Back to index

nordugrid-arc-nox  1.1.0~rc6
Credential.h
Go to the documentation of this file.
00001 #ifndef __ARC_CREDENTIAL_H__
00002 #define __ARC_CREDENTIAL_H__
00003 
00004 #include <stdlib.h>
00005 #include <stdexcept>
00006 #include <iostream>
00007 #include <string>
00008 #include <openssl/asn1.h>
00009 #include <openssl/pem.h>
00010 #include <openssl/x509.h>
00011 #include <openssl/x509v3.h>
00012 #include <openssl/pkcs12.h>
00013 #include <openssl/err.h>
00014 
00015 #include <arc/Logger.h>
00016 #include <arc/DateTime.h>
00017 #include <arc/UserConfig.h>
00018 
00019 #include <arc/credential/CertUtil.h>
00020 
00035 namespace Arc {
00036   // An exception class for the Credential class.
00040 class CredentialError : public std::runtime_error {
00041   public:
00042     // Constructor
00046     CredentialError(const std::string& what="");
00047 };
00048 
00049 typedef enum {CRED_PEM, CRED_DER, CRED_PKCS, CRED_UNKNOWN} Credformat;
00050 
00052 extern Logger CredentialLogger;
00053 
00054 class Credential {
00055   public:
00059     Credential();
00060 
00064     Credential(int keybits);
00065 
00066     virtual ~Credential();
00067 
00071     Credential(const std::string& CAfile, const std::string& CAkey,
00072                const std::string& CAserial, bool CAcreateserial,
00073                const std::string& extfile, const std::string& extsect,
00074                const std::string& passphrase4key = "");
00075 
00098     Credential(Time start, Period lifetime = Period("PT12H"),
00099               int keybits = 1024, std::string proxyversion = "rfc",
00100               std::string policylang = "inheritAll", std::string policy = "",
00101               int pathlength = -1);
00102 
00110     Credential(const std::string& cert, const std::string& key, const std::string& cadir,
00111                const std::string& cafile, const std::string& passphrase4key = "", const bool is_file = true);
00112 
00114     static void InitProxyCertInfo(void);
00115 
00116     static bool IsCredentialsValid(const UserConfig& usercfg);
00117 
00119     void AddCertExtObj(std::string& sn, std::string& oid);
00120   private:
00121 
00123     void loadKeyString(const std::string& key, EVP_PKEY* &pkey, const std::string& passphrase = "");
00124     void loadKeyFile(const std::string& keyfile, EVP_PKEY* &pkey, const std::string& passphrase = "");
00125     void loadKey(BIO* bio, EVP_PKEY* &pkey, const std::string& passphrase = "", const std::string& prompt_info = "", const bool is_file = true);
00126 
00130     void loadCertificateString(const std::string& cert, X509* &x509, STACK_OF(X509)** certchain);
00131     void loadCertificateFile(const std::string& certfile, X509* &x509, STACK_OF(X509)** certchain);
00132     void loadCertificate(BIO* bio, X509* &x509, STACK_OF(X509)** certchain, const bool is_file=true);
00133 
00135     void InitVerification(void);
00136 
00141     bool Verify(void);
00142 
00148     X509_EXTENSION* CreateExtension(std::string& name, std::string& data, bool crit = false);
00149 
00157     bool SetProxyPeriod(X509* tosign, X509* issuer, Time& start, Period& lifetime);
00158 
00162     bool SignRequestAssistant(Credential* proxy, EVP_PKEY* req_pubkey, X509** tosign);
00163 
00164   public:
00166     void LogError(void);
00167 
00168     /************************************/
00169     /*****Get information from "this" object**/
00170 
00172     bool GetVerification(void) {return verification_valid; };
00173 
00175     EVP_PKEY* GetPrivKey(void);
00176 
00178     EVP_PKEY* GetPubKey(void);
00179 
00181     X509* GetCert(void);
00182 
00184     X509_REQ* GetCertReq(void);
00185 
00187     STACK_OF(X509)* GetCertChain(void);
00188 
00192     int GetCertNumofChain(void);
00193 
00198     Credformat getFormat(BIO * in, const bool is_file = true);
00199 
00201     std::string GetDN(void);
00202 
00206     std::string GetIdentityName(void);
00207 
00209     ArcCredential::certType GetType(void);
00210 
00214     std::string GetProxyPolicy(void);
00215 
00219     void SetProxyPolicy(const std::string& proxyversion, const std::string& policylang,
00220         const std::string& policy, int pathlength);
00221 
00226     bool OutputPrivatekey(std::string &content,  bool encryption = false, const std::string& passphrase ="");
00227 
00229     bool OutputPublickey(std::string &content);
00230 
00234     bool OutputCertificate(std::string &content, bool is_der=false);
00235 
00239     bool OutputCertificateChain(std::string &content, bool is_der=false);
00240 
00242     Period GetLifeTime(void);
00243 
00245     Time GetStartTime();
00246 
00248     Time GetEndTime();
00249 
00251     void SetLifeTime(const Period& period);
00252 
00254     void SetStartTime(const Time& start_time);
00255 
00256     /************************************/
00257     /*****Generate certificate request, add certificate extension, inquire certificate request,
00258     *and sign certificate request
00259     **/
00260 
00266     bool AddExtension(std::string name, std::string data, bool crit = false);
00267 
00280     bool AddExtension(std::string name, char** binary, bool crit = false);
00281 
00288     bool GenerateEECRequest(BIO* reqbio, BIO* keybio, std::string dn = "");
00289 
00291     bool GenerateEECRequest(std::string &reqcontent, std::string &keycontent, std::string dn = "");
00292 
00294     bool GenerateEECRequest(const char* request_filename, const char* key_filename, std::string dn = "");
00295 
00300     bool GenerateRequest(BIO* bio, bool if_der = false);
00301 
00303     bool GenerateRequest(std::string &content, bool if_der = false);
00304 
00306     bool GenerateRequest(const char* filename, bool if_der = false);
00307 
00314     bool InquireRequest(BIO* reqbio, bool if_eec = false, bool if_der = false);
00315 
00317     bool InquireRequest(std::string &content, bool if_eec = false, bool if_der = false);
00318 
00320     bool InquireRequest(const char* filename, bool if_eec = false, bool if_der = false);
00321 
00326     bool SignRequest(Credential* proxy, BIO* outputbio, bool if_der = false);
00327 
00331     bool SignRequest(Credential* proxy, std::string &content, bool if_der = false);
00332 
00336     bool SignRequest(Credential* proxy, const char* filename, bool foamat = false);
00337 
00338     //The following three methods is about signing an EEC certificate by implementing the same
00339     //functionality as a normal CA
00341     bool SignEECRequest(Credential* eec, const std::string& DN, BIO* outputbio);
00342 
00344     bool SignEECRequest(Credential* eec, const std::string& DN, std::string &content);
00345 
00347     bool SignEECRequest(Credential* eec, const std::string& DN, const char* filename);
00348 
00349   private:
00350     // PKI files
00351     std::string cacertfile_;
00352     std::string cacertdir_;
00353     std::string certfile_;
00354     std::string keyfile_;
00355 
00356     // Verification context
00357     ArcCredential::cert_verify_context verify_ctx_;
00358 
00359     //Verification result
00360     bool verification_valid;
00361 
00362     //Certificate structures
00363     X509 *           cert_;    //certificate
00364     ArcCredential::certType cert_type_;
00365     EVP_PKEY *       pkey_;    //private key
00366     STACK_OF(X509) * cert_chain_;  //certificates chain which is parsed
00367                                    //from the certificate, after
00368                                    //verification, the ca certificate
00369                                    //will be included
00370     ArcCredential::PROXYCERTINFO* proxy_cert_info_;
00371     Credformat       format;
00372     Time        start_;
00373     Period      lifetime_;
00374 
00375     //Certificate request
00376     X509_REQ* req_;
00377     RSA* rsa_key_;
00378     EVP_MD* signing_alg_;
00379     int keybits_;
00380 
00381     //Proxy policy
00382     std::string proxyversion_;
00383     std::string policy_;
00384     std::string policylang_;
00385     int proxyver_;
00386     int pathlength_;
00387 
00388     //Extensions for certificate, such as certificate policy, attributes, etc.
00389     STACK_OF(X509_EXTENSION)* extensions_;
00390 
00391     //CA functionality related information
00392     std::string CAserial_;
00393     bool CAcreateserial_;
00394     std::string extfile_;
00395     std::string extsect_;
00396 
00397     static X509_NAME *parse_name(char *subject, long chtype, int multirdn);
00398 };
00399 
00400 }// namespace Arc
00401 
00402 #endif /* __ARC_CREDENTIAL_H__ */
00403