/usr/include/arc/credential/CertUtil.h is in nordugrid-arc-dev 5.4.2-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #ifndef __ARC_CERTUTIL_H__
#define __ARC_CERTUTIL_H__
#include <string>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/stack.h>
#include <arc/credential/Proxycertinfo.h>
namespace ArcCredential {
/// Certificate Types
/** \ingroup credential */
typedef enum {
/** A end entity certificate */
CERT_TYPE_EEC,
/** A CA certificate */
CERT_TYPE_CA,
/** A X.509 Proxy Certificate Profile (pre-RFC) compliant impersonation proxy - obsolete */
CERT_TYPE_GSI_3_IMPERSONATION_PROXY,
/** A X.509 Proxy Certificate Profile (pre-RFC) compliant independent proxy - obsolete */
CERT_TYPE_GSI_3_INDEPENDENT_PROXY,
/** A X.509 Proxy Certificate Profile (pre-RFC) compliant limited proxy - obsolete */
CERT_TYPE_GSI_3_LIMITED_PROXY,
/** A X.509 Proxy Certificate Profile (pre-RFC) compliant restricted proxy - obsolete */
CERT_TYPE_GSI_3_RESTRICTED_PROXY,
/** A legacy Globus impersonation proxy - obsolete */
CERT_TYPE_GSI_2_PROXY,
/** A legacy Globus limited impersonation proxy - obsolete */
CERT_TYPE_GSI_2_LIMITED_PROXY,
/** A X.509 Proxy Certificate Profile RFC compliant impersonation proxy; RFC inheritAll proxy */
CERT_TYPE_RFC_IMPERSONATION_PROXY,
/** A X.509 Proxy Certificate Profile RFC compliant independent proxy; RFC independent proxy */
CERT_TYPE_RFC_INDEPENDENT_PROXY,
/** A X.509 Proxy Certificate Profile RFC compliant limited proxy */
CERT_TYPE_RFC_LIMITED_PROXY,
/** A X.509 Proxy Certificate Profile RFC compliant restricted proxy */
CERT_TYPE_RFC_RESTRICTED_PROXY,
/** RFC anyLanguage proxy */
CERT_TYPE_RFC_ANYLANGUAGE_PROXY
} certType;
/** True if certificate type is one of proxy certificates */
#define CERT_IS_PROXY(cert_type) \
(cert_type == CERT_TYPE_RFC_IMPERSONATION_PROXY || \
cert_type == CERT_TYPE_RFC_INDEPENDENT_PROXY || \
cert_type == CERT_TYPE_RFC_LIMITED_PROXY || \
cert_type == CERT_TYPE_RFC_RESTRICTED_PROXY || \
cert_type == CERT_TYPE_RFC_ANYLANGUAGE_PROXY)
/** True if certificate type is one of standard proxy certificates */
#define CERT_IS_RFC_PROXY(cert_type) \
(cert_type == CERT_TYPE_RFC_IMPERSONATION_PROXY || \
cert_type == CERT_TYPE_RFC_INDEPENDENT_PROXY || \
cert_type == CERT_TYPE_RFC_LIMITED_PROXY || \
cert_type == CERT_TYPE_RFC_RESTRICTED_PROXY || \
cert_type == CERT_TYPE_RFC_ANYLANGUAGE_PROXY)
#define CERT_IS_INDEPENDENT_PROXY(cert_type) \
(cert_type == CERT_TYPE_RFC_INDEPENDENT_PROXY)
#define CERT_IS_RESTRICTED_PROXY(cert_type) \
(cert_type == CERT_TYPE_RFC_RESTRICTED_PROXY)
#define CERT_IS_LIMITED_PROXY(cert_type) \
(cert_type == CERT_TYPE_RFC_LIMITED_PROXY)
#define CERT_IS_IMPERSONATION_PROXY(cert_type) \
(cert_type == CERT_TYPE_RFC_IMPERSONATION_PROXY || \
cert_type == CERT_TYPE_RFC_LIMITED_PROXY)
int verify_cert_chain(X509* cert, STACK_OF(X509)** certchain, std::string const& ca_file, std::string const& ca_dir, std::string& proxy_policy);
int collect_cert_chain(X509* cert, STACK_OF(X509)** certchain, std::string& proxy_policy);
bool check_cert_type(X509* cert, certType& type);
const char* certTypeToString(certType type);
}
#endif // __ARC_CERTUTIL_H__
|