#include <XrdSecProtocolgsi.hh>
Public Member Functions | |
int | Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0) |
XrdSecCredentials * | getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0) |
XrdSecProtocolgsi (int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0) | |
virtual | ~XrdSecProtocolgsi () |
void | Delete () |
Delete the protocol object. DO NOT use C++ delete() on this object. | |
int | Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf) |
int | Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen) |
int | getKey (char *kbuf=0, int klen=0) |
int | setKey (char *kbuf, int klen) |
Static Public Member Functions | |
static char * | Init (gsiOptions o, XrdOucErrInfo *erp) |
static XrdOucTrace * | EnableTracing () |
Private Member Functions | |
int | ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg) |
int | ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg) |
int | ParseCrypto (String cryptlist) |
int | ParseCAlist (String calist) |
bool | ServerCertNameOK (const char *subject, const char *hname, String &e) |
XrdSecCredentials * | ErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
int | ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0) |
bool | CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg) |
bool | CheckRtag (XrdSutBuffer *bm, String &emsg) |
int | AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip) |
void | CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0) |
void | FreeEntity (XrdSecEntity *in) |
Static Private Member Functions | |
static int | GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0) |
static String | GetCApath (const char *cahash) |
static bool | VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf) |
static int | VerifyCRL (XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg) |
static XrdSutCacheEntry * | GetSrvCertEnt (XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal) |
static XrdCryptoX509Crl * | LoadCRL (XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err) |
static int | QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po) |
static int | InitProxy (ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0) |
static void | ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0) |
static XrdSecgsiGMAP_t | LoadGMAPFun (const char *plugin, const char *parms) |
static XrdSecgsiAuthz_t | LoadAuthzFun (const char *plugin, const char *parms, int &fmt) |
static XrdSecgsiVOMS_t | LoadVOMSFun (const char *plugin, const char *parms, int &fmt) |
static void | QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name) |
Private Attributes | |
XrdNetAddrInfo | epAddr |
int | options |
XrdCryptoFactory * | sessionCF |
XrdCryptoCipher * | sessionKey |
XrdSutBucket * | bucketKey |
XrdCryptoMsgDigest * | sessionMD |
XrdCryptoRSA * | sessionKsig |
XrdCryptoRSA * | sessionKver |
X509Chain * | proxyChain |
bool | srvMode |
char * | expectedHost |
bool | useIV |
gsiHSVars * | hs |
Static Private Attributes | |
static XrdSysMutex | gsiContext |
static String | CAdir |
static String | CRLdir |
static String | DefCRLext |
static String | SrvCert |
static String | SrvKey |
static String | UsrProxy |
static String | UsrCert |
static String | UsrKey |
static String | PxyValid |
static int | DepLength |
static int | DefBits |
static int | CACheck |
static int | CRLCheck |
static int | CRLDownload |
static int | CRLRefresh |
static String | DefCrypto |
static String | DefCipher |
static String | DefMD |
static String | DefError |
static String | GMAPFile |
static int | GMAPOpt |
static bool | GMAPuseDNname |
static int | GMAPCacheTimeOut |
static XrdSecgsiGMAP_t | GMAPFun |
static XrdSecgsiAuthz_t | AuthzFun |
static XrdSecgsiAuthzKey_t | AuthzKey |
static int | AuthzCertFmt |
static int | AuthzCacheTimeOut |
static int | PxyReqOpts |
static int | AuthzPxyWhat |
static int | AuthzPxyWhere |
static int | AuthzAlways |
static String | SrvAllowedNames |
static int | VOMSAttrOpt |
static XrdSecgsiVOMS_t | VOMSFun |
static int | VOMSCertFmt |
static int | MonInfoOpt |
static bool | HashCompatibility |
static bool | TrustDNS |
static int | ncrypt |
static XrdCryptoFactory * | cryptF [XrdCryptoMax] |
static int | cryptID [XrdCryptoMax] |
static String | cryptName [XrdCryptoMax] |
static XrdCryptoCipher * | refcip [XrdCryptoMax] |
static XrdSutCache | cacheCA |
static XrdSutCache | cacheCert |
static XrdSutCache | cachePxy |
static XrdSutCache | cacheGMAPFun |
static XrdSutCache | cacheAuthzFun |
static XrdOucGMap * | servGMap |
static GSIStack < XrdCryptoX509Chain > | stackCA |
static GSIStack< XrdCryptoX509Crl > | stackCRL |
static time_t | lastGMAPCheck |
static XrdSysMutex | mutexGMAP |
static int | Debug |
static bool | Server |
static int | TimeSkew |
static XrdSysLogger | Logger |
static XrdSysError | eDest |
static XrdOucTrace * | GSITrace |
Friends | |
class | gsiOptions |
class | gsiHSVars |
XrdSecProtocolgsi::XrdSecProtocolgsi | ( | int | opts, | |
const char * | hname, | |||
XrdNetAddrInfo & | endPoint, | |||
const char * | parms = 0 | |||
) |
virtual XrdSecProtocolgsi::~XrdSecProtocolgsi | ( | ) | [inline, virtual] |
int XrdSecProtocolgsi::AddSerialized | ( | char | opt, | |
kXR_int32 | step, | |||
String | ID, | |||
XrdSutBuffer * | bls, | |||
XrdSutBuffer * | buf, | |||
kXR_int32 | type, | |||
XrdCryptoCipher * | cip | |||
) | [private] |
int XrdSecProtocolgsi::Authenticate | ( | XrdSecCredentials * | cred, | |
XrdSecParameters ** | parms, | |||
XrdOucErrInfo * | einfo = 0 | |||
) | [virtual] |
Authenticate a client.
cred | Credentials supplied by the client. | |
parms | Place where the address of additional authentication data is to be placed for another autrhentication handshake. | |
einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
Implements XrdSecProtocol.
bool XrdSecProtocolgsi::CheckRtag | ( | XrdSutBuffer * | bm, | |
String & | emsg | |||
) | [private] |
bool XrdSecProtocolgsi::CheckTimeStamp | ( | XrdSutBuffer * | b, | |
int | skew, | |||
String & | emsg | |||
) | [private] |
int XrdSecProtocolgsi::ClientDoCert | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
int XrdSecProtocolgsi::ClientDoInit | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
int XrdSecProtocolgsi::ClientDoPxyreq | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
void XrdSecProtocolgsi::CopyEntity | ( | XrdSecEntity * | in, | |
XrdSecEntity * | out, | |||
int * | lout = 0 | |||
) | [private] |
int XrdSecProtocolgsi::Decrypt | ( | const char * | inbuff, | |
int | inlen, | |||
XrdSecBuffer ** | outbuff | |||
) | [virtual] |
Decrypt data in inbuff using the session key.
inbuff | buffer holding data to be decrypted. | |
inlen | length of the data. | |
outbuff | place where a pointer to the decrypted data is placed. |
Reimplemented from XrdSecProtocol.
void XrdSecProtocolgsi::Delete | ( | ) | [virtual] |
Delete the protocol object. DO NOT use C++ delete() on this object.
Implements XrdSecProtocol.
static XrdOucTrace* XrdSecProtocolgsi::EnableTracing | ( | ) | [static] |
int XrdSecProtocolgsi::Encrypt | ( | const char * | inbuff, | |
int | inlen, | |||
XrdSecBuffer ** | outbuff | |||
) | [virtual] |
Encrypt data in inbuff using the session key.
inbuff | buffer holding data to be encrypted. | |
inlen | length of the data. | |
outbuff | place where a pointer to the encrypted data is placed. |
Reimplemented from XrdSecProtocol.
XrdSecCredentials* XrdSecProtocolgsi::ErrC | ( | XrdOucErrInfo * | einfo, | |
XrdSutBuffer * | b1, | |||
XrdSutBuffer * | b2, | |||
XrdSutBuffer * | b3, | |||
kXR_int32 | ecode, | |||
const char * | msg1 = 0 , |
|||
const char * | msg2 = 0 , |
|||
const char * | msg3 = 0 | |||
) | [private] |
static void XrdSecProtocolgsi::ErrF | ( | XrdOucErrInfo * | einfo, | |
kXR_int32 | ecode, | |||
const char * | msg1, | |||
const char * | msg2 = 0 , |
|||
const char * | msg3 = 0 | |||
) | [static, private] |
int XrdSecProtocolgsi::ErrS | ( | String | ID, | |
XrdOucErrInfo * | einfo, | |||
XrdSutBuffer * | b1, | |||
XrdSutBuffer * | b2, | |||
XrdSutBuffer * | b3, | |||
kXR_int32 | ecode, | |||
const char * | msg1 = 0 , |
|||
const char * | msg2 = 0 , |
|||
const char * | msg3 = 0 | |||
) | [private] |
void XrdSecProtocolgsi::FreeEntity | ( | XrdSecEntity * | in | ) | [private] |
static int XrdSecProtocolgsi::GetCA | ( | const char * | cahash, | |
XrdCryptoFactory * | cryptof, | |||
gsiHSVars * | hs = 0 | |||
) | [static, private] |
static String XrdSecProtocolgsi::GetCApath | ( | const char * | cahash | ) | [static, private] |
XrdSecCredentials* XrdSecProtocolgsi::getCredentials | ( | XrdSecParameters * | parm = 0 , |
|
XrdOucErrInfo * | einfo = 0 | |||
) | [virtual] |
Generate client credentials to be used in the authentication process.
parm | Pointer to the information returned by the server either in the initial login response or the authmore response. | |
einfo | The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr. |
Implements XrdSecProtocol.
int XrdSecProtocolgsi::getKey | ( | char * | buff = 0 , |
|
int | size = 0 | |||
) | [virtual] |
Get the current encryption key (i.e. session key)
buff | buffer to hold the key, and may be null. | |
size | size of the buffer. |
Reimplemented from XrdSecProtocol.
static XrdSutCacheEntry* XrdSecProtocolgsi::GetSrvCertEnt | ( | XrdSutCERef & | gcref, | |
XrdCryptoFactory * | cf, | |||
time_t | timestamp, | |||
String & | cal | |||
) | [static, private] |
static char* XrdSecProtocolgsi::Init | ( | gsiOptions | o, | |
XrdOucErrInfo * | erp | |||
) | [static] |
static int XrdSecProtocolgsi::InitProxy | ( | ProxyIn_t * | pi, | |
XrdCryptoFactory * | cf, | |||
X509Chain * | ch = 0 , |
|||
XrdCryptoRSA ** | key = 0 | |||
) | [static, private] |
static XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun | ( | const char * | plugin, | |
const char * | parms, | |||
int & | fmt | |||
) | [static, private] |
static XrdCryptoX509Crl* XrdSecProtocolgsi::LoadCRL | ( | XrdCryptoX509 * | xca, | |
const char * | sjhash, | |||
XrdCryptoFactory * | CF, | |||
int | dwld, | |||
int & | err | |||
) | [static, private] |
static XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun | ( | const char * | plugin, | |
const char * | parms | |||
) | [static, private] |
static XrdSecgsiVOMS_t XrdSecProtocolgsi::LoadVOMSFun | ( | const char * | plugin, | |
const char * | parms, | |||
int & | fmt | |||
) | [static, private] |
int XrdSecProtocolgsi::ParseCAlist | ( | String | calist | ) | [private] |
int XrdSecProtocolgsi::ParseClientInput | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | emsg | |||
) | [private] |
int XrdSecProtocolgsi::ParseCrypto | ( | String | cryptlist | ) | [private] |
int XrdSecProtocolgsi::ParseServerInput | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
static void XrdSecProtocolgsi::QueryGMAP | ( | XrdCryptoX509Chain * | chain, | |
int | now, | |||
String & | name | |||
) | [static, private] |
static int XrdSecProtocolgsi::QueryProxy | ( | bool | checkcache, | |
XrdSutCache * | cache, | |||
const char * | tag, | |||
XrdCryptoFactory * | cf, | |||
time_t | timestamp, | |||
ProxyIn_t * | pi, | |||
ProxyOut_t * | po | |||
) | [static, private] |
bool XrdSecProtocolgsi::ServerCertNameOK | ( | const char * | subject, | |
const char * | hname, | |||
String & | e | |||
) | [private] |
int XrdSecProtocolgsi::ServerDoCert | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
int XrdSecProtocolgsi::ServerDoCertreq | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
int XrdSecProtocolgsi::ServerDoSigpxy | ( | XrdSutBuffer * | br, | |
XrdSutBuffer ** | bm, | |||
String & | cmsg | |||
) | [private] |
int XrdSecProtocolgsi::setKey | ( | char * | buff, | |
int | size | |||
) | [virtual] |
Set the current encryption key
buff | buffer that holds the key. | |
size | size of the key. |
Reimplemented from XrdSecProtocol.
int XrdSecProtocolgsi::Sign | ( | const char * | inbuff, | |
int | inlen, | |||
XrdSecBuffer ** | outbuff | |||
) | [virtual] |
Sign data in inbuff using the session key.
inbuff | buffer holding data to be signed. | |
inlen | length of the data. | |
outbuff | place where a pointer to the signature is placed. |
Reimplemented from XrdSecProtocol.
int XrdSecProtocolgsi::Verify | ( | const char * | inbuff, | |
int | inlen, | |||
const char * | sigbuff, | |||
int | siglen | |||
) | [virtual] |
Verify a signature using the session key.
inbuff | buffer holding data to be verified. | |
inlen | length of the data. | |
sigbuff | pointer to the signature data. | |
siglen | length of the signature data. |
Reimplemented from XrdSecProtocol.
static bool XrdSecProtocolgsi::VerifyCA | ( | int | opt, | |
X509Chain * | cca, | |||
XrdCryptoFactory * | cf | |||
) | [static, private] |
static int XrdSecProtocolgsi::VerifyCRL | ( | XrdCryptoX509Crl * | crl, | |
XrdCryptoX509 * | xca, | |||
XrdOucString | crldir, | |||
XrdCryptoFactory * | CF, | |||
int | hashalg | |||
) | [static, private] |
friend class gsiHSVars [friend] |
friend class gsiOptions [friend] |
int XrdSecProtocolgsi::AuthzAlways [static, private] |
int XrdSecProtocolgsi::AuthzCacheTimeOut [static, private] |
int XrdSecProtocolgsi::AuthzCertFmt [static, private] |
XrdSecgsiAuthz_t XrdSecProtocolgsi::AuthzFun [static, private] |
XrdSecgsiAuthzKey_t XrdSecProtocolgsi::AuthzKey [static, private] |
int XrdSecProtocolgsi::AuthzPxyWhat [static, private] |
int XrdSecProtocolgsi::AuthzPxyWhere [static, private] |
XrdSutBucket* XrdSecProtocolgsi::bucketKey [private] |
XrdSutCache XrdSecProtocolgsi::cacheAuthzFun [static, private] |
XrdSutCache XrdSecProtocolgsi::cacheCA [static, private] |
XrdSutCache XrdSecProtocolgsi::cacheCert [static, private] |
int XrdSecProtocolgsi::CACheck [static, private] |
XrdSutCache XrdSecProtocolgsi::cacheGMAPFun [static, private] |
XrdSutCache XrdSecProtocolgsi::cachePxy [static, private] |
String XrdSecProtocolgsi::CAdir [static, private] |
int XrdSecProtocolgsi::CRLCheck [static, private] |
String XrdSecProtocolgsi::CRLdir [static, private] |
int XrdSecProtocolgsi::CRLDownload [static, private] |
int XrdSecProtocolgsi::CRLRefresh [static, private] |
XrdCryptoFactory* XrdSecProtocolgsi::cryptF[XrdCryptoMax] [static, private] |
int XrdSecProtocolgsi::cryptID[XrdCryptoMax] [static, private] |
String XrdSecProtocolgsi::cryptName[XrdCryptoMax] [static, private] |
int XrdSecProtocolgsi::Debug [static, private] |
int XrdSecProtocolgsi::DefBits [static, private] |
String XrdSecProtocolgsi::DefCipher [static, private] |
String XrdSecProtocolgsi::DefCRLext [static, private] |
String XrdSecProtocolgsi::DefCrypto [static, private] |
String XrdSecProtocolgsi::DefError [static, private] |
String XrdSecProtocolgsi::DefMD [static, private] |
int XrdSecProtocolgsi::DepLength [static, private] |
XrdSysError XrdSecProtocolgsi::eDest [static, private] |
XrdNetAddrInfo XrdSecProtocolgsi::epAddr [private] |
char* XrdSecProtocolgsi::expectedHost [private] |
int XrdSecProtocolgsi::GMAPCacheTimeOut [static, private] |
String XrdSecProtocolgsi::GMAPFile [static, private] |
XrdSecgsiGMAP_t XrdSecProtocolgsi::GMAPFun [static, private] |
int XrdSecProtocolgsi::GMAPOpt [static, private] |
bool XrdSecProtocolgsi::GMAPuseDNname [static, private] |
XrdSysMutex XrdSecProtocolgsi::gsiContext [static, private] |
XrdOucTrace* XrdSecProtocolgsi::GSITrace [static, private] |
bool XrdSecProtocolgsi::HashCompatibility [static, private] |
gsiHSVars* XrdSecProtocolgsi::hs [private] |
time_t XrdSecProtocolgsi::lastGMAPCheck [static, private] |
XrdSysLogger XrdSecProtocolgsi::Logger [static, private] |
int XrdSecProtocolgsi::MonInfoOpt [static, private] |
XrdSysMutex XrdSecProtocolgsi::mutexGMAP [static, private] |
int XrdSecProtocolgsi::ncrypt [static, private] |
int XrdSecProtocolgsi::options [private] |
X509Chain* XrdSecProtocolgsi::proxyChain [private] |
int XrdSecProtocolgsi::PxyReqOpts [static, private] |
String XrdSecProtocolgsi::PxyValid [static, private] |
XrdCryptoCipher* XrdSecProtocolgsi::refcip[XrdCryptoMax] [static, private] |
bool XrdSecProtocolgsi::Server [static, private] |
XrdOucGMap* XrdSecProtocolgsi::servGMap [static, private] |
XrdCryptoFactory* XrdSecProtocolgsi::sessionCF [private] |
XrdCryptoCipher* XrdSecProtocolgsi::sessionKey [private] |
XrdCryptoRSA* XrdSecProtocolgsi::sessionKsig [private] |
XrdCryptoRSA* XrdSecProtocolgsi::sessionKver [private] |
XrdCryptoMsgDigest* XrdSecProtocolgsi::sessionMD [private] |
String XrdSecProtocolgsi::SrvAllowedNames [static, private] |
String XrdSecProtocolgsi::SrvCert [static, private] |
String XrdSecProtocolgsi::SrvKey [static, private] |
bool XrdSecProtocolgsi::srvMode [private] |
GSIStack<XrdCryptoX509Chain> XrdSecProtocolgsi::stackCA [static, private] |
GSIStack<XrdCryptoX509Crl> XrdSecProtocolgsi::stackCRL [static, private] |
Referenced by gsiHSVars::~gsiHSVars().
int XrdSecProtocolgsi::TimeSkew [static, private] |
bool XrdSecProtocolgsi::TrustDNS [static, private] |
bool XrdSecProtocolgsi::useIV [private] |
String XrdSecProtocolgsi::UsrCert [static, private] |
String XrdSecProtocolgsi::UsrKey [static, private] |
String XrdSecProtocolgsi::UsrProxy [static, private] |
int XrdSecProtocolgsi::VOMSAttrOpt [static, private] |
int XrdSecProtocolgsi::VOMSCertFmt [static, private] |
XrdSecgsiVOMS_t XrdSecProtocolgsi::VOMSFun [static, private] |