Go to the source code of this file.
Data Structures | |
struct | GRSTgaclCred |
struct | GRSTgaclEntry |
struct | GRSTgaclAcl |
struct | GRSTgaclUser |
struct | GRSTasn1TagList |
struct | GRSTx509Cert |
struct | GRSTx509Chain |
struct | GRSThtcpCountstr |
struct | GRSThtcpMessage |
struct | GRSThttpCharsList |
struct | GRSThttpBody |
Typedefs | |
typedef int | GRSTgaclAction |
typedef unsigned int | GRSTgaclPerm |
Functions | |
__attribute__ ((deprecated)) typedef struct | |
int | GRSTx509CertLoad (GRSTx509Cert *, X509 *) |
int | GRSTx509ChainLoad (GRSTx509Chain **chain, STACK_OF(X509)*certstack, X509 *lastcert, char *capath, char *vomsdir) |
int | GRSTx509ChainLoadCheck (GRSTx509Chain **, STACK_OF(X509)*, X509 *, char *, char *) |
Check certificate chain for GSI proxy acceptability. | |
int | GRSTx509ChainFree (GRSTx509Chain *) |
int | GRSTgaclInit (void) |
GRSTgaclCred * | GRSTgaclCredCreate (char *, char *) |
int | GRSTgaclCredFree (GRSTgaclCred *) |
int | GRSTgaclEntryAddCred (GRSTgaclEntry *, GRSTgaclCred *) |
int | GRSTgaclEntryDelCred (GRSTgaclEntry *, GRSTgaclCred *) |
int | GRSTgaclCredCredPrint (GRSTgaclCred *, FILE *) |
int | GRSTgaclCredCmpAuri (GRSTgaclCred *, GRSTgaclCred *) |
GRSTgaclEntry * | GRSTgaclEntryNew (void) |
int | GRSTgaclEntryFree (GRSTgaclEntry *) |
int | GRSTgaclAclAddEntry (GRSTgaclAcl *, GRSTgaclEntry *) |
int | GRSTgaclEntryPrint (GRSTgaclEntry *, FILE *) |
int | GRSTgaclPermPrint (GRSTgaclPerm, FILE *) |
int | GRSTgaclEntryAllowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryUnallowPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryDenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
int | GRSTgaclEntryUndenyPerm (GRSTgaclEntry *, GRSTgaclPerm) |
char * | GRSTgaclPermToChar (GRSTgaclPerm) |
GRSTgaclPerm | GRSTgaclPermFromChar (char *) |
GRSTgaclAcl * | GRSTgaclAclNew (void) |
int | GRSTgaclAclFree (GRSTgaclAcl *) |
int | GRSTgaclAclPrint (GRSTgaclAcl *, FILE *) |
int | GRSTgaclAclSave (GRSTgaclAcl *, char *) |
GRSTgaclAcl * | GRSTgaclAclLoadFile (char *) |
char * | GRSTgaclFileFindAclname (char *) |
GRSTgaclAcl * | GRSTgaclAclLoadforFile (char *) |
int | GRSTgaclFileIsAcl (char *) |
GRSTgaclUser * | GRSTgaclUserNew (GRSTgaclCred *) |
int | GRSTgaclUserFree (GRSTgaclUser *) |
int | GRSTgaclUserAddCred (GRSTgaclUser *, GRSTgaclCred *) |
int | GRSTgaclUserHasCred (GRSTgaclUser *, GRSTgaclCred *) |
char *int | GRSTgaclUserLoadDNlists (GRSTgaclUser *, char *) |
GRSTgaclCred * | GRSTgaclUserFindCredtype (GRSTgaclUser *, char *) |
GRSTgaclUser *int | GRSTgaclUserHasAURI (GRSTgaclUser *, char *) |
GRSTgaclPerm | GRSTgaclAclTestUser (GRSTgaclAcl *, GRSTgaclUser *) |
GRSTgaclPerm | GRSTgaclAclTestexclUser (GRSTgaclAcl *, GRSTgaclUser *) |
char * | GRSThttpUrlDecode (char *) |
char * | GRSThttpUrlEncode (char *) |
char * | GRSThttpUrlMildencode (char *) |
int | GRSTx509NameCmp (char *, char *) |
Compare X509 Distinguished Name strings. | |
int | GRSTx509KnownCriticalExts (X509 *) |
Check critical extensions. | |
int | GRSTx509IsCA (X509 *) |
Check if certificate can be used as a CA to sign standard X509 certs. | |
int | GRSTx509CheckChain (int *, X509_STORE_CTX *) |
int | GRSTx509VerifyCallback (int, X509_STORE_CTX *) |
Example VerifyCallback routine. | |
char X509 | STACK_OF (X509)* |
char char X509 *char * | GRSTx509CachedProxyFind (char *, char *, char *) |
Find a proxy file in the proxy cache. | |
char * | GRSTx509FindProxyFileName (void) |
Find proxy file name of the current user. | |
int | GRSTx509MakeProxyCert (char **, FILE *, char *, char *, char *, int) |
Make a GSI Proxy chain from a request, certificate and private key. | |
char * | GRSTx509CachedProxyKeyFind (char *, char *, char *, STACK_OF(X509)*) |
Find a temporary proxy private key file in the proxy cache. | |
int | GRSTx509ProxyDestroy (char *, char *, char *) |
Destroy stored GSI proxy files. | |
int | GRSTx509ProxyGetTimes (char *, char *, char *, time_t *, time_t *) |
Get start and finish validity times of stored GSI proxy file. | |
int | GRSTx509CreateProxyRequest (char **, char **, char *) |
Create a X.509 request for a GSI proxy and its private key. | |
int | GRSTx509CreateProxyRequestKS (char **reqtxt, char **keytxt, char *ocspurl, int keysize) |
int | GRSTx509MakeProxyRequest (char **, char *, char *, char *) |
Create a X.509 request for a GSI proxy and its private key. | |
int | GRSTx509MakeProxyRequestKS (char **reqtxt, char *proxydir, char *delegation_id, char *user_dn, int keysize) |
char * | GRSTx509MakeDelegationID (void) |
Returns a Delegation ID based on hash of GRST_CRED_0, ... | |
int | GRSTx509StringToChain (STACK_OF(X509)**, char *) |
Create a stack of X509 certificate from a PEM-encoded string. | |
char * | GRSTx509MakeProxyFileName (char *, STACK_OF(X509)*) |
Return the short file name for the given delegation_id and user_dn. | |
int | GRSTx509CacheProxy (char *, char *, char *, char *) |
Store a GSI proxy chain in the proxy cache, along with the private key. | |
int | GRST_is_id_safe (const char *) |
void | GRSThttpBodyInit (GRSThttpBody *) |
void | GRSThttpPrintf (GRSThttpBody *, char *,...) |
int | GRSThttpCopy (GRSThttpBody *, char *) |
void | GRSThttpWriteOut (GRSThttpBody *) |
int | GRSThttpPrintHeaderFooter (GRSThttpBody *, char *, char *) |
int | GRSThttpPrintHeader (GRSThttpBody *, char *) |
int | GRSThttpPrintFooter (GRSThttpBody *, char *) |
char * | GRSThttpGetCGI (char *) |
time_t | GRSTasn1TimeToTimeT (char *, size_t) |
ASN1 time string (in a char *) to time_t. | |
int | GRSTasn1SearchTaglist (struct GRSTasn1TagList taglist[], int, char *) |
int | GRSTasn1ParseDump (BIO *, unsigned char *, long, struct GRSTasn1TagList taglist[], int, int *) |
int | GRSTasn1GetX509Name (char *, int, char *, char *, struct GRSTasn1TagList taglist[], int) |
int | GRSThtcpNOPrequestMake (char **, int *, unsigned int) |
int | GRSThtcpNOPresponseMake (char **, int *, unsigned int) |
