Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Private Types | Private Member Functions | Private Attributes
Arc::ConfigTLSMCC Class Reference

#include <ConfigTLSMCC.h>

Collaboration diagram for Arc::ConfigTLSMCC:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 ConfigTLSMCC (XMLNode cfg, Logger &logger, bool client=false)
const std::string & CADir (void) const
const std::string & CAFile (void) const
const std::string & ProxyFile (void) const
const std::string & CertFile (void) const
const std::string & KeyFile (void) const
bool GlobusPolicy (void) const
const std::vector< std::string > & VOMSCertTrustDN (void)
bool Set (SSL_CTX *sslctx, Logger &logger)
bool IfClientAuthn (void) const
bool IfTLSHandshake (void) const
bool IfSSLv3Handshake (void) const

Private Types

enum  { tls_handshake, ssl3_handshake }

Private Member Functions

 ConfigTLSMCC (void)

Private Attributes

std::string ca_dir_
std::string ca_file_
std::string proxy_file_
std::string cert_file_
std::string key_file_
bool client_authn_
bool globus_policy_
enum Arc::ConfigTLSMCC:: { ... }  handshake_
std::vector< std::string > vomscert_trust_dn_

Detailed Description

Definition at line 13 of file ConfigTLSMCC.h.


Member Enumeration Documentation

anonymous enum [private]
Enumerator:
tls_handshake 
ssl3_handshake 

Definition at line 22 of file ConfigTLSMCC.h.


Constructor & Destructor Documentation

Arc::ConfigTLSMCC::ConfigTLSMCC ( void  ) [private]
Arc::ConfigTLSMCC::ConfigTLSMCC ( XMLNode  cfg,
Logger logger,
bool  client = false 
)

Definition at line 37 of file ConfigTLSMCC.cpp.

                                                                 {
  client_authn_ = true;
  cert_file_ = (std::string)(cfg["CertificatePath"]);
  key_file_ = (std::string)(cfg["KeyPath"]);
  ca_file_ = (std::string)(cfg["CACertificatePath"]);
  ca_dir_ = (std::string)(cfg["CACertificatesDir"]);
  globus_policy_ = (((std::string)(cfg["CACertificatesDir"].Attribute("PolicyGlobus"))) == "true");
  handshake_ = (cfg["Handshake"] == "SSLv3")?ssl3_handshake:tls_handshake;
  proxy_file_ = (std::string)(cfg["ProxyPath"]);
  
  std::vector<std::string> gridSecDir (2);
  gridSecDir[0] = G_DIR_SEPARATOR_S + std::string("etc");
  gridSecDir[1] = "grid-security";
  std::string gridSecurityDir = Glib::build_path(G_DIR_SEPARATOR_S, gridSecDir);

  if(!client) {
    
    if(cert_file_.empty()) cert_file_= Glib::build_filename(gridSecurityDir, "hostcert.pem");
    if(key_file_.empty()) key_file_= Glib::build_filename(gridSecurityDir, "hostkey.pem");
    // Use VOMS trust DN of server certificates specified in configuration
    config_VOMS_add(cfg,vomscert_trust_dn_);
    // Look for those configured in separate files
    // TODO: should those file be reread on every connection
    XMLNode locnd = cfg["VOMSCertTrustDNChainsLocation"];
    for(;(bool)locnd;++locnd) {
      std::string filename = (std::string)locnd;
      std::ifstream file(filename.c_str());
      if (!file) {
        logger.msg(ERROR, "Can not read file %s with list of trusted VOMS DNs", filename);
        continue;
      };
      XMLNode node;
      file >> node;
      config_VOMS_add(node,vomscert_trust_dn_);
    };
    //If ClientAuthn is explicitly set to be "false" in configuration,
    //then client/authentication is not required, which means client 
    //side does not need to provide certificate and key in its configuration.
    //The default value of ClientAuthn is "true"
    if (((std::string)((cfg)["ClientAuthn"])) == "false") client_authn_ = false;
  } else {
    //If both CertificatePath and ProxyPath have not beed configured, 
    //client side can not provide certificate for server side. Then server 
    //side should not require client authentication
    if(cert_file_.empty() && proxy_file_.empty()) client_authn_ = false;
  };
  if(ca_dir_.empty() && ca_file_.empty()) ca_dir_= gridSecurityDir + G_DIR_SEPARATOR_S + "certificates";
  if(!proxy_file_.empty()) { key_file_=proxy_file_; cert_file_=proxy_file_; };
}

Here is the call graph for this function:


Member Function Documentation

const std::string& Arc::ConfigTLSMCC::CADir ( void  ) const [inline]

Definition at line 30 of file ConfigTLSMCC.h.

{ return ca_dir_; };

Here is the caller graph for this function:

const std::string& Arc::ConfigTLSMCC::CAFile ( void  ) const [inline]

Definition at line 31 of file ConfigTLSMCC.h.

{ return ca_file_; };

Here is the caller graph for this function:

const std::string& Arc::ConfigTLSMCC::CertFile ( void  ) const [inline]

Definition at line 33 of file ConfigTLSMCC.h.

{ return cert_file_; };
bool Arc::ConfigTLSMCC::GlobusPolicy ( void  ) const [inline]

Definition at line 35 of file ConfigTLSMCC.h.

{ return globus_policy_; };

Here is the caller graph for this function:

bool Arc::ConfigTLSMCC::IfClientAuthn ( void  ) const [inline]

Definition at line 38 of file ConfigTLSMCC.h.

{ return client_authn_; };

Here is the caller graph for this function:

bool Arc::ConfigTLSMCC::IfSSLv3Handshake ( void  ) const [inline]

Definition at line 40 of file ConfigTLSMCC.h.

{ return handshake_ == ssl3_handshake; };
bool Arc::ConfigTLSMCC::IfTLSHandshake ( void  ) const [inline]

Definition at line 39 of file ConfigTLSMCC.h.

{ return handshake_ == tls_handshake; };

Here is the caller graph for this function:

const std::string& Arc::ConfigTLSMCC::KeyFile ( void  ) const [inline]

Definition at line 34 of file ConfigTLSMCC.h.

{ return key_file_; };
const std::string& Arc::ConfigTLSMCC::ProxyFile ( void  ) const [inline]

Definition at line 32 of file ConfigTLSMCC.h.

{ return proxy_file_; };
bool Arc::ConfigTLSMCC::Set ( SSL_CTX *  sslctx,
Logger logger 
)

Definition at line 87 of file ConfigTLSMCC.cpp.

                                                     {
  int r;
  if((!ca_file_.empty()) || (!ca_dir_.empty())) {
    if(!SSL_CTX_load_verify_locations(sslctx, ca_file_.empty()?NULL:ca_file_.c_str(), ca_dir_.empty()?NULL:ca_dir_.c_str())) {
      logger.msg(ERROR, "Can not assign CA location - %s",ca_dir_.empty()?ca_file_:ca_dir_);
      PayloadTLSStream::HandleError(logger);
      return false;
    };
  };
  if(!cert_file_.empty()) {
    // Try to load proxy then PEM and then ASN1 certificate
    if((SSL_CTX_use_certificate_chain_file(sslctx,cert_file_.c_str()) != 1) &&
       (SSL_CTX_use_certificate_file(sslctx,cert_file_.c_str(),SSL_FILETYPE_PEM) != 1) &&
       (SSL_CTX_use_certificate_file(sslctx,cert_file_.c_str(),SSL_FILETYPE_ASN1) != 1)) {
      logger.msg(ERROR, "Can not load certificate file - %s",cert_file_);
      PayloadTLSStream::HandleError(logger);
      return false;
    };
  };
  if(!key_file_.empty()) {
    if((SSL_CTX_use_PrivateKey_file(sslctx,key_file_.c_str(),SSL_FILETYPE_PEM) != 1) &&
       (SSL_CTX_use_PrivateKey_file(sslctx,key_file_.c_str(),SSL_FILETYPE_ASN1) != 1)) {
      logger.msg(ERROR, "Can not load key file - %s",key_file_);
      PayloadTLSStream::HandleError(logger);
      return false;
    };
  };
  if((!key_file_.empty()) && (!cert_file_.empty()))
    if(!(SSL_CTX_check_private_key(sslctx))) {
      logger.msg(ERROR, "Private key %s does not match certificate %s",key_file_,cert_file_);
      PayloadTLSStream::HandleError(logger);
      return false;
    };
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:

const std::vector<std::string>& Arc::ConfigTLSMCC::VOMSCertTrustDN ( void  ) [inline]

Definition at line 36 of file ConfigTLSMCC.h.

{ return vomscert_trust_dn_; };

Here is the caller graph for this function:


Member Data Documentation

std::string Arc::ConfigTLSMCC::ca_dir_ [private]

Definition at line 15 of file ConfigTLSMCC.h.

std::string Arc::ConfigTLSMCC::ca_file_ [private]

Definition at line 16 of file ConfigTLSMCC.h.

std::string Arc::ConfigTLSMCC::cert_file_ [private]

Definition at line 18 of file ConfigTLSMCC.h.

Definition at line 20 of file ConfigTLSMCC.h.

Definition at line 21 of file ConfigTLSMCC.h.

enum { ... } Arc::ConfigTLSMCC::handshake_ [private]
std::string Arc::ConfigTLSMCC::key_file_ [private]

Definition at line 19 of file ConfigTLSMCC.h.

std::string Arc::ConfigTLSMCC::proxy_file_ [private]

Definition at line 17 of file ConfigTLSMCC.h.

std::vector<std::string> Arc::ConfigTLSMCC::vomscert_trust_dn_ [private]

Definition at line 26 of file ConfigTLSMCC.h.


The documentation for this class was generated from the following files: