Back to index

nordugrid-arc-nox  1.1.0~rc6
VOMSUtil.h
Go to the documentation of this file.
00001 #ifndef __ARC_VOMSUTIL_H__
00002 #define __ARC_VOMSUTIL_H__
00003 
00004 #include <vector>
00005 #include <string>
00006 
00007 #include <arc/ArcRegex.h>
00008 #include <arc/credential/VOMSAttribute.h>
00009 #include <arc/credential/Credential.h>
00010 
00011 namespace Arc {
00012 
00013   typedef std::vector<std::string> VOMSTrustChain;
00014 
00015   typedef std::string VOMSTrustRegex;
00016 
00018   class VOMSTrustList {
00019     private:
00020       std::vector<VOMSTrustChain> chains_;
00021       std::vector<RegularExpression*> regexs_;
00022     public:
00023       VOMSTrustList(void) { };
00059       VOMSTrustList(const std::vector<std::string>& encoded_list);
00062       VOMSTrustList(const std::vector<VOMSTrustChain>& chains,const std::vector<VOMSTrustRegex>& regexs);
00063       ~VOMSTrustList(void);
00082       VOMSTrustChain& AddChain(const VOMSTrustChain& chain);
00084       VOMSTrustChain& AddChain(void);
00089       RegularExpression& AddRegex(const VOMSTrustRegex& reg);
00090       int SizeChains(void) const { return chains_.size(); };
00091       int SizeRegexs(void) const { return regexs_.size(); };
00092       const VOMSTrustChain& GetChain(int num) const { return chains_[num]; };
00093       const RegularExpression& GetRegex(int num) const { return *(regexs_[num]); };
00094   };
00095 
00096   void InitVOMSAttribute(void);
00097 
00098   /* This method is used to create an AC. It is supposed 
00099    * to be used by the voms server
00100    * @param issuer   The issuer which will be used to sign the AC, it is also 
00101    *                 the voms server certificate
00102    * @param issuerstack     The stack of the issuer certificates that issue the 
00103    *                 voms server certificate. If the voms server certificate
00104    *                 is issued by a root CA (self-signed), then this param 
00105    *                 is empty.
00106    * @param holder   The certificate of the holder of this AC. It should be 
00107    *                 parsed from the peer that launches a AC query request
00108    * @param pkey     The key of the holder
00109    * @param fqan     The AC_IETFATTR. According to the definition of voms, the fqan
00110    *                      will be like /Role=Employee/Group=Tester/Capability=NULL
00111    * @param attributes      The AC_FULL_ATTRIBUTES.  Accoding to the definition of voms, 
00112    *                      the attributes will be like "qualifier::name=value" 
00113    * @param target   The list of targets which are supposed to consume this AC
00114    * @param ac              The generated AC
00115    * @param voname   The vo name
00116    * @param uri             The uri of this vo, together with voname, it will be 
00117    *                   as the grantor of this AC
00118    * @param lifetime The lifetime of this AC
00119    */
00120   int createVOMSAC(X509 *issuer, STACK_OF(X509) *issuerstack, X509 *holder,
00121                    EVP_PKEY *pkey, BIGNUM *serialnum,
00122                    std::vector<std::string> &fqan,
00123                    std::vector<std::string> &targets,
00124                    std::vector<std::string>& attributes,
00125                    ArcCredential::AC **ac, std::string voname,
00126                    std::string uri, int lifetime);
00127 
00135   bool createVOMSAC(std::string& codedac, Credential& issuer_cred,
00136                     Credential& holder_cred,
00137                     std::vector<std::string> &fqan,
00138                     std::vector<std::string> &targets,
00139                     std::vector<std::string>& attributes, 
00140                     std::string &voname, std::string &uri, int lifetime);
00141 
00148   bool addVOMSAC(ArcCredential::AC** &aclist, std::string &acorder, std::string &decodedac);
00149 
00197   bool parseVOMSAC(X509* holder, const std::string& ca_cert_dir,
00198                    const std::string& ca_cert_file, 
00199                    const VOMSTrustList& vomscert_trust_dn,
00200                    std::vector<std::string>& output, bool verify = true);
00201 
00203   bool parseVOMSAC(Credential& holder_cred,
00204                    const std::string& ca_cert_dir,
00205                    const std::string& ca_cert_file, 
00206                    const VOMSTrustList& vomscert_trust_dn,
00207                    std::vector<std::string>& output, bool verify = true);
00208   
00211   char *VOMSDecode(const char *data, int size, int *j);
00212 
00215   const std::string get_property(Arc::Credential& u, const std::string property);
00216 }// namespace Arc
00217 
00218 #endif /* __ARC_VOMSUTIL_H__ */
00219