00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #ifndef VOMS_API_H
00027 #define VOMS_API_H
00028
00029 #include <fstream>
00030 #include <string>
00031 #include <vector>
00032
00033 #define NOGLOBUS
00034 extern "C" {
00035 #ifndef GSSAPI_H_
00036 typedef void * gss_cred_id_t;
00037 typedef void * gss_ctx_id_t;
00038 #endif
00039
00040 #include <openssl/x509.h>
00041 #include <openssl/bio.h>
00042 #include <sys/types.h>
00043 #include "newformat.h"
00044 }
00045
00048 struct data {
00049 std::string group;
00050 std::string role;
00051 std::string cap;
00052 };
00053
00056 struct attribute {
00057 std::string name;
00058 std::string qualifier;
00059 std::string value;
00060 };
00061
00062 struct attributelist {
00063 std::string grantor;
00064 std::vector<attribute> attributes;
00065 };
00066
00067
00070 enum data_type {
00071 TYPE_NODATA,
00072 TYPE_STD,
00073 TYPE_CUSTOM
00074 };
00075
00076 struct contactdata {
00080 std::string nick;
00081 std::string host;
00082 std::string contact;
00083 std::string vo;
00084 int port;
00086 int version;
00087 };
00088
00089 class vomspriv;
00090
00091 struct voms {
00092 friend class vomsdata;
00093 int version;
00094 int siglen;
00095 std::string signature;
00096 std::string user;
00097 std::string userca;
00098 std::string server;
00099 std::string serverca;
00100 std::string voname;
00101 std::string uri;
00102 std::string date1;
00103 std::string date2;
00104 data_type type;
00105 std::vector<data> std;
00106 std::string custom;
00107
00108 std::vector<std::string> fqan;
00109 std::string serial;
00110
00111
00112 private:
00113 void *realdata;
00114 X509 *holder;
00115 public:
00116 voms(const voms &);
00117 voms();
00118 voms &operator=(const voms &);
00119 ~voms();
00120
00121 private:
00122 struct vomsr *translate();
00123 friend int TranslateVOMS(struct vomsdatar *vd, std::vector<voms>&v, int *error);
00124
00125 public:
00126 AC *GetAC();
00127
00128 public:
00129 std::vector<attributelist>& GetAttributes();
00130 std::vector<std::string> GetTargets();
00131
00132 private:
00133 vomspriv *vp;
00134 };
00135
00136 enum recurse_type {
00137 RECURSE_CHAIN,
00138 RECURSE_NONE,
00139 RECURSE_DEEP
00140 };
00141
00142 enum verify_type {
00143 VERIFY_FULL = 0xffffffff,
00144 VERIFY_NONE = 0x00000000,
00145 VERIFY_DATE = 0x00000001,
00146 VERIFY_TARGET = 0x00000002,
00147 VERIFY_KEY = 0x00000004,
00148 VERIFY_SIGN = 0x00000008,
00149 VERIFY_ORDER = 0x00000010,
00150 VERIFY_ID = 0x00000020,
00151 VERIFY_CERTLIST = 0x00000040
00152 };
00153
00156 enum verror_type {
00157 VERR_NONE,
00158 VERR_NOSOCKET,
00159 VERR_NOIDENT,
00160 VERR_COMM,
00161 VERR_PARAM,
00162 VERR_NOEXT,
00163 VERR_NOINIT,
00164 VERR_TIME,
00165 VERR_IDCHECK,
00166 VERR_EXTRAINFO,
00167 VERR_FORMAT,
00168 VERR_NODATA,
00169 VERR_PARSE,
00170 VERR_DIR,
00171 VERR_SIGN,
00172 VERR_SERVER,
00173 VERR_MEM,
00174 VERR_VERIFY,
00175
00176 VERR_TYPE,
00177 VERR_ORDER,
00178 VERR_SERVERCODE,
00179 VERR_NOTAVAIL,
00180 VERR_FILE
00181 };
00182
00183 typedef bool (*check_sig)(X509 *, void *, verror_type &);
00185 class vomsdatapriv;
00186
00187 struct vomsdata {
00188 private:
00189 class Initializer {
00190 public:
00191 Initializer();
00192 private:
00193 Initializer(Initializer &);
00194 };
00195
00196 private:
00197 static Initializer init;
00198 std::string ca_cert_dir;
00199 std::string voms_cert_dir;
00200 int duration;
00201 std::string ordering;
00202 std::vector<contactdata> servers;
00203 std::vector<std::string> targets;
00204
00205 public:
00206 verror_type error;
00208 vomsdata(std::string voms_dir = "",
00209 std::string cert_dir = "");
00220 bool LoadSystemContacts(std::string dir = "");
00227 bool LoadUserContacts(std::string dir = "");
00237 std::vector<contactdata> FindByAlias(std::string alias);
00245 std::vector<contactdata> FindByVO(std::string vo);
00253 void Order(std::string att);
00260 void ResetOrder(void);
00262 void AddTarget(std::string target);
00267 std::vector<std::string> ListTargets(void);
00269 void ResetTargets(void);
00270 std::string ServerErrors(void);
00272 bool Retrieve(X509 *cert, STACK_OF(X509) *chain,
00273 recurse_type how = RECURSE_CHAIN);
00282 bool Contact(std::string hostname, int port,
00283 std::string servsubject,
00284 std::string command);
00294 bool Contact(std::string hostname, int port,
00295 std::string servsubject,
00296 std::string command,
00297 int timeout);
00308 bool ContactRaw(std::string hostname, int port,
00309 std::string servsubject,
00310 std::string command,
00311 std::string &raw,
00312 int& version);
00321 bool ContactRaw(std::string hostname, int port,
00322 std::string servsubject,
00323 std::string command,
00324 std::string &raw,
00325 int& version,
00326 int timeout);
00336 void SetVerificationType(verify_type how);
00340 void SetLifetime(int lifetime);
00344 bool Import(std::string buffer);
00351 bool Export(std::string &data);
00358 bool DefaultData(voms &);
00361 std::vector<voms> data;
00364 std::string workvo;
00365 std::string extra_data;
00374 private:
00375 bool loadfile(std::string, uid_t uid, gid_t gid);
00376 bool loadfile0(std::string, uid_t uid, gid_t gid);
00377 bool verifydata(std::string &message, std::string subject, std::string ca,
00378 X509 *holder, voms &v);
00379 bool check_cert(X509 *cert);
00380 bool retrieve(X509 *cert, STACK_OF(X509) *chain, recurse_type how,
00381 AC_SEQ **listnew, std::string &subject, std::string &ca,
00382 X509 **holder);
00383 verify_type ver_type;
00384
00385 std::string serverrors;
00386 std::string errmessage;
00387
00388 void seterror(verror_type, std::string);
00389
00390 bool check_sig_ac(X509 *, void *);
00391 X509 *check(void *);
00392 bool contact(const std::string&, int, const std::string&,
00393 const std::string&, std::string&, std::string&,
00394 std::string&, int timeout);
00395 bool verifydata(AC *ac, const std::string& subject, const std::string& ca,
00396 X509 *holder, voms &v);
00397 bool evaluate(AC_SEQ *, const std::string&, const std::string&, X509*);
00398
00399 public:
00400
00401 std::string ErrorMessage(void);
00404 #ifdef NOGLOBUS
00405 bool RetrieveFromCtx(gss_ctx_id_t context, recurse_type how);
00410 bool RetrieveFromCred(gss_cred_id_t credential, recurse_type how);
00414 #endif
00415
00416 bool Retrieve(X509_EXTENSION *ext);
00420 bool RetrieveFromProxy(recurse_type how);
00424 bool Retrieve(FILE *file, recurse_type how);
00431 bool Retrieve(AC *ac);
00435 ~vomsdata();
00436 private:
00437
00438 bool check_cert(STACK_OF(X509) *);
00439 X509 *check_from_certs(AC *ac, const std::string& voname);
00440 X509 *check_from_file(AC *, std::ifstream&, const std::string &vo, const std::string &filename);
00441
00442 public:
00443 vomsdata(const vomsdata &);
00444
00445 private:
00446 int retry_count;
00447
00448 public:
00449 void SetRetryCount(int retryCount);
00450
00451 public:
00452 void SetVerificationTime(time_t);
00453
00454 private:
00455 time_t verificationtime;
00456 bool verifyac(X509 *, X509 *, AC*, time_t, voms&);
00457
00458 public:
00459 bool LoadCredentials(X509*, EVP_PKEY *, STACK_OF(X509) *);
00460 bool ContactRESTRaw(const std::string&, int, const std::string&, std::string&, int, int);
00461
00462 private:
00463 bool InterpretOutput(const std::string&, std::string&);
00464
00465 private:
00466 vomsdatapriv *vdp;
00467 };
00468
00469
00470 extern "C" {
00471 int getVOMSMajorVersionNumber(void);
00472 int getVOMSMinorVersionNumber(void);
00473 int getVOMSPatchVersionNumber(void);
00474 }
00475
00476 #endif