00001 #ifndef __CRYPTO_SSLX509CRL_H__ 00002 #define __CRYPTO_SSLX509CRL_H__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d C r y p t o s s l X 5 0 9 C r l . h h */ 00006 /* */ 00007 /* (c) 2005 G. Ganis , CERN */ 00008 /* */ 00009 /* This file is part of the XRootD software suite. */ 00010 /* */ 00011 /* XRootD is free software: you can redistribute it and/or modify it under */ 00012 /* the terms of the GNU Lesser General Public License as published by the */ 00013 /* Free Software Foundation, either version 3 of the License, or (at your */ 00014 /* option) any later version. */ 00015 /* */ 00016 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 00017 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 00018 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 00019 /* License for more details. */ 00020 /* */ 00021 /* You should have received a copy of the GNU Lesser General Public License */ 00022 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 00023 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 00024 /* */ 00025 /* The copyright holder's institutional names and contributor's names may not */ 00026 /* be used to endorse or promote products derived from this software without */ 00027 /* specific prior written permission of the institution or contributor. */ 00028 /* */ 00029 /******************************************************************************/ 00030 #include <openssl/x509v3.h> 00031 00032 /* ************************************************************************** */ 00033 /* */ 00034 /* OpenSSL X509 CRL implementation . */ 00035 /* */ 00036 /* ************************************************************************** */ 00037 00038 #include "XrdSut/XrdSutCache.hh" 00039 #include "XrdCrypto/XrdCryptoX509Crl.hh" 00040 00041 // ---------------------------------------------------------------------------// 00042 // 00043 // X509 CRL interface 00044 // Describes one CRL certificate 00045 // 00046 // ---------------------------------------------------------------------------// 00047 00048 class XrdCryptoX509; 00049 00050 class XrdCryptosslX509Crl : public XrdCryptoX509Crl { 00051 public: 00052 00053 XrdCryptosslX509Crl(const char *crlf, int opt = 0); 00054 XrdCryptosslX509Crl(XrdCryptoX509 *cacert); 00055 virtual ~XrdCryptosslX509Crl(); 00056 00057 // Status 00058 bool IsValid() { return (crl != 0); } 00059 00060 // Access underlying data (in opaque form: used in chains) 00061 XrdCryptoX509Crldata Opaque() { return (XrdCryptoX509Crldata)crl; } 00062 00063 // Dump information 00064 void Dump(); 00065 const char *ParentFile() { return (const char *)(srcfile.c_str()); } 00066 00067 // Validity interval 00068 time_t LastUpdate(); // time when last updated 00069 time_t NextUpdate(); // time foreseen for next update 00070 00071 // Issuer of top certificate 00072 const char *Issuer(); 00073 const char *IssuerHash(int); // hash 00074 00075 // Chec certificate revocation 00076 bool IsRevoked(int serialnumber, int when = 0); 00077 bool IsRevoked(const char *sernum, int when = 0); 00078 00079 // Verify signature 00080 bool Verify(XrdCryptoX509 *ref); 00081 00082 private: 00083 X509_CRL *crl; // The CRL object 00084 time_t lastupdate; // time of last update 00085 time_t nextupdate; // time of next update 00086 XrdOucString issuer; // issuer name; 00087 XrdOucString issuerhash; // hash of issuer name (default algorithm); 00088 XrdOucString issueroldhash; // hash of issuer name (md5 algorithm); 00089 XrdOucString srcfile; // source file name, if any; 00090 XrdOucString crluri; // URI from where to get the CRL file, if any; 00091 00092 int nrevoked; // Number of certificates revoked 00093 XrdSutCache cache; // cached infor about revoked certificates 00094 00095 int GetFileType(const char *crlfn); //Determine file type 00096 int LoadCache(); // Load the cache 00097 int Init(const char *crlf); // Init from file 00098 int InitFromURI(const char *uri, const char *hash); // Init from URI 00099 }; 00100 00101 #endif