My Project
|
Functions | |
int | GRSTasn1FindField (const char *oid, char *coords, char *asn1string, struct GRSTasn1TagList taglist[], int lasttag, int *result) |
int | GRSTx509NameCmp (char *a, char *b) |
Compare X509 Distinguished Name strings. More... | |
int | GRSTx509KnownCriticalExts (X509 *cert) |
Check critical extensions. More... | |
int | GRSTx509IsCA (X509 *cert) |
Check if certificate can be used as a CA to sign standard X509 certs. More... | |
int | GRSTx509ChainFree (GRSTx509Chain *chain) |
int | GRSTx509ChainLoad (GRSTx509Chain **chain, STACK_OF(X509) *certstack, X509 *lastcert, char *capath, char *vomsdir) |
int | GRSTx509ChainLoadCheck (GRSTx509Chain **chain, STACK_OF(X509) *certstack, X509 *lastcert, char *capath, char *vomsdir) |
Check certificate chain for GSI proxy acceptability. More... | |
int | GRSTx509CheckChain (int *first_non_ca, X509_STORE_CTX *store_ctx) |
int | GRSTx509VerifyCallback (int ok, X509_STORE_CTX *ctx) |
Example VerifyCallback routine. More... | |
int | GRSTx509ParseVomsExt (int *lastcred, int maxcreds, size_t credlen, char *creds, time_t time1_time, time_t time2_time, X509_EXTENSION *ex, char *ucuserdn, char *ucissuerdn, char *ucserial, char *vomsdir) |
Get the VOMS attributes in the given extension. More... | |
int | GRSTx509GetVomsCreds (int *lastcred, int maxcreds, size_t credlen, char *creds, X509 *usercert, STACK_OF(X509) *certstack, char *vomsdir) |
Get the VOMS attributes in the extensions to the given cert stack. More... | |
GRSTgaclCred * | GRSTx509CompactToCred (char *grst_cred) |
Turn a Compact Cred line into a GRSTgaclCred object. More... | |
int | GRSTx509CompactCreds (int *lastcred, int maxcreds, size_t credlen, char *creds, STACK_OF(X509) *certstack, char *vomsdir, X509 *peercert) |
Get the credentials in an X509 cert/GSI proxy, including any VOMS. More... | |
char * | GRSTx509FindProxyFileName (void) |
Find proxy file name of the current user. More... | |
int | GRSTx509MakeProxyCert (char **proxychain, FILE *debugfp, char *reqtxt, char *cert, char *key, int minutes) |
Make a GSI Proxy chain from a request, certificate and private key. More... | |
char * | GRSTx509CachedProxyFind (char *proxydir, char *delegation_id, char *user_dn) |
Find a proxy file in the proxy cache. More... | |
char * | GRSTx509CachedProxyKeyFind (char *proxydir, char *delegation_id, char *user_dn, STACK_OF(X509) *certstack) |
Find a temporary proxy private key file in the proxy cache. More... | |
int | GRSTx509CreateProxyRequestKS (char **reqtxt, char **keytxt, char *ocspurl, int keysize) |
int | GRSTx509CreateProxyRequest (char **reqtxt, char **keytxt, char *ocspurl) |
Create a X.509 request for a GSI proxy and its private key. More... | |
int | GRSTx509MakeProxyRequestKS (char **reqtxt, char *proxydir, char *delegation_id, char *user_dn, int keysize) |
int | GRSTx509MakeProxyRequest (char **reqtxt, char *proxydir, char *delegation_id, char *user_dn) |
Create a X.509 request for a GSI proxy and its private key. More... | |
int | GRSTx509ProxyDestroy (char *proxydir, char *delegation_id, char *user_dn) |
Destroy stored GSI proxy files. More... | |
int | GRSTx509ProxyGetTimes (char *proxydir, char *delegation_id, char *user_dn, time_t *start, time_t *finish) |
Get start and finish validity times of stored GSI proxy file. More... | |
int | GRSTx509StringToChain (STACK_OF(X509) **certstack, char *certstring) |
Create a stack of X509 certificate from a PEM-encoded string. More... | |
char * | GRSTx509MakeDelegationID (void) |
Returns a Delegation ID based on hash of GRST_CRED_0, ... More... | |
char * | GRSTx509MakeProxyFileName (char *delegation_id, STACK_OF(X509) *certstack) |
Return the short file name for the given delegation_id and user_dn. More... | |
int | GRSTx509CacheProxy (char *proxydir, char *delegation_id, char *user_dn, char *proxychain) |
Store a GSI proxy chain in the proxy cache, along with the private key. More... | |
int | GRST_is_id_safe (const char *str) |
int GRST_is_id_safe | ( | const char * | str | ) |
int GRSTasn1FindField | ( | const char * | oid, |
char * | coords, | ||
char * | asn1string, | ||
struct GRSTasn1TagList | taglist[], | ||
int | lasttag, | ||
int * | result | ||
) |
char * GRSTx509CachedProxyFind | ( | char * | proxydir, |
char * | delegation_id, | ||
char * | user_dn | ||
) |
Find a proxy file in the proxy cache.
Returns the full path and file name of proxy file associated with given delegation ID and user DN.
Return a pointer to a malloc'd string with the full path of the proxy file corresponding to the given delegation_id, or NULL if not found.
char * GRSTx509CachedProxyKeyFind | ( | char * | proxydir, |
char * | delegation_id, | ||
char * | user_dn, | ||
STACK_OF(X509) * | certstack | ||
) |
Find a temporary proxy private key file in the proxy cache.
Returns the full path and file name of the private key file associated with given delegation ID and user DN.
Return a pointer to a malloc'd string with the full path of the private proxy key corresponding to the given delegation_id, or NULL if not found.
int GRSTx509CacheProxy | ( | char * | proxydir, |
char * | delegation_id, | ||
char * | user_dn, | ||
char * | proxychain | ||
) |
Store a GSI proxy chain in the proxy cache, along with the private key.
Returns GRST_RET_OK on success, non-zero otherwise. The existing private key with the same delegation ID and user DN is moved out of the temporary cache.
int GRSTx509ChainFree | ( | GRSTx509Chain * | chain | ) |
int GRSTx509ChainLoad | ( | GRSTx509Chain ** | chain, |
STACK_OF(X509) * | certstack, | ||
X509 * | lastcert, | ||
char * | capath, | ||
char * | vomsdir | ||
) |
int GRSTx509ChainLoadCheck | ( | GRSTx509Chain ** | chain, |
STACK_OF(X509) * | certstack, | ||
X509 * | lastcert, | ||
char * | capath, | ||
char * | vomsdir | ||
) |
Check certificate chain for GSI proxy acceptability.
Returns GRST_RET_OK if valid; caNl errors otherwise.
The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)
TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.)
int GRSTx509CompactCreds | ( | int * | lastcred, |
int | maxcreds, | ||
size_t | credlen, | ||
char * | creds, | ||
STACK_OF(X509) * | certstack, | ||
char * | vomsdir, | ||
X509 * | peercert | ||
) |
Get the credentials in an X509 cert/GSI proxy, including any VOMS.
Credentials are placed in Compact Creds string array at *creds.
Function returns GRST_RET_OK on success, or GRST_RET_FAILED if some inconsistency found in certificate.
GRSTgaclCred * GRSTx509CompactToCred | ( | char * | grst_cred | ) |
Turn a Compact Cred line into a GRSTgaclCred object.
Returns pointer to created GRSTgaclCred or NULL or failure.
int GRSTx509CreateProxyRequest | ( | char ** | reqtxt, |
char ** | keytxt, | ||
char * | ocspurl | ||
) |
Create a X.509 request for a GSI proxy and its private key.
Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings
char * GRSTx509FindProxyFileName | ( | void | ) |
Find proxy file name of the current user.
Return a string with the proxy file name or NULL if not present. This function does not check if the proxy has expired.
int GRSTx509GetVomsCreds | ( | int * | lastcred, |
int | maxcreds, | ||
size_t | credlen, | ||
char * | creds, | ||
X509 * | usercert, | ||
STACK_OF(X509) * | certstack, | ||
char * | vomsdir | ||
) |
Get the VOMS attributes in the extensions to the given cert stack.
Puts any VOMS credentials found into the Compact Creds string array starting at *creds. Always returns GRST_RET_OK.
int GRSTx509IsCA | ( | X509 * | cert | ) |
Check if certificate can be used as a CA to sign standard X509 certs.
Return GRST_RET_OK if true; GRST_RET_FAILED if not.
int GRSTx509KnownCriticalExts | ( | X509 * | cert | ) |
Check critical extensions.
Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.
Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.
char * GRSTx509MakeDelegationID | ( | void | ) |
Returns a Delegation ID based on hash of GRST_CRED_0, ...
Returns a malloc'd string with Delegation ID made by SHA1-hashing the values of the compact credentials exported by mod_gridsite
int GRSTx509MakeProxyCert | ( | char ** | proxychain, |
FILE * | debugfp, | ||
char * | reqtxt, | ||
char * | cert, | ||
char * | key, | ||
int | minutes | ||
) |
Make a GSI Proxy chain from a request, certificate and private key.
The proxy chain is returned in *proxychain. If debugfp is non-NULL, errors are output to that file pointer. The proxy will expired in the given number of minutes starting from the current time.
char * GRSTx509MakeProxyFileName | ( | char * | delegation_id, |
STACK_OF(X509) * | certstack | ||
) |
Return the short file name for the given delegation_id and user_dn.
Returns a malloc'd string with the short file name (no paths) that derived from the hashed delegation_id and user_dn
File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN is DER encoded version of user_dn with any trailing CN=proxy removed Hashes are the most significant 8 bytes, in lowercase hexadecimal.
int GRSTx509MakeProxyRequest | ( | char ** | reqtxt, |
char * | proxydir, | ||
char * | delegation_id, | ||
char * | user_dn | ||
) |
Create a X.509 request for a GSI proxy and its private key.
Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings
int GRSTx509MakeProxyRequestKS | ( | char ** | reqtxt, |
char * | proxydir, | ||
char * | delegation_id, | ||
char * | user_dn, | ||
int | keysize | ||
) |
int GRSTx509NameCmp | ( | char * | a, |
char * | b | ||
) |
Compare X509 Distinguished Name strings.
This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcasecmp(3) (for consistency with EDG/LCG/EGEE gridmapdir case insensitivity.)
int GRSTx509ParseVomsExt | ( | int * | lastcred, |
int | maxcreds, | ||
size_t | credlen, | ||
char * | creds, | ||
time_t | time1_time, | ||
time_t | time2_time, | ||
X509_EXTENSION * | ex, | ||
char * | ucuserdn, | ||
char * | ucissuerdn, | ||
char * | ucserial, | ||
char * | vomsdir | ||
) |
Get the VOMS attributes in the given extension.
Puts any VOMS credentials found into the Compact Creds string array starting at *creds. Always returns GRST_RET_OK - even for invalid credentials, which are just ignored.
int GRSTx509ProxyDestroy | ( | char * | proxydir, |
char * | delegation_id, | ||
char * | user_dn | ||
) |
Destroy stored GSI proxy files.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain were not found.)
int GRSTx509ProxyGetTimes | ( | char * | proxydir, |
char * | delegation_id, | ||
char * | user_dn, | ||
time_t * | start, | ||
time_t * | finish | ||
) |
Get start and finish validity times of stored GSI proxy file.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.)
Create a stack of X509 certificate from a PEM-encoded string.
Creates a dynamically allocated stack of X509 certificate objects by walking through the PEM-encoded X509 certificates.
Returns GRST_RET_OK on success, non-zero otherwise.