Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Protected Member Functions | Protected Attributes
Arc::DelegationConsumer Class Reference

A consumer of delegated X509 credentials. More...

#include <DelegationInterface.h>

Inheritance diagram for Arc::DelegationConsumer:
Inheritance graph
[legend]

List of all members.

Public Member Functions

 DelegationConsumer (void)
 Creates object with new private key.
 DelegationConsumer (const std::string &content)
 Creates object with provided private key.
 ~DelegationConsumer (void)
 operator bool (void)
bool operator! (void)
const std::string & ID (void)
 Return identifier of this object - not implemented.
bool Backup (std::string &content)
 Stores content of this object into a string.
bool Restore (const std::string &content)
 Restores content of object from string.
bool Request (std::string &content)
 Make X509 certificate request from internal private key.
bool Acquire (std::string &content)
 Ads private key into certificates chain in 'content' On exit content contains complete delegated credentials.
bool Acquire (std::string &content, std::string &identity)
 Includes the functionality in Acquire(content); pluse extracting the *credential identity.

Protected Member Functions

bool Generate (void)
 Private key.
void LogError (void)
 Creates private key.

Protected Attributes

void * key_

Detailed Description

A consumer of delegated X509 credentials.

During delegation procedure this class acquires delegated credentials aka proxy - certificate, private key and chain of previous certificates. Delegation procedure consists of calling Request() method for generating certificate request followed by call to Acquire() method for making complete credentials from certificate chain.

Definition at line 24 of file DelegationInterface.h.


Constructor & Destructor Documentation

Creates object with new private key.

Definition at line 213 of file DelegationInterface.cpp.

                                          :key_(NULL) {
  Generate();
}

Here is the call graph for this function:

Arc::DelegationConsumer::DelegationConsumer ( const std::string &  content)

Creates object with provided private key.

Definition at line 217 of file DelegationInterface.cpp.

                                                              :key_(NULL) {
  Restore(content);
}

Here is the call graph for this function:

Definition at line 221 of file DelegationInterface.cpp.

                                            {
  if(key_) RSA_free((RSA*)key_);
}

Member Function Documentation

bool Arc::DelegationConsumer::Acquire ( std::string &  content)

Ads private key into certificates chain in 'content' On exit content contains complete delegated credentials.

Definition at line 390 of file DelegationInterface.cpp.

                                                   {
  std::string identity;
  return Acquire(content,identity);
}

Here is the caller graph for this function:

bool Arc::DelegationConsumer::Acquire ( std::string &  content,
std::string &  identity 
)

Includes the functionality in Acquire(content); pluse extracting the *credential identity.

Definition at line 395 of file DelegationInterface.cpp.

                                                                        {
  X509 *cert = NULL;
  STACK_OF(X509) *cert_sk = NULL;
  bool res = false;
  char buf[100];
  std::string subject;

  if(!key_) return false;

  if(!string_to_x509(content,cert,cert_sk)) goto err;

  content.resize(0);
  if(!x509_to_string(cert,content)) goto err;

  X509_NAME_oneline(X509_get_subject_name(cert),buf,sizeof(buf));
  subject=buf;
#ifdef HAVE_OPENSSL_PROXY
  if(X509_get_ext_by_NID(cert,NID_proxyCertInfo,-1) < 0) {
    identity=subject;
  };
#endif

  if(!x509_to_string((RSA*)key_,content)) goto err;
  if(cert_sk) {
    for(int n=0;n<sk_X509_num((STACK_OF(X509) *)cert_sk);++n) {
      X509* v = sk_X509_value((STACK_OF(X509) *)cert_sk,n);
      if(!v) goto err;
      if(!x509_to_string(v,content)) goto err;
      if(identity.empty()) {
        memset(buf,0,100);
        X509_NAME_oneline(X509_get_subject_name(v),buf,sizeof(buf));
#ifdef HAVE_OPENSSL_PROXY
        if(X509_get_ext_by_NID(v,NID_proxyCertInfo,-1) < 0) {
          identity=buf;
        };
#endif
      };
    };
  };
  if(identity.empty()) identity = subject;

  res=true;
err:
  if(!res) LogError();
  if(cert) X509_free(cert);
  if(cert_sk) {
    for(int i = 0;i<sk_X509_num(cert_sk);++i) {
      X509* v = sk_X509_value(cert_sk,i);
      if(v) X509_free(v);
    };
    sk_X509_free(cert_sk);
  };
  return res;
}

Here is the call graph for this function:

bool Arc::DelegationConsumer::Backup ( std::string &  content)

Stores content of this object into a string.

Definition at line 262 of file DelegationInterface.cpp.

                                                  {
  bool res = false;
  content.resize(0);
  RSA *rsa = (RSA*)key_;
  if(rsa) {
    BIO *out = BIO_new(BIO_s_mem());
    if(out) {
      EVP_CIPHER *enc = NULL;
      if(PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL)) {
        res=true;
        for(;;) {
          char s[256];
          int l = BIO_read(out,s,sizeof(s));
          if(l <= 0) break;
          content.append(s,l);;
        };
      } else {
        LogError();
        std::cerr<<"PEM_write_bio_RSAPrivateKey failed"<<std::endl;
      };
      BIO_free_all(out);
    };
  };
  return res;
}

Here is the call graph for this function:

bool Arc::DelegationConsumer::Generate ( void  ) [protected]

Private key.

