XRootD
Loading...
Searching...
No Matches
XrdCryptoX509 Class Referenceabstract

#include <XrdCryptoX509.hh>

+ Inheritance diagram for XrdCryptoX509:
+ Collaboration diagram for XrdCryptoX509:

Public Types

enum  EX509Type {
  kUnknown = -1 ,
  kCA = 0 ,
  kEEC = 1 ,
  kProxy = 2
}
 

Public Member Functions

 XrdCryptoX509 ()
 
virtual ~XrdCryptoX509 ()
 
virtual int BitStrength ()
 
virtual void Dump ()
 
virtual int DumpExtensions (bool=0)
 
virtual XrdSutBucketExport ()
 
virtual XrdCryptoX509data GetExtension (const char *oid)
 
virtual bool IsExpired (int when=0)
 
virtual const char * Issuer ()
 
const char * IssuerHash ()
 
virtual const char * IssuerHash (int)
 
virtual bool IsValid (int when=0)
 
virtual bool MatchesSAN (const char *fqdn, bool &hasSAN)=0
 
virtual time_t NotAfter ()
 
virtual time_t NotBefore ()
 
virtual XrdCryptoX509data Opaque ()
 
virtual const char * ParentFile ()
 
virtual XrdCryptoRSAPKI ()
 
virtual const char * ProxyType () const
 
virtual kXR_int64 SerialNumber ()
 
virtual XrdOucString SerialNumberString ()
 
virtual void SetPKI (XrdCryptoX509data pki)
 
virtual const char * Subject ()
 
const char * SubjectHash ()
 
virtual const char * SubjectHash (int)
 
const char * Type (EX509Type t=kUnknown) const
 
virtual bool Verify (XrdCryptoX509 *ref)
 

Static Public Member Functions

static bool MatchHostnames (const char *match_pattern, const char *fqdn)
 

Public Attributes

EX509Type type
 

Detailed Description

Definition at line 51 of file XrdCryptoX509.hh.

Member Enumeration Documentation

◆ EX509Type

Enumerator
kUnknown 
kCA 
kEEC 
kProxy 

Definition at line 55 of file XrdCryptoX509.hh.

Constructor & Destructor Documentation

◆ XrdCryptoX509()

XrdCryptoX509::XrdCryptoX509 ( )
inline

Definition at line 59 of file XrdCryptoX509.hh.

59{ type = kUnknown; }

References kUnknown, and type.

Referenced by XrdCryptosslX509::XrdCryptosslX509(), XrdCryptosslX509::XrdCryptosslX509(), XrdCryptosslX509::XrdCryptosslX509(), MatchesSAN(), XrdCryptosslX509::Verify(), and Verify().

+ Here is the caller graph for this function:

◆ ~XrdCryptoX509()

virtual XrdCryptoX509::~XrdCryptoX509 ( )
inlinevirtual

Definition at line 60 of file XrdCryptoX509.hh.

60{ }

Member Function Documentation

◆ BitStrength()

int XrdCryptoX509::BitStrength ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 97 of file XrdCryptoX509.cc.

98{
99 // Return number of bits in key
100 ABSTRACTMETHOD("XrdCryptoX509::BitStrength");
101 return -1;
102}
#define ABSTRACTMETHOD(x)

References ABSTRACTMETHOD.

Referenced by Display(), and main().

+ Here is the caller graph for this function:

◆ Dump()

void XrdCryptoX509::Dump ( )
virtual

Definition at line 49 of file XrdCryptoX509.cc.

50{
51 // Dump content
52 EPNAME("X509::Dump");
53
54 // Time strings
55 struct tm tst;
56 char stbeg[256] = {0};
57 time_t tbeg = NotBefore();
58 localtime_r(&tbeg,&tst);
59 asctime_r(&tst,stbeg);
60 stbeg[strlen(stbeg)-1] = 0;
61 char stend[256] = {0};
62 time_t tend = NotAfter();
63 localtime_r(&tend,&tst);
64 asctime_r(&tst,stend);
65 stend[strlen(stend)-1] = 0;
66
67 PRINT("+++++++++++++++ X509 dump +++++++++++++++++++++++");
68 PRINT("+");
69 PRINT("+ File: "<<ParentFile());
70 PRINT("+");
71 PRINT("+ Type: "<<Type());
72 PRINT("+ Serial Number: "<<SerialNumber());
73 PRINT("+ Subject: "<<Subject());
74 PRINT("+ Subject hash: "<<SubjectHash(0));
75 PRINT("+ Issuer: "<<Issuer());
76 PRINT("+ Issuer hash: "<<IssuerHash(0));
77 PRINT("+");
78 if (IsExpired()) {
79 PRINT("+ Validity: (expired!)");
80 } else {
81 PRINT("+ Validity:");
82 }
83 PRINT("+ NotBefore: "<<tbeg<<" UTC - "<<stbeg);
84 PRINT("+ NotAfter: "<<tend<<" UTC - "<<stend);
85 PRINT("+");
86 if (PKI()) {
87 PRINT("+ PKI: "<<PKI()->Status());
88 } else {
89 PRINT("+ PKI: missing");
90 }
91 PRINT("+");
92 PRINT("+++++++++++++++++++++++++++++++++++++++++++++++++");
93}
#define EPNAME(x)
#define PRINT(y)
virtual const char * Subject()
const char * SubjectHash()
const char * IssuerHash()
const char * Type(EX509Type t=kUnknown) const
virtual XrdCryptoRSA * PKI()
virtual time_t NotBefore()
virtual bool IsExpired(int when=0)
virtual const char * Issuer()
virtual kXR_int64 SerialNumber()
virtual const char * ParentFile()
virtual time_t NotAfter()

References EPNAME, IsExpired(), Issuer(), IssuerHash(), NotAfter(), NotBefore(), ParentFile(), PKI(), PRINT, SerialNumber(), Subject(), SubjectHash(), and Type().

Referenced by main().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ DumpExtensions()

int XrdCryptoX509::DumpExtensions ( bool = 0)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 245 of file XrdCryptoX509.cc.

246{
247 // Dump extensions, if any
248 ABSTRACTMETHOD("XrdCryptoX509::DumpExtensions");
249 return -1;
250}

References ABSTRACTMETHOD.

Referenced by Display().

+ Here is the caller graph for this function:

◆ Export()

XrdSutBucket * XrdCryptoX509::Export ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 229 of file XrdCryptoX509.cc.

230{
231 // EXport in form of bucket
232 ABSTRACTMETHOD("XrdCryptoX509::Export");
233 return (XrdSutBucket *)0;
234}

References ABSTRACTMETHOD.

◆ GetExtension()

XrdCryptoX509data XrdCryptoX509::GetExtension ( const char * oid)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 221 of file XrdCryptoX509.cc.

222{
223 // Return issuer name
224 ABSTRACTMETHOD("XrdCryptoX509::GetExtension");
225 return (XrdCryptoX509data)0;
226}
void * XrdCryptoX509data

References ABSTRACTMETHOD.

Referenced by XrdCryptosslX509Crl::XrdCryptosslX509Crl(), Display(), main(), and XrdCryptogsiX509Chain::Verify().

+ Here is the caller graph for this function:

◆ IsExpired()

bool XrdCryptoX509::IsExpired ( int when = 0)
virtual

Definition at line 115 of file XrdCryptoX509.cc.

116{
117 // Check expiration at UTC time 'when'. Use when =0 (default) to check
118 // at present time.
119
120 int now = (when > 0) ? when : (int)time(0);
121 return (now > NotAfter());
122}

References NotAfter().

Referenced by Dump().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ Issuer()

const char * XrdCryptoX509::Issuer ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 157 of file XrdCryptoX509.cc.

158{
159 // Return issuer name
160 ABSTRACTMETHOD("XrdCryptoX509::Issuer");
161 return (const char *)0;
162}

References ABSTRACTMETHOD.

Referenced by Display(), Dump(), XrdCryptoX509Chain::FindIssuer(), main(), XrdCryptoX509Chain::Reorder(), XrdCryptosslX509ChainToFile(), and XrdCryptosslX509ExportChain().

+ Here is the caller graph for this function:

◆ IssuerHash() [1/2]

const char * XrdCryptoX509::IssuerHash ( )
inline

Definition at line 99 of file XrdCryptoX509.hh.

99{ return IssuerHash(0); } // hash

References IssuerHash().

Referenced by Dump(), and IssuerHash().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ IssuerHash() [2/2]

const char * XrdCryptoX509::IssuerHash ( int )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 173 of file XrdCryptoX509.cc.

174{
175 // Return issuer name
176 ABSTRACTMETHOD("XrdCryptoX509::IssuerHash");
177 return (const char *)0;
178}

References ABSTRACTMETHOD.

Referenced by XrdCryptoX509Chain::Dump(), XrdSecProtocolgsi::getCredentials(), main(), XrdCryptoX509Chain::SetEffectiveCA(), and XrdCryptosslX509ExportChain().

+ Here is the caller graph for this function:

◆ IsValid()

bool XrdCryptoX509::IsValid ( int when = 0)
virtual

Definition at line 105 of file XrdCryptoX509.cc.

106{
107 // Check validity at UTC time 'when'. Use when =0 (default) to check
108 // at present time.
109
110 int now = (when > 0) ? when : (int)time(0);
111 return (now >= (NotBefore()-kAllowedSkew) && now <= NotAfter());
112}
#define kAllowedSkew

References kAllowedSkew, NotAfter(), and NotBefore().

