xrootd
XrdCryptoFactory.hh
Go to the documentation of this file.
1 #ifndef __CRYPTO_FACTORY_H__
2 #define __CRYPTO_FACTORY_H__
3 /******************************************************************************/
4 /* */
5 /* X r d C r y p t o F a c t o r y . h h */
6 /* */
7 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
8 /* Produced by Gerri Ganis for CERN */
9 /* */
10 /* This file is part of the XRootD software suite. */
11 /* */
12 /* XRootD is free software: you can redistribute it and/or modify it under */
13 /* the terms of the GNU Lesser General Public License as published by the */
14 /* Free Software Foundation, either version 3 of the License, or (at your */
15 /* option) any later version. */
16 /* */
17 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
18 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
19 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
20 /* License for more details. */
21 /* */
22 /* You should have received a copy of the GNU Lesser General Public License */
23 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
24 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
25 /* */
26 /* The copyright holder's institutional names and contributor's names may not */
27 /* be used to endorse or promote products derived from this software without */
28 /* specific prior written permission of the institution or contributor. */
29 /******************************************************************************/
30 
31 /* ************************************************************************** */
32 /* */
33 /* Abstract interface for a crypto factory */
34 /* Allows to plug-in modules based on different crypto implementation */
35 /* (OpenSSL, Botan, ...) */
36 /* */
37 /* ************************************************************************** */
38 
40 
41 #define MAXFACTORYNAMELEN 10
42 // ---------------------------------------------------------------------------//
43 //
44 // Abstract Crypto Factory
45 //
46 // ---------------------------------------------------------------------------//
47 
48 class XrdSutBucket;
49 class XrdOucString;
50 class XrdCryptoCipher;
51 class XrdCryptoMsgDigest;
52 class XrdCryptoRSA;
53 class XrdCryptoX509;
54 class XrdCryptoX509Chain;
56 class XrdCryptoX509Crl;
57 class XrdCryptoX509Req;
58 
59 //
60 // Prototypes for some Utility Functions
61 
62 // Key derivation function
63 typedef int (*XrdCryptoKDFunLen_t)();
64 typedef int (*XrdCryptoKDFun_t)(const char *pass, int plen,
65  const char *salt, int slen,
66  char *key, int klen);
67 
68 // X509 manipulation: certificate verification
70 // chain verification
72  int &errcode);
73 // chain export
74 typedef XrdSutBucket *(*XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool);
75 
76 // chain to file
77 typedef int (*XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *);
78 
79 // certificates from file parsing
80 typedef int (*XrdCryptoX509ParseFile_t)(const char *fname,
82 // certificates from bucket parsing
85 // Proxies
86 // The OID of the extension
87 #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222"
88 #define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14"
89 // check presence of proxyCertInfo extension (RFC 3820)
90 typedef bool (*XrdCryptoProxyCertInfo_t)(const void *, int &, bool *);
91 // set path length constraint
92 typedef void (*XrdCryptoSetPathLenConstraint_t)(void *, int);
93 // create a proxy certificate
94 typedef struct {
95  int bits; // Number of bits in the RSA key [512]
96  int valid; // Duration validity in secs [43200 (12 hours)]
97  int depthlen; // Maximum depth of the path of proxy certificates
98  // that can signed by this proxy certificates
99  // [-1 (== unlimited)]
100 } XrdProxyOpt_t;
101 typedef int (*XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *,
102  XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
103 // create a proxy certificate request
106 // sign a proxy certificate request
109 // check consistency of a GSI 3 compliant proxy
111 
112 // get VOMS attributes
114 
116 {
117 private:
119  int fID;
120 public:
121  XrdCryptoFactory(const char *n = "Unknown", int id = -1);
122  virtual ~XrdCryptoFactory() { }
123 
124  // Set trace flags
125  virtual void SetTrace(kXR_int32 trace);
126 
127  // Get the factory name
128  char *Name() const { return (char *)&name[0]; }
129  int ID() const { return fID; }
130 
131  // Get the right factory
132  static XrdCryptoFactory *GetCryptoFactory(const char *factoryname);
133 
134  // Any possible notification
135  virtual void Notify() { }
136 
137  // Hook to a Key Derivation Function (PBKDF2 when possible)
138  virtual XrdCryptoKDFunLen_t KDFunLen(); // Length of buffer
139  virtual XrdCryptoKDFun_t KDFun();
140 
141  // Cipher constructors
142  virtual bool SupportedCipher(const char *t);
143  virtual bool HasPaddingSupport();
144  virtual XrdCryptoCipher *Cipher(const char *t, int l = 0);
145  virtual XrdCryptoCipher *Cipher(const char *t, int l, const char *k,
146  int liv, const char *iv);
147  virtual XrdCryptoCipher *Cipher(XrdSutBucket *b);
148  virtual XrdCryptoCipher *Cipher(int bits, char *pub, int lpub, const char *t = 0);
149  virtual XrdCryptoCipher *Cipher(bool padded, int bits, char *pub, int lpub, const char *t);
150  virtual XrdCryptoCipher *Cipher(const XrdCryptoCipher &c);
151 
152  // MsgDigest constructors
153  virtual bool SupportedMsgDigest(const char *dgst);
154  virtual XrdCryptoMsgDigest *MsgDigest(const char *dgst);
155 
156  // RSA constructors
157  virtual XrdCryptoRSA *RSA(int b = 0, int e = 0);
158  virtual XrdCryptoRSA *RSA(const char *p, int l = 0);
159  virtual XrdCryptoRSA *RSA(const XrdCryptoRSA &r);
160 
161  // X509 constructors
162  virtual XrdCryptoX509 *X509(const char *cf, const char *kf = 0);
163  virtual XrdCryptoX509 *X509(XrdSutBucket *b);
164 
165  // X509 CRL constructors
166  virtual XrdCryptoX509Crl *X509Crl(const char *crlfile, int opt = 0);
167  virtual XrdCryptoX509Crl *X509Crl(XrdCryptoX509 *cacert);
168 
169  // X509 REQ constructors
170  virtual XrdCryptoX509Req *X509Req(XrdSutBucket *bck);
171 
172  // Hooks to handle X509 certificates
179 
180  // Hooks to handle X509 proxy certificates
188 
189  // Equality operator
190  bool operator==(const XrdCryptoFactory factory);
191 };
192 #endif
XrdCryptoProxyCertInfo_t
bool(* XrdCryptoProxyCertInfo_t)(const void *, int &, bool *)
Definition: XrdCryptoFactory.hh:90
XrdCryptoFactory::SupportedCipher
virtual bool SupportedCipher(const char *t)
kXR_int32
int kXR_int32
Definition: XPtypes.hh:89
XrdCryptoCipher
Definition: XrdCryptoCipher.hh:47
XrdCryptoSetPathLenConstraint_t
void(* XrdCryptoSetPathLenConstraint_t)(void *, int)
Definition: XrdCryptoFactory.hh:92
XrdCryptoFactory::SetPathLenConstraint
virtual XrdCryptoSetPathLenConstraint_t SetPathLenConstraint()
XrdCryptoMsgDigest
Definition: XrdCryptoMsgDigest.hh:46
XrdCryptoFactory::ID
int ID() const
Definition: XrdCryptoFactory.hh:129
XrdCryptoFactory::X509VerifyChain
virtual XrdCryptoX509VerifyChain_t X509VerifyChain()
XrdCryptoFactory::X509Req
virtual XrdCryptoX509Req * X509Req(XrdSutBucket *bck)
XrdCryptoFactory::Cipher
virtual XrdCryptoCipher * Cipher(const char *t, int l=0)
XrdCryptoFactory::X509ParseBucket
virtual XrdCryptoX509ParseBucket_t X509ParseBucket()
XrdCryptoFactory::Notify
virtual void Notify()
Definition: XrdCryptoFactory.hh:135
XrdCryptoFactory::X509GetVOMSAttr
virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
XrdCryptoFactory::X509CreateProxyReq
virtual XrdCryptoX509CreateProxyReq_t X509CreateProxyReq()
XrdCryptoFactory::KDFun
virtual XrdCryptoKDFun_t KDFun()
MAXFACTORYNAMELEN
#define MAXFACTORYNAMELEN
Definition: XrdCryptoFactory.hh:41
XrdCryptoFactory::ProxyCertInfo
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
XrdCryptoX509Chain
Definition: XrdCryptoX509Chain.hh:80
XrdCryptoFactory::SupportedMsgDigest
virtual bool SupportedMsgDigest(const char *dgst)
XrdCryptoFactory::X509
virtual XrdCryptoX509 * X509(const char *cf, const char *kf=0)
XrdCryptoFactory::operator==
bool operator==(const XrdCryptoFactory factory)
XrdCryptoFactory::SetTrace
virtual void SetTrace(kXR_int32 trace)
XrdCryptoX509ParseBucket_t
int(* XrdCryptoX509ParseBucket_t)(XrdSutBucket *, XrdCryptoX509Chain *)
Definition: XrdCryptoFactory.hh:83
XrdCryptoFactory::X509VerifyCert
virtual XrdCryptoX509VerifyCert_t X509VerifyCert()
XrdCryptoX509VerifyChain_t
bool(* XrdCryptoX509VerifyChain_t)(XrdCryptoX509Chain *chain, int &errcode)
Definition: XrdCryptoFactory.hh:71
XrdCryptoX509VerifyCert_t
bool(* XrdCryptoX509VerifyCert_t)(XrdCryptoX509 *c, XrdCryptoX509 *r)
Definition: XrdCryptoFactory.hh:69
XrdCryptoFactory::X509CheckProxy3
virtual XrdCryptoX509CheckProxy3_t X509CheckProxy3()
XrdCryptoFactory::XrdCryptoFactory
XrdCryptoFactory(const char *n="Unknown", int id=-1)
XrdCryptoKDFun_t
int(* XrdCryptoKDFun_t)(const char *pass, int plen, const char *salt, int slen, char *key, int klen)
Definition: XrdCryptoFactory.hh:64
XrdProxyOpt_t::valid
int valid
Definition: XrdCryptoFactory.hh:96
XrdCryptoFactory::GetCryptoFactory
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
XrdProxyOpt_t
Definition: XrdCryptoFactory.hh:94
XrdCryptoFactory::name
char name[MAXFACTORYNAMELEN]
Definition: XrdCryptoFactory.hh:118
XrdCryptoFactory::~XrdCryptoFactory
virtual ~XrdCryptoFactory()
Definition: XrdCryptoFactory.hh:122
XrdCryptoFactory::X509ChainToFile
virtual XrdCryptoX509ChainToFile_t X509ChainToFile()
XrdCryptoFactory::X509CreateProxy
virtual XrdCryptoX509CreateProxy_t X509CreateProxy()
XrdCryptoFactory::X509Crl
virtual XrdCryptoX509Crl * X509Crl(const char *crlfile, int opt=0)
XrdCryptoFactory::MsgDigest
virtual XrdCryptoMsgDigest * MsgDigest(const char *dgst)
XrdCryptoX509Req
Definition: XrdCryptoX509Req.hh:50
XrdCryptoAux.hh
XrdCryptoX509CreateProxy_t
int(* XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
Definition: XrdCryptoFactory.hh:101
XrdCryptoX509CheckProxy3_t
int(* XrdCryptoX509CheckProxy3_t)(XrdCryptoX509 *, XrdOucString &)
Definition: XrdCryptoFactory.hh:110
XrdCryptoX509ExportChain_t
XrdSutBucket *(* XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool)
Definition: XrdCryptoFactory.hh:74
XrdCryptoRSA
Definition: XrdCryptoRSA.hh:50
XrdCryptoKDFunLen_t
int(* XrdCryptoKDFunLen_t)()
Definition: XrdCryptoFactory.hh:63
XrdCryptoFactory::fID
int fID
Definition: XrdCryptoFactory.hh:119
XrdCryptoX509
Definition: XrdCryptoX509.hh:51
XrdProxyOpt_t::depthlen
int depthlen
Definition: XrdCryptoFactory.hh:97
XrdCryptogsiX509Chain
Definition: XrdCryptogsiX509Chain.hh:50
XrdCryptoX509GetVOMSAttr_t
int(* XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &)
Definition: XrdCryptoFactory.hh:113
XrdCryptoX509SignProxyReq_t
int(* XrdCryptoX509SignProxyReq_t)(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
Definition: XrdCryptoFactory.hh:107
XrdCryptoFactory::RSA
virtual XrdCryptoRSA * RSA(int b=0, int e=0)
XrdCryptoX509ChainToFile_t
int(* XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *)
Definition: XrdCryptoFactory.hh:77
XrdCryptoX509ParseFile_t
int(* XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *)
Definition: XrdCryptoFactory.hh:80
XrdCryptoX509Crl
Definition: XrdCryptoX509Crl.hh:49
XrdCryptoFactory::X509ParseFile
virtual XrdCryptoX509ParseFile_t X509ParseFile()
XrdProxyOpt_t::bits
int bits
Definition: XrdCryptoFactory.hh:95
XrdOucString
Definition: XrdOucString.hh:254
XrdCryptoFactory
Definition: XrdCryptoFactory.hh:115
XrdSutBucket
Definition: XrdSutBucket.hh:43
XrdCryptoX509CreateProxyReq_t
int(* XrdCryptoX509CreateProxyReq_t)(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
Definition: XrdCryptoFactory.hh:104
XrdCryptoFactory::X509SignProxyReq
virtual XrdCryptoX509SignProxyReq_t X509SignProxyReq()
XrdCryptoFactory::HasPaddingSupport
virtual bool HasPaddingSupport()
XrdCryptoFactory::Name
char * Name() const
Definition: XrdCryptoFactory.hh:128
XrdCryptoFactory::X509ExportChain
virtual XrdCryptoX509ExportChain_t X509ExportChain()
XrdCryptoFactory::KDFunLen
virtual XrdCryptoKDFunLen_t KDFunLen()