Definition at line 304 of file DelegationInterface.cpp.

                                      {
  bool res = false;
  int num = 1024;
#ifdef HAVE_OPENSSL_OLDRSA
  unsigned long bn = RSA_F4;
  RSA *rsa=RSA_generate_key(num,bn,&progress_cb,NULL);
  if(rsa) {
    if(key_) RSA_free((RSA*)key_);
    key_=rsa; rsa=NULL; res=true;
  } else {
    LogError();
    std::cerr<<"RSA_generate_key failed"<<std::endl;
  };
  if(rsa) RSA_free(rsa);
#else
  BN_GENCB cb;
  BIGNUM *bn = BN_new();
  RSA *rsa = RSA_new();

  BN_GENCB_set(&cb,&progress_cb,NULL);
  if(bn && rsa) {
    if(BN_set_word(bn,RSA_F4)) {
      if(RSA_generate_key_ex(rsa,num,bn,&cb)) {
        if(key_) RSA_free((RSA*)key_);
        key_=rsa; rsa=NULL; res=true;
      } else {
        LogError();
        std::cerr<<"RSA_generate_key_ex failed"<<std::endl;
      };
    } else {
      LogError();
      std::cerr<<"BN_set_word failed"<<std::endl;
    };
  } else {
    LogError();
    std::cerr<<"BN_new || RSA_new failed"<<std::endl;
  };
  if(bn) BN_free(bn);
  if(rsa) RSA_free(rsa);
#endif
  return res;
}

Here is the call graph for this function:

Here is the caller graph for this function:

const std::string & Arc::DelegationConsumer::ID ( void  )

Return identifier of this object - not implemented.

Definition at line 225 of file DelegationInterface.cpp.

                                            {
  static std::string s;
  return s;
}
void Arc::DelegationConsumer::LogError ( void  ) [protected]

Creates private key.

Definition at line 257 of file DelegationInterface.cpp.

                                      {
  std::string ssl_err;
  ERR_print_errors_cb(&ssl_err_cb,&ssl_err);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Arc::DelegationConsumer::operator bool ( void  ) [inline]

Definition at line 35 of file DelegationInterface.h.

{ return key_ != NULL; };
bool Arc::DelegationConsumer::operator! ( void  ) [inline]

Definition at line 36 of file DelegationInterface.h.

{ return key_ == NULL; };
bool Arc::DelegationConsumer::Request ( std::string &  content)

Make X509 certificate request from internal private key.

Definition at line 347 of file DelegationInterface.cpp.

                                                   {
  bool res = false;
  content.resize(0);
  EVP_PKEY *pkey = EVP_PKEY_new();
  const EVP_MD *digest = EVP_sha1();
  if(pkey) {
    RSA *rsa = (RSA*)key_;
    if(rsa) {
      if(EVP_PKEY_set1_RSA(pkey, rsa)) {
        X509_REQ *req = X509_REQ_new();
        if(req) {
          //if(X509_REQ_set_version(req,0L)) {
          if(X509_REQ_set_version(req,2L)) {
            if(X509_REQ_set_pubkey(req,pkey)) {
              if(X509_REQ_sign(req,pkey,digest)) {
                BIO *out = BIO_new(BIO_s_mem());
                if(out) {
                  if(PEM_write_bio_X509_REQ(out,req)) {
                    res=true;
                    for(;;) {
                      char s[256];
                      int l = BIO_read(out,s,sizeof(s));
                      if(l <= 0) break;
                      content.append(s,l);;
                    };
                  } else {
                    LogError();
                    std::cerr<<"PEM_write_bio_X509_REQ failed"<<std::endl;
                  };
                  BIO_free_all(out);
                };
              };
            };
          };
          X509_REQ_free(req);
        };
      };
    };
    EVP_PKEY_free(pkey);
  };
  return res;
}

Here is the call graph for this function:

Here is the caller graph for this function:

bool Arc::DelegationConsumer::Restore ( const std::string &  content)

Restores content of object from string.

Definition at line 288 of file DelegationInterface.cpp.

                                                         {
  bool res = false;
  RSA *rsa = NULL;
  BIO *in = BIO_new_mem_buf((void*)(content.c_str()),content.length());
  if(in) {
    if(PEM_read_bio_RSAPrivateKey(in,&rsa,NULL,NULL)) {
      if(rsa) {
        if(key_) RSA_free((RSA*)key_);
        key_=rsa; res=true;
      };
    };
    BIO_free_all(in);
  };
  return rsa;
}

Here is the caller graph for this function:


Member Data Documentation

void* Arc::DelegationConsumer::key_ [protected]

Definition at line 26 of file DelegationInterface.h.


The documentation for this class was generated from the following files: