Back to index

nordugrid-arc-nox  1.1.0~rc6
Classes | Typedefs | Enumerations | Functions | Variables
ArcCredential Namespace Reference

Functions and constants for maintaining proxy certificates. More...

Classes

struct  cert_verify_context
struct  PROXYPOLICY_st
struct  PROXYCERTINFO_st
struct  ACDIGEST
struct  ACIS
struct  ACFORM
struct  ACACI
struct  ACHOLDER
struct  ACVAL
struct  ACIETFATTR
struct  ACTARGET
struct  ACTARGETS
struct  ACATTR
struct  ACINFO
struct  ACC
struct  ACSEQ
struct  ACCERTS
struct  ACATTRIBUTE
struct  ACATTHOLDER
struct  ACFULLATTRIBUTES

Typedefs

typedef struct
ArcCredential::PROXYPOLICY_st 
PROXYPOLICY
typedef struct
ArcCredential::PROXYCERTINFO_st 
PROXYCERTINFO
typedef struct
ArcCredential::ACDIGEST 
AC_DIGEST
typedef struct ArcCredential::ACIS AC_IS
typedef struct
ArcCredential::ACFORM 
AC_FORM
typedef struct ArcCredential::ACACI AC_ACI
typedef struct
ArcCredential::ACHOLDER 
AC_HOLDER
typedef struct ArcCredential::ACVAL AC_VAL
typedef struct asn1_string_st
typedef struct
ArcCredential::ACIETFATTR 
AC_IETFATTR
typedef struct
ArcCredential::ACTARGET 
AC_TARGET
typedef struct
ArcCredential::ACTARGETS 
AC_TARGETS
typedef struct
ArcCredential::ACATTR 
AC_ATTR
typedef struct
ArcCredential::ACINFO 
AC_INFO
typedef struct ArcCredential::ACC AC
typedef struct ArcCredential::ACSEQ AC_SEQ
typedef struct
ArcCredential::ACCERTS 
AC_CERTS
typedef struct
ArcCredential::ACATTRIBUTE 
AC_ATTRIBUTE
typedef struct
ArcCredential::ACATTHOLDER 
AC_ATT_HOLDER
typedef struct
ArcCredential::ACFULLATTRIBUTES 
AC_FULL_ATTRIBUTES

Enumerations

enum  certType {
  CERT_TYPE_EEC, CERT_TYPE_CA, CERT_TYPE_GSI_3_IMPERSONATION_PROXY, CERT_TYPE_GSI_3_INDEPENDENT_PROXY,
  CERT_TYPE_GSI_3_LIMITED_PROXY, CERT_TYPE_GSI_3_RESTRICTED_PROXY, CERT_TYPE_GSI_2_PROXY, CERT_TYPE_GSI_2_LIMITED_PROXY,
  CERT_TYPE_RFC_IMPERSONATION_PROXY, CERT_TYPE_RFC_INDEPENDENT_PROXY, CERT_TYPE_RFC_LIMITED_PROXY, CERT_TYPE_RFC_RESTRICTED_PROXY,
  CERT_TYPE_RFC_ANYLANGUAGE_PROXY
}

Functions

static int check_issued (X509_STORE_CTX *, X509 *x, X509 *issuer)
static int verify_callback (int ok, X509_STORE_CTX *store_ctx)
int verify_cert_chain (X509 *cert, STACK_OF(X509)**certchain, cert_verify_context *vctx)
bool check_cert_type (X509 *cert, certType &type)
const char * certTypeToString (certType type)
PROXYPOLICYPROXYPOLICY_new ()
char * ASN1_dup (int(*i2d)(void *, unsigned char **), char *(*d2i)(void **, const unsigned char **, long int), char *x)
void PROXYPOLICY_free (PROXYPOLICY *policy)
PROXYPOLICYPROXYPOLICY_dup (PROXYPOLICY *policy)
int PROXYPOLICY_print (BIO *bp, PROXYPOLICY *policy)
int PROXYPOLICY_set_policy_language (PROXYPOLICY *policy, ASN1_OBJECT *policy_language)
ASN1_OBJECT * PROXYPOLICY_get_policy_language (PROXYPOLICY *policy)
int PROXYPOLICY_set_policy (PROXYPOLICY *proxypolicy, unsigned char *policy, int length)
unsigned char * PROXYPOLICY_get_policy (PROXYPOLICY *proxypolicy, int *length)
int i2d_PROXYPOLICY (PROXYPOLICY *policy, unsigned char **pp)
PROXYPOLICYd2i_PROXYPOLICY (PROXYPOLICY **a, unsigned char **pp, long length)
 STACK_OF (CONF_VALUE)*i2v_PROXYPOLICY(struct v3_ext_method *
X509V3_EXT_METHOD * PROXYPOLICY_x509v3_ext_meth ()
PROXYCERTINFOPROXYCERTINFO_new ()
 PROXYCERTINFO function.
void PROXYCERTINFO_free (PROXYCERTINFO *proxycertinfo)
PROXYCERTINFOPROXYCERTINFO_dup (PROXYCERTINFO *proxycertinfo)
int PROXYCERTINFO_print (BIO *bp, PROXYCERTINFO *cert_info)
int PROXYCERTINFO_print_fp (FILE *fp, PROXYCERTINFO *cert_info)
int PROXYCERTINFO_set_path_length (PROXYCERTINFO *proxycertinfo, long path_length)
int PROXYCERTINFO_set_version (PROXYCERTINFO *proxycertinfo, int version)
int PROXYCERTINFO_get_version (PROXYCERTINFO *proxycertinfo)
long PROXYCERTINFO_get_path_length (PROXYCERTINFO *proxycertinfo)
int PROXYCERTINFO_set_proxypolicy (PROXYCERTINFO *proxycertinfo, PROXYPOLICY *proxypolicy)
PROXYPOLICYPROXYCERTINFO_get_proxypolicy (PROXYCERTINFO *proxycertinfo)
int i2d_PROXYCERTINFO_v3 (PROXYCERTINFO *proxycertinfo, unsigned char **pp)
int i2d_PROXYCERTINFO_v4 (PROXYCERTINFO *proxycertinfo, unsigned char **pp)
int i2d_PROXYCERTINFO (PROXYCERTINFO *proxycertinfo, unsigned char **pp)
PROXYCERTINFOd2i_PROXYCERTINFO_v3 (PROXYCERTINFO **cert_info, unsigned char **pp, long length)
PROXYCERTINFOd2i_PROXYCERTINFO_v4 (PROXYCERTINFO **cert_info, unsigned char **pp, long length)
PROXYCERTINFOd2i_PROXYCERTINFO (PROXYCERTINFO **cert_info, unsigned char **pp, long length)
X509V3_EXT_METHOD * PROXYCERTINFO_v4_x509v3_ext_meth ()
X509V3_EXT_METHOD * PROXYCERTINFO_v3_x509v3_ext_meth ()
int i2r_PROXYCERTINFO (X509V3_EXT_METHOD *method, PROXYCERTINFO *ext, BIO *out, int indent)
PROXYCERTINFOr2i_PROXYCERTINFO (X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value)
int i2d_AC_ATTR (AC_ATTR *a, unsigned char **pp)
AC_ATTRd2i_AC_ATTR (AC_ATTR **a, SSLCONST unsigned char **pp, long length)
AC_ATTRAC_ATTR_new ()
void AC_ATTR_free (AC_ATTR *a)
int i2d_AC_IETFATTR (AC_IETFATTR *a, unsigned char **pp)
AC_IETFATTRd2i_AC_IETFATTR (AC_IETFATTR **a, SSLCONST unsigned char **pp, long length)
AC_IETFATTRAC_IETFATTR_new ()
void AC_IETFATTR_free (AC_IETFATTR *a)
int i2d_AC_IETFATTRVAL (AC_IETFATTRVAL *a, unsigned char **pp)
AC_IETFATTRVAL * d2i_AC_IETFATTRVAL (AC_IETFATTRVAL **a, SSLCONST unsigned char **pp, long length)
AC_IETFATTRVAL * AC_IETFATTRVAL_new ()
void AC_IETFATTRVAL_free (AC_IETFATTRVAL *a)
int i2d_AC_DIGEST (AC_DIGEST *a, unsigned char **pp)
AC_DIGESTd2i_AC_DIGEST (AC_DIGEST **a, SSLCONST unsigned char **pp, long length)
AC_DIGESTAC_DIGEST_new (void)
void AC_DIGEST_free (AC_DIGEST *a)
int i2d_AC_IS (AC_IS *a, unsigned char **pp)
AC_ISd2i_AC_IS (AC_IS **a, SSLCONST unsigned char **pp, long length)
AC_ISAC_IS_new (void)
void AC_IS_free (AC_IS *a)
int i2d_AC_FORM (AC_FORM *a, unsigned char **pp)
AC_FORMd2i_AC_FORM (AC_FORM **a, SSLCONST unsigned char **pp, long length)
AC_FORMAC_FORM_new (void)
void AC_FORM_free (AC_FORM *a)
int i2d_AC_ACI (AC_ACI *a, unsigned char **pp)
AC_ACId2i_AC_ACI (AC_ACI **a, SSLCONST unsigned char **pp, long length)
AC_ACIAC_ACI_new (void)
void AC_ACI_free (AC_ACI *a)
int i2d_AC_HOLDER (AC_HOLDER *a, unsigned char **pp)
AC_HOLDERd2i_AC_HOLDER (AC_HOLDER **a, SSLCONST unsigned char **pp, long length)
AC_HOLDERAC_HOLDER_new (void)
void AC_HOLDER_free (AC_HOLDER *a)
AC_VALAC_VAL_new (void)
int i2d_AC_VAL (AC_VAL *a, unsigned char **pp)
AC_VALd2i_AC_VAL (AC_VAL **a, SSLCONST unsigned char **pp, long length)
void AC_VAL_free (AC_VAL *a)
int i2d_AC_INFO (AC_INFO *a, unsigned char **pp)
AC_INFOd2i_AC_INFO (AC_INFO **a, SSLCONST unsigned char **pp, long length)
AC_INFOAC_INFO_new (void)
void AC_INFO_free (AC_INFO *a)
int i2d_AC (AC *a, unsigned char **pp)
ACd2i_AC (AC **a, SSLCONST unsigned char **pp, long length)
ACAC_new (void)
void AC_free (AC *a)
int i2d_AC_SEQ (AC_SEQ *a, unsigned char **pp)
AC_SEQd2i_AC_SEQ (AC_SEQ **a, SSLCONST unsigned char **pp, long length)
AC_SEQAC_SEQ_new ()
void AC_SEQ_free (AC_SEQ *a)
int i2d_AC_TARGETS (AC_TARGETS *a, unsigned char **pp)
AC_TARGETSd2i_AC_TARGETS (AC_TARGETS **a, SSLCONST unsigned char **pp, long length)
AC_TARGETSAC_TARGETS_new ()
void AC_TARGETS_free (AC_TARGETS *a)
int i2d_AC_TARGET (AC_TARGET *a, unsigned char **pp)
AC_TARGETd2i_AC_TARGET (AC_TARGET **a, SSLCONST unsigned char **pp, long length)
AC_TARGETAC_TARGET_new (void)
void AC_TARGET_free (AC_TARGET *a)
int i2d_AC_CERTS (AC_CERTS *a, unsigned char **pp)
AC_CERTSd2i_AC_CERTS (AC_CERTS **a, SSLCONST unsigned char **pp, long length)
AC_CERTSAC_CERTS_new ()
void AC_CERTS_free (AC_CERTS *a)
int i2d_AC_ATTRIBUTE (AC_ATTRIBUTE *a, unsigned char **pp)
AC_ATTRIBUTEd2i_AC_ATTRIBUTE (AC_ATTRIBUTE **a, SSLCONST unsigned char **pp, long length)
AC_ATTRIBUTEAC_ATTRIBUTE_new ()
void AC_ATTRIBUTE_free (AC_ATTRIBUTE *a)
int i2d_AC_ATT_HOLDER (AC_ATT_HOLDER *a, unsigned char **pp)
AC_ATT_HOLDERd2i_AC_ATT_HOLDER (AC_ATT_HOLDER **a, SSLCONST unsigned char **pp, long length)
AC_ATT_HOLDERAC_ATT_HOLDER_new ()
void AC_ATT_HOLDER_free (AC_ATT_HOLDER *a)
int i2d_AC_FULL_ATTRIBUTES (AC_FULL_ATTRIBUTES *a, unsigned char **pp)
AC_FULL_ATTRIBUTESd2i_AC_FULL_ATTRIBUTES (AC_FULL_ATTRIBUTES **a, SSLCONST unsigned char **pp, long length)
AC_FULL_ATTRIBUTESAC_FULL_ATTRIBUTES_new ()
void AC_FULL_ATTRIBUTES_free (AC_FULL_ATTRIBUTES *a)
static char * norep ()
char * acseq_i2s (struct v3_ext_method *, void *)
char * targets_i2s (struct v3_ext_method *, void *)
char * certs_i2s (struct v3_ext_method *, void *)
char * null_i2s (struct v3_ext_method *, void *)
char * attributes_i2s (struct v3_ext_method *, void *)
void * acseq_s2i (struct v3_ext_method *, struct v3_ext_ctx *, char *data)
void * targets_s2i (struct v3_ext_method *, struct v3_ext_ctx *, char *data)
void * certs_s2i (struct v3_ext_method *, struct v3_ext_ctx *, char *data)
void * attributes_s2i (struct v3_ext_method *, struct v3_ext_ctx *, char *data)
void * null_s2i (struct v3_ext_method *, struct v3_ext_ctx *, char *)
char * authkey_i2s (struct v3_ext_method *, void *)
void * authkey_s2i (struct v3_ext_method *, struct v3_ext_ctx *, char *data)
X509V3_EXT_METHOD * VOMSAttribute_auth_x509v3_ext_meth ()
X509V3_EXT_METHOD * VOMSAttribute_avail_x509v3_ext_meth ()
X509V3_EXT_METHOD * VOMSAttribute_targets_x509v3_ext_meth ()
X509V3_EXT_METHOD * VOMSAttribute_acseq_x509v3_ext_meth ()
X509V3_EXT_METHOD * VOMSAttribute_certseq_x509v3_ext_meth ()
X509V3_EXT_METHOD * VOMSAttribute_attribs_x509v3_ext_meth ()

Variables

static Arc::Loggerlogger = Arc::Logger::rootLogger
PROXYPOLICYext
PROXYPOLICY STACK_OF (CONF_VALUE)*extlist)

Detailed Description

Functions and constants for maintaining proxy certificates.

Borrow the code about Attribute Certificate from VOMS.

The code is derived from globus gsi, voms, and openssl-0.9.8e. The existing code for maintaining proxy certificates in OpenSSL only covers standard proxies and does not cover old Globus proxies, so here the Globus code is introduced.

The VOMSAttribute.h and VOMSAttribute.cpp are integration about code written by VOMS project, *so here the original license follows.


Class Documentation

struct ArcCredential::PROXYPOLICY_st

Definition at line 58 of file Proxycertinfo.h.

Class Members
ASN1_OCTET_STRING * policy
ASN1_OBJECT * policy_language
struct ArcCredential::PROXYCERTINFO_st

Definition at line 63 of file Proxycertinfo.h.

Collaboration diagram for ArcCredential::PROXYCERTINFO_st:
Class Members
ASN1_INTEGER * path_length
PROXYPOLICY * proxypolicy
int version
struct ArcCredential::ACDIGEST

Definition at line 121 of file VOMSAttribute.h.

