    public:

      VOMSTrustList(void) { };

      VOMSTrustList(const std::vector<std::string>& encoded_list);

      VOMSTrustList(const std::vector<VOMSTrustChain>& chains,const std::vector<VOMSTrustRegex>& regexs);

      ~VOMSTrustList(void);

      VOMSTrustChain& AddChain(const VOMSTrustChain& chain);

      VOMSTrustChain& AddChain(void);

      void AddElement(const std::vector<std::string>& encoded_list);

      RegularExpression& AddRegex(const VOMSTrustRegex& reg);

      int SizeChains(void) const { return chains_.size(); };

      int SizeRegexs(void) const { return regexs_.size(); };

      const VOMSTrustChain& GetChain(int num) const { return chains_[num]; };

      const RegularExpression& GetRegex(int num) const { return *(regexs_[num]); };

  };


  void InitVOMSAttribute(void);


  /* This method is used to create an AC. It is supposed

   * to be used by the voms server

   * @param issuer      The issuer which will be used to sign the AC, it is also

   *                    the voms server certificate

   * @param issuerstack The stack of the issuer certificates that issue the

   *                    voms server certificate. If the voms server certificate

   *                    is issued by a root CA (self-signed), then this param

   *                    is empty.

   * @param holder      The certificate of the holder of this AC. It should be

   *                    parsed from the peer that launches a AC query request

   * @param pkey        The key of the holder

   * @param fqan        The AC_IETFATTR. According to the definition of voms, the fqan

   *                      will be like /Role=Employee/Group=Tester/Capability=NULL

   * @param attributes  The AC_FULL_ATTRIBUTES.  Accoding to the definition of voms,

   *                      the attributes will be like "qualifier::name=value"

   * @param target      The list of targets which are supposed to consume this AC

   * @param ac          The generated AC

   * @param voname      The vo name

   * @param uri         The uri of this vo, together with voname, it will be

   *                      as the grantor of this AC

   * @param lifetime    The lifetime of this AC

   */

  /*

  int createVOMSAC(X509 *issuer, STACK_OF(X509) *issuerstack, X509 *holder,

                   EVP_PKEY *pkey, BIGNUM *serialnum,

                   std::vector<std::string> &fqan,

                   std::vector<std::string> &targets,

                   std::vector<std::string>& attributes,

                   ArcCredential::AC **ac, std::string voname,

                   std::string uri, int lifetime);

  */


  bool createVOMSAC(std::string& codedac, Credential& issuer_cred,

                    Credential& holder_cred,

                    std::vector<std::string> &fqan,

                    std::vector<std::string> &targets,

                    std::vector<std::string>& attributes,

                    std::string &voname, std::string &uri, int lifetime);


  bool addVOMSAC(ArcCredential::AC** &aclist, std::string &acorder, std::string &decodedac);


  bool parseVOMSAC(X509* holder,

                   const std::string& ca_cert_dir,

                   const std::string& ca_cert_file,

                   const std::string& vomsdir,

                   VOMSTrustList& vomscert_trust_dn,

                   std::vector<VOMSACInfo>& output,

                   bool verify = true, bool reportall = false);


  bool parseVOMSAC(const Credential& holder_cred,

                   const std::string& ca_cert_dir,

                   const std::string& ca_cert_file,

                   const std::string& vomsdir,

                   VOMSTrustList& vomscert_trust_dn,

                   std::vector<VOMSACInfo>& output,

                   bool verify = true, bool reportall = false);


  bool parseVOMSAC(const std::string& cert_str,

                   const std::string& ca_cert_dir,

                   const std::string& ca_cert_file,

                   const std::string& vomsdir,

                   VOMSTrustList& vomscert_trust_dn,

                   std::vector<VOMSACInfo>& output,

                   bool verify = true, bool reportall = false);


  char *VOMSDecode(const char *data, int size, int *j);


  char *VOMSEncode(const char *data, int size, int *j);


  std::string getCredentialProperty(const Arc::Credential& u, const std::string& property,

                                    const std::string& ca_cert_dir = std::string(""),

                                    const std::string& ca_cert_file = std::string(""),

                                    const std::string& vomsdir = std::string(""),

                                    const std::vector<std::string>& voms_trust_list = std::vector<std::string>());


  std::string VOMSFQANToFull(const std::string& vo, const std::string& fqan);


  bool VOMSACSeqEncode(const std::string& ac_seq, std::string& asn1);


  bool VOMSACSeqEncode(const std::list<std::string> acs, std::string& asn1);


}// namespace Arc


#endif /* __ARC_VOMSUTIL_H__ */