private/XrdCrypto/XrdCryptoFactory.hh

0001 #ifndef __CRYPTO_FACTORY_H__
0002 #define __CRYPTO_FACTORY_H__
0003 /******************************************************************************/
0004 /*                                                                            */
0005 /*                 X r d C r y p t o F a c t o r y . h h                      */
0006 /*                                                                            */
0007 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University  */
0008 /*   Produced by Gerri Ganis for CERN                                         */
0009 /*                                                                            */
0010 /* This file is part of the XRootD software suite.                            */
0011 /*                                                                            */
0012 /* XRootD is free software: you can redistribute it and/or modify it under    */
0013 /* the terms of the GNU Lesser General Public License as published by the     */
0014 /* Free Software Foundation, either version 3 of the License, or (at your     */
0015 /* option) any later version.                                                 */
0016 /*                                                                            */
0017 /* XRootD is distributed in the hope that it will be useful, but WITHOUT      */
0018 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or      */
0019 /* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public       */
0020 /* License for more details.                                                  */
0021 /*                                                                            */
0022 /* You should have received a copy of the GNU Lesser General Public License   */
0023 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file  */
0024 /* COPYING (GPL license).  If not, see <http://www.gnu.org/licenses/>.        */
0025 /*                                                                            */
0026 /* The copyright holder's institutional names and contributor's names may not */
0027 /* be used to endorse or promote products derived from this software without  */
0028 /* specific prior written permission of the institution or contributor.       */
0029 /******************************************************************************/
0030
0031 /* ************************************************************************** */
0032 /*                                                                            */
0033 /* Abstract interface for a crypto factory                                    */
0034 /* Allows to plug-in modules based on different crypto implementation         */
0035 /* (OpenSSL, Botan, ...)                                                      */
0036 /*                                                                            */
0037 /* ************************************************************************** */
0038
0039 #include "XrdCrypto/XrdCryptoAux.hh"
0040
0041 #define MAXFACTORYNAMELEN  10
0042 // ---------------------------------------------------------------------------//
0043 //
0044 // Abstract Crypto Factory
0045 //
0046 // ---------------------------------------------------------------------------//
0047
0048 class XrdSutBucket;
0049 class XrdOucString;
0050 class XrdCryptoCipher;
0051 class XrdCryptoMsgDigest;
0052 class XrdCryptoRSA;
0053 class XrdCryptoX509;
0054 class XrdCryptoX509Chain;
0055 class XrdCryptogsiX509Chain;
0056 class XrdCryptoX509Crl;
0057 class XrdCryptoX509Req;
0058 class XrdTlsPeerCerts;
0059
0060 //
0061 // Prototypes for some Utility Functions
0062
0063 // Key derivation function
0064 typedef int (*XrdCryptoKDFunLen_t)();
0065 typedef int (*XrdCryptoKDFun_t)(const char *pass, int plen,
0066                                 const char *salt, int slen,
0067                                 char *key, int klen);
0068
0069 // X509 manipulation: certificate verification
0070 typedef bool (*XrdCryptoX509VerifyCert_t)(XrdCryptoX509 *c, XrdCryptoX509 *r);
0071 // chain verification
0072 typedef bool (*XrdCryptoX509VerifyChain_t)(XrdCryptoX509Chain *chain,
0073                                            int &errcode);
0074 // chain export
0075 typedef XrdSutBucket *(*XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool);
0076
0077 // chain to file
0078 typedef int (*XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *);
0079
0080 // certificates from file parsing
0081 typedef int (*XrdCryptoX509ParseFile_t)(const char *fname,
0082                                         XrdCryptoX509Chain *, const char *);
0083
0084 // certificates from STACK_OF(X509*)
0085 typedef int (*XrdCryptoX509ParseStack_t)(XrdTlsPeerCerts* pc,
0086                                          XrdCryptoX509Chain *c);
0087
0088 // certificates from bucket parsing
0089 typedef int (*XrdCryptoX509ParseBucket_t)(XrdSutBucket *,
0090                                           XrdCryptoX509Chain *);
0091 // Proxies
0092 // The OID of the extension
0093 #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222"
0094 #define gsiProxyCertInfo_OID     "1.3.6.1.5.5.7.1.14"
0095 // check presence of proxyCertInfo extension (RFC 3820)
0096 typedef bool (*XrdCryptoProxyCertInfo_t)(const void *, int &, bool *);
0097 // set path length constraint
0098 typedef void (*XrdCryptoSetPathLenConstraint_t)(void *, int);
0099 // create a proxy certificate
0100 typedef struct {
0101    int   bits;          // Number of bits in the RSA key [2048]
0102    int   valid;         // Duration validity in secs [43200 (12 hours)]
0103    int   depthlen;      // Maximum depth of the path of proxy certificates
0104                         // that can signed by this proxy certificates
0105                         // [-1 (== unlimited)]
0106 } XrdProxyOpt_t;
0107 typedef int (*XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *,
0108                                           XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *);
0109 // create a proxy certificate request
0110 typedef int (*XrdCryptoX509CreateProxyReq_t)(XrdCryptoX509 *,
0111                                              XrdCryptoX509Req **, XrdCryptoRSA **);
0112 // sign a proxy certificate request
0113 typedef int (*XrdCryptoX509SignProxyReq_t)(XrdCryptoX509 *, XrdCryptoRSA *,
0114                                            XrdCryptoX509Req *, XrdCryptoX509 **);
0115 // check consistency of a GSI 3 compliant proxy
0116 typedef int (*XrdCryptoX509CheckProxy3_t)(XrdCryptoX509 *, XrdOucString &);
0117
0118 // get VOMS attributes
0119 typedef int (*XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &);
0120
0121 class XrdCryptoFactory
0122 {
0123 private:
0124    char    name[MAXFACTORYNAMELEN];
0125    int     fID;
0126 public:
0127    XrdCryptoFactory(const char *n = "Unknown", int id = -1);
0128    virtual ~XrdCryptoFactory() { }
0129
0130    // Set trace flags
0131    virtual void SetTrace(kXR_int32 trace);
0132
0133    // Get the factory name
0134    char *Name() const { return (char *)&name[0]; }
0135    int   ID() const { return fID; }
0136
0137    // Get the right factory
0138    static XrdCryptoFactory *GetCryptoFactory(const char *factoryname);
0139
0140    // Any possible notification
0141    virtual void Notify() { }
0142
0143    // Hook to a Key Derivation Function (PBKDF2 when possible)
0144    virtual XrdCryptoKDFunLen_t KDFunLen(); // Length of buffer
0145    virtual XrdCryptoKDFun_t KDFun();
0146
0147    // Cipher constructors
0148    virtual bool SupportedCipher(const char *t);
0149    virtual bool HasPaddingSupport();
0150    virtual XrdCryptoCipher *Cipher(const char *t, int l = 0);
0151    virtual XrdCryptoCipher *Cipher(const char *t, int l, const char *k,
0152                                    int liv, const char *iv);
0153    virtual XrdCryptoCipher *Cipher(XrdSutBucket *b);
0154    virtual XrdCryptoCipher *Cipher(int bits, char *pub, int lpub, const char *t = 0);
0155    virtual XrdCryptoCipher *Cipher(bool padded, int bits, char *pub, int lpub, const char *t);
0156    virtual XrdCryptoCipher *Cipher(const XrdCryptoCipher &c);
0157
0158    // MsgDigest constructors
0159    virtual bool SupportedMsgDigest(const char *dgst);
0160    virtual XrdCryptoMsgDigest *MsgDigest(const char *dgst);
0161
0162    // RSA constructors
0163    virtual XrdCryptoRSA *RSA(int b = 0, int e = 0);
0164    virtual XrdCryptoRSA *RSA(const char *p, int l = 0);
0165    virtual XrdCryptoRSA *RSA(const XrdCryptoRSA &r);
0166
0167    // X509 constructors
0168    virtual XrdCryptoX509 *X509(const char *cf, const char *kf = 0);
0169    virtual XrdCryptoX509 *X509(XrdSutBucket *b);
0170
0171    // X509 CRL constructors
0172    virtual XrdCryptoX509Crl *X509Crl(const char *crlfile, int opt = 0);
0173    virtual XrdCryptoX509Crl *X509Crl(XrdCryptoX509 *cacert);
0174
0175    // X509 REQ constructors
0176    virtual XrdCryptoX509Req *X509Req(XrdSutBucket *bck);
0177
0178    // Hooks to handle X509 certificates
0179    virtual XrdCryptoX509VerifyCert_t X509VerifyCert();
0180    virtual XrdCryptoX509VerifyChain_t X509VerifyChain();
0181    virtual XrdCryptoX509ParseFile_t X509ParseFile();
0182    virtual XrdCryptoX509ParseStack_t X509ParseStack();
0183    virtual XrdCryptoX509ParseBucket_t X509ParseBucket();
0184    virtual XrdCryptoX509ExportChain_t X509ExportChain();
0185    virtual XrdCryptoX509ChainToFile_t X509ChainToFile();
0186
0187    // Hooks to handle X509 proxy certificates
0188    virtual XrdCryptoProxyCertInfo_t ProxyCertInfo();
0189    virtual XrdCryptoSetPathLenConstraint_t SetPathLenConstraint();
0190    virtual XrdCryptoX509CreateProxy_t X509CreateProxy();
0191    virtual XrdCryptoX509CreateProxyReq_t X509CreateProxyReq();
0192    virtual XrdCryptoX509SignProxyReq_t X509SignProxyReq();
0193    virtual XrdCryptoX509CheckProxy3_t X509CheckProxy3();
0194    virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr();
0195
0196    // Equality operator
0197    bool operator==(const XrdCryptoFactory factory);
0198 };
0199 #endif