00001 #ifndef __CRYPTO_GSIX509CHAIN_H__ 00002 #define __CRYPTO_GSIX509CHAIN_H__ 00003 /******************************************************************************/ 00004 /* */ 00005 /* X r d C r y p t o g s i X 5 0 9 C h a i n . h h */ 00006 /* */ 00007 /* (c) 2014 G. Ganis , CERN */ 00008 /* */ 00009 /* This file is part of the XRootD software suite. */ 00010 /* */ 00011 /* XRootD is free software: you can redistribute it and/or modify it under */ 00012 /* the terms of the GNU Lesser General Public License as published by the */ 00013 /* Free Software Foundation, either version 3 of the License, or (at your */ 00014 /* option) any later version. */ 00015 /* */ 00016 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ 00017 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ 00018 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ 00019 /* License for more details. */ 00020 /* */ 00021 /* You should have received a copy of the GNU Lesser General Public License */ 00022 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ 00023 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */ 00024 /* */ 00025 /* The copyright holder's institutional names and contributor's names may not */ 00026 /* be used to endorse or promote products derived from this software without */ 00027 /* specific prior written permission of the institution or contributor. */ 00028 /* */ 00029 /******************************************************************************/ 00030 00031 /* ************************************************************************** */ 00032 /* */ 00033 /* Chain of X509 certificates following GSI policy(ies). */ 00034 /* */ 00035 /* ************************************************************************** */ 00036 00037 #include "XrdCrypto/XrdCryptoX509Chain.hh" 00038 00039 // ---------------------------------------------------------------------------// 00040 // // 00041 // XrdCryptogsiX509Chain (was XrdCryptosslgsiX509Chain) // 00042 // // 00043 // Enforce GSI policies on X509 certificate chains // 00044 // // 00045 // ---------------------------------------------------------------------------// 00046 00047 const int kOptsRfc3820 = 0x1; 00048 00049 class XrdCryptoFactory; 00050 class XrdCryptogsiX509Chain : public XrdCryptoX509Chain { 00051 00052 public: 00053 XrdCryptogsiX509Chain(XrdCryptoX509 *c = 0, 00054 XrdCryptoFactory *f = 0) : XrdCryptoX509Chain(c), cfact(f) { } 00055 XrdCryptogsiX509Chain(XrdCryptogsiX509Chain *c, 00056 XrdCryptoFactory *f = 0) : XrdCryptoX509Chain(c), cfact(f) { } 00057 virtual ~XrdCryptogsiX509Chain() { } 00058 00059 // Verify chain 00060 bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt = 0); 00061 00062 private: 00063 00064 // Proxy naming rules 00065 bool SubjectOK(EX509ChainErr &e, XrdCryptoX509 *xcer); 00066 00067 // Crypto factory 00068 XrdCryptoFactory *cfact; 00069 }; 00070 00071 #endif