This file is indexed.

/usr/include/arc/communication/ClientX509Delegation.h is in nordugrid-arc-dev 5.4.2-1build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// -*- indent-tabs-mode: nil -*-

#ifndef __ARC_CLIENTX509DELEGATION_H__
#define __ARC_CLIENTX509DELEGATION_H__

#include <string>
#include <list>

#include <inttypes.h>

#include <arc/ArcConfig.h>
#include <arc/URL.h>
#include <arc/message/MCC_Status.h>
#include <arc/message/PayloadRaw.h>
#include <arc/message/PayloadSOAP.h>
#include <arc/communication/ClientInterface.h>
#include <arc/credential/Credential.h>

namespace Arc {
  //This class is supposed to be run against the generic ARC delegation service
  //to delegate itself's X.509 credential to delegation service; afterwards,
  //other functional clients can access the services which is hosted together
  //with the above delegation service.
  //This class can be used in any client utility, and also the service implementation
  //which needs to interoperate with another service.
  //The purpose of this client (together with the delegation service) is that any
  //intermediate service is able to act on behalf of the user.
  //
  //This class will also be extended to interoperate with other delegation service
  //implementaion such as the gridsite implementation which is used by CREAM service.
  //
  //Also, MyProxy could be looked as a delegation service, which will only used for
  //the first-step delegation (user delegates its credential to client). In this case,
  //ClientX509Delegation will only be used for the client utility, not for the inmediate
  //services.
  //User firstly delegates its credential to MyProxy server (the proxy certificate and
  //related private key will be stored on MyProxy server), then the client (normally it
  //could be the Web Browser) uses the username/password to acquire the proxy credential
  //from MyProxy server.

  enum DelegationType {
    DELEG_ARC, DELEG_GRIDSITE, DELEG_GT4, DELEG_MYPROXY, DELEG_UNKNOWN
  };

  class ClientX509Delegation {
  public:
    /** Constructor creates MCC chain and connects to server.*/
    ClientX509Delegation() : soap_client_(NULL), signer_(NULL) {}
    ClientX509Delegation(const BaseConfig& cfg, const URL& url);
    virtual ~ClientX509Delegation();
    /** Create the delegation credential according to the different remote
     *  delegation service.
     *  This method should be called by holder of EEC(end entity credential)
     *  which would delegate its EEC credential, or by holder of delegated
     *  credential(normally, the holder is intermediate service) which would
     *  further delegate the credential (on behalf of the original EEC's holder)
     *  (for instance, the 'n' intermediate service creates a delegation credential,
     *  then the 'n+1' intermediate service aquires this delegation credential
     *  from the delegation service and also acts on behalf of the EEC's holder
     *  by using this delegation credential).
     *
     *  @param deleg Delegation type
     *  @param delegation_id   For gridsite delegation service, the delegation_id
     *       is supposed to be created by client side, and sent to service side;
     *       for ARC delegation service, the delegation_id is supposed to be created
     *       by service side, and returned back. So for gridsite delegation service,
     *       this parameter is treated as input, while for ARC delegation service,
     *       it is treated as output.
     */
    bool createDelegation(DelegationType deleg, std::string& delegation_id);
    bool destroyDelegation(DelegationType /* deleg */) {
      return false;
    }
    /** Acquire delegation credential from delegation service.
     *  This method should be called by intermediate service ('n+1' service as
     *  explained on above) in order to use this delegation credential on behalf
     *  of the EEC's holder.
     *  @param deleg Delegation type
     *  @param delegation_id  delegation ID which is used to look up the credential
     *                        by delegation service
     *  @param cred_identity  the identity (in case of x509 credential, it is the
     *                        DN of EEC credential).
     *  @param cred_delegator_ip the IP address of the credential delegator. Regard of
     *                           delegation, an intermediate service should accomplish
     *                           three tasks:
     *                           1. Acquire 'n' level delegation credential (which is
     *                             delegated by 'n-1' level delegator) from delegation
     *                             service;
     *                           1. Create 'n+1' level delegation credential to
     *                             delegation service;
     *                           2. Use 'n' level delegation credential to act on behalf
     *                             of the EEC's holder.
     *                           In case of absense of delegation_id, the 'n-1' level
     *                           delegator's IP address and credential's identity are
     *                           supposed to be used for look up the delegation credential
     *                           from delegation service.
     */
    bool acquireDelegation(DelegationType deleg, std::string& delegation_cred, std::string& delegation_id,
                           const std::string cred_identity = "", const std::string cred_delegator_ip = "",
                           const std::string username = "", const std::string password = "");

  private:
    ClientSOAP *soap_client_;
    std::string cert_file_; //if it is proxy certificate, the privkey_file_ should be empty
    std::string privkey_file_;
    std::string proxy_file_;
    std::string trusted_ca_dir_;
    std::string trusted_ca_file_;
    Credential *signer_;
    static Logger logger;
  };

} // namespace Arc

#endif // __ARC_CLIENTX509DELEGATION_H__