XRootD
Public Member Functions | List of all members
XrdCryptosslX509Req Class Reference

#include <XrdCryptosslX509Req.hh>

+ Inheritance diagram for XrdCryptosslX509Req:
+ Collaboration diagram for XrdCryptosslX509Req:

Public Member Functions

 XrdCryptosslX509Req (X509_REQ *creq)
 
 XrdCryptosslX509Req (XrdSutBucket *bck)
 
virtual ~XrdCryptosslX509Req ()
 
XrdSutBucketExport ()
 
XrdCryptoX509Reqdata GetExtension (const char *oid)
 
XrdCryptoX509Reqdata Opaque ()
 
XrdCryptoRSAPKI ()
 
const char * Subject ()
 
const char * SubjectHash (int)
 
bool Verify ()
 
- Public Member Functions inherited from XrdCryptoX509Req
 XrdCryptoX509Req (int v=-1)
 
virtual ~XrdCryptoX509Req ()
 
virtual void Dump ()
 
virtual bool IsValid ()
 
void SetVersion (int v)
 
const char * SubjectHash ()
 
int Version () const
 

Detailed Description

Definition at line 47 of file XrdCryptosslX509Req.hh.

Constructor & Destructor Documentation

◆ XrdCryptosslX509Req() [1/2]

XrdCryptosslX509Req::XrdCryptosslX509Req ( XrdSutBucket bck)

Definition at line 47 of file XrdCryptosslX509Req.cc.

47  : XrdCryptoX509Req()
48 {
49  // Constructor certificate from BIO 'bcer'
50  EPNAME("X509Req::XrdCryptosslX509Req_bio");
51 
52  // Init private members
53  creq = 0; // The certificate object
54  subject = ""; // subject;
55  subjecthash = ""; // hash of subject;
56  subjectoldhash = ""; // hash of subject (md5 algorithm);
57  bucket = 0; // bucket for serialization
58  pki = 0; // PKI of the certificate
59 
60  // Make sure we got something;
61  if (!buck) {
62  DEBUG("got undefined opaque buffer");
63  return;
64  }
65 
66  //
67  // Create a bio_mem to store the certificates
68  BIO *bmem = BIO_new(BIO_s_mem());
69  if (!bmem) {
70  DEBUG("unable to create BIO for memory operations");
71  return;
72  }
73 
74  // Write data to BIO
75  int nw = BIO_write(bmem,(const void *)(buck->buffer),buck->size);
76  if (nw != buck->size) {
77  DEBUG("problems writing data to memory BIO (nw: "<<nw<<")");
78  return;
79  }
80 
81  // Get certificate request from BIO
82  if (!PEM_read_bio_X509_REQ(bmem,&creq,0,0)) {
83  DEBUG("unable to read certificate request to memory BIO");
84  return;
85  }
86  //
87  // Free BIO
88  BIO_free(bmem);
89  //
90  // Init some of the private members (the others upon need)
91  Subject();
92  //
93  // Get the public key
94  EVP_PKEY *evpp = X509_REQ_get_pubkey(creq);
95  //
96  if (evpp) {
97  // init pki with the partial key
98  if (!pki)
99  pki = new XrdCryptosslRSA(evpp, 0);
100  } else {
101  DEBUG("could not access the public key");
102  }
103 }
DEBUG
#define DEBUG(x)
Definition: XrdBwmTrace.hh:54
EPNAME
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
XrdCryptoX509Req::XrdCryptoX509Req
XrdCryptoX509Req(int v=-1)
Definition: XrdCryptoX509Req.hh:53

References XrdSutBucket::buffer, DEBUG, EPNAME, XrdSutBucket::size, and Subject().

+ Here is the call graph for this function:

◆ XrdCryptosslX509Req() [2/2]

XrdCryptosslX509Req::XrdCryptosslX509Req ( X509_REQ *  creq)

Definition at line 106 of file XrdCryptosslX509Req.cc.

106  : XrdCryptoX509Req()
107 {
108  // Constructor: import X509_REQ object
109  EPNAME("X509Req::XrdCryptosslX509Req_x509");
110 
111  // Init private members
112  creq = 0; // The certificate object
113  subject = ""; // subject;
114  subjecthash = ""; // hash of subject;
115  subjectoldhash = ""; // hash of subject (md5 algorithm);
116  bucket = 0; // bucket for serialization
117  pki = 0; // PKI of the certificate
118 
119  // Make sure we got something;
120  if (!xc) {
121  DEBUG("got undefined X509 object");
122  return;
123  }
124 
125  // Set certificate
126  creq = xc;
127  //
128  // Init some of the private members (the others upon need)
129  Subject();
130  //
131  // Get the public key
132  EVP_PKEY *evpp = X509_REQ_get_pubkey(creq);
133  //
134  if (evpp) {
135  // init pki with the partial key
136  if (!pki)
137  pki = new XrdCryptosslRSA(evpp, 0);
138  } else {
139  DEBUG("could not access the public key");
140  }
141 }

References DEBUG, EPNAME, and Subject().

+ Here is the call graph for this function:

◆ ~XrdCryptosslX509Req()

XrdCryptosslX509Req::~XrdCryptosslX509Req ( )
virtual

Definition at line 144 of file XrdCryptosslX509Req.cc.

145 {
146  // Destructor
147 
148  // Cleanup certificate
149  if (creq) X509_REQ_free(creq);
150  // Cleanup key
151  if (pki) delete pki;
152 }

Member Function Documentation

◆ Export()

XrdSutBucket * XrdCryptosslX509Req::Export ( )
virtual

Reimplemented from XrdCryptoX509Req.

Definition at line 284 of file XrdCryptosslX509Req.cc.

285 {
286  // Export in form of bucket
287  EPNAME("X509Req::Export");
288 
289  // If we have already done it, return the previous result
290  if (bucket) {
291  DEBUG("serialization already performed:"
292  " return previous result ("<<bucket->size<<" bytes)");
293  return bucket;
294  }
295 
296  // Make sure we got something to export
297  if (!creq) {
298  DEBUG("certificate is not initialized");
299  return 0;
300  }
301 
302  //
303  // Now we create a bio_mem to serialize the certificate
304  BIO *bmem = BIO_new(BIO_s_mem());
305  if (!bmem) {
306  DEBUG("unable to create BIO for memory operations");
307  return 0;
308  }
309 
310  // Write certificate to BIO
311  if (!PEM_write_bio_X509_REQ(bmem, creq)) {
312  DEBUG("unable to write certificate request to memory BIO");
313  return 0;
314  }
315 
316  // Extract pointer to BIO data and length of segment
317  char *bdata = 0;
318  int blen = BIO_get_mem_data(bmem, &bdata);
319  DEBUG("BIO data: "<<blen<<" bytes at 0x"<<(int *)bdata);
320 
321  // create the bucket now
322  bucket = new XrdSutBucket(0,0,kXRS_x509_req);
323  if (bucket) {
324  // Fill bucket
325  bucket->SetBuf(bdata, blen);
326  DEBUG("result of serialization: "<<bucket->size<<" bytes");
327  } else {
328  DEBUG("unable to create bucket for serialized format");
329  BIO_free(bmem);
330  return 0;
331  }
332  //
333  // Free BIO
334  BIO_free(bmem);
335  //
336  // We are done
337  return bucket;
338 }
kXRS_x509_req
@ kXRS_x509_req
Definition: XrdSutAux.hh:81
XrdSutBucket::size
kXR_int32 size
Definition: XrdSutBucket.hh:47
XrdSutBucket::SetBuf
int SetBuf(const char *nb=0, int ns=0)
Definition: XrdSutBucket.cc:132

References DEBUG, EPNAME, kXRS_x509_req, XrdSutBucket::SetBuf(), and XrdSutBucket::size.

+ Here is the call graph for this function:

◆ GetExtension()

XrdCryptoX509Reqdata XrdCryptosslX509Req::GetExtension ( const char *  oid)
virtual

Reimplemented from XrdCryptoX509Req.

Definition at line 221 of file XrdCryptosslX509Req.cc.

222 {
223  // Return issuer name
224  EPNAME("X509Req::GetExtension");
225  XrdCryptoX509Reqdata ext = 0;
226 
227  // Make sure we got something to look for
228  if (!oid) {
229  DEBUG("OID string not defined");
230  return ext;
231  }
232 
233  // Make sure we got something to look for
234  if (!creq) {
235  DEBUG("certificate is not initialized");
236  return ext;
237  }
238 
239  // Are there any extension?
240  STACK_OF(X509_EXTENSION) *esk = X509_REQ_get_extensions(creq);
241  //
242  int numext = sk_X509_EXTENSION_num(esk);
243  if (numext <= 0) {
244  DEBUG("certificate has got no extensions");
245  return ext;
246  }
247  DEBUG("certificate request has "<<numext<<" extensions");
248 
249  // If the string is the Standard Name of a known extension check
250  // searche the corresponding NID
251  int nid = OBJ_sn2nid(oid);
252  bool usenid = (nid > 0);
253 
254  // Loop to identify the one we would like
255  int i = 0;
256  X509_EXTENSION *wext = 0;
257  for (i = 0; i< numext; i++) {
258  wext = sk_X509_EXTENSION_value(esk, i);
259  if (usenid) {
260  int enid = OBJ_obj2nid(X509_EXTENSION_get_object(wext));
261  if (enid == nid)
262  break;
263  } else {
264  // Try matching of the text
265  char s[256];
266  OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(wext), 1);
267  if (!strcmp(s, oid))
268  break;
269  }
270  wext = 0;
271  }
272 
273  // We are done if nothing was found
274  if (!wext) {
275  DEBUG("Extension "<<oid<<" not found");
276  return ext;
277  }
278 
279  // We are done
280  return (XrdCryptoX509Reqdata)wext;
281 }
XrdCryptoX509Reqdata
void * XrdCryptoX509Reqdata
Definition: XrdCryptoX509Req.hh:42

References DEBUG, and EPNAME.

◆ Opaque()

XrdCryptoX509Reqdata XrdCryptosslX509Req::Opaque ( )
inlinevirtual

Reimplemented from XrdCryptoX509Req.

Definition at line 56 of file XrdCryptosslX509Req.hh.

56 { return (XrdCryptoX509Reqdata)creq; }

◆ PKI()

XrdCryptoRSA* XrdCryptosslX509Req::PKI ( )
inlinevirtual

Reimplemented from XrdCryptoX509Req.

Definition at line 59 of file XrdCryptosslX509Req.hh.

59 { return pki; }

◆ Subject()

const char * XrdCryptosslX509Req::Subject ( )
virtual

Reimplemented from XrdCryptoX509Req.

Definition at line 155 of file XrdCryptosslX509Req.cc.

156 {
157  // Return subject name
158  EPNAME("X509Req::Subject");
159 
160  // If we do not have it already, try extraction
161  if (subject.length() <= 0) {
162 
163  // Make sure we have a certificate
164  if (!creq) {
165  DEBUG("WARNING: no certificate available - cannot extract subject name");
166  return (const char *)0;
167  }
168 
169  // Extract subject name
170  XrdCryptosslNameOneLine(X509_REQ_get_subject_name(creq), subject);
171  }
172 
173  // return what we have
174  return (subject.length() > 0) ? subject.c_str() : (const char *)0;
175 }
XrdCryptosslNameOneLine
void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
Definition: XrdCryptosslAux.cc:736
XrdOucString::c_str
const char * c_str() const
Definition: XrdOucString.hh:278
XrdOucString::length
int length() const
Definition: XrdOucString.hh:279

References XrdOucString::c_str(), DEBUG, EPNAME, XrdOucString::length(), and XrdCryptosslNameOneLine().

Referenced by XrdCryptosslX509Req().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SubjectHash()

const char * XrdCryptosslX509Req::SubjectHash ( int  alg)
virtual

Reimplemented from XrdCryptoX509Req.

Definition at line 178 of file XrdCryptosslX509Req.cc.

179 {
180  // Return hash of subject name
181  // Use default algorithm (X509_NAME_hash) for alg = 0, old algorithm
182  // (for v>=1.0.0) when alg = 1
183  EPNAME("X509::SubjectHash");
184 
185  if (alg == 1) {
186  // md5 based
187  if (subjectoldhash.length() <= 0) {
188  // Make sure we have a certificate
189  if (creq) {
190  char chash[30] = {0};
191  snprintf(chash, sizeof(chash),
192  "%08lx.0",X509_NAME_hash_old(X509_REQ_get_subject_name(creq)));
193  subjectoldhash = chash;
194  } else {
195  DEBUG("WARNING: no certificate available - cannot extract subject hash (md5)");
196  }
197  }
198  // return what we have
199  return (subjectoldhash.length() > 0) ? subjectoldhash.c_str() : (const char *)0;
200  }
201 
202  // If we do not have it already, try extraction
203  if (subjecthash.length() <= 0) {
204 
205  // Make sure we have a certificate
206  if (creq) {
207  char chash[30] = {0};
208  snprintf(chash, sizeof(chash),
209  "%08lx.0",X509_NAME_hash(X509_REQ_get_subject_name(creq)));
210  subjecthash = chash;
211  } else {
212  DEBUG("WARNING: no certificate available - cannot extract subject hash (default)");
213  }
214  }
215 
216  // return what we have
217  return (subjecthash.length() > 0) ? subjecthash.c_str() : (const char *)0;
218 }

References XrdOucString::c_str(), DEBUG, EPNAME, and XrdOucString::length().

+ Here is the call graph for this function:

◆ Verify()

bool XrdCryptosslX509Req::Verify ( )
virtual

Reimplemented from XrdCryptoX509Req.

Definition at line 341 of file XrdCryptosslX509Req.cc.

342 {
343  // Verify signature of the request
344  EPNAME("X509Req::Verify");
345 
346  // We must have been initialized
347  if (!creq)
348  return 0;
349 
350  // Ok: we can verify
351  int rc = X509_REQ_verify(creq,X509_REQ_get_pubkey(creq));
352  if (rc <= 0) {
353  // Failure
354  if (rc == 0) {
355  // Signatures are not OK
356  DEBUG("signature not OK");
357  } else {
358  // General failure
359  DEBUG("could not verify signature");
360  }
361  return 0;
362  }
363  // OK
364  return 1;
365 }

References DEBUG, and EPNAME.

The documentation for this class was generated from the following files: