xrootd
|
00001 // $Id$ 00002 #ifndef __CRYPTO_SSLGSIAUX_H__ 00003 #define __CRYPTO_SSLGSIAUX_H__ 00004 /******************************************************************************/ 00005 /* */ 00006 /* X r d C r y p t o s s l g s i A u x . h h */ 00007 /* */ 00008 /* (c) 2005, G. Ganis / CERN */ 00009 /* */ 00010 /******************************************************************************/ 00011 00012 /* ************************************************************************** */ 00013 /* */ 00014 /* GSI utility functions */ 00015 /* */ 00016 /* ************************************************************************** */ 00017 #include <XrdCrypto/XrdCryptosslgsiX509Chain.hh> 00018 #include <XrdCrypto/XrdCryptoX509Req.hh> 00019 #include <XrdCrypto/XrdCryptoRSA.hh> 00020 00021 // The OID of the extension 00022 #define gsiProxyCertInfo_OID "1.3.6.1.4.1.3536.1.222" 00023 00024 // 00025 // Function to check presence of a proxyCertInfo and retrieve the path length 00026 // constraint. Written following RFC3820 and examples in openssl-<vers>/crypto 00027 // source code. Extracts the policy field but ignores it contents. 00028 bool XrdSslgsiProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0); 00029 void XrdSslgsiSetPathLenConstraint(void *ext, int pathlen); 00030 00031 // 00032 // Proxies 00033 // 00034 typedef struct { 00035 int bits; // Number of bits in the RSA key [512] 00036 int valid; // Duration validity in secs [43200 (12 hours)] 00037 int depthlen; // Maximum depth of the path of proxy certificates 00038 // that can signed by this proxy certificates 00039 // [-1 (== unlimited)] 00040 } XrdProxyOpt_t; 00041 // 00042 // Create proxy certificates 00043 int XrdSslgsiX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, 00044 XrdCryptosslgsiX509Chain *, XrdCryptoRSA **, const char *); 00045 // 00046 // Create a proxy certificate request 00047 int XrdSslgsiX509CreateProxyReq(XrdCryptoX509 *, 00048 XrdCryptoX509Req **, XrdCryptoRSA **); 00049 // 00050 // Sign a proxy certificate request 00051 int XrdSslgsiX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, 00052 XrdCryptoX509Req *, XrdCryptoX509 **); 00053 /******************************************************************************/ 00054 /* E r r o r s i n P r o x y M a n i p u l a t i o n s */ 00055 /******************************************************************************/ 00056 #define kErrPX_Error 1 // Generic error condition 00057 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file 00058 #define kErrPX_BadEECkey 3 // Inconsistent EEC key 00059 #define kErrPX_ExpiredEEC 4 // EEC is expired 00060 #define kErrPX_NoResources 5 // Unable to create new objects 00061 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute 00062 #define kErrPX_SetPathDepth 7 // Unable to set path depth 00063 #define kErrPX_Signing 8 // Problems signing 00064 #define kErrPX_GenerateKey 9 // Problem generating the RSA key 00065 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file 00066 #define kErrPX_BadNames 11 // Names in certificates are bad 00067 #define kErrPX_BadSerial 12 // Problems resolving serial number 00068 #define kErrPX_BadExtension 13 // Problems with the extensions 00069 00070 #endif 00071