XRootD
Loading...
Searching...
No Matches
XrdSecgsiProxy.cc
Go to the documentation of this file.
1/******************************************************************************/
2/* */
3/* X r d S e c g s i P r o x y . c c */
4/* */
5/* (c) 2005, G. Ganis / CERN */
6/* */
7/* This file is part of the XRootD software suite. */
8/* */
9/* XRootD is free software: you can redistribute it and/or modify it under */
10/* the terms of the GNU Lesser General Public License as published by the */
11/* Free Software Foundation, either version 3 of the License, or (at your */
12/* option) any later version. */
13/* */
14/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
15/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
16/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
17/* License for more details. */
18/* */
19/* You should have received a copy of the GNU Lesser General Public License */
20/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
21/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
22/* */
23/* The copyright holder's institutional names and contributor's names may not */
24/* be used to endorse or promote products derived from this software without */
25/* specific prior written permission of the institution or contributor. */
26/* */
27/******************************************************************************/
28
29/* ************************************************************************** */
30/* */
31/* Manage GSI proxies */
32/* */
33/* ************************************************************************** */
34
35#include <cstdio>
36#include <cstdlib>
37#include <cstring>
38#include <sys/types.h>
39#include <sys/stat.h>
40#include <sys/time.h>
41#include <unistd.h>
42#include <pwd.h>
43#include <ctime>
44
45
48#include "XrdSys/XrdSysError.hh"
49#include "XrdSys/XrdSysPwd.hh"
50
51#include "XrdSut/XrdSutAux.hh"
52
59
61
63
64#define PRT(x) {std::cerr <<x <<std::endl;}
65
66//
67// enum
75const char *gModesStr[] = {
76 "kM_undef",
77 "kM_init",
78 "kM_info",
79 "kM_destroy",
80 "kM_help"
81};
82
83//
84// Prototypes
85//
86void Menu();
87int ParseArguments(int argc, char **argv);
88bool CheckOption(XrdOucString opt, const char *ref, int &ival);
89void Display(XrdCryptoX509 *xp);
90
91//
92// Globals
93//
95bool Debug = 0;
97bool Exists = 0;
104XrdOucString CAdir = "/etc/grid-security/certificates/";
105XrdOucString CRLdir = "/etc/grid-security/certificates/";
106XrdOucString DefEEcert = "/.globus/usercert.pem";
107XrdOucString DefEEkey = "/.globus/userkey.pem";
108XrdOucString DefPXcert = "/tmp/x509up_u";
113int Bits = 2048;
115int ClockSkew = 30;
116// For error logging and tracing
118static XrdSysError eDest(0,"proxy_");
120
121int main( int argc, char **argv )
122{
123 // Test implemented functionality
124 int secValid = 0;
125 XrdProxyOpt_t pxopt;
126 XrdCryptogsiX509Chain *cPXp = 0;
127 XrdCryptoX509 *xPXp = 0, *xPXPp = 0;
128 XrdCryptoRSA *kPXp = 0;
129 int prc = 0;
130 int nci = 0;
131 int exitrc = 0;
132
133 // Parse arguments
134 if (ParseArguments(argc,argv)) {
135 exit(1);
136 }
137
138 //
139 // Initiate error logging and tracing
141 if (!gsiTrace)
142 gsiTrace = new XrdOucTrace(&eDest);
143 if (gsiTrace) {
144 if (Debug)
145 // Medium level
147 }
148 //
149 // Set debug flags in other modules
150 if (Debug) {
153 }
154
155 //
156 // Load the crypto factory
158 PRT(": cannot instantiate factory "<<CryptoMod);
159 exit(1);
160 }
161 if (Debug)
163
164 // Hooks for specific functionality
166 PRT("cannot attach to X509ParseFile function!");
167 exit(1);
168 }
170 PRT("cannot attach to X509CreateProxy function!");
171 exit(1);
172 }
174 PRT("cannot attach to ProxyCertInfo function!");
175 exit(1);
176 }
178 PRT("cannot attach to X509GetVOMSAttr function!");
179 exit(1);
180 }
181
