ROOT_528-00b_version: net/xrootd/src/xrootd/src/XrdCrypto/XrdCryptoX509.hh Source File

00001 // $Id: XrdCryptoX509.hh 22437 2008-03-04 14:35:16Z rdm $
00002 #ifndef __CRYPTO_X509_H__
00003 #define __CRYPTO_X509_H__
00004 /******************************************************************************/
00005 /*                                                                            */
00006 /*                       X r d C r y p t o X 5 0 9 . h h                      */
00007 /*                                                                            */
00008 /*                                                                            */
00009 /* (c) 2005 G. Ganis , CERN                                                   */
00010 /*                                                                            */
00011 /******************************************************************************/
00012 
00013 /* ************************************************************************** */
00014 /*                                                                            */
00015 /* Abstract interface for X509 certificates.                                  */
00016 /* Allows to plug-in modules based on different crypto implementation         */
00017 /* (OpenSSL, Botan, ...)                                                      */
00018 /*                                                                            */
00019 /* ************************************************************************** */
00020 
00021 #include <XProtocol/XPtypes.hh>
00022 #include <XrdSut/XrdSutBucket.hh>
00023 #include <XrdCrypto/XrdCryptoRSA.hh>
00024 
00025 typedef void * XrdCryptoX509data;
00026 
00027 // ---------------------------------------------------------------------------//
00028 //
00029 // X509 interface
00030 // Describes one certificate
00031 //
00032 // ---------------------------------------------------------------------------//
00033 class XrdCryptoX509 {
00034 public:
00035 
00036    // Certificate type
00037    enum EX509Type { kUnknown = -1, kCA = 0, kEEC = 1, kProxy = 2 };
00038    EX509Type    type;
00039 
00040 
00041    XrdCryptoX509() { type = kUnknown; }
00042    virtual ~XrdCryptoX509() { }
00043 
00044    // Status
00045    virtual bool IsValid(int when = 0);   // object correctly loaded
00046    virtual bool IsExpired(int when = 0);  // Expired
00047 
00048    // Access underlying data (in opaque form: used in chains)
00049    virtual XrdCryptoX509data Opaque();
00050 
00051    // Access certificate key
00052    virtual XrdCryptoRSA *PKI();
00053    virtual void SetPKI(XrdCryptoX509data pki);
00054 
00055    // Export in form of bucket (for transfers)
00056    virtual XrdSutBucket *Export();
00057 
00058    // Dump information
00059    virtual void Dump();
00060    const char *Type(EX509Type t = kUnknown) const
00061                  { return ((t == kUnknown) ? ctype[type+1] : ctype[t+1]); }
00062    virtual const char *ParentFile();
00063 
00064    // Key strength
00065    virtual int BitStrength();
00066 
00067    // Serial number
00068    virtual kXR_int64 SerialNumber();
00069    virtual XrdOucString SerialNumberString();
00070 
00071    // Validity interval
00072    virtual int  NotBefore();  // begin-validity time in secs since Epoch
00073    virtual int  NotAfter();   // end-validity time in secs since Epoch
00074 
00075    // Issuer of top certificate
00076    virtual const char *Issuer();
00077    virtual const char *IssuerHash();   // hash 
00078 
00079    // Subject of bottom certificate
00080    virtual const char *Subject();
00081    virtual const char *SubjectHash();   // hash 
00082 
00083    // Retrieve a given extension if there (in opaque form) 
00084    virtual XrdCryptoX509data GetExtension(const char *oid);
00085 
00086    // Verify signature
00087    virtual bool Verify(XrdCryptoX509 *ref);
00088 
00089 private:
00090 
00091    static const char *ctype[4];  // Names of types
00092 };
00093 
00094 #endif