Class Members
X509_ALGOR * algor
ASN1_BIT_STRING * digest
ASN1_OBJECT * oid
ASN1_ENUMERATED * type
struct ArcCredential::ACVAL

Definition at line 151 of file VOMSAttribute.h.

Class Members
ASN1_GENERALIZEDTIME * notAfter
ASN1_GENERALIZEDTIME * notBefore
struct ArcCredential::ACTARGET

Definition at line 163 of file VOMSAttribute.h.

Collaboration diagram for ArcCredential::ACTARGET:
Class Members
AC_IS * cert
GENERAL_NAME * group
GENERAL_NAME * name
struct ArcCredential::ACC

Definition at line 194 of file VOMSAttribute.h.

Collaboration diagram for ArcCredential::ACC:
Class Members
AC_INFO * acinfo
X509_ALGOR * sig_alg
ASN1_BIT_STRING * signature
struct ArcCredential::ACATTRIBUTE

Definition at line 208 of file VOMSAttribute.h.

Class Members
ASN1_OCTET_STRING * name
ASN1_OCTET_STRING * qualifier
ASN1_OCTET_STRING * value

Typedef Documentation

Definition at line 156 of file VOMSAttribute.h.


Enumeration Type Documentation

Enumerator:
CERT_TYPE_EEC 

A end entity certificate.

CERT_TYPE_CA 

A CA certificate.

CERT_TYPE_GSI_3_IMPERSONATION_PROXY 

A X.509 Proxy Certificate Profile (pre-RFC) compliant impersonation proxy.

CERT_TYPE_GSI_3_INDEPENDENT_PROXY 

A X.509 Proxy Certificate Profile (pre-RFC) compliant independent proxy.

CERT_TYPE_GSI_3_LIMITED_PROXY 

A X.509 Proxy Certificate Profile (pre-RFC) compliant limited proxy.

CERT_TYPE_GSI_3_RESTRICTED_PROXY 

A X.509 Proxy Certificate Profile (pre-RFC) compliant restricted proxy.

CERT_TYPE_GSI_2_PROXY 

A legacy Globus impersonation proxy.

CERT_TYPE_GSI_2_LIMITED_PROXY 

A legacy Globus limited impersonation proxy.

CERT_TYPE_RFC_IMPERSONATION_PROXY 

A X.509 Proxy Certificate Profile RFC compliant impersonation proxy; RFC inheritAll proxy.

CERT_TYPE_RFC_INDEPENDENT_PROXY 

A X.509 Proxy Certificate Profile RFC compliant independent proxy; RFC independent proxy.

CERT_TYPE_RFC_LIMITED_PROXY 

A X.509 Proxy Certificate Profile RFC compliant limited proxy.

CERT_TYPE_RFC_RESTRICTED_PROXY 

A X.509 Proxy Certificate Profile RFC compliant restricted proxy.

CERT_TYPE_RFC_ANYLANGUAGE_PROXY 

RFC anyLanguage proxy.

Definition at line 23 of file CertUtil.h.


Function Documentation

void ArcCredential::AC_ACI_free ( AC_ACI *  a)

Definition at line 367 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;
  GENERAL_NAMES_free(a->names);
  AC_FORM_free(a->form);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 355 of file VOMSAttribute.cpp.

{
  AC_ACI *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_ACI);
  ret->form = AC_FORM_new();
  ret->names = NULL;
  return (ret);
  M_ASN1_New_Error(ASN1_F_AC_ACI_New);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ArcCredential::AC_ATT_HOLDER_free ( AC_ATT_HOLDER *  a)

Definition at line 945 of file VOMSAttribute.cpp.

{
  if (a == NULL) return;

  sk_GENERAL_NAME_pop_free(a->grantor, GENERAL_NAME_free);
  sk_AC_ATTRIBUTE_pop_free(a->attributes, AC_ATTRIBUTE_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 932 of file VOMSAttribute.cpp.

{
  AC_ATT_HOLDER *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_ATT_HOLDER);
  M_ASN1_New(ret->grantor, sk_GENERAL_NAME_new_null);
  M_ASN1_New(ret->attributes, sk_AC_ATTRIBUTE_new_null);
  return ret;

  M_ASN1_New_Error(AC_F_AC_ATT_HOLDER_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_ATTR_free ( AC_ATTR *  a)

Definition at line 76 of file VOMSAttribute.cpp.

{
  if (!a)
    return;

  ASN1_OBJECT_free(a->type);
  sk_AC_IETFATTR_pop_free(a->ietfattr, AC_IETFATTR_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 65 of file VOMSAttribute.cpp.

{
  AC_ATTR *ret = NULL;
  ASN1_CTX c;
  M_ASN1_New_Malloc(ret, AC_ATTR);
  M_ASN1_New(ret->type,  ASN1_OBJECT_new);
  M_ASN1_New(ret->ietfattr, sk_AC_IETFATTR_new_null);
  return ret;
  M_ASN1_New_Error(AC_F_ATTR_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_ATTRIBUTE_free ( AC_ATTRIBUTE *  a)

Definition at line 883 of file VOMSAttribute.cpp.

{
  if (a == NULL) return;

  ASN1_OCTET_STRING_free(a->name);
  ASN1_OCTET_STRING_free(a->value);
  ASN1_OCTET_STRING_free(a->qualifier);

  OPENSSL_free(a);
}

Here is the caller graph for this function:

Definition at line 870 of file VOMSAttribute.cpp.

{
  AC_ATTRIBUTE *ret = NULL;
  ASN1_CTX c;
  M_ASN1_New_Malloc(ret, AC_ATTRIBUTE);
  M_ASN1_New(ret->name,      ASN1_OCTET_STRING_new);
  M_ASN1_New(ret->value,     ASN1_OCTET_STRING_new);
  M_ASN1_New(ret->qualifier, ASN1_OCTET_STRING_new);

  return ret;
  M_ASN1_New_Error(AC_F_ATTRIBUTE_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_CERTS_free ( AC_CERTS *  a)

Definition at line 833 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  sk_X509_pop_free(a->stackcert, X509_free);
  OPENSSL_free(a);
}

Here is the caller graph for this function:

Definition at line 822 of file VOMSAttribute.cpp.

{
  AC_CERTS *ret=NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_CERTS);
  M_ASN1_New(ret->stackcert, sk_X509_new_null);
  return ret;
  M_ASN1_New_Error(AC_F_X509_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_DIGEST_free ( AC_DIGEST *  a)

Definition at line 225 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  ASN1_ENUMERATED_free(a->type);
  ASN1_OBJECT_free(a->oid);
  X509_ALGOR_free(a->algor);
  ASN1_BIT_STRING_free(a->digest);
  OPENSSL_free(a);
}

Here is the caller graph for this function:

Definition at line 210 of file VOMSAttribute.cpp.

{
  AC_DIGEST *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_DIGEST);
  M_ASN1_New(ret->type, M_ASN1_ENUMERATED_new);
  ret->oid = NULL;
  ret->algor = NULL;
  M_ASN1_New(ret->algor,  X509_ALGOR_new);
  M_ASN1_New(ret->digest, M_ASN1_BIT_STRING_new);
  return(ret);
  M_ASN1_New_Error(AC_F_AC_DIGEST_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_FORM_free ( AC_FORM *  a)

Definition at line 325 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  GENERAL_NAMES_free(a->names);
  AC_IS_free(a->is);
  AC_DIGEST_free(a->digest);
  OPENSSL_free(a);

}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 312 of file VOMSAttribute.cpp.

{
  AC_FORM *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_FORM);
  ret->names = GENERAL_NAMES_new();
  ret->is = NULL;
  ret->digest = NULL;
  return(ret);
  M_ASN1_New_Error(AC_F_AC_FORM_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_free ( AC *  a)

Definition at line 628 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  AC_INFO_free(a->acinfo);
  X509_ALGOR_free(a->sig_alg);
  M_ASN1_BIT_STRING_free(a->signature);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ArcCredential::AC_FULL_ATTRIBUTES_free ( AC_FULL_ATTRIBUTES *  a)

Definition at line 998 of file VOMSAttribute.cpp.

{
  if (a == NULL) return;

  sk_AC_ATT_HOLDER_pop_free(a->providers, AC_ATT_HOLDER_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 987 of file VOMSAttribute.cpp.

{
  AC_FULL_ATTRIBUTES *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_FULL_ATTRIBUTES);
  M_ASN1_New(ret->providers, sk_AC_ATT_HOLDER_new_null);
  return ret;
  M_ASN1_New_Error(AC_F_AC_FULL_ATTRIBUTES_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_HOLDER_free ( AC_HOLDER *  a)

Definition at line 415 of file VOMSAttribute.cpp.

{
  if (!a) return;

  AC_IS_free(a->baseid);
  GENERAL_NAMES_free(a->name);
  AC_DIGEST_free(a->digest);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 402 of file VOMSAttribute.cpp.

{
  AC_HOLDER *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_HOLDER);
  M_ASN1_New(ret->baseid, AC_IS_new);
  ret->name = NULL;
  ret->digest = NULL;
  return(ret);
  M_ASN1_New_Error(ASN1_F_AC_HOLDER_New);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ArcCredential::AC_IETFATTR_free ( AC_IETFATTR *  a)

Definition at line 137 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  sk_GENERAL_NAME_pop_free(a->names, GENERAL_NAME_free);
  sk_AC_IETFATTRVAL_pop_free(a->values, AC_IETFATTRVAL_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 125 of file VOMSAttribute.cpp.

{
  AC_IETFATTR *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret,  AC_IETFATTR);
  M_ASN1_New(ret->values, sk_AC_IETFATTRVAL_new_null);
  M_ASN1_New(ret->names,  sk_GENERAL_NAME_new_null);
  return ret;
  M_ASN1_New_Error(AC_F_IETFATTR_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_IETFATTRVAL_free ( AC_IETFATTRVAL *  a)

Definition at line 176 of file VOMSAttribute.cpp.

{
  ASN1_STRING_free(a);
}

Here is the caller graph for this function:

AC_IETFATTRVAL * ArcCredential::AC_IETFATTRVAL_new ( )

Definition at line 171 of file VOMSAttribute.cpp.

{
  return ASN1_STRING_type_new(V_ASN1_UTF8STRING);
}
void ArcCredential::AC_INFO_free ( AC_INFO *  a)

Definition at line 571 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;
  ASN1_INTEGER_free(a->version);
  AC_HOLDER_free(a->holder);
  AC_FORM_free(a->form);
  X509_ALGOR_free(a->alg);
  ASN1_INTEGER_free(a->serial);
  AC_VAL_free(a->validity);
  sk_AC_ATTR_pop_free(a->attrib, AC_ATTR_free);
  ASN1_BIT_STRING_free(a->id);
  sk_X509_EXTENSION_pop_free(a->exts, X509_EXTENSION_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 551 of file VOMSAttribute.cpp.

{
  AC_INFO *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_INFO);
  M_ASN1_New(ret->version,  ASN1_INTEGER_new);
  M_ASN1_New(ret->holder,   AC_HOLDER_new);
  M_ASN1_New(ret->form,     AC_FORM_new);
  M_ASN1_New(ret->alg,      X509_ALGOR_new);
  M_ASN1_New(ret->serial,   ASN1_INTEGER_new);
  M_ASN1_New(ret->validity, AC_VAL_new);
  M_ASN1_New(ret->attrib,   sk_AC_ATTR_new_null);
  ret->id = NULL;
  M_ASN1_New(ret->exts,     sk_X509_EXTENSION_new_null);
/*   ret->exts=NULL; */
  return(ret);
  M_ASN1_New_Error(AC_F_AC_INFO_NEW);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ArcCredential::AC_IS_free ( AC_IS *  a)

Definition at line 275 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  GENERAL_NAMES_free(a->issuer);
  M_ASN1_INTEGER_free(a->serial);
  M_ASN1_BIT_STRING_free(a->uid);
  OPENSSL_free(a);
}

Here is the caller graph for this function:

Definition at line 262 of file VOMSAttribute.cpp.

{
  AC_IS *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_IS);
  M_ASN1_New(ret->issuer, GENERAL_NAMES_new);
  M_ASN1_New(ret->serial, M_ASN1_INTEGER_new);
  ret->uid = NULL;
  return(ret);
  M_ASN1_New_Error(AC_F_AC_IS_New);
}

Here is the caller graph for this function:

AC * ArcCredential::AC_new ( void  )

Definition at line 615 of file VOMSAttribute.cpp.

{
  AC *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC);
  M_ASN1_New(ret->acinfo,    AC_INFO_new);
  M_ASN1_New(ret->sig_alg,   X509_ALGOR_new);
  M_ASN1_New(ret->signature, M_ASN1_BIT_STRING_new);
  return(ret);
  M_ASN1_New_Error(AC_F_AC_New);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ArcCredential::AC_SEQ_free ( AC_SEQ *  a)

Definition at line 683 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  sk_AC_pop_free(a->acs, AC_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 672 of file VOMSAttribute.cpp.

{
  AC_SEQ *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_SEQ);
  M_ASN1_New(ret->acs, sk_AC_new_null);
  return ret;
  M_ASN1_New_Error(AC_F_AC_SEQ_new);
}

Here is the caller graph for this function:

void ArcCredential::AC_TARGET_free ( AC_TARGET *  a)

Definition at line 782 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;
  GENERAL_NAME_free(a->name);
  GENERAL_NAME_free(a->group);
  AC_IS_free(a->cert);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 770 of file VOMSAttribute.cpp.

{
  AC_TARGET *ret=NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_TARGET);
  ret->name = ret->group = NULL;
  ret->cert = NULL;
  return ret;
  M_ASN1_New_Error(AC_F_AC_TARGET_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_TARGETS_free ( AC_TARGETS *  a)

Definition at line 734 of file VOMSAttribute.cpp.

{
  if (a==NULL) return;

  sk_AC_TARGET_pop_free(a->targets, AC_TARGET_free);
  OPENSSL_free(a);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 723 of file VOMSAttribute.cpp.

{
  AC_TARGETS *ret=NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_TARGETS);
  M_ASN1_New(ret->targets, sk_AC_TARGET_new_null);
  return ret;
  M_ASN1_New_Error(AC_F_AC_TARGETS_New);
}

Here is the caller graph for this function:

void ArcCredential::AC_VAL_free ( AC_VAL *  a)

Definition at line 467 of file VOMSAttribute.cpp.

{

  if (a==NULL) return;

  M_ASN1_GENERALIZEDTIME_free(a->notBefore);
  M_ASN1_GENERALIZEDTIME_free(a->notAfter);

  OPENSSL_free(a);
}

Here is the caller graph for this function:

Definition at line 425 of file VOMSAttribute.cpp.

{
  AC_VAL *ret = NULL;
  ASN1_CTX c;

  M_ASN1_New_Malloc(ret, AC_VAL);

  ret->notBefore = NULL;
  ret->notAfter = NULL;
  
  return(ret);
  M_ASN1_New_Error(ASN1_F_AC_VAL_New);
}

Here is the caller graph for this function:

char* ArcCredential::acseq_i2s ( struct v3_ext_method *  ,
void *   
)

Definition at line 1016 of file VOMSAttribute.cpp.

{
  return norep();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* ArcCredential::acseq_s2i ( struct v3_ext_method *  ,
struct v3_ext_ctx *  ,
char *  data 
)

Definition at line 1041 of file VOMSAttribute.cpp.

{
  AC **list = (AC **)data;
  AC_SEQ *a;

  if (!list) return NULL;

  a = AC_SEQ_new();

  while (*list)
    sk_AC_push(a->acs, *list++);

  return (void *)a;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* ArcCredential::ASN1_dup ( int(*)(void *, unsigned char **)  i2d,
char *(*)(void **, const unsigned char **, long int)  d2i,
char *  x 
)

Definition at line 30 of file Proxycertinfo.cpp.

                                                                                                                   {
  unsigned char *b,*p;
  long i;
  char *ret;
  if (x == NULL) return(NULL);
  i=(long)i2d(x,NULL);
  b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
  if (b == NULL) { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
  p= b;
  i=i2d(x,&p);
  p= b;
  ret=d2i(NULL,(const unsigned char**)&p,i);
  OPENSSL_free(b);
  return(ret);
  }

Here is the caller graph for this function:

char* ArcCredential::attributes_i2s ( struct v3_ext_method *  ,
void *   
)

Definition at line 1036 of file VOMSAttribute.cpp.

{
  return norep();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* ArcCredential::attributes_s2i ( struct v3_ext_method *  ,
struct v3_ext_ctx *  ,
char *  data 
)

Definition at line 1119 of file VOMSAttribute.cpp.

{
  int i = 0;

  STACK_OF(AC_ATT_HOLDER) *stack =
    (STACK_OF(AC_ATT_HOLDER) *)data;

  if (data) {
    AC_FULL_ATTRIBUTES *a = AC_FULL_ATTRIBUTES_new();
    sk_AC_ATT_HOLDER_pop_free(a->providers, AC_ATT_HOLDER_free);
    a->providers = sk_AC_ATT_HOLDER_new_null();
/*     a->providers = sk_AC_ATT_HOLDER_dup(stack); */
    for (i = 0; i < sk_AC_ATT_HOLDER_num(stack); i++)
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
      sk_AC_ATT_HOLDER_push(a->providers,
           ASN1_dup_of(AC_ATT_HOLDER, i2d_AC_ATT_HOLDER,
           d2i_AC_ATT_HOLDER,
           sk_AC_ATT_HOLDER_value(stack, i)));
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
      sk_AC_ATT_HOLDER_push(a->providers,
           (AC_ATT_HOLDER *)ASN1_dup((int (*)(void*, unsigned char**))i2d_AC_ATT_HOLDER,
           (void*(*)(void**, const unsigned char**, long int))d2i_AC_ATT_HOLDER,
           (char *)(sk_AC_ATT_HOLDER_value(stack, i))));
#else
      sk_AC_ATT_HOLDER_push(a->providers,
           (AC_ATT_HOLDER *)ASN1_dup((int (*)())i2d_AC_ATT_HOLDER,
           (char * (*)())d2i_AC_ATT_HOLDER,
           (char *)(sk_AC_ATT_HOLDER_value(stack, i))));
#endif
    
    return a;
  }
  return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* ArcCredential::authkey_i2s ( struct v3_ext_method *  ,
void *   
)

Definition at line 1159 of file VOMSAttribute.cpp.

{
  return norep();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* ArcCredential::authkey_s2i ( struct v3_ext_method *  ,
struct v3_ext_ctx *  ,
char *  data 
)

Definition at line 1164 of file VOMSAttribute.cpp.

{
  X509       *cert = (X509 *)data;
  char digest[21];

  ASN1_OCTET_STRING *str = ASN1_OCTET_STRING_new();
  AUTHORITY_KEYID *keyid = AUTHORITY_KEYID_new();

  if (str && keyid) {
    SHA1(cert->cert_info->key->public_key->data,
        cert->cert_info->key->public_key->length,
        (unsigned char*)digest);
    ASN1_OCTET_STRING_set(str, (unsigned char*)digest, 20);
    ASN1_OCTET_STRING_free(keyid->keyid);
    keyid->keyid = str;
  }
  else {
    if (str) ASN1_OCTET_STRING_free(str);
    if (keyid) AUTHORITY_KEYID_free(keyid);
    keyid = NULL;
  }
  return keyid;
}

Here is the caller graph for this function:

char* ArcCredential::certs_i2s ( struct v3_ext_method *  ,
void *   
)

Definition at line 1026 of file VOMSAttribute.cpp.

{
  return norep();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* ArcCredential::certs_s2i ( struct v3_ext_method *  ,
struct v3_ext_ctx *  ,
char *  data 
)

Definition at line 1097 of file VOMSAttribute.cpp.

{
  STACK_OF(X509) *certs =
    (STACK_OF(X509) *)data;
  int i = 0;

  if (data) {
    AC_CERTS *a = AC_CERTS_new();

    sk_X509_pop_free(a->stackcert, X509_free);
    a->stackcert = sk_X509_new_null();

/*     a->stackcert = sk_X509_dup(certs); */
    for (i =0; i < sk_X509_num(certs); i++)
      sk_X509_push(a->stackcert, X509_dup(sk_X509_value(certs, i)));

    return a;
  }

  return NULL;    
}

Here is the call graph for this function:

Here is the caller graph for this function:

const char * ArcCredential::certTypeToString ( certType  type)

Definition at line 762 of file CertUtil.cpp.

                                            {
  switch(type) {
    case CERT_TYPE_EEC:
    case CERT_TYPE_CA:
      return "CA certificate";
    case CERT_TYPE_GSI_3_IMPERSONATION_PROXY:
      return "X.509 Proxy Certificate Profile (pre-RFC) compliant impersonation proxy";
    case CERT_TYPE_GSI_3_INDEPENDENT_PROXY:
      return "X.509 Proxy Certificate Profile (pre-RFC) compliant independent proxy";
    case CERT_TYPE_GSI_3_LIMITED_PROXY:
      return "X.509 Proxy Certificate Profile (pre-RFC) compliant limited proxy";
    case CERT_TYPE_GSI_3_RESTRICTED_PROXY:
      return "X.509 Proxy Certificate Profile (pre-RFC) compliant restricted proxy";
    case CERT_TYPE_GSI_2_PROXY:
      return "Legacy Globus impersonation proxy";
    case CERT_TYPE_GSI_2_LIMITED_PROXY:
      return "Legacy Globus limited impersonation proxy";
    case CERT_TYPE_RFC_IMPERSONATION_PROXY:
      return "X.509 Proxy Certificate Profile RFC compliant impersonation proxy - RFC inheritAll proxy";
    case CERT_TYPE_RFC_INDEPENDENT_PROXY:
      return "X.509 Proxy Certificate Profile RFC compliant independent proxy - RFC independent proxy";
    case CERT_TYPE_RFC_LIMITED_PROXY:
      return "X.509 Proxy Certificate Profile RFC compliant limited proxy";
    case CERT_TYPE_RFC_RESTRICTED_PROXY:
      return "X.509 Proxy Certificate Profile RFC compliant restricted proxy";
    case CERT_TYPE_RFC_ANYLANGUAGE_PROXY:
      return "RFC anyLanguage proxy";
    default:
      return "Unknown certificate type";
  }
}

Here is the caller graph for this function:

bool ArcCredential::check_cert_type ( X509 *  cert,
certType &  type 
)

Definition at line 596 of file CertUtil.cpp.

                                                 {
  logger.msg(Arc::DEBUG, "Trying to check X509 cert with check_cert_type");

  bool ret = false;
  type = CERT_TYPE_EEC;

  ASN1_STRING* data;
  X509_EXTENSION* certinfo_ext;
  PROXYCERTINFO* certinfo = NULL;
  PROXYPOLICY* policy = NULL;
  ASN1_OBJECT* policylang = NULL;
  int policynid;

  int index = -1;
  int critical;
  BASIC_CONSTRAINTS* x509v3_bc = NULL;
  if(!cert) return false;
  if((x509v3_bc = (BASIC_CONSTRAINTS*) X509_get_ext_d2i(cert,
    NID_basic_constraints, &critical, &index)) && x509v3_bc->ca) {
    type = CERT_TYPE_CA;
    if(x509v3_bc) { BASIC_CONSTRAINTS_free(x509v3_bc); }
    return true;
  }

  X509_NAME* issuer = NULL;
  X509_NAME* subject = X509_get_subject_name(cert);
  X509_NAME_ENTRY * name_entry = NULL;
  if(!subject) goto err;
  name_entry = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
  if(!name_entry) goto err;
  if (!OBJ_cmp(name_entry->object,OBJ_nid2obj(NID_commonName))) {
    /* the name entry is of the type: common name */
    data = X509_NAME_ENTRY_get_data(name_entry);
    if(!data) goto err;
    if (data->length == 5 && !memcmp(data->data,"proxy",5)) { type = CERT_TYPE_GSI_2_PROXY; }
    else if(data->length == 13 && !memcmp(data->data,"limited proxy",13)) { type = CERT_TYPE_GSI_2_LIMITED_PROXY; }
    else if((index = X509_get_ext_by_NID(cert, OBJ_txt2nid(PROXYCERTINFO_V4), -1)) != -1) {
      certinfo_ext = X509_get_ext(cert,index);
      if(X509_EXTENSION_get_critical(certinfo_ext)) {
        if((certinfo = (PROXYCERTINFO *)X509V3_EXT_d2i(certinfo_ext)) == NULL) {
          logger.msg(Arc::ERROR,"Can't convert DER encoded PROXYCERTINFO extension to internal form");
          goto err;
        }
        if((policy = PROXYCERTINFO_get_proxypolicy(certinfo)) == NULL) {
          logger.msg(Arc::ERROR,"Can't get policy from PROXYCERTINFO extension");
          goto err;
        }
        if((policylang = PROXYPOLICY_get_policy_language(policy)) == NULL) {
          logger.msg(Arc::ERROR,"Can't get policy language from PROXYCERTINFO extension");
          goto err;
        }
        policynid = OBJ_obj2nid(policylang);
        if(policynid == OBJ_sn2nid(IMPERSONATION_PROXY_SN)) { type = CERT_TYPE_RFC_IMPERSONATION_PROXY; }
        else if(policynid == OBJ_sn2nid(INDEPENDENT_PROXY_SN)) { type = CERT_TYPE_RFC_INDEPENDENT_PROXY; }
        else if(policynid == OBJ_sn2nid(ANYLANGUAGE_PROXY_SN)) { type = CERT_TYPE_RFC_ANYLANGUAGE_PROXY; }
        else if(policynid == OBJ_sn2nid(LIMITED_PROXY_SN)) { type = CERT_TYPE_RFC_LIMITED_PROXY; }
        else { type = CERT_TYPE_RFC_RESTRICTED_PROXY; }

        if((index = X509_get_ext_by_NID(cert, OBJ_txt2nid(PROXYCERTINFO_V3), -1)) != -1) {
          logger.msg(Arc::ERROR,"Found more than one PCI extension");
          goto err;
        }
      }
    }
    else if((index = X509_get_ext_by_NID(cert, OBJ_txt2nid(PROXYCERTINFO_V3), -1)) != -1) {
      certinfo_ext = X509_get_ext(cert,index);
      if(X509_EXTENSION_get_critical(certinfo_ext)) {
        if((certinfo = (PROXYCERTINFO *)X509V3_EXT_d2i(certinfo_ext)) == NULL) {
          logger.msg(Arc::ERROR,"Can't convert DER encoded PROXYCERTINFO extension to internal form");
          goto err;
        }
        if((policy = PROXYCERTINFO_get_proxypolicy(certinfo)) == NULL) {
          logger.msg(Arc::ERROR,"Can't get policy from PROXYCERTINFO extension");
          goto err;
        }
        if((policylang = PROXYPOLICY_get_policy_language(policy)) == NULL) {
          logger.msg(Arc::ERROR,"Can't get policy language from PROXYCERTINFO extension");
          goto err;
        }
        policynid = OBJ_obj2nid(policylang);
        if(policynid == OBJ_sn2nid(IMPERSONATION_PROXY_SN)) { type = CERT_TYPE_GSI_3_IMPERSONATION_PROXY; }
        else if(policynid == OBJ_sn2nid(INDEPENDENT_PROXY_SN)){ type = CERT_TYPE_GSI_3_INDEPENDENT_PROXY; }
        else if(policynid == OBJ_sn2nid(LIMITED_PROXY_SN)) { type = CERT_TYPE_GSI_3_LIMITED_PROXY; }
        else {type = CERT_TYPE_GSI_3_RESTRICTED_PROXY; }

        if((index = X509_get_ext_by_NID(cert, OBJ_txt2nid(PROXYCERTINFO_V4), -1)) != -1) {
          logger.msg(Arc::ERROR,"Found more than one PCI extension");
          goto err;
        }
      }
    }

    /*Duplicate the issuer, and add the CN=proxy, or CN=limitedproxy, etc.
     * This should match the subject. i.e. proxy can only be signed by
     * the owner.  We do it this way, to double check all the ANS1 bits
     * as well.
     */
    X509_NAME_ENTRY* new_name_entry = NULL;
    if(ret != CERT_TYPE_EEC && ret != CERT_TYPE_CA) {
      issuer = X509_NAME_dup(X509_get_issuer_name(cert));
      new_name_entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, V_ASN1_APP_CHOOSE, data->data, -1);
      if(!new_name_entry) goto err;
      X509_NAME_add_entry(issuer,new_name_entry,X509_NAME_entry_count(issuer),0);
      X509_NAME_ENTRY_free(new_name_entry);
      new_name_entry = NULL;

      if (X509_NAME_cmp(issuer, subject)) {
        /* Reject this certificate, only the user may sign the proxy */
        logger.msg(Arc::ERROR,"The subject does not match the issuer name + proxy CN entry");
        goto err;
      }
      X509_NAME_free(issuer);
      issuer = NULL;
    }
  }
  ret = true;

err:
  if(issuer) { X509_NAME_free(issuer); }
  if(certinfo) {PROXYCERTINFO_free(certinfo);}
  if(x509v3_bc) { BASIC_CONSTRAINTS_free(x509v3_bc); }

  return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int ArcCredential::check_issued ( X509_STORE_CTX *  ,
X509 *  x,
X509 *  issuer 
) [static]

Here is the caller graph for this function:

AC * ArcCredential::d2i_AC ( AC **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 603 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC *, AC_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->acinfo,    d2i_AC_INFO);
  M_ASN1_D2I_get(ret->sig_alg,   d2i_X509_ALGOR);
  M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
  M_ASN1_D2I_Finish(a, AC_free, AC_F_D2I_AC);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_ACI * ArcCredential::d2i_AC_ACI ( AC_ACI **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 346 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_ACI *, AC_ACI_new);
  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get_IMP_opt(ret->form, d2i_AC_FORM, 0, V_ASN1_SEQUENCE);
  M_ASN1_D2I_Finish(a, AC_ACI_free, ASN1_F_D2I_AC_ACI);
}

Here is the call graph for this function:

AC_ATT_HOLDER * ArcCredential::d2i_AC_ATT_HOLDER ( AC_ATT_HOLDER **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 917 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_ATT_HOLDER *, AC_ATT_HOLDER_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->grantor, d2i_GENERAL_NAMES);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(AC_ATTRIBUTE, *ret->attributes, d2i_AC_ATTRIBUTE, AC_ATTRIBUTE_free);
#else
  M_ASN1_D2I_get_seq_type(AC_ATTRIBUTE, ret->attributes, (AC_ATTRIBUTE* (*)())d2i_AC_ATTRIBUTE, AC_ATTRIBUTE_free);
#endif
  M_ASN1_D2I_Finish(a, AC_ATT_HOLDER_free, ASN1_F_D2I_AC_ATT_HOLDER);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_ATTR * ArcCredential::d2i_AC_ATTR ( AC_ATTR **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 42 of file VOMSAttribute.cpp.

{
  char text[1000];

  M_ASN1_D2I_vars(a, AC_ATTR *, AC_ATTR_new);
  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->type, d2i_ASN1_OBJECT);

  if (!i2t_ASN1_OBJECT(text,999, ret->type)) {
    c.error = ASN1_R_NOT_ENOUGH_DATA;
    goto err;
  }

  if (strcmp(text, "idatcap") == 0)
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
    M_ASN1_D2I_get_set_type(AC_IETFATTR, *ret->ietfattr, d2i_AC_IETFATTR, AC_IETFATTR_free);
#else
    M_ASN1_D2I_get_set_type(AC_IETFATTR, ret->ietfattr, (AC_IETFATTR* (*)())d2i_AC_IETFATTR, AC_IETFATTR_free);
#endif
  M_ASN1_D2I_Finish(a, AC_ATTR_free, ASN1_F_D2I_AC_ATTR);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_ATTRIBUTE * ArcCredential::d2i_AC_ATTRIBUTE ( AC_ATTRIBUTE **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 857 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_ATTRIBUTE *, AC_ATTRIBUTE_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->name,      d2i_ASN1_OCTET_STRING);
  M_ASN1_D2I_get(ret->value,     d2i_ASN1_OCTET_STRING);
  M_ASN1_D2I_get(ret->qualifier, d2i_ASN1_OCTET_STRING);

  M_ASN1_D2I_Finish(a, AC_ATTRIBUTE_free, AC_F_D2I_AC_ATTRIBUTE);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_CERTS * ArcCredential::d2i_AC_CERTS ( AC_CERTS **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 808 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_CERTS *, AC_CERTS_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(X509, *ret->stackcert, d2i_X509, X509_free);
#else
  M_ASN1_D2I_get_seq_type(X509, ret->stackcert, d2i_X509, X509_free);
#endif
  M_ASN1_D2I_Finish(a, AC_CERTS_free, ASN1_F_D2I_AC_CERTS);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_DIGEST * ArcCredential::d2i_AC_DIGEST ( AC_DIGEST **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 197 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_DIGEST *, AC_DIGEST_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->type,        d2i_ASN1_ENUMERATED);
  M_ASN1_D2I_get(ret->oid,         d2i_ASN1_OBJECT);
  M_ASN1_D2I_get(ret->algor,       d2i_X509_ALGOR);
  M_ASN1_D2I_get(ret->digest,      d2i_ASN1_BIT_STRING);
  M_ASN1_D2I_Finish(a, AC_DIGEST_free, AC_F_D2I_AC_DIGEST);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_FORM * ArcCredential::d2i_AC_FORM ( AC_FORM **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 300 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_FORM *, AC_FORM_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->names,  d2i_GENERAL_NAMES);
  M_ASN1_D2I_get_IMP_opt(ret->is,     d2i_AC_IS, 0, V_ASN1_SEQUENCE);
  M_ASN1_D2I_get_IMP_opt(ret->digest, d2i_AC_DIGEST, 1, V_ASN1_SEQUENCE);
  M_ASN1_D2I_Finish(a, AC_FORM_free, ASN1_F_D2I_AC_FORM);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_FULL_ATTRIBUTES * ArcCredential::d2i_AC_FULL_ATTRIBUTES ( AC_FULL_ATTRIBUTES **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 973 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_FULL_ATTRIBUTES *, AC_FULL_ATTRIBUTES_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(AC_ATT_HOLDER, *ret->providers, d2i_AC_ATT_HOLDER, AC_ATT_HOLDER_free);
#else
  M_ASN1_D2I_get_seq_type(AC_ATT_HOLDER, ret->providers, (AC_ATT_HOLDER* (*)())d2i_AC_ATT_HOLDER, AC_ATT_HOLDER_free);
#endif
  M_ASN1_D2I_Finish(a, AC_FULL_ATTRIBUTES_free, ASN1_F_D2I_AC_FULL_ATTRIBUTES);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_HOLDER * ArcCredential::d2i_AC_HOLDER ( AC_HOLDER **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 390 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_HOLDER *, AC_HOLDER_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get_IMP_opt(ret->baseid, d2i_AC_IS, 0, V_ASN1_SEQUENCE);
  M_ASN1_D2I_get_IMP_opt(ret->name, d2i_GENERAL_NAMES, 1, V_ASN1_SEQUENCE);
  M_ASN1_D2I_get_IMP_opt(ret->digest, d2i_AC_DIGEST, 2, V_ASN1_SEQUENCE);
  M_ASN1_D2I_Finish(a, AC_HOLDER_free, ASN1_F_D2I_AC_HOLDER);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_IETFATTR * ArcCredential::d2i_AC_IETFATTR ( AC_IETFATTR **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 110 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_IETFATTR *, AC_IETFATTR_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get_IMP_opt(ret->names, d2i_GENERAL_NAMES, 0, V_ASN1_SEQUENCE);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(AC_IETFATTRVAL, *ret->values, d2i_AC_IETFATTRVAL, AC_IETFATTRVAL_free);
#else
  M_ASN1_D2I_get_seq_type(AC_IETFATTRVAL, ret->values, (AC_IETFATTRVAL* (*)())d2i_AC_IETFATTRVAL, AC_IETFATTRVAL_free);
#endif
  M_ASN1_D2I_Finish(a, AC_IETFATTR_free, ASN1_F_D2I_AC_IETFATTR);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_IETFATTRVAL * ArcCredential::d2i_AC_IETFATTRVAL ( AC_IETFATTRVAL **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 157 of file VOMSAttribute.cpp.

{
  unsigned char tag;
  tag = **pp & ~V_ASN1_CONSTRUCTED;
  if (tag == (V_ASN1_OCTET_STRING|V_ASN1_UNIVERSAL))
    return d2i_ASN1_OCTET_STRING(a, pp, length);
  if (tag == (V_ASN1_OBJECT|V_ASN1_UNIVERSAL))
    return (AC_IETFATTRVAL *)d2i_ASN1_OBJECT((ASN1_OBJECT **)a, pp, length);
  if (tag == (V_ASN1_UTF8STRING|V_ASN1_UNIVERSAL))
    return d2i_ASN1_UTF8STRING(a, pp, length);
  ASN1err(ASN1_F_D2I_AC_IETFATTRVAL, ASN1_R_WRONG_TYPE);
  return (NULL);
}

Here is the caller graph for this function:

AC_INFO * ArcCredential::d2i_AC_INFO ( AC_INFO **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 525 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_INFO *, AC_INFO_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->version,    d2i_ASN1_INTEGER);
  M_ASN1_D2I_get(ret->holder,     d2i_AC_HOLDER);
  M_ASN1_D2I_get_IMP_opt(ret->form,     d2i_AC_FORM, 0, V_ASN1_SEQUENCE);
  M_ASN1_D2I_get(ret->alg,        d2i_X509_ALGOR);
  M_ASN1_D2I_get(ret->serial,     d2i_ASN1_INTEGER);
  M_ASN1_D2I_get(ret->validity, d2i_AC_VAL);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(AC_ATTR, *ret->attrib, d2i_AC_ATTR, AC_ATTR_free);
#else
  M_ASN1_D2I_get_seq_type(AC_ATTR, ret->attrib, (AC_ATTR* (*)())d2i_AC_ATTR, AC_ATTR_free);
#endif
  M_ASN1_D2I_get_opt(ret->id,     d2i_ASN1_BIT_STRING, V_ASN1_BIT_STRING);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION, *ret->exts, d2i_X509_EXTENSION, X509_EXTENSION_free);
#else
  M_ASN1_D2I_get_seq_opt_type(X509_EXTENSION, ret->exts, d2i_X509_EXTENSION, X509_EXTENSION_free);
#endif
  M_ASN1_D2I_Finish(a, AC_INFO_free, AC_F_D2I_AC);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_IS * ArcCredential::d2i_AC_IS ( AC_IS **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 250 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_IS *, AC_IS_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->issuer,  d2i_GENERAL_NAMES);
  M_ASN1_D2I_get(ret->serial,  d2i_ASN1_INTEGER);
  M_ASN1_D2I_get_opt(ret->uid, d2i_ASN1_BIT_STRING, V_ASN1_BIT_STRING);
  M_ASN1_D2I_Finish(a, AC_IS_free, AC_F_D2I_AC_IS);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_SEQ * ArcCredential::d2i_AC_SEQ ( AC_SEQ **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 658 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_SEQ *, AC_SEQ_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(AC, *ret->acs, d2i_AC, AC_free);
#else
  M_ASN1_D2I_get_seq_type(AC, ret->acs, (AC* (*)())d2i_AC, AC_free);
#endif
  M_ASN1_D2I_Finish(a, AC_SEQ_free, ASN1_F_D2I_AC_SEQ);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_TARGET * ArcCredential::d2i_AC_TARGET ( AC_TARGET **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 758 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_TARGET *, AC_TARGET_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get_EXP_opt(ret->name, d2i_GENERAL_NAME, 0);
  M_ASN1_D2I_get_EXP_opt(ret->group, d2i_GENERAL_NAME, 1);
  M_ASN1_D2I_get_EXP_opt(ret->cert, d2i_AC_IS, 2);
  M_ASN1_D2I_Finish(a, AC_TARGET_free, ASN1_F_D2I_AC_TARGET);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_TARGETS * ArcCredential::d2i_AC_TARGETS ( AC_TARGETS **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 710 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_TARGETS *, AC_TARGETS_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_D2I_get_seq_type(AC_TARGET, *ret->targets, d2i_AC_TARGET, AC_TARGET_free);
#else
  M_ASN1_D2I_get_seq_type(AC_TARGET, ret->targets, (AC_TARGET* (*)())d2i_AC_TARGET, AC_TARGET_free);
#endif
  M_ASN1_D2I_Finish(a, AC_TARGETS_free, ASN1_F_D2I_AC_TARGETS);
}

Here is the call graph for this function:

Here is the caller graph for this function:

AC_VAL * ArcCredential::d2i_AC_VAL ( AC_VAL **  a,
SSLCONST unsigned char **  pp,
long  length 
)

Definition at line 454 of file VOMSAttribute.cpp.

{
  M_ASN1_D2I_vars(a, AC_VAL *, AC_VAL_new);

  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();

  M_ASN1_D2I_get(ret->notBefore, d2i_ASN1_GENERALIZEDTIME);
  M_ASN1_D2I_get(ret->notAfter,  d2i_ASN1_GENERALIZEDTIME);

  M_ASN1_D2I_Finish(a, AC_VAL_free, AC_F_D2I_AC);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PROXYCERTINFO * ArcCredential::d2i_PROXYCERTINFO ( PROXYCERTINFO **  cert_info,
unsigned char **  pp,
long  length 
)

Definition at line 423 of file Proxycertinfo.cpp.

                                                                                                {
  PROXYCERTINFO *info = d2i_PROXYCERTINFO_v3(cert_info, pp, length);
  if (!info)
    info = d2i_PROXYCERTINFO_v4(cert_info, pp, length);
  return info;
}

Here is the call graph for this function:

PROXYCERTINFO* ArcCredential::d2i_PROXYCERTINFO_v3 ( PROXYCERTINFO **  cert_info,
unsigned char **  pp,
long  length 
)

Definition at line 392 of file Proxycertinfo.cpp.

                                                                                                   {
  M_ASN1_D2I_vars(cert_info, PROXYCERTINFO *, PROXYCERTINFO_new);
  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  //M_ASN1_D2I_get(ret->proxypolicy, (unsigned char**)d2i_PROXYPOLICY);
  c.q=c.p;
  if (d2i_PROXYPOLICY(&(ret->proxypolicy),(unsigned char**)&c.p,c.slen) == NULL)
   {c.line=__LINE__; goto err; } 
  c.slen-=(c.p-c.q);

  M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1);
  ret->version = 3;
  M_ASN1_D2I_Finish(cert_info, PROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PROXYCERTINFO* ArcCredential::d2i_PROXYCERTINFO_v4 ( PROXYCERTINFO **  cert_info,
unsigned char **  pp,
long  length 
)

Definition at line 407 of file Proxycertinfo.cpp.

                                                                                                   {
  M_ASN1_D2I_vars(cert_info, PROXYCERTINFO *, PROXYCERTINFO_new);
  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1);
  M_ASN1_D2I_get_opt(ret->path_length, d2i_ASN1_INTEGER, V_ASN1_INTEGER);
  //M_ASN1_D2I_get(ret->proxypolicy, (unsigned char**)d2i_PROXYPOLICY);
  c.q=c.p;
  if (d2i_PROXYPOLICY(&(ret->proxypolicy),(unsigned char**)&c.p,c.slen) == NULL)
   {c.line=__LINE__; goto err; }
  c.slen-=(c.p-c.q);

  ret->version = 4;
  M_ASN1_D2I_Finish(cert_info, PROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PROXYPOLICY * ArcCredential::d2i_PROXYPOLICY ( PROXYPOLICY **  a,
unsigned char **  pp,
long  length 
)

Definition at line 153 of file Proxycertinfo.cpp.

                                                                                  {
  M_ASN1_D2I_vars(a, PROXYPOLICY *, PROXYPOLICY_new);
  M_ASN1_D2I_Init();
  M_ASN1_D2I_start_sequence();
  M_ASN1_D2I_get(ret->policy_language, d2i_ASN1_OBJECT);

  /* need to try getting the policy using
   *     a) a call expecting no tags
   *     b) a call expecting tags
   * one of which should succeed
   */
    
  M_ASN1_D2I_get_opt(ret->policy, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
  M_ASN1_D2I_get_IMP_opt(ret->policy, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING);
  M_ASN1_D2I_Finish(a, PROXYPOLICY_free, ASN1_F_D2I_PROXYPOLICY);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC ( AC *  a,
unsigned char **  pp 
)

Definition at line 586 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);

  M_ASN1_I2D_len(a->acinfo,    i2d_AC_INFO);
  M_ASN1_I2D_len(a->sig_alg,   i2d_X509_ALGOR);
  M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);

  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->acinfo,    i2d_AC_INFO);
  M_ASN1_I2D_put(a->sig_alg,   i2d_X509_ALGOR);
  M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);

  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_ACI ( AC_ACI *  a,
unsigned char **  pp 
)

Definition at line 336 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len_IMP_opt(a->form, i2d_AC_FORM);
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put_IMP_opt(a->form, i2d_AC_FORM, 0);
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

int ArcCredential::i2d_AC_ATT_HOLDER ( AC_ATT_HOLDER *  a,
unsigned char **  pp 
)

Definition at line 894 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len(a->grantor,      i2d_GENERAL_NAMES);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SEQUENCE_type(AC_ATTRIBUTE, a->attributes, i2d_AC_ATTRIBUTE);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(a->grantor, i2d_GENERAL_NAMES);
  M_ASN1_I2D_put_SEQUENCE_type(AC_ATTRIBUTE, a->attributes, i2d_AC_ATTRIBUTE);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(AC_ATTRIBUTE, a->attributes, (int (*)(void*, unsigned char**))i2d_AC_ATTRIBUTE);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(a->grantor, i2d_GENERAL_NAMES);
  M_ASN1_I2D_put_SEQUENCE_type(AC_ATTRIBUTE, a->attributes, (int (*)(void*, unsigned char**))i2d_AC_ATTRIBUTE);
#else
  M_ASN1_I2D_len_SEQUENCE(a->attributes, (int(*)())i2d_AC_ATTRIBUTE);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(a->grantor, i2d_GENERAL_NAMES);
  M_ASN1_I2D_put_SEQUENCE(a->attributes, (int(*)())i2d_AC_ATTRIBUTE);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_ATTR ( AC_ATTR *  a,
unsigned char **  pp 
)

Definition at line 11 of file VOMSAttribute.cpp.

{
  char text[1000];

  M_ASN1_I2D_vars(a);

  if (!i2t_ASN1_OBJECT(text,999,a->type))
    return 0;
  else if (!((strcmp(text, "idacagroup") == 0) || (strcmp(text,"idatcap") == 0)))
    return 0;
  
  M_ASN1_I2D_len(a->type, i2d_ASN1_OBJECT);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SET_type(AC_IETFATTR, a->ietfattr, i2d_AC_IETFATTR);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(a->type, i2d_ASN1_OBJECT);
  M_ASN1_I2D_put_SET_type(AC_IETFATTR,a->ietfattr, i2d_AC_IETFATTR);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SET_type(AC_IETFATTR, a->ietfattr, (int (*)(void*, unsigned char**))i2d_AC_IETFATTR);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(a->type, i2d_ASN1_OBJECT);
  M_ASN1_I2D_put_SET_type(AC_IETFATTR,a->ietfattr, (int (*)(void*, unsigned char**))i2d_AC_IETFATTR);
#else
  M_ASN1_I2D_len_SET_type(AC_IETFATTR, a->ietfattr, (int (*)())i2d_AC_IETFATTR);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(a->type, i2d_ASN1_OBJECT);
  M_ASN1_I2D_put_SET_type(AC_IETFATTR,a->ietfattr, (int (*)())i2d_AC_IETFATTR);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_ATTRIBUTE ( AC_ATTRIBUTE *  a,
unsigned char **  pp 
)

Definition at line 841 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len(a->name,      i2d_ASN1_OCTET_STRING);
  M_ASN1_I2D_len(a->value,     i2d_ASN1_OCTET_STRING);
  M_ASN1_I2D_len(a->qualifier, i2d_ASN1_OCTET_STRING);

  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->name,      i2d_ASN1_OCTET_STRING);
  M_ASN1_I2D_put(a->value,     i2d_ASN1_OCTET_STRING);
  M_ASN1_I2D_put(a->qualifier, i2d_ASN1_OCTET_STRING);

  M_ASN1_I2D_finish();
}

Here is the caller graph for this function:

int ArcCredential::i2d_AC_CERTS ( AC_CERTS *  a,
unsigned char **  pp 
)

Definition at line 791 of file VOMSAttribute.cpp.

{
  //int v1=0, v2=0, v3=0;

  M_ASN1_I2D_vars(a);
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(X509, a->stackcert, i2d_X509);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(X509, a->stackcert, i2d_X509);
#else
  M_ASN1_I2D_len_SEQUENCE(a->stackcert, (int (*)())i2d_X509);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE(a->stackcert, (int (*)())i2d_X509);
#endif
  M_ASN1_I2D_finish();
}

Here is the caller graph for this function:

int ArcCredential::i2d_AC_DIGEST ( AC_DIGEST *  a,
unsigned char **  pp 
)

Definition at line 181 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len(a->type,          i2d_ASN1_ENUMERATED);
  M_ASN1_I2D_len(a->oid,           i2d_ASN1_OBJECT);
  M_ASN1_I2D_len(a->algor,         i2d_X509_ALGOR);
  M_ASN1_I2D_len(a->digest,        i2d_ASN1_BIT_STRING);
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->type,         i2d_ASN1_ENUMERATED);
  M_ASN1_I2D_put(a->oid,          i2d_ASN1_OBJECT);
  M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
  M_ASN1_I2D_put(a->digest,       i2d_ASN1_BIT_STRING);
  M_ASN1_I2D_finish();
}

Here is the caller graph for this function:

int ArcCredential::i2d_AC_FORM ( AC_FORM *  a,
unsigned char **  pp 
)

Definition at line 285 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);

  M_ASN1_I2D_len(a->names,  i2d_GENERAL_NAMES);
  M_ASN1_I2D_len_IMP_opt(a->is,     i2d_AC_IS);
  M_ASN1_I2D_len_IMP_opt(a->digest, i2d_AC_DIGEST);
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->names,  i2d_GENERAL_NAMES);
  M_ASN1_I2D_put_IMP_opt(a->is,     i2d_AC_IS, 0);
  M_ASN1_I2D_put_IMP_opt(a->digest, i2d_AC_DIGEST, 1);
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_FULL_ATTRIBUTES ( AC_FULL_ATTRIBUTES *  a,
unsigned char **  pp 
)

Definition at line 954 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SEQUENCE_type(AC_ATT_HOLDER, a->providers, i2d_AC_ATT_HOLDER);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(AC_ATT_HOLDER, a->providers, i2d_AC_ATT_HOLDER);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(AC_ATT_HOLDER, a->providers, (int (*)(void*, unsigned char**))i2d_AC_ATT_HOLDER);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(AC_ATT_HOLDER, a->providers, (int (*)(void*, unsigned char**))i2d_AC_ATT_HOLDER);
#else
  M_ASN1_I2D_len_SEQUENCE(a->providers, (int (*)())i2d_AC_ATT_HOLDER);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE(a->providers, (int (*)())i2d_AC_ATT_HOLDER);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_HOLDER ( AC_HOLDER *  a,
unsigned char **  pp 
)

Definition at line 375 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);

  M_ASN1_I2D_len_IMP_opt(a->baseid, i2d_AC_IS);
  M_ASN1_I2D_len_IMP_opt(a->name, i2d_GENERAL_NAMES);
  M_ASN1_I2D_len_IMP_opt(a->digest, i2d_AC_DIGEST);
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put_IMP_opt(a->baseid, i2d_AC_IS, 0);             
  M_ASN1_I2D_put_IMP_opt(a->name, i2d_GENERAL_NAMES, 1);
  M_ASN1_I2D_put_IMP_opt(a->digest, i2d_AC_DIGEST, 2);
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_IETFATTR ( AC_IETFATTR *  a,
unsigned char **  pp 
)

Definition at line 86 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len_IMP_opt(a->names, i2d_GENERAL_NAMES);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SEQUENCE_type(AC_IETFATTRVAL, a->values, i2d_AC_IETFATTRVAL);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(AC_IETFATTRVAL, a->values, (int (*)(void*, unsigned char**))i2d_AC_IETFATTRVAL);
#else
  M_ASN1_I2D_len_SEQUENCE(a->values,  (int (*)())i2d_AC_IETFATTRVAL);
#endif
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put_IMP_opt(a->names, i2d_GENERAL_NAMES, 0);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_put_SEQUENCE_type(AC_IETFATTRVAL, a->values, i2d_AC_IETFATTRVAL);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_put_SEQUENCE_type(AC_IETFATTRVAL, a->values, (int (*)(void*, unsigned char**))i2d_AC_IETFATTRVAL);
#else
  M_ASN1_I2D_put_SEQUENCE(a->values,  (int (*)())i2d_AC_IETFATTRVAL);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_IETFATTRVAL ( AC_IETFATTRVAL *  a,
unsigned char **  pp 
)

Definition at line 147 of file VOMSAttribute.cpp.

{
  if (a->type == V_ASN1_OCTET_STRING || a->type == V_ASN1_OBJECT ||
      a->type == V_ASN1_UTF8STRING)
    return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, a->type, V_ASN1_UNIVERSAL));

  ASN1err(ASN1_F_I2D_AC_IETFATTRVAL,ASN1_R_WRONG_TYPE);
  return -1;
}

Here is the caller graph for this function:

int ArcCredential::i2d_AC_INFO ( AC_INFO *  a,
unsigned char **  pp 
)

Definition at line 478 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);

  M_ASN1_I2D_len(a->version,  i2d_ASN1_INTEGER);
  M_ASN1_I2D_len(a->holder,   i2d_AC_HOLDER);
  M_ASN1_I2D_len_IMP_opt(a->form, i2d_AC_FORM);
  M_ASN1_I2D_len(a->alg,      i2d_X509_ALGOR);
  M_ASN1_I2D_len(a->serial,   i2d_ASN1_INTEGER);
  M_ASN1_I2D_len(a->validity, i2d_AC_VAL);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SEQUENCE_type(AC_ATTR, a->attrib, i2d_AC_ATTR);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(AC_ATTR, a->attrib, (int (*)(void*, unsigned char**))i2d_AC_ATTR);
#else
  M_ASN1_I2D_len_SEQUENCE    (a->attrib, (int(*)())i2d_AC_ATTR);
#endif
  M_ASN1_I2D_len_IMP_opt     (a->id, i2d_ASN1_BIT_STRING);
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, a->exts, i2d_X509_EXTENSION);
#else
  M_ASN1_I2D_len_SEQUENCE_opt(a->exts,   (int(*)())i2d_X509_EXTENSION);
#endif
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->version,  i2d_ASN1_INTEGER);
  M_ASN1_I2D_put(a->holder,   i2d_AC_HOLDER);
  M_ASN1_I2D_put_IMP_opt(a->form,   i2d_AC_FORM, 0);
  M_ASN1_I2D_put(a->alg,      i2d_X509_ALGOR);
  M_ASN1_I2D_put(a->serial,   i2d_ASN1_INTEGER);
  M_ASN1_I2D_put(a->validity, i2d_AC_VAL);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_put_SEQUENCE_type(AC_ATTR, a->attrib, i2d_AC_ATTR);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_put_SEQUENCE_type(AC_ATTR, a->attrib, (int (*)(void*, unsigned char**))i2d_AC_ATTR);
#else
  M_ASN1_I2D_put_SEQUENCE(a->attrib, (int(*)())i2d_AC_ATTR);
#endif
  M_ASN1_I2D_put_IMP_opt(a->id, i2d_ASN1_BIT_STRING, V_ASN1_BIT_STRING);
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, a->exts, i2d_X509_EXTENSION);
#else
  M_ASN1_I2D_put_SEQUENCE_opt(a->exts, (int(*)())i2d_X509_EXTENSION);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_IS ( AC_IS *  a,
unsigned char **  pp 
)

Definition at line 236 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len(a->issuer,      i2d_GENERAL_NAMES);
  M_ASN1_I2D_len(a->serial,      i2d_ASN1_INTEGER);
  M_ASN1_I2D_len_IMP_opt(a->uid, i2d_ASN1_BIT_STRING);
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->issuer,      i2d_GENERAL_NAMES);
  M_ASN1_I2D_put(a->serial,      i2d_ASN1_INTEGER);
  M_ASN1_I2D_put_IMP_opt(a->uid, i2d_ASN1_BIT_STRING, V_ASN1_BIT_STRING);
  M_ASN1_I2D_finish();
}

Here is the caller graph for this function:

int ArcCredential::i2d_AC_SEQ ( AC_SEQ *  a,
unsigned char **  pp 
)

Definition at line 639 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SEQUENCE_type(AC, a->acs, i2d_AC);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(AC, a->acs, i2d_AC);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(AC, a->acs, (int (*)(void*, unsigned char**))i2d_AC);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(AC, a->acs, (int (*)(void*, unsigned char**))i2d_AC);
#else
  M_ASN1_I2D_len_SEQUENCE(a->acs, (int (*)())i2d_AC);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE(a->acs, (int (*)())i2d_AC);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_TARGET ( AC_TARGET *  a,
unsigned char **  pp 
)

Definition at line 742 of file VOMSAttribute.cpp.

{
  int v1=0, v2=0, v3=0;

  M_ASN1_I2D_vars(a);
  M_ASN1_I2D_len_EXP_opt(a->name, i2d_GENERAL_NAME, 0, v1);
  M_ASN1_I2D_len_EXP_opt(a->group, i2d_GENERAL_NAME, 1, v2);
  M_ASN1_I2D_len_EXP_opt(a->cert, i2d_AC_IS, 2, v3);
  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put_EXP_opt(a->name, i2d_GENERAL_NAME, 0, v1);
  M_ASN1_I2D_put_EXP_opt(a->group, i2d_GENERAL_NAME, 1, v2);
  M_ASN1_I2D_put_EXP_opt(a->cert, i2d_AC_IS, 2, v3);
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_TARGETS ( AC_TARGETS *  a,
unsigned char **  pp 
)

Definition at line 691 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
  M_ASN1_I2D_len_SEQUENCE_type(AC_TARGET, a->targets, i2d_AC_TARGET);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(AC_TARGET, a->targets, i2d_AC_TARGET);
#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  M_ASN1_I2D_len_SEQUENCE_type(AC_TARGET, a->targets, (int (*)(void*, unsigned char**))i2d_AC_TARGET);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE_type(AC_TARGET, a->targets, (int (*)(void*, unsigned char**))i2d_AC_TARGET);
#else
  M_ASN1_I2D_len_SEQUENCE(a->targets, (int (*)())i2d_AC_TARGET);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put_SEQUENCE(a->targets, (int (*)())i2d_AC_TARGET);
#endif
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_AC_VAL ( AC_VAL *  a,
unsigned char **  pp 
)

Definition at line 439 of file VOMSAttribute.cpp.

{
  M_ASN1_I2D_vars(a);

  M_ASN1_I2D_len(a->notBefore, i2d_ASN1_GENERALIZEDTIME);
  M_ASN1_I2D_len(a->notAfter,  i2d_ASN1_GENERALIZEDTIME);

  M_ASN1_I2D_seq_total();

  M_ASN1_I2D_put(a->notBefore, i2d_ASN1_GENERALIZEDTIME);
  M_ASN1_I2D_put(a->notAfter,  i2d_ASN1_GENERALIZEDTIME);

  M_ASN1_I2D_finish();
}

Here is the caller graph for this function:

int ArcCredential::i2d_PROXYCERTINFO ( PROXYCERTINFO *  proxycertinfo,
unsigned char **  pp 
)

Definition at line 376 of file Proxycertinfo.cpp.

                                                                          {
  switch(proxycertinfo->version) {
  case 3:
    return i2d_PROXYCERTINFO_v3(proxycertinfo, pp);
    break;

  case 4:
    return i2d_PROXYCERTINFO_v4(proxycertinfo, pp);
    break;

  default:
    return -1;
    break;
  }
}

Here is the call graph for this function:

int ArcCredential::i2d_PROXYCERTINFO_v3 ( PROXYCERTINFO *  proxycertinfo,
unsigned char **  pp 
)

Definition at line 350 of file Proxycertinfo.cpp.

                                                                             {
  int v1;
  M_ASN1_I2D_vars(proxycertinfo);
  v1 = 0;
  M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
  M_ASN1_I2D_len_EXP_opt(proxycertinfo->path_length,i2d_ASN1_INTEGER, 1, v1);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
  M_ASN1_I2D_put_EXP_opt(proxycertinfo->path_length, i2d_ASN1_INTEGER, 1, v1);
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_PROXYCERTINFO_v4 ( PROXYCERTINFO *  proxycertinfo,
unsigned char **  pp 
)

Definition at line 362 of file Proxycertinfo.cpp.

                                                                             {
  M_ASN1_I2D_vars(proxycertinfo);
  if(proxycertinfo->path_length) { 
    M_ASN1_I2D_len(proxycertinfo->path_length, i2d_ASN1_INTEGER);
  }
  M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
  M_ASN1_I2D_seq_total();
  if(proxycertinfo->path_length) { 
    M_ASN1_I2D_put(proxycertinfo->path_length, i2d_ASN1_INTEGER);
  }
  M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_PROXYPOLICY);
  M_ASN1_I2D_finish();
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::i2d_PROXYPOLICY ( PROXYPOLICY *  policy,
unsigned char **  pp 
)

Definition at line 122 of file Proxycertinfo.cpp.

                                                                {
#if 0
  int  v1 = 0;
    
  M_ASN1_I2D_vars(policy);

  M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT);
  M_ASN1_I2D_len_EXP_opt(policy->policy, i2d_ASN1_OCTET_STRING, 0, v1);
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT);
  M_ASN1_I2D_put_EXP_opt(policy->policy, i2d_ASN1_OCTET_STRING, 0, v1);

  M_ASN1_I2D_finish();
#endif

  M_ASN1_I2D_vars(policy);

  M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT);

  if(policy->policy) { 
    M_ASN1_I2D_len(policy->policy, i2d_ASN1_OCTET_STRING);
  }
    
  M_ASN1_I2D_seq_total();
  M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT);
  if(policy->policy) { 
    M_ASN1_I2D_put(policy->policy, i2d_ASN1_OCTET_STRING);
  }
  M_ASN1_I2D_finish();
}

Here is the caller graph for this function:

int ArcCredential::i2r_PROXYCERTINFO ( X509V3_EXT_METHOD *  method,
PROXYCERTINFO *  ext,
BIO *  out,
int  indent 
)
static char* ArcCredential::norep ( ) [static]

Definition at line 1006 of file VOMSAttribute.cpp.

{
  static char buffer[] = "";

/*   buffer=malloc(1); */
/*   if (buffer) */
/*     *buffer='\0'; */
  return buffer;
}

Here is the caller graph for this function:

char* ArcCredential::null_i2s ( struct v3_ext_method *  ,
void *   
)

Definition at line 1031 of file VOMSAttribute.cpp.

{
  return norep();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* ArcCredential::null_s2i ( struct v3_ext_method *  ,
struct v3_ext_ctx *  ,
char *   
)

Definition at line 1154 of file VOMSAttribute.cpp.

{
  return ASN1_NULL_new();
}

Here is the caller graph for this function:

PROXYCERTINFO * ArcCredential::PROXYCERTINFO_dup ( PROXYCERTINFO *  proxycertinfo)

Definition at line 258 of file Proxycertinfo.cpp.

                                                                 {
  PROXYCERTINFO * new_proxycertinfo = NULL;
  if(proxycertinfo == NULL) return NULL;
  new_proxycertinfo = PROXYCERTINFO_new();
  if(new_proxycertinfo == NULL) return NULL;
  if(proxycertinfo->path_length) {
    new_proxycertinfo->path_length =
            ASN1_INTEGER_dup(proxycertinfo->path_length);
  }
  new_proxycertinfo->version = proxycertinfo->version;
  PROXYCERTINFO_set_proxypolicy(new_proxycertinfo,proxycertinfo->proxypolicy);
}

Here is the call graph for this function:

void ArcCredential::PROXYCERTINFO_free ( PROXYCERTINFO *  proxycertinfo)

Definition at line 251 of file Proxycertinfo.cpp.

                                                       {
  if(proxycertinfo == NULL) return;
  ASN1_INTEGER_free(proxycertinfo->path_length);
  PROXYPOLICY_free(proxycertinfo->proxypolicy);
  OPENSSL_free(proxycertinfo);
}

Here is the call graph for this function:

Here is the caller graph for this function:

long ArcCredential::PROXYCERTINFO_get_path_length ( PROXYCERTINFO *  proxycertinfo)

Definition at line 324 of file Proxycertinfo.cpp.

                                                                  {
  if(proxycertinfo && proxycertinfo->path_length)
    return ASN1_INTEGER_get(proxycertinfo->path_length);
  else return -1;
}

Here is the caller graph for this function:

PROXYPOLICY * ArcCredential::PROXYCERTINFO_get_proxypolicy ( PROXYCERTINFO *  proxycertinfo)

Definition at line 343 of file Proxycertinfo.cpp.

                                                                           {
  if(proxycertinfo)
    return proxycertinfo->proxypolicy;
  return NULL;
}

Here is the caller graph for this function:

int ArcCredential::PROXYCERTINFO_get_version ( PROXYCERTINFO *  proxycertinfo)

Definition at line 317 of file Proxycertinfo.cpp.

                                                             {
  if (proxycertinfo)
    return proxycertinfo->version;
  return -1;
}

PROXYCERTINFO function.

Definition at line 239 of file Proxycertinfo.cpp.

                                    {
  PROXYCERTINFO *                     ret;
  ASN1_CTX                            c;
  ret = NULL;
  M_ASN1_New_Malloc(ret, PROXYCERTINFO);
  memset(ret, 0, sizeof(PROXYCERTINFO));
  ret->path_length      = NULL;
  ret->proxypolicy      = PROXYPOLICY_new();
  return (ret);
  M_ASN1_New_Error(ASN1_F_PROXYCERTINFO_NEW);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::PROXYCERTINFO_print ( BIO *  bp,
PROXYCERTINFO *  cert_info 
)

Definition at line 271 of file Proxycertinfo.cpp.

                                                           {
  STACK_OF(CONF_VALUE)* values = NULL;
  values = i2v_PROXYCERTINFO(PROXYCERTINFO_v4_x509v3_ext_meth(), cert_info, NULL);
  X509V3_EXT_val_prn(bp, values, 0, 1);
  sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
  return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::PROXYCERTINFO_print_fp ( FILE *  fp,
PROXYCERTINFO *  cert_info 
)

Definition at line 279 of file Proxycertinfo.cpp.

                                                               {
  int ret;
  BIO* bp;
  bp = BIO_new(BIO_s_file());  
  BIO_set_fp(bp, fp, BIO_NOCLOSE);
  ret =  PROXYCERTINFO_print(bp, cert_info);
  BIO_free(bp);
  return (ret);
}   

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::PROXYCERTINFO_set_path_length ( PROXYCERTINFO *  proxycertinfo,
long  path_length 
)

Definition at line 290 of file Proxycertinfo.cpp.

                                                                                   {
  /* assure proxycertinfo is not empty */
  if(proxycertinfo != NULL) {
    if(path_length != -1) {
      /* if member path_length is empty allocate memory the set */
      if(proxycertinfo->path_length == NULL)
       proxycertinfo->path_length = ASN1_INTEGER_new();
      return ASN1_INTEGER_set(proxycertinfo->path_length, path_length);
    }
    else 
      if(proxycertinfo->path_length != NULL) {
       ASN1_INTEGER_free(proxycertinfo->path_length);
       proxycertinfo->path_length = NULL;
      }
    return 1;
  }
  return 0;
}

Here is the caller graph for this function:

int ArcCredential::PROXYCERTINFO_set_proxypolicy ( PROXYCERTINFO *  proxycertinfo,
PROXYPOLICY *  proxypolicy 
)

Definition at line 331 of file Proxycertinfo.cpp.

                                                                                            {
  if(proxypolicy != proxycertinfo->proxypolicy) {
    PROXYPOLICY_free(proxycertinfo->proxypolicy);
    if(proxypolicy != NULL)
      proxycertinfo->proxypolicy = PROXYPOLICY_dup(proxypolicy);
    else
      proxycertinfo->proxypolicy = NULL;
  }
  return 1;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::PROXYCERTINFO_set_version ( PROXYCERTINFO *  proxycertinfo,
int  version 
)

Definition at line 309 of file Proxycertinfo.cpp.

                                                                          {
  if (proxycertinfo != NULL) {
    proxycertinfo->version = version;
    return 1;
  }
  return 0;
}

Here is the caller graph for this function:

Definition at line 684 of file Proxycertinfo.cpp.

                                                       {
  static X509V3_EXT_METHOD proxycertinfo_v3_x509v3_ext_meth =
  {
    -1,
    X509V3_EXT_MULTILINE,
    NULL,
    (X509V3_EXT_NEW) PROXYCERTINFO_new,
    (X509V3_EXT_FREE) PROXYCERTINFO_free,
    (X509V3_EXT_D2I) d2i_PROXYCERTINFO_v3,
    (X509V3_EXT_I2D) i2d_PROXYCERTINFO_v3,
    NULL, NULL,
    (X509V3_EXT_I2V) i2v_PROXYCERTINFO,
    NULL,
    NULL, //(X509V3_EXT_I2R) i2r_PROXYCERTINFO,
    NULL, //(X509V3_EXT_R2I) r2i_PROXYCERTINFO,
    NULL
  };
  return (&proxycertinfo_v3_x509v3_ext_meth);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 664 of file Proxycertinfo.cpp.

                                                       {
    static X509V3_EXT_METHOD proxycertinfo_v4_x509v3_ext_meth =
    {
        -1,
        X509V3_EXT_MULTILINE,
        NULL,
        (X509V3_EXT_NEW) PROXYCERTINFO_new,
        (X509V3_EXT_FREE) PROXYCERTINFO_free,
        (X509V3_EXT_D2I) d2i_PROXYCERTINFO_v4,
        (X509V3_EXT_I2D) i2d_PROXYCERTINFO_v4,
        NULL, NULL,
        (X509V3_EXT_I2V) i2v_PROXYCERTINFO,
        NULL,
        NULL, //(X509V3_EXT_I2R) i2r_PROXYCERTINFO,
        NULL, //(X509V3_EXT_R2I) r2i_PROXYCERTINFO,
        NULL
    };
    return (&proxycertinfo_v4_x509v3_ext_meth);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PROXYPOLICY * ArcCredential::PROXYPOLICY_dup ( PROXYPOLICY *  policy)

Definition at line 55 of file Proxycertinfo.cpp.

                                                    {
  return ((PROXYPOLICY *) ASN1_dup((int (*)(void*, unsigned char**))i2d_PROXYPOLICY,
                               (char *(*)(void**, const unsigned char**, long int))d2i_PROXYPOLICY,
                               (char *)policy));
}

Here is the call graph for this function:

Here is the caller graph for this function:

void ArcCredential::PROXYPOLICY_free ( PROXYPOLICY *  policy)

Definition at line 47 of file Proxycertinfo.cpp.

                                            {
  if(policy == NULL) return;
  ASN1_OBJECT_free(policy->policy_language);
  M_ASN1_OCTET_STRING_free(policy->policy);
  OPENSSL_free(policy);
}

Here is the caller graph for this function:

unsigned char * ArcCredential::PROXYPOLICY_get_policy ( PROXYPOLICY *  proxypolicy,
int *  length 
)

Definition at line 104 of file Proxycertinfo.cpp.

                                                                                {
  /* assure field policy is set */
  if(proxypolicy->policy) {
    *length = proxypolicy->policy->length;
    /* assure ASN1_OCTET_STRING is full */
    if (*length>0 && proxypolicy->policy->data) {
      unsigned char * copy = (unsigned char*) malloc(*length);
      if(copy) {
        memcpy(copy, proxypolicy->policy->data, *length);
        return copy;
      }
    }
  }
  /* else return NULL */
  return NULL;
}

Here is the caller graph for this function:

ASN1_OBJECT * ArcCredential::PROXYPOLICY_get_policy_language ( PROXYPOLICY *  policy)

Definition at line 82 of file Proxycertinfo.cpp.

{
  return policy->policy_language;
}

Here is the caller graph for this function:

Definition at line 17 of file Proxycertinfo.cpp.

                                {
  ASN1_CTX                            c;
  PROXYPOLICY *                       ret;
  ret = NULL;

  M_ASN1_New_Malloc(ret, PROXYPOLICY);
  ret->policy_language = OBJ_nid2obj(OBJ_sn2nid(IMPERSONATION_PROXY_SN));
  ret->policy = NULL;
  return (ret);
  M_ASN1_New_Error(ASN1_F_PROXYPOLICY_NEW);
}

Here is the caller graph for this function:

int ArcCredential::PROXYPOLICY_print ( BIO *  bp,
PROXYPOLICY *  policy 
)

Definition at line 61 of file Proxycertinfo.cpp.

                                                    {
  STACK_OF(CONF_VALUE)* values = NULL;
  values = i2v_PROXYPOLICY(PROXYPOLICY_x509v3_ext_meth(), policy, values);
  X509V3_EXT_val_prn(bp, values, 0, 1);
  sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
  return 1;
}

Here is the call graph for this function:

int ArcCredential::PROXYPOLICY_set_policy ( PROXYPOLICY *  proxypolicy,
unsigned char *  policy,
int  length 
)

Definition at line 88 of file Proxycertinfo.cpp.

                                                                                          {
  if(policy != NULL) {
    /* if member policy of proxypolicy non set */
    if(!proxypolicy->policy)
      proxypolicy->policy = ASN1_OCTET_STRING_new();
    /* set member policy of proxypolicy */
    ASN1_OCTET_STRING_set(proxypolicy->policy, policy, length);
  }
  else if(proxypolicy->policy) {
    ASN1_OCTET_STRING_free(proxypolicy->policy);
    proxypolicy->policy = NULL;
  }
  return 1;
}

Here is the caller graph for this function:

int ArcCredential::PROXYPOLICY_set_policy_language ( PROXYPOLICY *  policy,
ASN1_OBJECT *  policy_language 
)

Definition at line 70 of file Proxycertinfo.cpp.

                                                                                         {
  if(policy_language != NULL) {
    if(policy_language != policy->policy_language) {
      ASN1_OBJECT_free(policy->policy_language);
      policy->policy_language = OBJ_dup(policy_language);
    }
    return 1;
  }
  return 0;
}

Here is the caller graph for this function:

Definition at line 217 of file Proxycertinfo.cpp.

                                                  {
  static X509V3_EXT_METHOD proxypolicy_x509v3_ext_meth =
  {
    -1,
    X509V3_EXT_MULTILINE,
    NULL,
    (X509V3_EXT_NEW) PROXYPOLICY_new,
    (X509V3_EXT_FREE) PROXYPOLICY_free,
    (X509V3_EXT_D2I) d2i_PROXYPOLICY,
    (X509V3_EXT_I2D) i2d_PROXYPOLICY,
    NULL, NULL,
    (X509V3_EXT_I2V) i2v_PROXYPOLICY,
    NULL,
    NULL, NULL,
    NULL
  };
  return (&proxypolicy_x509v3_ext_meth);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PROXYCERTINFO* ArcCredential::r2i_PROXYCERTINFO ( X509V3_EXT_METHOD *  method,
X509V3_CTX *  ctx,
char *  value 
)
ArcCredential::STACK_OF ( CONF_VALUE  )
char* ArcCredential::targets_i2s ( struct v3_ext_method *  ,
void *   
)

Definition at line 1021 of file VOMSAttribute.cpp.

{
  return norep();
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* ArcCredential::targets_s2i ( struct v3_ext_method *  ,
struct v3_ext_ctx *  ,
char *  data 
)

Definition at line 1056 of file VOMSAttribute.cpp.

{
  char *pos;
  char *list = strdup(data);
  AC_TARGETS *a = AC_TARGETS_new();

  int attlist;
  do {
    pos = strchr(list, ',');
    if (pos)
      *pos = '\0';
    {
      GENERAL_NAME *g = GENERAL_NAME_new();
      ASN1_IA5STRING *tmpr = ASN1_IA5STRING_new();
      AC_TARGET *targ = AC_TARGET_new();

      if (!g || !tmpr || !targ) {
        GENERAL_NAME_free(g);
        ASN1_IA5STRING_free(tmpr);
        AC_TARGET_free(targ);
        goto err;
      }
      ASN1_STRING_set(tmpr, list, strlen(list));
      g->type = GEN_URI;
      g->d.ia5 = tmpr;
      targ->name = g;
      sk_AC_TARGET_push(a->targets, targ);
      attlist++;
    }
    if (pos)
      list = pos++;
  } while (pos);

  return a;

 err:
  AC_TARGETS_free(a);
  return NULL;    

}

Here is the call graph for this function:

Here is the caller graph for this function:

static int ArcCredential::verify_callback ( int  ok,
X509_STORE_CTX *  store_ctx 
) [static]

We need to check whether the certificate is revoked if it is not a proxy; *for proxy, it does not ever get revoked

Only need to check signing policy file for no-proxy certificate

Add the current certificate into cert chain

Check the proxy certificate infomation extension

Parse the policy

We need to check whether the certificate is revoked if it is not a proxy; *for proxy, it does not ever get revoked

Only need to check signing policy file for no-proxy certificate

Add the current certificate into cert chain

Check the proxy certificate infomation extension

Parse the policy

Definition at line 112 of file CertUtil.cpp.

                                                              {
  cert_verify_context*      vctx;
  vctx = (cert_verify_context *) X509_STORE_CTX_get_ex_data(store_ctx, VERIFY_CTX_STORE_EX_DATA_IDX);
  //TODO get SSL object here, special for GSSAPI
  if(!vctx) { return (0);}

  /* Now check for some error conditions which can be disregarded. */
  if(!ok) {
    switch (store_ctx->error) {
    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
      /*
      * Since OpenSSL does not know about proxies,
      * it will count them against the path length
      * So we will ignore the errors and do our
      * own checks later on, when we check the last
      * certificate in the chain we will check the chain.
      */
      logger.msg(Arc::DEBUG,"X509_V_ERR_PATH_LENGTH_EXCEEDED");

#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
      /*
      * OpenSSL-0.9.8 (because of proxy support) has this error
      *(0.9.7d did not have this, not proxy support still)
      * So we will ignore the errors now and do our checks later
      * on.
      */
    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
      logger.msg(Arc::DEBUG,"X509_V_ERR_PATH_LENGTH_EXCEEDED --- with proxy");
      ok = 1;
      break;
#endif

#if (OPENSSL_VERSION_NUMBER > 0x0090706fL)
      /*
      * In the later version (097g+) OpenSSL does know about
      * proxies, but not non-rfc compliant proxies, it will
      * count them as unhandled critical extensions.
      * So we will ignore the errors and do our
      * own checks later on, when we check the last
      * certificate in the chain we will check the chain.
      * As OpenSSL does not recognize legacy proxies (pre-RFC, and older fasion proxies)
      */
    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
      logger.msg(Arc::DEBUG,"X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION");
      /*
      * Setting this for 098 or later versions avoid the invalid
      * CA error but would result in proxy path len exceeded which
      * is handled above. For versions less than 098 and greater
      * than or equal to 097g causes a seg fault in
      * check_chain_extensions (line 498 in crypto/x509/x509_vfy.c)
      * If this flag is set, openssl assumes proxy extensions would
      * definitely be there and tries to access the extensions but
      * the extension is not there really, as it not recognized by
      * openssl. So openssl versions >= 097g and < 098 would
      * consider our proxy as an EEC and higher level proxy in the
      * cert chain (if any) or EEC as a CA cert and thus would throw
      * as invalid CA error. We handle that error below.
      */
  #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
      store_ctx->current_cert->ex_flags |= EXFLAG_PROXY;
  #endif
      ok = 1;
      break;
    case X509_V_ERR_INVALID_PURPOSE:
      /*
      * Invalid purpose if we init sec context with a server that does
      * not have the SSL Server Netscape extension (occurs with 0.9.7
      * servers)
      */
      ok = 1;
      break;
#endif

#if (OPENSSL_VERSION_NUMBER > 0x0090706fL)
    case X509_V_ERR_INVALID_CA:
    {
      /*
      * If the previous cert in the chain is a proxy cert then
      * we get this error just because openssl does not recognize
      * our proxy and treats it as an EEC. And thus, it would
      * treat higher level proxies (if any) or EEC as CA cert
      * (which are not actually CA certs) and would throw this
      * error. As long as the previous cert in the chain is a
      * proxy cert, we ignore this error.
      */
      X509* prev_cert = sk_X509_value(store_ctx->chain, store_ctx->error_depth-1);
      certType type;
      if(check_cert_type(prev_cert, type)) { if(CERT_IS_PROXY(type)) ok = 1; }
      break;
    }
#endif
    default:
      break;
    }



    //if failed, show the error message.
    if(!ok) {
      char * subject_name = X509_NAME_oneline(X509_get_subject_name(store_ctx->current_cert), 0, 0);
      unsigned long issuer_hash = X509_issuer_name_hash(store_ctx->current_cert);

      logger.msg(Arc::DEBUG,"Error number in store context: %i",(int)(store_ctx->error));
      if(sk_X509_num(store_ctx->chain) == 1) { logger.msg(Arc::VERBOSE,"Self-signed certificate"); }

      if (store_ctx->error == X509_V_ERR_CERT_NOT_YET_VALID) {
        logger.msg(Arc::INFO,"The certificate with subject %s  is not valid",subject_name);
      }
      else if(store_ctx->error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
        logger.msg(Arc::INFO,"Can not find issuer certificate for the certificate with subject %s and hash: %lu",subject_name,issuer_hash);
      }
      else if(store_ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) {
        logger.msg(Arc::INFO,"Certificate with subject %s has expired",subject_name);
      }
      else if(store_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) {
        logger.msg(Arc::INFO,"Untrusted self-signed certificate in chain with "
                   "subject %s and hash: %lu",subject_name,issuer_hash);
      }
      else
        logger.msg(Arc::INFO,"Certificate verification error: %s",X509_verify_cert_error_string(store_ctx->error));

      if(subject_name) OPENSSL_free(subject_name);

      return ok;
    }
    store_ctx->error = 0;
    return ok;
  }

  /* All of the OpenSSL tests have passed and we now get to
   * look at the certificate to verify the proxy rules,
   * and ca-signing-policy rules. CRL checking will also be done.
   */

  /*
   * Test if the name ends in CN=proxy and if the issuer
   * name matches the subject without the final proxy.
   */
  certType type;
  bool ret = check_cert_type(store_ctx->current_cert,type);
  if(!ret) {
    logger.msg(Arc::ERROR,"Can not get the certificate type");
    return 0;
  }
  if(CERT_IS_PROXY(type)){
   /* it is a proxy */
        /* a legacy globus proxy may only be followed by another legacy globus
         * proxy or a limited legacy globus_proxy.
         * a limited legacy globus proxy may only be followed by another
         * limited legacy globus proxy
         * a draft compliant proxy may only be followed by another draft
         * compliant proxy
         * a draft compliant limited proxy may only be followed by another draft
         * compliant limited proxy or a draft compliant independent proxy
         */

    if((CERT_IS_GSI_2_PROXY(vctx->cert_type) && !CERT_IS_GSI_2_PROXY(type)) ||
         (CERT_IS_GSI_3_PROXY(vctx->cert_type) && !CERT_IS_GSI_3_PROXY(type)) ||
         (CERT_IS_RFC_PROXY(vctx->cert_type) && !CERT_IS_RFC_PROXY(type))) {
      logger.msg(Arc::ERROR,"The proxy to be signed should be compatible with the signing certificate: (%s) -> (%s)",certTypeToString(vctx->cert_type),certTypeToString(type));
      return (0);
    }

    if(CERT_IS_LIMITED_PROXY(vctx->cert_type) &&
       !(CERT_IS_LIMITED_PROXY(type) || CERT_IS_INDEPENDENT_PROXY(type))) {
      logger.msg(Arc::ERROR,"Can't sign a non-limited, non-independent proxy with a limited proxy");
      store_ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
      return (0);
    }

    vctx->proxy_depth++;
    if(vctx->max_proxy_depth!=-1 && vctx->max_proxy_depth < vctx->proxy_depth) {
      logger.msg(Arc::ERROR,"The proxy depth %i is out of maximum limit %i",vctx->proxy_depth,vctx->max_proxy_depth);
      return (0);
    }
    vctx->cert_type=type;
  }

  if(vctx->cert_type == CERT_TYPE_EEC || vctx->cert_type == CERT_TYPE_CA) {
#ifdef X509_V_ERR_CERT_REVOKED
        /*
         * SSLeay 0.9.0 handles CRLs but does not check them.
         * We will check the crl for this cert, if there
         * is a CRL in the store.
         * If we find the crl is not valid, we will fail,
         * as once the sysadmin indicates that CRLs are to
         * be checked, he best keep it upto date.
         *
         * When future versions of SSLeay support this better,
         * we can remove these tests.
         * we come through this code for each certificate,
         * starting with the CA's We will check for a CRL
         * each time, but only check the signature if the
         * subject name matches, and check for revoked
         * if the issuer name matches.
         * this allows the CA to revoke its own cert as well.
         */
    int i, n;
    X509_OBJECT     obj;
    X509_CRL *      crl = NULL;
    X509_CRL_INFO * crl_info = NULL;
    X509_REVOKED *  revoked = NULL;;
    EVP_PKEY *key = NULL;

    if (X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, X509_get_subject_name(store_ctx->current_cert), &obj)) {
      if((crl=obj.data.crl) && (crl_info=crl->crl)) {
        /* verify the signature on this CRL */
        key = X509_get_pubkey(store_ctx->current_cert);
        if (X509_CRL_verify(crl, key) <= 0) {
          store_ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
          // TODO: tell which crl failed
          logger.msg(Arc::ERROR,"Couldn't verify availability of CRL");
          EVP_PKEY_free(key); X509_OBJECT_free_contents(&obj); return (0);
        }

        /* Check date see if expired */
        i = X509_cmp_current_time(crl_info->lastUpdate);
        if (i == 0) {
          store_ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
          // TODO: tell which crl failed
          logger.msg(Arc::ERROR,"In the available CRL the lastUpdate field is not valid");
          EVP_PKEY_free(key); X509_OBJECT_free_contents(&obj); return (0);
        }
        if(i>0) {
          store_ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
          // TODO: tell which crl failed
          logger.msg(Arc::ERROR,"The available CRL is not yet valid");
          EVP_PKEY_free(key); X509_OBJECT_free_contents(&obj); return (0);
        }

        i = (crl_info->nextUpdate != NULL) ? X509_cmp_current_time(crl_info->nextUpdate) : 1;
        if (i == 0) {
          store_ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
          // TODO: tell which crl failed
          logger.msg(Arc::ERROR,"In the available CRL, the nextUpdate field is not valid");
          EVP_PKEY_free(key); X509_OBJECT_free_contents(&obj); return (0);
        }

        if (i < 0) {
          store_ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
          logger.msg(Arc::ERROR,"The available CRL has expired");
          EVP_PKEY_free(key); X509_OBJECT_free_contents(&obj); return (0);
        }
        EVP_PKEY_free(key);
      }
      X509_OBJECT_free_contents(&obj);
    }

    /* now check if the issuer has a CRL, and we are revoked */
    if (X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, X509_get_issuer_name(store_ctx->current_cert), &obj)) {
      if((crl=obj.data.crl) && (crl_info=crl->crl)) {
        /* check if this cert is revoked */
        n = sk_X509_REVOKED_num(crl_info->revoked);
        for (i=0; i<n; i++) {
          revoked = (X509_REVOKED *)sk_X509_REVOKED_value(crl_info->revoked,i);
          if(!ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(store_ctx->current_cert))) {
            long serial;
            char buf[256];
            char* subject_string;
            serial = ASN1_INTEGER_get(revoked->serialNumber);
            snprintf(buf, sizeof(buf), "%ld (0x%lX)",serial,serial);
            subject_string = X509_NAME_oneline(X509_get_subject_name(store_ctx->current_cert),NULL,0);
            logger.msg(Arc::ERROR,"Certificate with serial number %s and subject \"%s\" is revoked",buf,subject_string);
            store_ctx->error = X509_V_ERR_CERT_REVOKED;
            OPENSSL_free(subject_string);
            X509_OBJECT_free_contents(&obj); return (0);
          }
        }
      }
      X509_OBJECT_free_contents(&obj);
    }
#endif /* X509_V_ERR_CERT_REVOKED */


    char* cadir = NULL;
    char* ca_policy_file_path = NULL;
    if (X509_NAME_cmp(X509_get_subject_name(store_ctx->current_cert), X509_get_issuer_name(store_ctx->current_cert))) {
      cadir = (char*)(vctx->ca_dir.c_str());
      if(!(*cadir)) {
        logger.msg(Arc::ERROR,"Directory of trusted CAs is not specified/found");
        return (0);
      }

      unsigned int buffer_len;
      unsigned long hash;
      hash = X509_NAME_hash(X509_get_issuer_name(store_ctx->current_cert));

      buffer_len = strlen(cadir) + strlen(FILE_SEPERATOR) + 8 /* hash */
        + strlen(SIGNING_POLICY_FILE_EXTENSION) + 1 /* NULL */;
      ca_policy_file_path = (char*) malloc(buffer_len);
      if(ca_policy_file_path == NULL) {
        logger.msg(Arc::ERROR,"Can't allocate memory for CA policy path");
        store_ctx->error = X509_V_ERR_APPLICATION_VERIFICATION;
        return (0);
      }
      snprintf(ca_policy_file_path,buffer_len,"%s%s%08lx%s", cadir, FILE_SEPERATOR, hash, SIGNING_POLICY_FILE_EXTENSION);
      ca_policy_file_path[buffer_len-1]=0;

      //TODO check the certificate against policy

      free(ca_policy_file_path);
    }
  }

  if(vctx->cert_chain == NULL) { vctx->cert_chain = sk_X509_new_null(); }
  sk_X509_push(vctx->cert_chain, X509_dup(store_ctx->current_cert));
  vctx->cert_depth++;

  STACK_OF(X509_EXTENSION)* extensions;
  X509_EXTENSION* ext;
  ASN1_OBJECT* extension_obj;
  extensions = store_ctx->current_cert->cert_info->extensions;
  int i;
  if(extensions) for (i=0;i<sk_X509_EXTENSION_num(extensions);i++) {
    ext = (X509_EXTENSION *) sk_X509_EXTENSION_value(extensions,i);
    if(X509_EXTENSION_get_critical(ext)) {
      extension_obj = X509_EXTENSION_get_object(ext);
      int nid = OBJ_obj2nid(extension_obj);
      if(nid != NID_basic_constraints &&
         nid != NID_key_usage &&
         nid != NID_ext_key_usage &&
         nid != NID_netscape_cert_type &&
         nid != NID_subject_key_identifier &&
         nid != NID_authority_key_identifier &&
         nid != OBJ_sn2nid("PROXYCERTINFO_V3") &&
         nid != OBJ_sn2nid("PROXYCERTINFO_V4") &&
         nid != OBJ_sn2nid("OLD_PROXYCERTINFO") &&
         nid != OBJ_sn2nid("PROXYCERTINFO")
#if (OPENSSL_VERSION_NUMBER > 0x0090706fL)
         && nid != NID_proxyCertInfo
#endif
        ) {
        store_ctx->error = X509_V_ERR_CERT_REJECTED;
        logger.msg(Arc::ERROR,"Certificate has unknown extension with numeric ID %u and SN %s",(unsigned int)nid,OBJ_nid2sn(nid));
        return (0);
      }

// TODO: do not use openssl version - instead use result of check if
// proxy extension is supported
#if (OPENSSL_VERSION_NUMBER > 0x0090706fL) && (nid == NID_proxyCertInfo)
      /* If the openssl version >=097g (which means proxy cert info is
       * supported), and NID_proxyCertInfo can be got from the extension,
       * then we use the proxy cert info support from openssl itself.
       * Otherwise we have to use globus-customized proxy cert info support.
       */
      PROXY_CERT_INFO_EXTENSION*  proxycertinfo = NULL;
      proxycertinfo = (PROXY_CERT_INFO_EXTENSION*) X509V3_EXT_d2i(ext);
      if (proxycertinfo == NULL) {
        logger.msg(Arc::WARNING,"Can not convert DER encoded PROXY_CERT_INFO_EXTENSION extension to internal format");
      } else {
        int path_length = ASN1_INTEGER_get(proxycertinfo->pcPathLengthConstraint);
        /* ignore negative values */
        if(path_length > -1) {
          if(vctx->max_proxy_depth == -1 || vctx->max_proxy_depth > vctx->proxy_depth + path_length) {
            vctx->max_proxy_depth = vctx->proxy_depth + path_length;
            logger.msg(Arc::DEBUG,"proxy_depth: %i, path_length: %i",(int)(vctx->proxy_depth),(int)path_length);
          }
        }
        if(store_ctx->current_cert->ex_flags & EXFLAG_PROXY) {
          switch (OBJ_obj2nid(proxycertinfo->proxyPolicy->policyLanguage)) {
            case NID_Independent:
               /* Put whatever explicit policy here to this particular proxy certificate, usually by
                * pulling them from some database. If there is none policy which need to be explicitly
                * inserted here, clear all the policy storage (make this and any subsequent proxy certificate
                * be void of any policy, because here the policylanguage is independent)
                */
              vctx->proxy_policy.clear();
              break;
            case NID_id_ppl_inheritAll:
               /* This is basically a NOP */
              break;
            default:
              /* Here get the proxy policy */
              vctx->proxy_policy.clear();
              if((proxycertinfo->proxyPolicy) &&
                 (proxycertinfo->proxyPolicy->policy) &&
                 (proxycertinfo->proxyPolicy->policy->data)) {
                vctx->proxy_policy.append(
                   proxycertinfo->proxyPolicy->policy->data,
                   proxycertinfo->proxyPolicy->policy->length);
              }
              /* Use : as seperator for policies parsed from different proxy certificate*/
              /* !!!! Taking int account previous proxy_policy.clear() !!!!
                 !!!! it seems to be impossible to have more than one    !!!!
                 !!!!  policy collected anyway !!!! */
              vctx->proxy_policy.append(":");
              break;
          }
        }
        PROXY_CERT_INFO_EXTENSION_free(proxycertinfo);
        proxycertinfo = NULL;
      }
#else
      PROXYCERTINFO*  proxycertinfo = NULL;
      if(nid == OBJ_sn2nid("PROXYCERTINFO_V3") || nid == OBJ_sn2nid("PROXYCERTINFO_V4")) {
        proxycertinfo = (PROXYCERTINFO*) X509V3_EXT_d2i(ext);
        if (proxycertinfo == NULL) {
          logger.msg(Arc::WARNING,"Can not convert DER encoded PROXYCERTINFO extension to internal format");
        } else {
          int path_length = PROXYCERTINFO_get_path_length(proxycertinfo);
          /* ignore negative values */
          if(path_length > -1) {
            if(vctx->max_proxy_depth == -1 || vctx->max_proxy_depth > vctx->proxy_depth + path_length) {
              vctx->max_proxy_depth = vctx->proxy_depth + path_length;
              logger.msg(Arc::DEBUG,"proxy_depth: %i, path_length: %i",(int)(vctx->proxy_depth),(int)path_length);
            }
          }
        }
      }

      if(proxycertinfo != NULL) {
        int policynid = OBJ_obj2nid(PROXYPOLICY_get_policy_language(proxycertinfo->proxypolicy));
        if(policynid == OBJ_sn2nid(INDEPENDENT_PROXY_SN)) {
          /* Put whatever explicit policy here to this particular proxy certificate, usually by
           * pulling them from some database. If there is none policy which need to be explicitly
           * inserted here, clear all the policy storage (make this and any subsequent proxy certificate
           * be void of any policy, because here the policylanguage is independent)
           */
          vctx->proxy_policy.clear();
        }
        else if(policynid == OBJ_sn2nid(IMPERSONATION_PROXY_SN)) {
          /* This is basically a NOP */
        }
        else {
          /* Here get the proxy policy */
          vctx->proxy_policy.clear();
          if(proxycertinfo->proxypolicy) {
            int length;
            char* policy_string = NULL;
            policy_string = (char*)PROXYPOLICY_get_policy(proxycertinfo->proxypolicy, &length);
            if(policy_string && (length > 0)) {
              vctx->proxy_policy.append(policy_string, length);
              /* Use : as seperator for policies parsed from different
                 proxy certificate*/
              /* !!!! Taking int account previous proxy_policy.clear() !!!!
                 !!!! it seems to be impossible to have more than one    !!!!
                 !!!!  policy collected anyway !!!! */
              vctx->proxy_policy.append(":");
            }
            if(policy_string != NULL) free(policy_string);
          }
        }
        PROXYCERTINFO_free(proxycertinfo); proxycertinfo = NULL;
      }
#endif
    }
  }

  /*
  * We ignored any path length restrictions above because
  * OpenSSL was counting proxies against the limit.
  * If we are on the last cert in the chain, we
  * know how many are proxies, so we can do the
  * path length check now.
  * See x509_vfy.c check_chain_purpose
  * all we do is substract off the proxy_dpeth
  */
  if(store_ctx->current_cert == store_ctx->cert) {
    if(store_ctx->chain) for (i=0; i < sk_X509_num(store_ctx->chain); i++) {
      X509* cert = sk_X509_value(store_ctx->chain,i);
      if (((i - vctx->proxy_depth) > 1) && (cert->ex_pathlen != -1)
               && ((i - vctx->proxy_depth) > (cert->ex_pathlen + 1))
               && (cert->ex_flags & EXFLAG_BCONS)) {
        store_ctx->current_cert = cert; /* point at failing cert */
        store_ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
        return (0);
      }
    }
  }

  return (1);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ArcCredential::verify_cert_chain ( X509 *  cert,
STACK_OF(X509)**  certchain,
cert_verify_context *  vctx 
)

Definition at line 25 of file CertUtil.cpp.

                                                                                         {
  int i;
  int j;
  int retval = 0;
  X509_STORE* cert_store = NULL;
  X509_STORE_CTX* store_ctx = NULL;
  X509* cert_in_chain = NULL;
  X509* user_cert = NULL;

  user_cert = cert;
  cert_store = X509_STORE_new();
  X509_STORE_set_verify_cb_func(cert_store, verify_callback);
  if (*certchain != NULL) {
    for (i=0;i<sk_X509_num(*certchain);i++) {
      cert_in_chain = sk_X509_value(*certchain,i);
      if (!user_cert) {
        //Assume the first cert in cert chain is the user cert.
        user_cert = cert_in_chain;
      }
      else {
        j = X509_STORE_add_cert(cert_store, cert_in_chain);
        if (!j) {
          if ((ERR_GET_REASON(ERR_peek_error()) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
            ERR_clear_error();
            break;
          }
          else { goto err; }
        }
      }
    }
  }
  if(user_cert == NULL) goto err;

  if (X509_STORE_load_locations(cert_store,
           vctx->ca_file.empty() ? NULL:vctx->ca_file.c_str(),
           vctx->ca_dir.empty() ? NULL:vctx->ca_dir.c_str())) {
    store_ctx = X509_STORE_CTX_new();
    X509_STORE_CTX_init(store_ctx, cert_store, user_cert, NULL);
    //Last parameter is "untrusted", probably related globus code is wrong.

#if SSLEAY_VERSION_NUMBER >=  0x0090600fL
    /* override the check_issued with our version */
    store_ctx->check_issued = check_issued;
#endif

    /*
     * If this is not set, OpenSSL-0.9.8 assumes the proxy cert
     * as an EEC and the next level cert in the chain as a CA cert
     * and throws an invalid CA error. If we set this, the callback
     * (verify_callback) gets called with
     * ok = 0 with an error "unhandled critical extension"
     * and "path length exceeded".
     * verify_callback will check the critical extension later.
     */
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
    X509_STORE_CTX_set_flags(store_ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
#endif

    if (!X509_STORE_CTX_set_ex_data(store_ctx, VERIFY_CTX_STORE_EX_DATA_IDX, (void *)vctx)) {
      logger.msg(Arc::ERROR,"Can not set the STORE_CTX for chain verification");
      goto err;
    }

    //X509_STORE_CTX_set_depth(store_ctx, 10);

    if(!X509_verify_cert(store_ctx)) { goto err; }
  }

  //Replace the trusted certificate chain after verification passed, the
  //trusted ca certificate is added
  if(*certchain) { sk_X509_pop_free(*certchain, X509_free); }
  *certchain = sk_X509_new_null();

  if(store_ctx != NULL) for (i=0; i < sk_X509_num(store_ctx->chain); i++) {
    X509* tmp = NULL; tmp = X509_dup(sk_X509_value(store_ctx->chain,i));
    sk_X509_insert(*certchain, tmp, i);
  }

  retval = 1;

err:
  if(cert_store) { X509_STORE_free(cert_store); }
  if(store_ctx) { X509_STORE_CTX_free(store_ctx); }

  return retval;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1272 of file VOMSAttribute.cpp.

                                                          {
  static X509V3_EXT_METHOD vomsattribute_acseq_x509v3_ext_meth =
  {
    -1,
    0,  
    NULL,
    (X509V3_EXT_NEW) AC_SEQ_new,
    (X509V3_EXT_FREE) AC_SEQ_free,
    (X509V3_EXT_D2I) d2i_AC_SEQ,
    (X509V3_EXT_I2D) i2d_AC_SEQ,
    (X509V3_EXT_I2S) acseq_i2s, 
    (X509V3_EXT_S2I) acseq_s2i,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
  };
  return (&vomsattribute_acseq_x509v3_ext_meth);
}  

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1314 of file VOMSAttribute.cpp.

                                                            {
  static X509V3_EXT_METHOD vomsattribute_attribs_x509v3_ext_meth =
  {
    -1,
    0,
    NULL,
    (X509V3_EXT_NEW) AC_FULL_ATTRIBUTES_new,
    (X509V3_EXT_FREE) AC_FULL_ATTRIBUTES_free,
    (X509V3_EXT_D2I) d2i_AC_FULL_ATTRIBUTES,
    (X509V3_EXT_I2D) i2d_AC_FULL_ATTRIBUTES,
    (X509V3_EXT_I2S) attributes_i2s,  
    (X509V3_EXT_S2I) attributes_s2i,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
  };
  return (&vomsattribute_attribs_x509v3_ext_meth);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1209 of file VOMSAttribute.cpp.

                                                         {
  static X509V3_EXT_METHOD vomsattribute_auth_x509v3_ext_meth =
  {
    -1,
    0,  
    NULL, 
    (X509V3_EXT_NEW) AUTHORITY_KEYID_new,
    (X509V3_EXT_FREE) AUTHORITY_KEYID_free,
    (X509V3_EXT_D2I) d2i_AUTHORITY_KEYID,
    (X509V3_EXT_I2D) i2d_AUTHORITY_KEYID,
    (X509V3_EXT_I2S) authkey_i2s, 
    (X509V3_EXT_S2I) authkey_s2i,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
  };
  return (&vomsattribute_auth_x509v3_ext_meth);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1230 of file VOMSAttribute.cpp.

                                                          {
  static X509V3_EXT_METHOD vomsattribute_avail_x509v3_ext_meth =
  {
    -1,
    0,  
    NULL,
    (X509V3_EXT_NEW) ASN1_NULL_new,
    (X509V3_EXT_FREE) ASN1_NULL_free,
    (X509V3_EXT_D2I) d2i_ASN1_NULL,
    (X509V3_EXT_I2D) i2d_ASN1_NULL,
    (X509V3_EXT_I2S) null_i2s, 
    (X509V3_EXT_S2I) null_s2i,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
  };
  return (&vomsattribute_avail_x509v3_ext_meth);
}  

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1293 of file VOMSAttribute.cpp.

                                                            {
  static X509V3_EXT_METHOD vomsattribute_certseq_x509v3_ext_meth =
  {
    -1,
    0,  
    NULL,
    (X509V3_EXT_NEW) AC_CERTS_new,
    (X509V3_EXT_FREE) AC_CERTS_free,
    (X509V3_EXT_D2I) d2i_AC_CERTS,
    (X509V3_EXT_I2D) i2d_AC_CERTS,
    (X509V3_EXT_I2S) certs_i2s, 
    (X509V3_EXT_S2I) certs_s2i,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
  };
  return (&vomsattribute_certseq_x509v3_ext_meth);
}  

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1251 of file VOMSAttribute.cpp.

                                                            {
  static X509V3_EXT_METHOD vomsattribute_targets_x509v3_ext_meth =
  {
    -1,
    0,  
    NULL,
    (X509V3_EXT_NEW) AC_TARGETS_new,
    (X509V3_EXT_FREE) AC_TARGETS_free,
    (X509V3_EXT_D2I) d2i_AC_TARGETS,
    (X509V3_EXT_I2D) i2d_AC_TARGETS,
    (X509V3_EXT_I2S) targets_i2s, 
    (X509V3_EXT_S2I) targets_s2i,
    NULL,
    NULL,
    NULL,
    NULL,
    NULL
  };
  return (&vomsattribute_targets_x509v3_ext_meth);
}  

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 170 of file Proxycertinfo.cpp.

Definition at line 20 of file CertUtil.cpp.

Definition at line 170 of file Proxycertinfo.cpp.

                                                                                                                   {
  char* policy = NULL;
  char  policy_lang[128];
  char* tmp_string = NULL;
  char* index = NULL;
  int   nid;
  int   policy_length;

  X509V3_add_value("Proxy Policy:", NULL, &extlist);
  nid = OBJ_obj2nid(PROXYPOLICY_get_policy_language(ext));
  if(nid != NID_undef) { BIO_snprintf(policy_lang, 128, " %s", OBJ_nid2ln(nid)); }
  else {
    policy_lang[0] = ' ';
    i2t_ASN1_OBJECT(&policy_lang[1], 127, PROXYPOLICY_get_policy_language(ext));
  }
   
  X509V3_add_value("    Policy Language",  policy_lang, &extlist);    
  policy = (char *) PROXYPOLICY_get_policy(ext, &policy_length);
  if(!policy) {
    X509V3_add_value("    Policy", " EMPTY", &extlist);
  }
  else {
    X509V3_add_value("    Policy:", NULL, &extlist);
    tmp_string = policy;
    while(1) {
      index = strchr(tmp_string, '\n');
      if(!index) {
        int length;
        unsigned char* last_string;
        length = (policy_length - (tmp_string - policy)) + 9;
        last_string = (unsigned char*)  malloc(length);
        BIO_snprintf((char*)last_string, length, "%8s%s", "", tmp_string);
        X509V3_add_value(NULL, (const char*)last_string, &extlist);
        free(last_string);
        break;
      }      
      *index = '\0';
            
      X509V3_add_value(NULL, tmp_string, &extlist);
            
      tmp_string = index + 1;
    }      
    free(policy);
  }
  return extlist;
}