182 //
183 // Depending on the mode
184 switch (Mode) {
185 case kM_help:
186 //
187 // We should not get here ... print the menu and go
188 Menu();
189 break;
190 case kM_init:
191 //
192 // Init proxies
193 secValid = XrdSutParseTime(Valid.c_str(), 1);
194 pxopt.bits = Bits;
195 pxopt.valid = secValid;
196 pxopt.depthlen = PathLength;
197 cPXp = new XrdCryptogsiX509Chain();
198 //
199 // Display info about existing proxies
200 prc = (*CreateProxy)(EEcert.c_str(), EEkey.c_str(), &pxopt,
201 cPXp, &kPXp, PXcert.c_str());
202 if (prc == 0) {
203 // The proxy is the first certificate
204 xPXp = cPXp->Begin();
205 if (xPXp) {
206 Display(xPXp);
207 } else {
208 PRT( ": proxy certificate not found");
209 }
210 } else {
211 PRT( ": problems creating proxy");
212 }
213 break;
214 case kM_destroy:
215 //
216 // Destroy existing proxies
217 if (unlink(PXcert.c_str()) == -1) {
218 perror("xrdgsiproxy");
219 }
220
221 break;
222 case kM_info:
223 //
224 // Display info about existing proxies
225 // Parse the proxy file
226 cPXp = new XrdCryptogsiX509Chain();
227 nci = (*ParseFile)(PXcert.c_str(), cPXp, 0);
228 if (nci < 2) {
229 if (Exists) {
230 exitrc = 1;
231 } else {
232 PRT("proxy files must have at least two certificates"
233 " (found only: "<<nci<<")");
234 }
235 break;
236 }
237 // The proxy is the first certificate
238 xPXp = cPXp->Begin();
239 if (xPXp) {
240 if (!Exists) {
241 Display(xPXp);
242 if (strstr(xPXp->Subject(), "CN=limited proxy")) {
243 xPXPp = cPXp->SearchBySubject(xPXp->Issuer());
244 if (xPXPp) {
245 Display(xPXPp);
246 } else {
247 PRT("WARNING: found 'limited proxy' but not the associated proxy!");
248 }
249 }
250 } else {
251 // Check time validity
252 secValid = XrdSutParseTime(Valid.c_str(), 1);
253 int tl = xPXp->NotAfter() -(int)time(0);
254 if (Debug)
255 PRT("secValid: " << secValid<< ", tl: "<<tl<<", ClockSkew:"<<ClockSkew);
256 if (secValid > tl + ClockSkew) {
257 exitrc = 1;
258 break;
259 }
260 // Check bit strenght
261 if (Debug)
262 PRT("BitStrength: " << xPXp->BitStrength()<< ", Bits: "<<Bits);
263 if (xPXp->BitStrength() < Bits) {
264 exitrc = 1;
265 break;
266 }
267 }
268 } else {
269 if (Exists) {
270 exitrc = 1;
271 } else {
272 PRT( ": proxy certificate not found");
273 }
274 }
275 break;
276 default:
277 //
278 // Print menu
279 Menu();
280 }
281
282 exit(exitrc);
283}
284
285int ParseArguments(int argc, char **argv)
286{
287 // Parse application arguments filling relevant global variables
288
289 // Number of arguments
290 if (argc < 0 || !argv[0]) {
291 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
292 PRT("+ Insufficient number or arguments! +");
293 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
294 // Print main menu
295 Menu();
296 return 1;
297 }
298 --argc;
299 ++argv;
300
301 //
302 // Loop over arguments
303 while ((argc >= 0) && (*argv)) {
304
305 XrdOucString opt = "";
306 int ival = -1;
307 if(*(argv)[0] == '-') {
308
309 opt = *argv;
310 opt.erase(0,1);
311 if (CheckOption(opt,"h",ival) || CheckOption(opt,"help",ival) ||
312 CheckOption(opt,"menu",ival)) {
313 Mode = kM_help;
314 } else if (CheckOption(opt,"debug",ival)) {
315 Debug = ival;
316 } else if (CheckOption(opt,"e",ival)) {
317 Exists = 1;
318 } else if (CheckOption(opt,"exists",ival)) {
319 Exists = 1;
320 } else if (CheckOption(opt,"f",ival)) {
321 --argc;
322 ++argv;
323 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
324 PXcert = *argv;
325 } else {
326 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
327 PRT("+ Option '-f' requires a proxy file name: ignoring +");
328 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
329 argc++;
330 argv--;
331 }
332 } else if (CheckOption(opt,"file",ival)) {
333 --argc;
334 ++argv;
335 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
336 PXcert = *argv;