int | GRSThtcpTSTrequestMake (char **, int *, unsigned int, char *, char *, char *) |
int | GRSThtcpTSTresponseMake (char **, int *, unsigned int, char *, char *, char *) |
int | GRSThtcpMessageParse (GRSThtcpMessage *, char *, int) |
Variables | |
int(* | GRSTerrorLogFunc )(char *, int, int, char *,...) |
GRSTgaclNamevalue | |
int | |
size_t |
typedef int GRSTgaclAction |
typedef unsigned int GRSTgaclPerm |
__attribute__ | ( | (deprecated) | ) |
int GRST_is_id_safe | ( | const char * | ) |
int GRSTasn1GetX509Name | ( | char * | , | |
int | , | |||
char * | , | |||
char * | , | |||
struct GRSTasn1TagList | taglist[], | |||
int | ||||
) |
int GRSTasn1ParseDump | ( | BIO * | , | |
unsigned char * | , | |||
long | , | |||
struct GRSTasn1TagList | taglist[], | |||
int | , | |||
int * | ||||
) |
int GRSTasn1SearchTaglist | ( | struct GRSTasn1TagList | taglist[], | |
int | , | |||
char * | ||||
) |
time_t GRSTasn1TimeToTimeT | ( | char * | asn1time, | |
size_t | len | |||
) |
ASN1 time string (in a char *) to time_t.
(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary)
int GRSTgaclAclAddEntry | ( | GRSTgaclAcl * | , | |
GRSTgaclEntry * | ||||
) |
int GRSTgaclAclFree | ( | GRSTgaclAcl * | ) |
GRSTgaclAcl* GRSTgaclAclLoadFile | ( | char * | ) |
GRSTgaclAcl* GRSTgaclAclLoadforFile | ( | char * | ) |
GRSTgaclAcl* GRSTgaclAclNew | ( | void | ) |
int GRSTgaclAclPrint | ( | GRSTgaclAcl * | , | |
FILE * | ||||
) |
int GRSTgaclAclSave | ( | GRSTgaclAcl * | , | |
char * | ||||
) |
GRSTgaclPerm GRSTgaclAclTestexclUser | ( | GRSTgaclAcl * | , | |
GRSTgaclUser * | ||||
) |
GRSTgaclPerm GRSTgaclAclTestUser | ( | GRSTgaclAcl * | , | |
GRSTgaclUser * | ||||
) |
int GRSTgaclCredCmpAuri | ( | GRSTgaclCred * | , | |
GRSTgaclCred * | ||||
) |
GRSTgaclCred* GRSTgaclCredCreate | ( | char * | , | |
char * | ||||
) |
int GRSTgaclCredCredPrint | ( | GRSTgaclCred * | , | |
FILE * | ||||
) |
int GRSTgaclCredFree | ( | GRSTgaclCred * | ) |
int GRSTgaclEntryAddCred | ( | GRSTgaclEntry * | , | |
GRSTgaclCred * | ||||
) |
int GRSTgaclEntryAllowPerm | ( | GRSTgaclEntry * | , | |
GRSTgaclPerm | ||||
) |
int GRSTgaclEntryDelCred | ( | GRSTgaclEntry * | , | |
GRSTgaclCred * | ||||
) |
int GRSTgaclEntryDenyPerm | ( | GRSTgaclEntry * | , | |
GRSTgaclPerm | ||||
) |
int GRSTgaclEntryFree | ( | GRSTgaclEntry * | ) |
GRSTgaclEntry* GRSTgaclEntryNew | ( | void | ) |
int GRSTgaclEntryPrint | ( | GRSTgaclEntry * | , | |
FILE * | ||||
) |
int GRSTgaclEntryUnallowPerm | ( | GRSTgaclEntry * | , | |
GRSTgaclPerm | ||||
) |
int GRSTgaclEntryUndenyPerm | ( | GRSTgaclEntry * | , | |
GRSTgaclPerm | ||||
) |
char* GRSTgaclFileFindAclname | ( | char * | ) |
int GRSTgaclFileIsAcl | ( | char * | ) |
int GRSTgaclInit | ( | void | ) |
GRSTgaclPerm GRSTgaclPermFromChar | ( | char * | ) |
int GRSTgaclPermPrint | ( | GRSTgaclPerm | , | |
FILE * | ||||
) |
char* GRSTgaclPermToChar | ( | GRSTgaclPerm | ) |
int GRSTgaclUserAddCred | ( | GRSTgaclUser * | , | |
