00001 // $Id: XrdCryptoX509.cc 30949 2009-11-02 16:37:58Z ganis $ 00002 00003 const char *XrdCryptoX509CVSID = "$Id: XrdCryptoX509.cc 30949 2009-11-02 16:37:58Z ganis $"; 00004 /******************************************************************************/ 00005 /* */ 00006 /* X r d C r y p t o X 5 0 9 . c c */ 00007 /* */ 00008 /* (c) 2005 G. Ganis , CERN */ 00009 /* */ 00010 /******************************************************************************/ 00011 00012 /* ************************************************************************** */ 00013 /* */ 00014 /* Abstract interface for X509 certificates. */ 00015 /* Allows to plug-in modules based on different crypto implementation */ 00016 /* (OpenSSL, Botan, ...) */ 00017 /* */ 00018 /* ************************************************************************** */ 00019 #include <time.h> 00020 00021 #include <XrdCrypto/XrdCryptoX509.hh> 00022 #include <XrdCrypto/XrdCryptoTrace.hh> 00023 00024 const char *XrdCryptoX509::ctype[4] = { "Unknown", "CA", "EEC", "Proxy" }; 00025 00026 #define kAllowedSkew 600 00027 00028 //_____________________________________________________________________________ 00029 void XrdCryptoX509::Dump() 00030 { 00031 // Dump content 00032 EPNAME("X509::Dump"); 00033 00034 // Time strings 00035 struct tm tst; 00036 char stbeg[256] = {0}; 00037 time_t tbeg = NotBefore(); 00038 localtime_r(&tbeg,&tst); 00039 asctime_r(&tst,stbeg); 00040 stbeg[strlen(stbeg)-1] = 0; 00041 char stend[256] = {0}; 00042 time_t tend = NotAfter(); 00043 localtime_r(&tend,&tst); 00044 asctime_r(&tst,stend); 00045 stend[strlen(stend)-1] = 0; 00046 00047 PRINT("+++++++++++++++ X509 dump +++++++++++++++++++++++"); 00048 PRINT("+"); 00049 PRINT("+ File: "<<ParentFile()); 00050 PRINT("+"); 00051 PRINT("+ Type: "<<Type()); 00052 PRINT("+ Serial Number: "<<SerialNumber()); 00053 PRINT("+ Subject: "<<Subject()); 00054 PRINT("+ Subject hash: "<<SubjectHash()); 00055 PRINT("+ Issuer: "<<Issuer()); 00056 PRINT("+ Issuer hash: "<<IssuerHash()); 00057 PRINT("+"); 00058 if (IsExpired()) { 00059 PRINT("+ Validity: (expired!)"); 00060 } else { 00061 PRINT("+ Validity:"); 00062 } 00063 PRINT("+ NotBefore: "<<tbeg<<" UTC - "<<stbeg); 00064 PRINT("+ NotAfter: "<<tend<<" UTC - "<<stend); 00065 PRINT("+"); 00066 if (PKI()) { 00067 PRINT("+ PKI: "<<PKI()->Status()); 00068 } else { 00069 PRINT("+ PKI: missing"); 00070 } 00071 PRINT("+"); 00072 PRINT("+++++++++++++++++++++++++++++++++++++++++++++++++"); 00073 } 00074 00075 00076 //_____________________________________________________________________________ 00077 int XrdCryptoX509::BitStrength() 00078 { 00079 // Return number of bits in key 00080 ABSTRACTMETHOD("XrdCryptoX509::BitStrength"); 00081 return -1; 00082 } 00083 00084 //_____________________________________________________________________________ 00085 bool XrdCryptoX509::IsValid(int when) 00086 { 00087 // Check validity at UTC time 'when'. Use when =0 (default) to check 00088 // at present time. 00089 00090 int now = (when > 0) ? when : (int)time(0); 00091 return (now >= (NotBefore()-kAllowedSkew) && now <= NotAfter()); 00092 } 00093 00094 //_____________________________________________________________________________ 00095 bool XrdCryptoX509::IsExpired(int when) 00096 { 00097 // Check expiration at UTC time 'when'. Use when =0 (default) to check 00098 // at present time. 00099 00100 int now = (when > 0) ? when : (int)time(0); 00101 return (now > NotAfter()); 00102 } 00103 00104 //_____________________________________________________________________________ 00105 int XrdCryptoX509::NotBefore() 00106 { 00107 // Begin-validity time in secs since Epoch 00108 ABSTRACTMETHOD("XrdCryptoX509::NotBefore"); 00109 return -1; 00110 } 00111 00112 //_____________________________________________________________________________ 00113 int XrdCryptoX509::NotAfter() 00114 { 00115 // End-validity time in secs since Epoch 00116 ABSTRACTMETHOD("XrdCryptoX509::NotAfter"); 00117 return -1; 00118 } 00119 00120 //_____________________________________________________________________________ 00121 const char *XrdCryptoX509::Subject() 00122 { 00123 // Return subject name 00124 ABSTRACTMETHOD("XrdCryptoX509::Subject"); 00125 return (const char *)0; 00126 } 00127 00128 //_____________________________________________________________________________ 00129 const char *XrdCryptoX509::ParentFile() 00130 { 00131 // Return parent file name 00132 ABSTRACTMETHOD("XrdCryptoX509::ParentFile"); 00133 return (const char *)0; 00134 } 00135 00136 //_____________________________________________________________________________ 00137 const char *XrdCryptoX509::Issuer() 00138 { 00139 // Return issuer name 00140 ABSTRACTMETHOD("XrdCryptoX509::Issuer"); 00141 return (const char *)0; 00142 } 00143 00144 //_____________________________________________________________________________ 00145 const char *XrdCryptoX509::SubjectHash() 00146 { 00147 // Return subject name 00148 ABSTRACTMETHOD("XrdCryptoX509::SubjectHash"); 00149 return (const char *)0; 00150 } 00151 00152 //_____________________________________________________________________________ 00153 const char *XrdCryptoX509::IssuerHash() 00154 { 00155 // Return issuer name 00156 ABSTRACTMETHOD("XrdCryptoX509::IssuerHash"); 00157 return (const char *)0; 00158 } 00159 00160 //_____________________________________________________________________________ 00161 XrdCryptoX509data XrdCryptoX509::Opaque() 00162 { 00163 // Return underlying certificate in raw format 00164 ABSTRACTMETHOD("XrdCryptoX509::Opaque"); 00165 return (XrdCryptoX509data)0; 00166 } 00167 00168 //_____________________________________________________________________________ 00169 XrdCryptoRSA *XrdCryptoX509::PKI() 00170 { 00171 // Return PKI key of the certificate 00172 ABSTRACTMETHOD("XrdCryptoX509::PKI"); 00173 return (XrdCryptoRSA *)0; 00174 } 00175 00176 //_____________________________________________________________________________ 00177 void XrdCryptoX509::SetPKI(XrdCryptoX509data) 00178 { 00179 // Set PKI 00180 00181 ABSTRACTMETHOD("XrdCryptoX509::SetPKI"); 00182 } 00183 00184 //_____________________________________________________________________________ 00185 kXR_int64 XrdCryptoX509::SerialNumber() 00186 { 00187 // Return issuer name 00188 ABSTRACTMETHOD("XrdCryptoX509::SerialNumber"); 00189 return -1; 00190 } 00191 00192 //_____________________________________________________________________________ 00193 XrdOucString XrdCryptoX509::SerialNumberString() 00194 { 00195 // Return issuer name 00196 ABSTRACTMETHOD("XrdCryptoX509::SerialNumberString"); 00197 return XrdOucString(""); 00198 } 00199 00200 //_____________________________________________________________________________ 00201 XrdCryptoX509data XrdCryptoX509::GetExtension(const char *) 00202 { 00203 // Return issuer name 00204 ABSTRACTMETHOD("XrdCryptoX509::GetExtension"); 00205 return (XrdCryptoX509data)0; 00206 } 00207 00208 //_____________________________________________________________________________ 00209 XrdSutBucket *XrdCryptoX509::Export() 00210 { 00211 // EXport in form of bucket 00212 ABSTRACTMETHOD("XrdCryptoX509::Export"); 00213 return (XrdSutBucket *)0; 00214 } 00215 00216 //_____________________________________________________________________________ 00217 bool XrdCryptoX509::Verify(XrdCryptoX509 *) 00218 { 00219 // Verify certificate signature with pub key of ref cert 00220 ABSTRACTMETHOD("XrdCryptoX509::Verify"); 00221 return 0; 00222 }
1.5.1