337 } else {
338 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
339 PRT("+ Option '-file' requires a proxy file name: ignoring +");
340 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
341 argc++;
342 argv--;
343 }
344 } else if (CheckOption(opt,"out",ival)) {
345 --argc;
346 ++argv;
347 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
348 PXcert = *argv;
349 } else {
350 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
351 PRT("+ Option '-out' requires a proxy file name: ignoring +");
352 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
353 argc++;
354 argv--;
355 }
356 } else if (CheckOption(opt,"cert",ival)) {
357 --argc;
358 ++argv;
359 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
360 EEcert = *argv;
361 } else {
362 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
363 PRT("+ Option '-cert' requires a cert file name: ignoring +");
364 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
365 argc++;
366 argv--;
367 }
368 } else if (CheckOption(opt,"key",ival)) {
369 --argc;
370 ++argv;
371 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
372 EEkey = *argv;
373 } else {
374 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
375 PRT("+ Option '-key' requires a key file name: ignoring +");
376 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
377 argc++;
378 argv--;
379 }
380 } else if (CheckOption(opt,"certdir",ival)) {
381 --argc;
382 ++argv;
383 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
384 CAdir = *argv;
385 } else {
386 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
387 PRT("+ Option '-certdir' requires a dir path: ignoring +");
388 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
389 argc++;
390 argv--;
391 }
392 } else if (CheckOption(opt,"valid",ival)) {
393 --argc;
394 ++argv;
395 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
396 Valid = *argv;
397 } else {
398 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
399 PRT("+ Option '-valid' requires a time string: ignoring +");
400 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
401 argc++;
402 argv--;
403 }
404 } else if (CheckOption(opt,"path-length",ival)) {
405 --argc;
406 ++argv;
407 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
408 PathLength = strtol(*argv,0,10);
409 if (PathLength < -1 || errno == ERANGE) {
410 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
411 PRT("+ Option '-path-length' requires a number >= -1: ignoring +");
412 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
413 argc++;
414 argv--;
415 }
416 } else {
417 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
418 PRT("+ Option '-path-length' requires a number >= -1: ignoring +");
419 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
420 argc++;
421 argv--;
422 }
423 } else if (CheckOption(opt,"bits",ival)) {
424 --argc;
425 ++argv;
426 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
427 Bits = strtol(*argv, 0, 10);
428 Bits = (Bits > 2048) ? Bits : 2048;
429 if (errno == ERANGE) {
430 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
431 PRT("+ Option '-bits' requires a number: ignoring +");
432 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
433 argc++;
434 argv--;
435 }
436 } else {
437 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
438 PRT("+ Option '-bits' requires a number: ignoring +");
439 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
440 argc++;
441 argv--;
442 }
443 } else if (CheckOption(opt,"clockskew",ival)) {
444 --argc;
445 ++argv;
446 if (argc >= 0 && (*argv && *(argv)[0] != '-')) {
447 ClockSkew = strtol(*argv, 0, 10);
448 if (ClockSkew < -1 || errno == ERANGE) {
449 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
450 PRT("+ Option '-clockskew' requires a number >= -1: ignoring +");
451 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
