XrdSecProtocolgsi Class Reference

#include <XrdSecProtocolgsi.hh>

Inheritance diagram for XrdSecProtocolgsi:

[legend]

Collaboration diagram for XrdSecProtocolgsi:

[legend]

List of all members.

Public Member Functions
int	Authenticate (XrdSecCredentials *cred, XrdSecParameters **parms, XrdOucErrInfo *einfo=0)
XrdSecCredentials *	getCredentials (XrdSecParameters *parm=0, XrdOucErrInfo *einfo=0)
	XrdSecProtocolgsi (int opts, const char *hname, XrdNetAddrInfo &endPoint, const char *parms=0)
virtual	~XrdSecProtocolgsi ()
void	Delete ()
	Delete the protocol object. DO NOT use C++ delete() on this object.
int	Encrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int	Decrypt (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int	Sign (const char *inbuf, int inlen, XrdSecBuffer **outbuf)
int	Verify (const char *inbuf, int inlen, const char *sigbuf, int siglen)
int	getKey (char *kbuf=0, int klen=0)
int	setKey (char *kbuf, int klen)
Static Public Member Functions
static char *	Init (gsiOptions o, XrdOucErrInfo *erp)
static XrdOucTrace *	EnableTracing ()
Private Member Functions
int	ParseClientInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &emsg)
int	ClientDoInit (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ClientDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ClientDoPxyreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ParseServerInput (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ServerDoCertreq (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ServerDoCert (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ServerDoSigpxy (XrdSutBuffer *br, XrdSutBuffer **bm, String &cmsg)
int	ParseCrypto (String cryptlist)
int	ParseCAlist (String calist)
bool	ServerCertNameOK (const char *subject, const char *hname, String &e)
XrdSecCredentials *	ErrC (XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
int	ErrS (String ID, XrdOucErrInfo *einfo, XrdSutBuffer *b1, XrdSutBuffer *b2, XrdSutBuffer *b3, kXR_int32 ecode, const char *msg1=0, const char *msg2=0, const char *msg3=0)
bool	CheckTimeStamp (XrdSutBuffer *b, int skew, String &emsg)
bool	CheckRtag (XrdSutBuffer *bm, String &emsg)
int	AddSerialized (char opt, kXR_int32 step, String ID, XrdSutBuffer *bls, XrdSutBuffer *buf, kXR_int32 type, XrdCryptoCipher *cip)
void	CopyEntity (XrdSecEntity *in, XrdSecEntity *out, int *lout=0)
void	FreeEntity (XrdSecEntity *in)
int	ExtractVOMS (X509Chain *c, XrdSecEntity &ent)
Static Private Member Functions
static int	GetCA (const char *cahash, XrdCryptoFactory *cryptof, gsiHSVars *hs=0)
static String	GetCApath (const char *cahash)
static bool	VerifyCA (int opt, X509Chain *cca, XrdCryptoFactory *cf)
static int	VerifyCRL (XrdCryptoX509Crl *crl, XrdCryptoX509 *xca, XrdOucString crldir, XrdCryptoFactory *CF, int hashalg)
static XrdSutCacheEntry *	GetSrvCertEnt (XrdSutCERef &gcref, XrdCryptoFactory *cf, time_t timestamp, String &cal)
static XrdCryptoX509Crl *	LoadCRL (XrdCryptoX509 *xca, const char *sjhash, XrdCryptoFactory *CF, int dwld, int &err)
static int	QueryProxy (bool checkcache, XrdSutCache *cache, const char *tag, XrdCryptoFactory *cf, time_t timestamp, ProxyIn_t *pi, ProxyOut_t *po)
static int	InitProxy (ProxyIn_t *pi, XrdCryptoFactory *cf, X509Chain *ch=0, XrdCryptoRSA **key=0)
static void	ErrF (XrdOucErrInfo *einfo, kXR_int32 ecode, const char *msg1, const char *msg2=0, const char *msg3=0)
static XrdSecgsiGMAP_t	LoadGMAPFun (const char *plugin, const char *parms)
static XrdSecgsiAuthz_t	LoadAuthzFun (const char *plugin, const char *parms, int &fmt)
static XrdSecgsiVOMS_t	LoadVOMSFun (const char *plugin, const char *parms, int &fmt)
static void	QueryGMAP (XrdCryptoX509Chain *chain, int now, String &name)
Private Attributes
XrdNetAddrInfo	epAddr
int	options
XrdCryptoFactory *	sessionCF
XrdCryptoCipher *	sessionKey
XrdSutBucket *	bucketKey
XrdCryptoMsgDigest *	sessionMD
XrdCryptoRSA *	sessionKsig
XrdCryptoRSA *	sessionKver
X509Chain *	proxyChain
bool	srvMode
char *	expectedHost
bool	useIV
gsiHSVars *	hs
Static Private Attributes
static XrdSysMutex	gsiContext
static String	CAdir
static String	CRLdir
static String	DefCRLext
static String	SrvCert
static String	SrvKey
static String	UsrProxy
static String	UsrCert
static String	UsrKey
static String	PxyValid
static int	DepLength
static int	DefBits
static int	CACheck
static int	CRLCheck
static int	CRLDownload
static int	CRLRefresh
static String	DefCrypto
static String	DefCipher
static String	DefMD
static String	DefError
static String	GMAPFile
static int	GMAPOpt
static bool	GMAPuseDNname
static int	GMAPCacheTimeOut
static XrdSecgsiGMAP_t	GMAPFun
static XrdSecgsiAuthz_t	AuthzFun
static XrdSecgsiAuthzKey_t	AuthzKey
static int	AuthzCertFmt
static int	AuthzCacheTimeOut
static int	PxyReqOpts
static int	AuthzPxyWhat
static int	AuthzPxyWhere
static String	SrvAllowedNames
static int	VOMSAttrOpt
static XrdSecgsiVOMS_t	VOMSFun
static int	VOMSCertFmt
static int	MonInfoOpt
static bool	HashCompatibility
static bool	TrustDNS
static int	ncrypt
static XrdCryptoFactory *	cryptF [XrdCryptoMax]
static int	cryptID [XrdCryptoMax]
static String	cryptName [XrdCryptoMax]
static XrdCryptoCipher *	refcip [XrdCryptoMax]
static XrdSutCache	cacheCA
static XrdSutCache	cacheCert
static XrdSutCache	cachePxy
static XrdSutCache	cacheGMAPFun
static XrdSutCache	cacheAuthzFun
static XrdOucGMap *	servGMap
static GSIStack < XrdCryptoX509Chain >	stackCA
static GSIStack< XrdCryptoX509Crl >	stackCRL
static time_t	lastGMAPCheck
static XrdSysMutex	mutexGMAP
static int	Debug
static bool	Server
static int	TimeSkew
static XrdSysLogger	Logger
static XrdSysError	eDest
static XrdOucTrace *	GSITrace
Friends
class	gsiOptions
class	gsiHSVars

---

Constructor & Destructor Documentation

XrdSecProtocolgsi::XrdSecProtocolgsi	(	int	opts,
		const char *	hname,
		XrdNetAddrInfo &	endPoint,
		const char *	parms = 0
	)

virtual XrdSecProtocolgsi::~XrdSecProtocolgsi

(

)

[inline, virtual]

---

Member Function Documentation

int XrdSecProtocolgsi::AddSerialized	(	char	opt,
		kXR_int32	step,
		String	ID,
		XrdSutBuffer *	bls,
		XrdSutBuffer *	buf,
		kXR_int32	type,
		XrdCryptoCipher *	cip
	)			[private]

int XrdSecProtocolgsi::Authenticate	(	XrdSecCredentials *	cred,
		XrdSecParameters **	parms,
		XrdOucErrInfo *	einfo = 0
	)			[virtual]

Authenticate a client.

Parameters:

	cred	Credentials supplied by the client.
	parms	Place where the address of additional authentication data is to be placed for another autrhentication handshake.
	einfo	The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.

Returns:

> 0 -> parms present (more authentication needed) = 0 -> Entity present (authentication suceeded) < 0 -> einfo present (error has occured)

Implements XrdSecProtocol.

bool XrdSecProtocolgsi::CheckRtag	(	XrdSutBuffer *	bm,
		String &	emsg
	)			[private]

bool XrdSecProtocolgsi::CheckTimeStamp	(	XrdSutBuffer *	b,
		int	skew,
		String &	emsg
	)			[private]

int XrdSecProtocolgsi::ClientDoCert	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

int XrdSecProtocolgsi::ClientDoInit	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

int XrdSecProtocolgsi::ClientDoPxyreq	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

void XrdSecProtocolgsi::CopyEntity	(	XrdSecEntity *	in,
		XrdSecEntity *	out,
		int *	lout = 0
	)			[private]

int XrdSecProtocolgsi::Decrypt	(	const char *	inbuff,
		int	inlen,
		XrdSecBuffer **	outbuff
	)			[virtual]

Decrypt data in inbuff using the session key.

Parameters:

	inbuff	buffer holding data to be decrypted.
	inlen	length of the data.
	outbuff	place where a pointer to the decrypted data is placed.

Returns:

< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the decrypted data. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

void XrdSecProtocolgsi::Delete

(

)

[virtual]

Delete the protocol object. DO NOT use C++ delete() on this object.

Implements XrdSecProtocol.

static XrdOucTrace* XrdSecProtocolgsi::EnableTracing

(

)

[static]

int XrdSecProtocolgsi::Encrypt	(	const char *	inbuff,
		int	inlen,
		XrdSecBuffer **	outbuff
	)			[virtual]

Encrypt data in inbuff using the session key.

Parameters:

	inbuff	buffer holding data to be encrypted.
	inlen	length of the data.
	outbuff	place where a pointer to the encrypted data is placed.

Returns:

< 0 Failed, the return value is -errno of the reason. Typically, -EINVAL - one or more arguments are invalid. -NOTSUP - encryption not supported by the protocol -ENOENT - Context not innitialized = 0 Success, outbuff contains a pointer to the encrypted data. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

XrdSecCredentials* XrdSecProtocolgsi::ErrC	(	XrdOucErrInfo *	einfo,
		XrdSutBuffer *	b1,
		XrdSutBuffer *	b2,
		XrdSutBuffer *	b3,
		kXR_int32	ecode,
		const char *	msg1 = 0,
		const char *	msg2 = 0,
		const char *	msg3 = 0
	)			[private]

static void XrdSecProtocolgsi::ErrF	(	XrdOucErrInfo *	einfo,
		kXR_int32	ecode,
		const char *	msg1,
		const char *	msg2 = 0,
		const char *	msg3 = 0
	)			[static, private]

int XrdSecProtocolgsi::ErrS	(	String	ID,
		XrdOucErrInfo *	einfo,
		XrdSutBuffer *	b1,
		XrdSutBuffer *	b2,
		XrdSutBuffer *	b3,
		kXR_int32	ecode,
		const char *	msg1 = 0,
		const char *	msg2 = 0,
		const char *	msg3 = 0
	)			[private]

int XrdSecProtocolgsi::ExtractVOMS	(	X509Chain *	c,
		XrdSecEntity &	ent
	)			[private]

void XrdSecProtocolgsi::FreeEntity

(

XrdSecEntity *

in

)

[private]

static int XrdSecProtocolgsi::GetCA	(	const char *	cahash,
		XrdCryptoFactory *	cryptof,
		gsiHSVars *	hs = 0
	)			[static, private]

static String XrdSecProtocolgsi::GetCApath

(

const char *

cahash

)

[static, private]

XrdSecCredentials* XrdSecProtocolgsi::getCredentials	(	XrdSecParameters *	parm = 0,
		XrdOucErrInfo *	einfo = 0
	)			[virtual]

Generate client credentials to be used in the authentication process.

Parameters:

	parm	Pointer to the information returned by the server either in the initial login response or the authmore response.
	einfo	The error information object where error messages should be placed. The messages are returned to the client. Should einfo be null, messages should be written to stderr.

Returns:

Success: Pointer to credentials to sent to the server. The caller is responsible for deleting the object. Failure: Null pointer with einfo, if supplied, containing the reason for the failure.

Implements XrdSecProtocol.

int XrdSecProtocolgsi::getKey	(	char *	buff = 0,
		int	size = 0
	)			[virtual]

Get the current encryption key (i.e. session key)

Parameters:

	buff	buffer to hold the key, and may be null.
	size	size of the buffer.

Returns:

< 0 Failed, returned value if -errno (see Encrypt) >= 0 The size of the encyption key. The supplied buffer of length size hold the key. If the buffer address is supplied, the key is placed in the buffer.

Reimplemented from XrdSecProtocol.

static XrdSutCacheEntry* XrdSecProtocolgsi::GetSrvCertEnt	(	XrdSutCERef &	gcref,
		XrdCryptoFactory *	cf,
		time_t	timestamp,
		String &	cal
	)			[static, private]

static char* XrdSecProtocolgsi::Init	(	gsiOptions	o,
		XrdOucErrInfo *	erp
	)			[static]

static int XrdSecProtocolgsi::InitProxy	(	ProxyIn_t *	pi,
		XrdCryptoFactory *	cf,
		X509Chain *	ch = 0,
		XrdCryptoRSA **	key = 0
	)			[static, private]

static XrdSecgsiAuthz_t XrdSecProtocolgsi::LoadAuthzFun	(	const char *	plugin,
		const char *	parms,
		int &	fmt
	)			[static, private]

static XrdCryptoX509Crl* XrdSecProtocolgsi::LoadCRL	(	XrdCryptoX509 *	xca,
		const char *	sjhash,
		XrdCryptoFactory *	CF,
		int	dwld,
		int &	err
	)			[static, private]

static XrdSecgsiGMAP_t XrdSecProtocolgsi::LoadGMAPFun	(	const char *	plugin,
		const char *	parms
	)			[static, private]

static XrdSecgsiVOMS_t XrdSecProtocolgsi::LoadVOMSFun	(	const char *	plugin,
		const char *	parms,
		int &	fmt
	)			[static, private]

int XrdSecProtocolgsi::ParseCAlist

(

String

calist

)