Referenced by XrdCryptoX509Chain::CheckValidity(), and XrdCryptoX509Chain::Verify().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ MatchesSAN()

virtual bool XrdCryptoX509::MatchesSAN ( const char * fqdn,
bool & hasSAN )
pure virtual

Implemented in XrdCryptosslX509.

References XrdCryptoX509().

+ Here is the call graph for this function:

◆ MatchHostnames()

bool XrdCryptoX509::MatchHostnames ( const char * match_pattern,
const char * fqdn )
static

Definition at line 253 of file XrdCryptoX509.cc.

254{
255 // Compare two hostnames and see if they are the same, including wildcards.
256 //
257 // For example,
258 //
259 // - foo.example.com and foo.example.com are considered equal.
260 // - bar.example.com and foo.example.com are not equal.
261 // - *.example.com and foo.example.com are equal.
262 // - *.example.com and foo.bar.example.com are NOT equal (wildcard applies to a single label).
263 // - FOO.example.com and foo.EXAMPLE.COM are equal (comparison is not case sensitive).
264 // - F*.com and foo.com are equal
265 //
266 // Returns true if the hostnames are considered a match
267
268 XrdOucString mpatt(match_pattern), hname(hostname);
269
270 // Not empty
271 if (!mpatt.length() || !hname.length()) return false;
272
273 // Create a lowercase copy of both hostnames
274 mpatt.lower(0);
275 hname.lower(0);
276
277 // Are they equal?
278 if (mpatt == hname) return true;
279
280 bool theydomatch = false;
281
282 // Get first token of both strings
283// int mfrom = -1, hfrom = -1;
284 int mfrom = 0, hfrom = 0;
285 XrdOucString mfirst, hfirst;
286 if (((mfrom = mpatt.tokenize(mfirst, mfrom, '.')) != -1) &&
287 ((hfrom = hname.tokenize(hfirst, hfrom, '.')) != -1)) {
288 if (hfirst.matches(mfirst.c_str())) {
289 // First tokens matches, the rest should match without wildcards
290 mpatt.erasefromstart(mfrom);
291 hname.erasefromstart(hfrom);
292 if ((hname == mpatt) ||
293 (!hname.length() && !mpatt.length())) theydomatch = true;
294 }
295 }
296
297 return theydomatch;
298}
int matches(const char *s, char wch=' *')
const char * c_str() const

References XrdOucString::c_str(), XrdOucString::erasefromstart(), XrdOucString::length(), XrdOucString::lower(), XrdOucString::matches(), and XrdOucString::tokenize().

Referenced by XrdCryptosslX509::MatchesSAN().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ NotAfter()

time_t XrdCryptoX509::NotAfter ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 133 of file XrdCryptoX509.cc.

134{
135 // End-validity time in secs since Epoch
136 ABSTRACTMETHOD("XrdCryptoX509::NotAfter");
137 return -1;
138}

References ABSTRACTMETHOD.

Referenced by Display(), Dump(), IsExpired(), IsValid(), and main().

+ Here is the caller graph for this function:

◆ NotBefore()

time_t XrdCryptoX509::NotBefore ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 125 of file XrdCryptoX509.cc.

126{
127 // Begin-validity time in secs since Epoch
128 ABSTRACTMETHOD("XrdCryptoX509::NotBefore");
129 return -1;
130}

References ABSTRACTMETHOD.

Referenced by Dump(), and IsValid().

+ Here is the caller graph for this function:

◆ Opaque()

XrdCryptoX509data XrdCryptoX509::Opaque ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 181 of file XrdCryptoX509.cc.

182{
183 // Return underlying certificate in raw format
184 ABSTRACTMETHOD("XrdCryptoX509::Opaque");
185 return (XrdCryptoX509data)0;
186}

References ABSTRACTMETHOD.

Referenced by XrdCryptosslX509::Verify(), XrdCryptosslX509Crl::Verify(), XrdVomsFun::VOMSFun(), XrdCryptosslFactory::X509(), XrdCryptosslFactory::X509(), XrdCryptosslX509ChainToFile(), XrdCryptosslX509ExportChain(), XrdCryptosslX509ParseBucket(), XrdCryptosslX509ParseFile(), XrdCryptosslX509ToFile(), XrdCryptosslX509VerifyCert(), and XrdCryptosslX509VerifyChain().

+ Here is the caller graph for this function:

◆ ParentFile()

const char * XrdCryptoX509::ParentFile ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 149 of file XrdCryptoX509.cc.

150{
151 // Return parent file name
152 ABSTRACTMETHOD("XrdCryptoX509::ParentFile");
153 return (const char *)0;
154}

References ABSTRACTMETHOD.

Referenced by Dump().

+ Here is the caller graph for this function:

◆ PKI()

XrdCryptoRSA * XrdCryptoX509::PKI ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 189 of file XrdCryptoX509.cc.