452 argc++;
453 argv--;
454 }
455 } else {
456 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
457 PRT("+ Option '-clockskew' requires a number >= -1: ignoring +");
458 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
459 argc++;
460 argv--;
461 }
462 } else if (CheckOption(opt,"extensions",ival)) {
463 DumpExtensions = 1;
464 } else {
465 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
466 PRT("+ Ignoring unrecognized option: "<<*argv);
467 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
468 }
469
470 } else {
471 //
472 // Mode keyword
473 opt = *argv;
474 if (CheckOption(opt,"init",ival)) {
475 Mode = kM_init;
476 } else if (CheckOption(opt,"info",ival)) {
477 Mode = kM_info;
478 } else if (CheckOption(opt,"destroy",ival)) {
480 } else if (CheckOption(opt,"help",ival)) {
481 Mode = kM_help;
482 } else {
483 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
484 PRT("+ Ignoring unrecognized keyword mode: "<<opt.c_str());
485 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
486 }
487 }
488 --argc;
489 ++argv;
490 }
491
492 //
493 // Default mode 'info'
494 Mode = (Mode == 0) ? kM_info : Mode;
495
496 //
497 // If help mode, print menu and exit
498 if (Mode == kM_help) {
499 // Print main menu
500 Menu();
501 return 1;
502 }
503
504 //
505 // we may need later
506 struct passwd *pw = 0;
507 XrdSysPwd thePwd;
508
509 //
510 // Check proxy file
511 if (PXcert.length() <= 0) {
512 // Use defaults
513 if (!pw && !(pw = thePwd.Get(getuid()))) {
514 // Cannot get info about current user
515 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
516 PRT("+ Cannot get info about current user - exit ");
517 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
518 return 1;
519 }
520 // Build proxy file name
521 PXcert = DefPXcert + (int)(pw->pw_uid);
522 }
523 //
524 // Expand Path
526 // Get info
527 struct stat st;
528 if (stat(PXcert.c_str(),&st) != 0) {
529 if (errno != ENOENT) {
530 // Path exists but we cannot access it - exit
531 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
532 PRT("+ Cannot access requested proxy file: "<<PXcert.c_str());
533 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
534 return 1;
535 } else {
536 if (Mode != kM_init) {
537 // Path exists but we cannot access it - exit
538 if (!Exists) {
539 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
540 PRT("+ proxy file: "<<PXcert.c_str()<<" not found");
541 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
542 }
543 return 1;
544 }
545 }
546 }
547
548 //
549 // The following applies in 'init' mode only
550 if (Mode == kM_init) {
551 //
552 // Check certificate file
553 if (EEcert.length()) {
554 //
555 // Expand Path
557 // Get info
558 if (stat(EEcert.c_str(),&st) != 0) {
559 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
560 PRT("+ Cannot access certificate file: "<<EEcert.c_str());
561 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
562 return 1;
563 }
564 } else {
565 // Use defaults
566 if (!pw && !(pw = thePwd.Get(getuid()))) {
567 // Cannot get info about current user
568 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
569 PRT("+ Cannot get info about current user - exit ");
570 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
571 return 1;
572 }
575 if (stat(EEcert.c_str(),&st) != 0) {
576 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
577 PRT("+ Cannot access certificate file: "<<EEcert.c_str());
578 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
579 return 1;
580 }
581 }
582 //
583 // Check key file
584 if (EEkey.length()) {
585 //
586 // Expand Path
588 // Get info
589 if (stat(EEkey.c_str(),&st) != 0) {
590 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
591 PRT("+ Cannot access private key file: "<<EEkey.c_str());
592 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
593 return 1;
594 }
595 } else {
596 // Use defaults
597 if (!pw && !(pw = thePwd.Get(getuid()))) {
598 // Cannot get info about current user
599 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
600 PRT("+ Cannot get info about current user - exit ");
601 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
602 return 1;
603 }
604 EEkey = DefEEkey;
605 EEkey.insert(XrdSutHome(), 0);
606 if (stat(EEkey.c_str(),&st) != 0) {
607 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
608 PRT("+ Cannot access private key file: "<<EEkey.c_str());
609 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
610 return 1;
611 }
612 }
613 // Check permissions
614 if (!S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) ||
615 (st.st_mode & (S_IWGRP | S_IWOTH)) != 0 ||
616 (st.st_mode & (S_IRGRP | S_IROTH)) != 0) {
617 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
618 PRT("+ Wrong permissions for file: "<<EEkey.c_str()<< " (should be 0600)");
619 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
620 return 1;
621 }
622 }
623
624 return 0;
625}
626
627
628
629void Menu()
630{
631 // Print the menu
632
633 PRT(" ");
634 PRT(" xrdgsiproxy: application to manage GSI proxies ");
635 PRT(" ");
636 PRT(" Syntax:");
637 PRT(" ");
638 PRT(" xrdgsiproxy [-h] [<mode>] [options] ");
639 PRT(" ");
640 PRT(" ");
641 PRT(" -h display this menu");
642 PRT(" ");
643 PRT(" mode (info, init, destroy) [info]");
644 PRT(" ");
645 PRT(" info: display content of existing proxy file");
646 PRT(" ");
647 PRT(" init: create proxy certificate and related proxy file");
648 PRT(" ");
649 PRT(" destroy: delete existing proxy file");
650 PRT(" ");
651 PRT(" options:");
652 PRT(" ");
653 PRT(" -debug Print more information while running this"
654 " query (use if something goes wrong) ");
655 PRT(" ");
656 PRT(" -f,-file,-out <file> Non-standard location of proxy file");
657 PRT(" ");
658 PRT(" init mode only:");
659 PRT(" ");
660 PRT(" -certdir <dir> Non-standard location of directory"
661 " with information about known CAs");
662 PRT(" -cert <file> Non-standard location of certificate"
663 " for which proxies are wanted");
664 PRT(" -key <file> Non-standard location of the private"
665 " key to be used to sign the proxy");
666 PRT(" -bits <bits> strength in bits of the key [2048]");
667 PRT(" -valid <hh:mm> Time validity of the proxy certificate [12:00]");
668 PRT(" -path-length <len> max number of descendent levels below"
669 " this proxy [0] ");
670 PRT(" -e,-exists [options] returns 0 if valid proxy exists, 1 otherwise;");
671 PRT(" valid options: '-valid <hh:mm>', -bits <bits>");
672 PRT(" -clockskew <secs> max clock-skewness allowed when checking time validity [30 secs]");
673 PRT(" -extensions low-level dump of certificate extensions");
674 PRT(" ");
675}
676
677bool CheckOption(XrdOucString opt, const char *ref, int &ival)
678{
679 // Check opt against ref
680 // Return 1 if ok, 0 if not
681 // Fills ival = 1 if match is exact
682 // ival = 0 if match is exact with no<ref>
683 // ival = -1 in the other cases
684 bool rc = 0;
685
686 int lref = (ref) ? strlen(ref) : 0;
687 if (!lref)
688 return rc;
689 XrdOucString noref = ref;
690 noref.insert("no",0);
691
692 ival = -1;
693 if (opt == ref) {
694 ival = 1;
695 rc = 1;
696 } else if (opt == noref) {
697 ival = 0;
698 rc = 1;
699 }
700
701 return rc;
702}
703
705{
706 // display content of proxy certificate
707
708 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
709 if (!xp) {
710 PRT(" Empty certificate! ");
711 return;
712 }
713
714 // File
715 PRT("file : "<<PXcert);
716 // Type
717 if (xp->type != XrdCryptoX509::kProxy) {
718 PRT("type : "<<xp->Type());
719 } else {
720 PRT("type : "<<xp->Type()<<" ("<<xp->ProxyType()<<")");
721 }
722
723 // Issuer
724 PRT("issuer : "<<xp->Issuer());
725 // Subject
726 PRT("subject : "<<xp->Subject());
727 // Path length field
728 int pathlen = 0; bool b;
730 (*ProxyCertInfo)(xp->GetExtension(gsiProxyCertInfo_OID), pathlen, &b);
731 else
733 PRT("path length : "<<pathlen);
734 // Key strength
735 PRT("bits : "<<xp->BitStrength());
736 // Time left
737 int now = int(time(0)) - XrdCryptoTZCorr();
738 int tl = xp->NotAfter() - now;
739 int hh = (tl >= 3600) ? (tl/3600) : 0; tl -= (hh*3600);
740 int mm = (tl >= 60) ? (tl/60) : 0; tl -= (mm*60);
741 int ss = (tl >= 0) ? tl : 0;
742 PRT("time left : "<<hh<<"h:"<<mm<<"m:"<<ss<<"s");
743 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
744 // Show VOMS attributes, if any
745 XrdOucString vatts, vat;
746 if ((*GetVOMSAttr)(xp, vatts) == 0) {
747 int from = 0;
748 while ((from = vatts.tokenize(vat, from, ',')) != -1) {
749 if (vat.length() > 0) PRT("VOMS attributes: "<<vat);
750 }
751 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
752 }
753 // Dump extensions if requested
754 if (DumpExtensions) {
756 xp->DumpExtensions(0);
757 PRT("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++");
758 }
759}
void Display()
Definition XrdCks.cc:56
#define TRACE_Debug
void XrdCryptoSetTrace(kXR_int32 trace)
time_t XrdCryptoTZCorr()
#define cryptoTRACE_Debug
#define gsiProxyCertInfo_OID
int(* XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
int(* XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &)
int(* XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *, const char *)
bool(* XrdCryptoProxyCertInfo_t)(const void *, int &, bool *)
#define gsiProxyCertInfo_OLD_OID
#define unlink(a)
Definition XrdPosix.hh:113
#define stat(a, b)
Definition XrdPosix.hh:101
#define TRACE_Authen
XrdCryptoProxyCertInfo_t ProxyCertInfo
bool CheckOption(XrdOucString opt, const char *ref, int &ival)
bool DumpExtensions
int Bits
XrdCryptoX509ParseFile_t ParseFile
XrdOucString CAdir
int main(int argc, char **argv)
int Mode
const char * gModesStr[]
static XrdSysError eDest(0,"proxy_")
@ kM_destroy
@ kM_undef
@ kM_info
@ kM_help
@ kM_init
XrdCryptoX509GetVOMSAttr_t GetVOMSAttr
int PathLength
XrdOucString Valid
XrdOucString PXcert
XrdOucString CRLdir
static XrdSysLogger Logger
#define PRT(x)
XrdCryptoFactory * gCryptoFactory
XrdCryptoX509CreateProxy_t CreateProxy
int ClockSkew
bool Debug
int ParseArguments(int argc, char **argv)
XrdOucTrace * gsiTrace
XrdOucString DefPXcert
bool Exists
XrdOucString CryptoMod
XrdOucString DefEEcert
XrdOucString EEcert
XrdOucString DefEEkey
XrdOucString EEkey
void Menu()
int XrdSutParseTime(const char *tstr, int opt)
Definition XrdSutAux.cc:534
int XrdSutExpand(XrdOucString &path)
Definition XrdSutAux.cc:360
const char * XrdSutHome()
Definition XrdSutAux.cc:459
void XrdSutSetTrace(kXR_int32 trace)
Definition XrdSutAux.cc:93
#define sutTRACE_Debug
Definition XrdSutAux.hh:99
virtual void SetTrace(kXR_int32 trace)
virtual XrdCryptoX509ParseFile_t X509ParseFile()
virtual XrdCryptoX509CreateProxy_t X509CreateProxy()
virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
static XrdCryptoFactory * GetCryptoFactory(const char *factoryname)
XrdCryptoX509 * Begin()
XrdCryptoX509 * SearchBySubject(const char *subject, ESearchMode mode=kExact)
virtual XrdCryptoX509data GetExtension(const char *oid)
virtual int BitStrength()
virtual const char * Subject()
virtual int DumpExtensions(bool=0)
const char * Type(EX509Type t=kUnknown) const
virtual const char * ProxyType() const
virtual const char * Issuer()
virtual time_t NotAfter()
void insert(const int i, int start=-1)
int erase(int start=0, int size=0)
int length() const
int tokenize(XrdOucString &tok, int from, char del=':')
const char * c_str() const
XrdSysLogger * logger(XrdSysLogger *lp=0)
struct passwd * Get(const char *Usr)
Definition XrdSysPwd.hh:42