[private]

int XrdSecProtocolgsi::ParseClientInput	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	emsg
	)			[private]

int XrdSecProtocolgsi::ParseCrypto

(

String

cryptlist

)

[private]

int XrdSecProtocolgsi::ParseServerInput	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

static void XrdSecProtocolgsi::QueryGMAP	(	XrdCryptoX509Chain *	chain,
		int	now,
		String &	name
	)			[static, private]

static int XrdSecProtocolgsi::QueryProxy	(	bool	checkcache,
		XrdSutCache *	cache,
		const char *	tag,
		XrdCryptoFactory *	cf,
		time_t	timestamp,
		ProxyIn_t *	pi,
		ProxyOut_t *	po
	)			[static, private]

bool XrdSecProtocolgsi::ServerCertNameOK	(	const char *	subject,
		const char *	hname,
		String &	e
	)			[private]

int XrdSecProtocolgsi::ServerDoCert	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

int XrdSecProtocolgsi::ServerDoCertreq	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

int XrdSecProtocolgsi::ServerDoSigpxy	(	XrdSutBuffer *	br,
		XrdSutBuffer **	bm,
		String &	cmsg
	)			[private]

int XrdSecProtocolgsi::setKey	(	char *	buff,
		int	size
	)			[virtual]

Set the current encryption key

Parameters:

	buff	buffer that holds the key.
	size	size of the key.

Returns:

: < 0 Failed, returned value if -errno (see Encrypt) = 0 The new key has been set.

Reimplemented from XrdSecProtocol.

int XrdSecProtocolgsi::Sign	(	const char *	inbuff,
		int	inlen,
		XrdSecBuffer **	outbuff
	)			[virtual]

Sign data in inbuff using the session key.

Parameters:

	inbuff	buffer holding data to be signed.
	inlen	length of the data.
	outbuff	place where a pointer to the signature is placed.

Returns:

< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, outbuff contains a pointer to the signature. The caller is responsible for deleting the returned object.

Reimplemented from XrdSecProtocol.

int XrdSecProtocolgsi::Verify	(	const char *	inbuff,
		int	inlen,
		const char *	sigbuff,
		int	siglen
	)			[virtual]

Verify a signature using the session key.

Parameters:

	inbuff	buffer holding data to be verified.
	inlen	length of the data.
	sigbuff	pointer to the signature data.
	siglen	length of the signature data.

Returns:

< 0 Failed,the return value is -errno (see Encrypt). = 0 Success, signature is correct. > 0 Failed to verify, signature does not match inbuff data.

Reimplemented from XrdSecProtocol.

static bool XrdSecProtocolgsi::VerifyCA	(	int	opt,
		X509Chain *	cca,
		XrdCryptoFactory *	cf
	)			[static, private]

static int XrdSecProtocolgsi::VerifyCRL	(	XrdCryptoX509Crl *	crl,
		XrdCryptoX509 *	xca,
		XrdOucString	crldir,
		XrdCryptoFactory *	CF,
		int	hashalg
	)			[static, private]

---

Friends And Related Function Documentation

friend class gsiHSVars [friend]

friend class gsiOptions [friend]

---

Member Data Documentation

int XrdSecProtocolgsi::AuthzCacheTimeOut [static, private]

int XrdSecProtocolgsi::AuthzCertFmt [static, private]

XrdSecgsiAuthz_t XrdSecProtocolgsi::AuthzFun [static, private]

XrdSecgsiAuthzKey_t XrdSecProtocolgsi::AuthzKey [static, private]

int XrdSecProtocolgsi::AuthzPxyWhat [static, private]

int XrdSecProtocolgsi::AuthzPxyWhere [static, private]

XrdSutBucket* XrdSecProtocolgsi::bucketKey [private]

XrdSutCache XrdSecProtocolgsi::cacheAuthzFun [static, private]

XrdSutCache XrdSecProtocolgsi::cacheCA [static, private]

XrdSutCache XrdSecProtocolgsi::cacheCert [static, private]

int XrdSecProtocolgsi::CACheck [static, private]

XrdSutCache XrdSecProtocolgsi::cacheGMAPFun [static, private]

XrdSutCache XrdSecProtocolgsi::cachePxy [static, private]

String XrdSecProtocolgsi::CAdir [static, private]

int XrdSecProtocolgsi::CRLCheck [static, private]

String XrdSecProtocolgsi::CRLdir [static, private]

int XrdSecProtocolgsi::CRLDownload [static, private]

int XrdSecProtocolgsi::CRLRefresh [static, private]

XrdCryptoFactory* XrdSecProtocolgsi::cryptF[XrdCryptoMax] [static, private]

int XrdSecProtocolgsi::cryptID[XrdCryptoMax] [static, private]

String XrdSecProtocolgsi::cryptName[XrdCryptoMax] [static, private]

int XrdSecProtocolgsi::Debug [static, private]

int XrdSecProtocolgsi::DefBits [static, private]

String XrdSecProtocolgsi::DefCipher [static, private]

String XrdSecProtocolgsi::DefCRLext [static, private]

String XrdSecProtocolgsi::DefCrypto [static, private]

String XrdSecProtocolgsi::DefError [static, private]

String XrdSecProtocolgsi::DefMD [static, private]

int XrdSecProtocolgsi::DepLength [static, private]

XrdSysError XrdSecProtocolgsi::eDest [static, private]

XrdNetAddrInfo XrdSecProtocolgsi::epAddr [private]

char* XrdSecProtocolgsi::expectedHost [private]

int XrdSecProtocolgsi::GMAPCacheTimeOut [static, private]

String XrdSecProtocolgsi::GMAPFile [static, private]

XrdSecgsiGMAP_t XrdSecProtocolgsi::GMAPFun [static, private]

int XrdSecProtocolgsi::GMAPOpt [static, private]

bool XrdSecProtocolgsi::GMAPuseDNname [static, private]

XrdSysMutex XrdSecProtocolgsi::gsiContext [static, private]

XrdOucTrace* XrdSecProtocolgsi::GSITrace [static, private]

bool XrdSecProtocolgsi::HashCompatibility [static, private]

gsiHSVars* XrdSecProtocolgsi::hs [private]

time_t XrdSecProtocolgsi::lastGMAPCheck [static, private]

XrdSysLogger XrdSecProtocolgsi::Logger [static, private]

int XrdSecProtocolgsi::MonInfoOpt [static, private]

XrdSysMutex XrdSecProtocolgsi::mutexGMAP [static, private]

int XrdSecProtocolgsi::ncrypt [static, private]

int XrdSecProtocolgsi::options [private]

X509Chain* XrdSecProtocolgsi::proxyChain [private]

int XrdSecProtocolgsi::PxyReqOpts [static, private]

String XrdSecProtocolgsi::PxyValid [static, private]

XrdCryptoCipher* XrdSecProtocolgsi::refcip[XrdCryptoMax] [static, private]

bool XrdSecProtocolgsi::Server [static, private]

XrdOucGMap* XrdSecProtocolgsi::servGMap [static, private]

XrdCryptoFactory* XrdSecProtocolgsi::sessionCF [private]

XrdCryptoCipher* XrdSecProtocolgsi::sessionKey [private]

XrdCryptoRSA* XrdSecProtocolgsi::sessionKsig [private]

XrdCryptoRSA* XrdSecProtocolgsi::sessionKver [private]

XrdCryptoMsgDigest* XrdSecProtocolgsi::sessionMD [private]

String XrdSecProtocolgsi::SrvAllowedNames [static, private]

String XrdSecProtocolgsi::SrvCert [static, private]

String XrdSecProtocolgsi::SrvKey [static, private]

bool XrdSecProtocolgsi::srvMode [private]

GSIStack<XrdCryptoX509Chain> XrdSecProtocolgsi::stackCA [static, private]

GSIStack<XrdCryptoX509Crl> XrdSecProtocolgsi::stackCRL [static, private]

Referenced by gsiHSVars::~gsiHSVars().

int XrdSecProtocolgsi::TimeSkew [static, private]

bool XrdSecProtocolgsi::TrustDNS [static, private]

bool XrdSecProtocolgsi::useIV [private]

String XrdSecProtocolgsi::UsrCert [static, private]

String XrdSecProtocolgsi::UsrKey [static, private]

String XrdSecProtocolgsi::UsrProxy [static, private]

int XrdSecProtocolgsi::VOMSAttrOpt [static, private]

int XrdSecProtocolgsi::VOMSCertFmt [static, private]

XrdSecgsiVOMS_t XrdSecProtocolgsi::VOMSFun [static, private]

---

The documentation for this class was generated from the following file:

• XrdSecProtocolgsi.hh