190{
191 // Return PKI key of the certificate
192 ABSTRACTMETHOD("XrdCryptoX509::PKI");
193 return (XrdCryptoRSA *)0;
194}

References ABSTRACTMETHOD.

Referenced by Dump(), main(), XrdCryptosslX509ChainToFile(), XrdCryptosslX509ExportChain(), XrdCryptosslX509ParseBucket(), and XrdCryptosslX509ParseFile().

+ Here is the caller graph for this function:

◆ ProxyType()

virtual const char * XrdCryptoX509::ProxyType ( ) const
inlinevirtual

Reimplemented in XrdCryptosslX509.

Definition at line 83 of file XrdCryptoX509.hh.

83{ return ""; }

Referenced by Display().

+ Here is the caller graph for this function:

◆ SerialNumber()

kXR_int64 XrdCryptoX509::SerialNumber ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 205 of file XrdCryptoX509.cc.

206{
207 // Return issuer name
208 ABSTRACTMETHOD("XrdCryptoX509::SerialNumber");
209 return -1;
210}

References ABSTRACTMETHOD.

Referenced by Dump().

+ Here is the caller graph for this function:

◆ SerialNumberString()

XrdOucString XrdCryptoX509::SerialNumberString ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 213 of file XrdCryptoX509.cc.

214{
215 // Return issuer name
216 ABSTRACTMETHOD("XrdCryptoX509::SerialNumberString");
217 return XrdOucString("");
218}

References ABSTRACTMETHOD.

Referenced by XrdCryptoX509Chain::Verify().

+ Here is the caller graph for this function:

◆ SetPKI()

void XrdCryptoX509::SetPKI ( XrdCryptoX509data pki)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 197 of file XrdCryptoX509.cc.

198{
199 // Set PKI
200
201 ABSTRACTMETHOD("XrdCryptoX509::SetPKI");
202}

References ABSTRACTMETHOD.

Referenced by main(), XrdCryptosslX509ParseBucket(), and XrdCryptosslX509ParseFile().

+ Here is the caller graph for this function:

◆ Subject()

const char * XrdCryptoX509::Subject ( )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 141 of file XrdCryptoX509.cc.

142{
143 // Return subject name
144 ABSTRACTMETHOD("XrdCryptoX509::Subject");
145 return (const char *)0;
146}

References ABSTRACTMETHOD.

Referenced by XrdCryptoX509Chain::XrdCryptoX509Chain(), XrdCryptoX509Chain::CheckCA(), Display(), Dump(), XrdCryptoX509Chain::EECname(), XrdCryptoX509Chain::FindSubject(), main(), XrdCryptosslX509ExportChain(), XrdCryptosslX509ParseFile(), and XrdSecgsiAuthzKey().

+ Here is the caller graph for this function:

◆ SubjectHash() [1/2]

const char * XrdCryptoX509::SubjectHash ( )
inline

Definition at line 104 of file XrdCryptoX509.hh.

104{ return SubjectHash(0); } // hash

References SubjectHash().

Referenced by Dump(), and SubjectHash().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SubjectHash() [2/2]

const char * XrdCryptoX509::SubjectHash ( int )
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 165 of file XrdCryptoX509.cc.

166{
167 // Return subject name
168 ABSTRACTMETHOD("XrdCryptoX509::SubjectHash");
169 return (const char *)0;
170}

References ABSTRACTMETHOD.

Referenced by XrdCryptosslX509Crl::XrdCryptosslX509Crl(), XrdCryptoX509Chain::XrdCryptoX509Chain(), XrdCryptoX509Chain::CheckCA(), XrdCryptoX509Chain::Dump(), XrdCryptoX509Chain::EEChash(), XrdSecProtocolgsi::getCredentials(), and XrdCryptosslX509ExportChain().

+ Here is the caller graph for this function:

◆ Type()

const char * XrdCryptoX509::Type ( EX509Type t = kUnknown) const
inline

Definition at line 80 of file XrdCryptoX509.hh.

81 { return ((t == kUnknown) ? ctype[type+1] : ctype[t+1]); }

References kUnknown, and type.

Referenced by Display(), Dump(), and XrdCryptoX509Chain::Dump().

+ Here is the caller graph for this function:

◆ Verify()

bool XrdCryptoX509::Verify ( XrdCryptoX509 * ref)
virtual

Reimplemented in XrdCryptosslX509.

Definition at line 237 of file XrdCryptoX509.cc.

238{
239 // Verify certificate signature with pub key of ref cert
240 ABSTRACTMETHOD("XrdCryptoX509::Verify");
241 return 0;
242}

References XrdCryptoX509(), and ABSTRACTMETHOD.

Referenced by main(), and XrdCryptoX509Chain::Verify().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Member Data Documentation

◆ type


The documentation for this class was generated from the following files: