XRootD
Loading...
Searching...
No Matches
XrdCryptosslFactory.cc
Go to the documentation of this file.
1/******************************************************************************/
2/* */
3/* X r d C r y p t o S s l F a c t o r y . c c */
4/* */
5/* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
6/* Produced by Gerri Ganis for CERN */
7/* */
8/* This file is part of the XRootD software suite. */
9/* */
10/* XRootD is free software: you can redistribute it and/or modify it under */
11/* the terms of the GNU Lesser General Public License as published by the */
12/* Free Software Foundation, either version 3 of the License, or (at your */
13/* option) any later version. */
14/* */
15/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
16/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
17/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
18/* License for more details. */
19/* */
20/* You should have received a copy of the GNU Lesser General Public License */
21/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
22/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
23/* */
24/* The copyright holder's institutional names and contributor's names may not */
25/* be used to endorse or promote products derived from this software without */
26/* specific prior written permission of the institution or contributor. */
27/******************************************************************************/
28
29/* ************************************************************************** */
30/* */
31/* Implementation of the OpenSSL crypto factory */
32/* */
33/* ************************************************************************** */
34
43
45#include "XrdSys/XrdSysError.hh"
46#include "XrdSut/XrdSutRndm.hh"
47
49
51
52#include "XrdVersion.hh"
53
54#include <openssl/rand.h>
55#include <openssl/ssl.h>
56
57//
58// For error logging and tracing
60static XrdSysError eDest(0,"cryptossl_");
61
62//______________________________________________________________________________
65{
66 // Constructor: init the needed components of the OpenSSL library
67
68 // Init SSL ...
69 //
70 static const char *eText = XrdTlsContext::Init();
71
72 // Make sure all went well (we need to possibly abort here)
73 //
74 if (eText)
75 {std::cerr <<"XrdCryptosslFactory: " <<eText <<std::endl;
76 abort();
77 }
78
79 // Init Random machinery
80 //
81 int klen = 32;
82 char *ktmp = XrdSutRndm::GetBuffer(klen);
83 if (ktmp) {
84 // Feed the random engine
85 RAND_seed(ktmp,klen);
86 delete[] ktmp;
87 }
88}
89
90//______________________________________________________________________________
92{
93 // Set trace flags according to 'trace'
94
95 //
96 // Initiate error logging and tracing
98 if (!sslTrace)
100 if (sslTrace) {
101 // Set debug mask
102 sslTrace->What = 0;
103 // Low level only
104 if ((trace & sslTRACE_Notify))
106 // Medium level
107 if ((trace & sslTRACE_Debug))
109 // High level
110 if ((trace & sslTRACE_Dump))
112 }
113}
114
115//______________________________________________________________________________
117{
118 // Return an instance of an implementation of the PBKDF2 fun length.
119
120 return &XrdCryptosslKDFunLen;
121}
122
123//______________________________________________________________________________
125{
126 // Return an instance of an implementation of the PBKDF2 function.
127
128 return &XrdCryptosslKDFun;
129}
130
131//______________________________________________________________________________
133{
134 // Returns true if specified cipher is supported
135
137}
138
139//______________________________________________________________________________
141{
142 // Returns true if cipher padding is supported
143#if defined(HAVE_DH_PADDED) || defined(HAVE_DH_PADDED_FUNC)
144 return true;
145#else
146 return false;
147#endif
148}
149
150//______________________________________________________________________________
152{
153 // Return an instance of a ssl implementation of XrdCryptoCipher.
154
155 XrdCryptoCipher *cip = new XrdCryptosslCipher(t,l);
156 if (cip) {
157 if (cip->IsValid())
158 return cip;
159 else
160 delete cip;
161 }
162 return (XrdCryptoCipher *)0;
163}
164
165//______________________________________________________________________________
167 int l, const char *k,
168 int liv, const char *iv)
169{
170 // Return an instance of a ssl implementation of XrdCryptoCipher.
171
172 XrdCryptoCipher *cip = new XrdCryptosslCipher(t,l,k,liv,iv);
173 if (cip) {
174 if (cip->IsValid())
175 return cip;
176 else
177 delete cip;
178 }
179 return (XrdCryptoCipher *)0;
180}
181
182//______________________________________________________________________________
184{
185 // Return an instance of a Local implementation of XrdCryptoCipher.
186
188 if (cip) {
189 if (cip->IsValid())
190 return cip;
191 else
192 delete cip;
193 }
194 return (XrdCryptoCipher *)0;
195}
196
197//______________________________________________________________________________
198XrdCryptoCipher *XrdCryptosslFactory::Cipher(bool padded, int b, char *p,
199 int l, const char *t)
200{
201 // Return an instance of a Ssl implementation of XrdCryptoCipher.
202
203 XrdCryptoCipher *cip = new XrdCryptosslCipher(padded, b,p,l,t);
204 if (cip) {
205 if (cip->IsValid())
206 return cip;
207 else
208 delete cip;
209 }
210 return (XrdCryptoCipher *)0;
211}
212
213//______________________________________________________________________________
215 int l, const char *t)
216{
217 // Return an instance of a Ssl implementation of XrdCryptoCipher.
218
219 XrdCryptoCipher *cip = new XrdCryptosslCipher(false,b,p,l,t);
220 if (cip) {
221 if (cip->IsValid())
222 return cip;
223 else
224 delete cip;
225 }
226 return (XrdCryptoCipher *)0;
227}
228
229//______________________________________________________________________________
231{
232 // Return an instance of a Ssl implementation of XrdCryptoCipher.
233
235 if (cip) {
236 if (cip->IsValid())
237 return cip;
238 else
239 delete cip;
240 }
241 return (XrdCryptoCipher *)0;
242}
243
244//______________________________________________________________________________
246{
247 // Returns true if specified digest is supported
248
250}
251
252//______________________________________________________________________________
254{
255 // Return an instance of a ssl implementation of XrdCryptoMsgDigest.
256
258 if (md) {
259 if (md->IsValid())
260 return md;
261 else
262 delete md;
263 }
264 return (XrdCryptoMsgDigest *)0;
265}
266
267//______________________________________________________________________________
269{
270 // Return an instance of a ssl implementation of XrdCryptoRSA.
271
272 XrdCryptoRSA *rsa = new XrdCryptosslRSA(bits,exp);
273 if (rsa) {
274 if (rsa->IsValid())
275 return rsa;
276 else
277 delete rsa;
278 }
279 return (XrdCryptoRSA *)0;
280}
281
282//______________________________________________________________________________
283XrdCryptoRSA *XrdCryptosslFactory::RSA(const char *pub, int lpub)
284{
285 // Return an instance of a ssl implementation of XrdCryptoRSA.
286
287 XrdCryptoRSA *rsa = new XrdCryptosslRSA(pub,lpub);
288 if (rsa) {
289 if (rsa->IsValid())
290 return rsa;
291 else
292 delete rsa;
293 }
294 return (XrdCryptoRSA *)0;
295}
296
297//______________________________________________________________________________
299{
300 // Return an instance of a Ssl implementation of XrdCryptoRSA.
301
302 XrdCryptoRSA *rsa = new XrdCryptosslRSA(*((XrdCryptosslRSA *)&r));
303 if (rsa) {
304 if (rsa->IsValid())
305 return rsa;
306 else
307 delete rsa;
308 }
309 return (XrdCryptoRSA *)0;
310}
311
312//______________________________________________________________________________
313XrdCryptoX509 *XrdCryptosslFactory::X509(const char *cf, const char *kf)
314{
315 // Return an instance of a ssl implementation of XrdCryptoX509.
316
317 XrdCryptoX509 *x509 = new XrdCryptosslX509(cf, kf);
318 if (x509) {
319 if (x509->Opaque())
320 return x509;
321 else
322 delete x509;
323 }
324 return (XrdCryptoX509 *)0;
325}
326
327//______________________________________________________________________________
329{
330 // Return an instance of a ssl implementation of XrdCryptoX509.
331
332 XrdCryptoX509 *x509 = new XrdCryptosslX509(b);
333 if (x509) {
334 if (x509->Opaque())
335 return x509;
336 else
337 delete x509;
338 }
339 return (XrdCryptoX509 *)0;
340}
341
342//______________________________________________________________________________
344{
345 // Return an instance of a ssl implementation of XrdCryptoX509Crl.
346
347 XrdCryptoX509Crl *x509Crl = new XrdCryptosslX509Crl(cf, opt);
348 if (x509Crl) {
349 if (x509Crl->Opaque())
350 return x509Crl;
351 else
352 delete x509Crl;
353 }
354 return (XrdCryptoX509Crl *)0;
355}
356
357//______________________________________________________________________________
359{
360 // Return an instance of a ssl implementation of XrdCryptoX509Crl.
361
362 XrdCryptoX509Crl *x509Crl = new XrdCryptosslX509Crl(ca);
363 if (x509Crl) {
364 if (x509Crl->Opaque())
365 return x509Crl;
366 else
367 delete x509Crl;
368 }
369 return (XrdCryptoX509Crl *)0;
370}
371
372//______________________________________________________________________________
374{
375 // Return an instance of a ssl implementation of XrdCryptoX509Crl.
376
377 XrdCryptoX509Req *x509Req = new XrdCryptosslX509Req(b);
378 if (x509Req) {
379 if (x509Req->Opaque())
380 return x509Req;
381 else
382 delete x509Req;
383 }
384 return (XrdCryptoX509Req *)0;
385}
386
387//______________________________________________________________________________
389{
390 // Return hook to the OpenSSL implementation of the verification
391 // function for X509 certificate.
392
394}
395
396//______________________________________________________________________________
398{
399 // Return hook to the OpenSSL implementation of the verification
400 // function for X509 certificate chains.
401
403}
404
405//______________________________________________________________________________
407{
408 // Return an instance of an implementation of a function
409 // to export a X509 certificate chain.
410
412}
413
414//______________________________________________________________________________
416{
417 // Return an instance of an implementation of a function
418 // to dump a X509 certificate chain to a file.
419
421}
422
423//______________________________________________________________________________
425{
426 // Return an instance of an implementation of a function
427 // to parse a file supposed to contain for X509 certificates.
428
430}
431
432//______________________________________________________________________________
434{
435 // Return an instance of an implementation of a function
436 // to parse a file supposed to contain for X509 certificates.
437
439}
440
441//______________________________________________________________________________
443{
444 // Return an instance of an implementation of a function
445 // to parse a file supposed to contain for X509 certificates.
446
448}
449
450//______________________________________________________________________________
452{
453 // Check if the proxyCertInfo extension exists
454
456}
457
458//______________________________________________________________________________
460{
461 // Set the path length constraint
462
464}
465
466//______________________________________________________________________________
468{
469 // Create a proxy certificate
470
472}
473
474//______________________________________________________________________________
476{
477 // Create a proxy request
478
480}
481
482//______________________________________________________________________________
484{
485 // Sign a proxy request
486
488}
489
490//______________________________________________________________________________
492{
493 // Check consistency of a GSI 3 compliant proxy
494
496}
497
498//______________________________________________________________________________
500{
501 // Get VOMS attributes, if any
502
504}
505
506
507/******************************************************************************/
508/* X r d C r y p t o S s l F a c t o r y O b j e c t */
509/******************************************************************************/
510
512
513extern "C" {
515{
516 // Return a pointer to the instantiated Ssl factory singleton.
517 // Instantiate the singleton on the first call.
518
519 static XrdCryptosslFactory SslCryptoFactory;
520
521 return &SslCryptoFactory;
522}}
int kXR_int32
Definition XPtypes.hh:89
static XrdSysLogger Logger
static XrdSysError eDest(0,"crypto_")
int(* XrdCryptoKDFunLen_t)()
int(* XrdCryptoKDFun_t)(const char *pass, int plen, const char *salt, int slen, char *key, int klen)
int(* XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *)
int(* XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
int(* XrdCryptoX509SignProxyReq_t)(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
bool(* XrdCryptoX509VerifyChain_t)(XrdCryptoX509Chain *chain, int &errcode)
XrdSutBucket *(* XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool)
int(* XrdCryptoX509ParseBucket_t)(XrdSutBucket *, XrdCryptoX509Chain *)
bool(* XrdCryptoX509VerifyCert_t)(XrdCryptoX509 *c, XrdCryptoX509 *r)
int(* XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &)
void(* XrdCryptoSetPathLenConstraint_t)(void *, int)
int(* XrdCryptoX509ParseStack_t)(XrdTlsPeerCerts *pc, XrdCryptoX509Chain *c)
int(* XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *, const char *)
int(* XrdCryptoX509CreateProxyReq_t)(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
bool(* XrdCryptoProxyCertInfo_t)(const void *, int &, bool *)
int(* XrdCryptoX509CheckProxy3_t)(XrdCryptoX509 *, XrdOucString &)
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
int XrdCryptosslKDFunLen()
int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *ch, const char *fn)
XrdSutBucket * XrdCryptosslX509ExportChain(XrdCryptoX509Chain *chain, bool withprivatekey)
XrdOucTrace * sslTrace
int XrdCryptosslX509ParseStack(XrdTlsPeerCerts *pc, XrdCryptoX509Chain *chain)
int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen, char *key, int klen)
int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *chain, const char *fkey)
bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode)
bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *cert, XrdCryptoX509 *ref)
void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen)
int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &)
#define sslTRACE_ALL
int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy=0)
#define sslTRACE_Dump
int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
#define sslTRACE_Debug
#define sslTRACE_Notify
int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &)
XrdCryptoFactory * XrdCryptosslFactoryObject()
static XrdSysLogger Logger
static XrdSysError eDest(0,"cryptossl_")
XrdVERSIONINFO(XrdCryptosslFactoryObject, cryptossl)
#define XrdCryptosslFactoryID
virtual bool IsValid()
virtual XrdCryptoX509Crldata Opaque()
virtual XrdCryptoX509Reqdata Opaque()
virtual XrdCryptoX509data Opaque()
static bool IsSupported(const char *cip)
void SetTrace(kXR_int32 trace)
XrdCryptoX509CreateProxy_t X509CreateProxy()
XrdCryptoX509CreateProxyReq_t X509CreateProxyReq()
XrdCryptoSetPathLenConstraint_t SetPathLenConstraint()
XrdCryptoX509ChainToFile_t X509ChainToFile()
bool SupportedMsgDigest(const char *dgst)
XrdCryptoX509ParseFile_t X509ParseFile()
XrdCryptoX509VerifyCert_t X509VerifyCert()
XrdCryptoX509SignProxyReq_t X509SignProxyReq()
XrdCryptoX509ExportChain_t X509ExportChain()
XrdCryptoMsgDigest * MsgDigest(const char *dgst)
XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
XrdCryptoX509VerifyChain_t X509VerifyChain()
bool SupportedCipher(const char *t)
XrdCryptoKDFun_t KDFun()
XrdCryptoX509ParseStack_t X509ParseStack()
XrdCryptoX509ParseBucket_t X509ParseBucket()
XrdCryptoKDFunLen_t KDFunLen()
XrdCryptoX509Req * X509Req(XrdSutBucket *bck)
XrdCryptoX509CheckProxy3_t X509CheckProxy3()
XrdCryptoX509 * X509(const char *cf, const char *kf=0)
XrdCryptoX509Crl * X509Crl(const char *crlfile, int opt=0)
XrdCryptoCipher * Cipher(const char *t, int l=0)
XrdCryptoProxyCertInfo_t ProxyCertInfo()
XrdCryptoRSA * RSA(int bits=XrdCryptoDefRSABits, int exp=XrdCryptoDefRSAExp)
static bool IsSupported(const char *dgst)
static char * GetBuffer(int len, int opt=-1)
XrdSysLogger * logger(XrdSysLogger *lp=0)
static const char * Init()