GRSTgaclCred * | ||||
) |
GRSTgaclCred* GRSTgaclUserFindCredtype | ( | GRSTgaclUser * | , | |
char * | ||||
) |
int GRSTgaclUserFree | ( | GRSTgaclUser * | ) |
GRSTgaclUser* int GRSTgaclUserHasAURI | ( | GRSTgaclUser * | , | |
char * | ||||
) |
int GRSTgaclUserHasCred | ( | GRSTgaclUser * | , | |
GRSTgaclCred * | ||||
) |
char* int GRSTgaclUserLoadDNlists | ( | GRSTgaclUser * | , | |
char * | ||||
) |
GRSTgaclUser* GRSTgaclUserNew | ( | GRSTgaclCred * | ) |
int GRSThtcpMessageParse | ( | GRSThtcpMessage * | , | |
char * | , | |||
int | ||||
) |
void GRSThttpBodyInit | ( | GRSThttpBody * | ) |
int GRSThttpCopy | ( | GRSThttpBody * | , | |
char * | ||||
) |
char* GRSThttpGetCGI | ( | char * | ) |
void GRSThttpPrintf | ( | GRSThttpBody * | , | |
char * | , | |||
... | ||||
) |
int GRSThttpPrintFooter | ( | GRSThttpBody * | , | |
char * | ||||
) |
int GRSThttpPrintHeader | ( | GRSThttpBody * | , | |
char * | ||||
) |
int GRSThttpPrintHeaderFooter | ( | GRSThttpBody * | , | |
char * | , | |||
char * | ||||
) |
char* GRSThttpUrlDecode | ( | char * | ) |
char* GRSThttpUrlEncode | ( | char * | ) |
char* GRSThttpUrlMildencode | ( | char * | ) |
void GRSThttpWriteOut | ( | GRSThttpBody * | ) |
char char X509* char* GRSTx509CachedProxyFind | ( | char * | proxydir, | |
char * | delegation_id, | |||
char * | user_dn | |||
) |
Find a proxy file in the proxy cache.
Returns the full path and file name of proxy file associated with given delegation ID and user DN.
Return a pointer to a malloc'd string with the full path of the proxy file corresponding to the given delegation_id, or NULL if not found.
char* GRSTx509CachedProxyKeyFind | ( | char * | proxydir, | |
char * | delegation_id, | |||
char * | user_dn, | |||
STACK_OF(X509)* | certstack | |||
) |
Find a temporary proxy private key file in the proxy cache.
Returns the full path and file name of the private key file associated with given delegation ID and user DN.
Return a pointer to a malloc'd string with the full path of the private proxy key corresponding to the given delegation_id, or NULL if not found.
int GRSTx509CacheProxy | ( | char * | proxydir, | |
char * | delegation_id, | |||
char * | user_dn, | |||
char * | proxychain | |||
) |
Store a GSI proxy chain in the proxy cache, along with the private key.
Returns GRST_RET_OK on success, non-zero otherwise. The existing private key with the same delegation ID and user DN is moved out of the temporary cache.
int GRSTx509CertLoad | ( | GRSTx509Cert * | , | |
X509 * | ||||
) |
int GRSTx509ChainFree | ( | GRSTx509Chain * | ) |
int GRSTx509ChainLoad | ( | GRSTx509Chain ** | chain, | |
STACK_OF(X509)* | certstack, | |||
X509 * | lastcert, | |||
char * | capath, | |||
char * | vomsdir | |||
) |
int GRSTx509ChainLoadCheck | ( | GRSTx509Chain ** | chain, | |
STACK_OF(X509)* | certstack, | |||
X509 * | lastcert, | |||
char * | capath, | |||
char * | vomsdir | |||
) |
Check certificate chain for GSI proxy acceptability.
Returns GRST_RET_OK if valid; caNl errors otherwise.
The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)
TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.)
int GRSTx509CreateProxyRequest | ( | char ** | , | |
char ** | , | |||
char * | ||||
) |
Create a X.509 request for a GSI proxy and its private key.
Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings
char* GRSTx509FindProxyFileName | ( | void | ) |
Find proxy file name of the current user.
Return a string with the proxy file name or NULL if not present. This function does not check if the proxy has expired.
int GRSTx509IsCA | ( | X509 * | cert | ) |
Check if certificate can be used as a CA to sign standard X509 certs.
Return GRST_RET_OK if true; GRST_RET_FAILED if not.
int GRSTx509KnownCriticalExts | ( | X509 * | cert | ) |
Check critical extensions.
Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.
Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.
char* GRSTx509MakeDelegationID | ( | void | ) |
Returns a Delegation ID based on hash of GRST_CRED_0, ...
Returns a malloc'd string with Delegation ID made by SHA1-hashing the values of the compact credentials exported by mod_gridsite
int GRSTx509MakeProxyCert | ( | char ** | proxychain, | |
FILE * | debugfp, | |||
char * | reqtxt, | |||
char * | cert, | |||
char * | key, | |||
int | minutes | |||
) |
Make a GSI Proxy chain from a request, certificate and private key.
The proxy chain is returned in *proxychain. If debugfp is non-NULL, errors are output to that file pointer. The proxy will expired in the given number of minutes starting from the current time.
char* GRSTx509MakeProxyFileName | ( | char * | delegation_id, | |
STACK_OF(X509)* | certstack | |||
) |
Return the short file name for the given delegation_id and user_dn.
Returns a malloc'd string with the short file name (no paths) that derived from the hashed delegation_id and user_dn
File name is SHA1_HASH(DelegationID)+"-"+SHA1_HASH(DN) where DN is DER encoded version of user_dn with any trailing CN=proxy removed Hashes are the most significant 8 bytes, in lowercase hexadecimal.
int GRSTx509MakeProxyRequest | ( | char ** | , | |
char * | , | |||
char * | , | |||
char * | ||||
) |
Create a X.509 request for a GSI proxy and its private key.
Returns GRST_RET_OK on success, non-zero otherwise. Request string and private key are PEM encoded strings
int GRSTx509MakeProxyRequestKS | ( | char ** | reqtxt, | |
char * | proxydir, | |||
char * | delegation_id, | |||
char * | user_dn, | |||
int | keysize | |||
) |
int GRSTx509NameCmp | ( | char * | a, | |
char * | b | |||
) |
Compare X509 Distinguished Name strings.
This function attempts to do with string representations what would ideally be done with OIDs/values. In particular, we equate "/Email=" == "/emailAddress=" to deal with this important change between OpenSSL 0.9.6 and 0.9.7. Other than that, it is currently the same as ordinary strcasecmp(3) (for consistency with EDG/LCG/EGEE gridmapdir case insensitivity.)
int GRSTx509ProxyDestroy | ( | char * | proxydir, | |
char * | delegation_id, | |||
char * | user_dn | |||
) |
Destroy stored GSI proxy files.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain were not found.)
int GRSTx509ProxyGetTimes | ( | char * | proxydir, | |
char * | delegation_id, | |||
char * | user_dn, | |||
time_t * | start, | |||
time_t * | finish | |||
) |
Get start and finish validity times of stored GSI proxy file.
Returns GRST_RET_OK on success, non-zero otherwise. (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.)
int GRSTx509StringToChain | ( | STACK_OF(X509)** | certstack, | |
char * | certstring | |||
) |
Create a stack of X509 certificate from a PEM-encoded string.
Creates a dynamically allocated stack of X509 certificate objects by walking through the PEM-encoded X509 certificates.
Returns GRST_RET_OK on success, non-zero otherwise.
char STACK_OF | ( | X509 | ) |
int(* GRSTerrorLogFunc)(char *, int, int, char *,...) |