00001 #ifndef __CRYPTO_SSLAUX_H__
00002 #define __CRYPTO_SSLAUX_H__
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037 #include "XrdCrypto/XrdCryptoAux.hh"
00038 #include "XrdCrypto/XrdCryptoFactory.hh"
00039 #include "XrdCrypto/XrdCryptoX509Chain.hh"
00040 #include <openssl/asn1.h>
00041
00042 #define kSslKDFunDefLen 24
00043
00044
00045
00046
00047 int XrdCryptosslKDFunLen();
00048 int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen,
00049 char *key, int len);
00050
00051
00052 bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *c, XrdCryptoX509 *r);
00053
00054 bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode);
00055
00056 XrdSutBucket *XrdCryptosslX509ExportChain(XrdCryptoX509Chain *c, bool key = 0);
00057
00058 int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *c, const char *fn);
00059
00060 int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *c);
00061
00062 int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *c);
00063
00064
00065 time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1);
00066
00067
00068 void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s);
00069
00070
00071
00072
00073
00074
00075 bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy = 0);
00076 void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen);
00077
00078 int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *,
00079 XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
00080
00081 int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *,
00082 XrdCryptoX509Req **, XrdCryptoRSA **);
00083
00084 int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *,
00085 XrdCryptoX509Req *, XrdCryptoX509 **);
00086
00087 int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &);
00088
00089 int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &);
00090
00091
00092
00093
00094 #define sslTRACE_ALL 0x0007
00095 #define sslTRACE_Dump 0x0004
00096 #define sslTRACE_Debug 0x0002
00097 #define sslTRACE_Notify 0x0001
00098
00099
00100
00101
00102 #define kErrPX_Error 1 // Generic error condition
00103 #define kErrPX_BadEECfile 2 // Absent or bad EEC cert or key file
00104 #define kErrPX_BadEECkey 3 // Inconsistent EEC key
00105 #define kErrPX_ExpiredEEC 4 // EEC is expired
00106 #define kErrPX_NoResources 5 // Unable to create new objects
00107 #define kErrPX_SetAttribute 6 // Unable to set a certificate attribute
00108 #define kErrPX_SetPathDepth 7 // Unable to set path depth
00109 #define kErrPX_Signing 8 // Problems signing
00110 #define kErrPX_GenerateKey 9 // Problem generating the RSA key
00111 #define kErrPX_ProxyFile 10 // Problem creating / updating proxy file
00112 #define kErrPX_BadNames 11 // Names in certificates are bad
00113 #define kErrPX_BadSerial 12 // Problems resolving serial number
00114 #define kErrPX_BadExtension 13 // Problems with the extensions
00115
00116 #endif
00117