CernVM-FS  2.9.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
signature::SignatureManager Class Reference

#include <signature.h>

Public Member Functions

 SignatureManager ()
 
void Init ()
 
void Fini ()
 
std::string GetCryptoError ()
 
void UnloadPrivateKey ()
 
void UnloadPublicRsaKeys ()
 
void UnloadPrivateMasterKey ()
 
void UnloadCertificate ()
 
bool LoadPrivateMasterKeyPath (const std::string &file_pem)
 
bool LoadPrivateKeyPath (const std::string &file_pem, const std::string &password)
 
bool LoadCertificatePath (const std::string &file_pem)
 
bool LoadCertificateMem (const unsigned char *buffer, const unsigned buffer_size)
 
bool WriteCertificateMem (unsigned char **buffer, unsigned *buffer_size)
 
bool KeysMatch ()
 
bool VerifyCaChain ()
 
std::string Whois ()
 
shash::Any HashCertificate (const shash::Algorithms hash_algorithm)
 
std::string FingerprintCertificate (const shash::Algorithms hash_algorithm)
 
bool LoadPublicRsaKeys (const std::string &path_list)
 
bool LoadBlacklist (const std::string &path_blacklist, bool append)
 
std::vector< std::string > GetBlacklist ()
 
bool LoadTrustedCaCrl (const std::string &path_list)
 
bool Sign (const unsigned char *buffer, const unsigned buffer_size, unsigned char **signature, unsigned *signature_size)
 
bool SignRsa (const unsigned char *buffer, const unsigned buffer_size, unsigned char **signature, unsigned *signature_size)
 
bool Verify (const unsigned char *buffer, const unsigned buffer_size, const unsigned char *signature, unsigned signature_size)
 
bool VerifyRsa (const unsigned char *buffer, const unsigned buffer_size, const unsigned char *signature, unsigned signature_size)
 
bool VerifyLetter (const unsigned char *buffer, const unsigned buffer_size, const bool by_rsa)
 
bool VerifyPkcs7 (const unsigned char *buffer, const unsigned buffer_size, unsigned char **content, unsigned *content_size, std::vector< std::string > *alt_uris)
 
std::string GetActivePubkeys () const
 
std::string GetPrivateMasterKey ()
 
std::string GetCertificate () const
 
std::string GetPrivateKey ()
 
void GenerateMasterKeyPair ()
 
void GenerateCertificate (const std::string &cn)
 

Static Public Member Functions

static shash::Any MkFromFingerprint (const std::string &fingerprint)
 
static void CutLetter (const unsigned char *buffer, const unsigned buffer_size, const char separator, unsigned *letter_length, unsigned *pos_after_mark)
 

Private Member Functions

RSA * GenerateRsaKeyPair ()
 
std::string GenerateKeyText (RSA *pubkey) const
 
void InitX509Store ()
 

Private Attributes

EVP_PKEY * private_key_
 
RSA * private_master_key_
 
X509 * certificate_
 
std::vector< RSA * > public_keys_
 
pthread_mutex_t lock_blacklist_
 
std::vector< std::string > blacklist_
 
X509_STORE * x509_store_
 
X509_LOOKUP * x509_lookup_
 

Detailed Description

Definition at line 26 of file signature.h.

Constructor & Destructor Documentation

signature::SignatureManager::SignatureManager ( )

Definition at line 69 of file signature.cc.

Here is the call graph for this function:

Member Function Documentation

void signature::SignatureManager::CutLetter ( const unsigned char *  buffer,
const unsigned  buffer_size,
const char  separator,
unsigned *  letter_length,
unsigned *  pos_after_mark 
)
static

Strips a signature from the letter (if exists)

Definition at line 893 of file signature.cc.

Referenced by letter::Letter::Verify().

Here is the caller graph for this function:

string signature::SignatureManager::FingerprintCertificate ( const shash::Algorithms  hash_algorithm)

Returns cryptographic hash from DER encoded certificate, encoded the same way OpenSSL does (01:AB:...). Empty string on failure.

Definition at line 601 of file signature.cc.

Referenced by whitelist::Whitelist::CreateString().

Here is the call graph for this function:

Here is the caller graph for this function:

void signature::SignatureManager::Fini ( )

Definition at line 115 of file signature.cc.

Referenced by publish::Repository(), MountPoint::~MountPoint(), and publish::~Repository().

Here is the caller graph for this function:

void signature::SignatureManager::GenerateCertificate ( const std::string &  cn)

Creates a new RSA key pair (private key) and a self-signed certificate

Definition at line 452 of file signature.cc.

Referenced by publish::CreateKeychain().

Here is the call graph for this function:

Here is the caller graph for this function:

std::string signature::SignatureManager::GenerateKeyText ( RSA *  pubkey) const
private

Definition at line 334 of file signature.cc.

void signature::SignatureManager::GenerateMasterKeyPair ( )

Creates the RSA master key pair for whitelist signing

Definition at line 439 of file signature.cc.

Referenced by publish::CreateKeychain().

Here is the caller graph for this function:

RSA * signature::SignatureManager::GenerateRsaKeyPair ( )
private

Definition at line 418 of file signature.cc.

Here is the call graph for this function:

std::string signature::SignatureManager::GetActivePubkeys ( ) const

Definition at line 357 of file signature.cc.

Referenced by publish::ExportKeychain(), and PubkeysMagicXattr::PrepareValueFenced().

Here is the caller graph for this function:

vector< string > signature::SignatureManager::GetBlacklist ( )

Definition at line 539 of file signature.cc.

Referenced by catalog::ClientCatalogManager::IsRevisionBlacklisted().

Here is the caller graph for this function:

std::string signature::SignatureManager::GetCertificate ( ) const

Definition at line 370 of file signature.cc.

Referenced by publish::ExportKeychain(), and publish::PushCertificate().

Here is the call graph for this function:

Here is the caller graph for this function:

string signature::SignatureManager::GetCryptoError ( )

OpenSSL error strings.

Definition at line 136 of file signature.cc.

std::string signature::SignatureManager::GetPrivateKey ( )

Definition at line 386 of file signature.cc.

Referenced by publish::ExportKeychain().

Here is the call graph for this function:

Here is the caller graph for this function:

std::string signature::SignatureManager::GetPrivateMasterKey ( )

Definition at line 402 of file signature.cc.

Referenced by publish::ExportKeychain().

Here is the call graph for this function:

Here is the caller graph for this function:

shash::Any signature::SignatureManager::HashCertificate ( const shash::Algorithms  hash_algorithm)

Returns cryptographic hash from DER encoded certificate, encoded the same way OpenSSL does (01:AB:...). Empty string on failure.

Definition at line 574 of file signature.cc.

Here is the call graph for this function:

void signature::SignatureManager::Init ( )

Definition at line 109 of file signature.cc.

Referenced by MountPoint::CreateSignatureManager(), and publish::Repository().

Here is the caller graph for this function:

void signature::SignatureManager::InitX509Store ( )
private

Definition at line 80 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::KeysMatch ( )

Checks, whether the loaded certificate and the loaded private key match.

Returns
True, if private key and certificate match, false otherwise.

Definition at line 687 of file signature.cc.

Referenced by publish::Publisher().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::LoadBlacklist ( const std::string &  path_blacklist,
bool  append 
)

Loads a list of blacklisted certificates (fingerprints) from a file.

Definition at line 508 of file signature.cc.

Referenced by MountPoint::CheckBlacklists(), and MountPoint::ReloadBlacklists().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::LoadCertificateMem ( const unsigned char *  buffer,
const unsigned  buffer_size 
)

See the function that loads the certificate from file.

Definition at line 244 of file signature.cc.

Referenced by manifest::DoVerify(), and letter::Letter::Verify().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadCertificatePath ( const std::string &  file_pem)

Loads a certificate. This certificate is used for the following signature verifications

Returns
True on success, false otherwise

Definition at line 217 of file signature.cc.

Referenced by publish::Publisher().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadPrivateKeyPath ( const std::string &  file_pem,
const std::string &  password 
)
Parameters
[in]file_pemFile name of the PEM key file
[in]passwordPassword for the private key. Password is not saved internally, but the private key is.
Returns
True on success, false otherwise

Definition at line 171 of file signature.cc.

Referenced by publish::Publisher().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadPrivateMasterKeyPath ( const std::string &  file_pem)
Parameters
[in]file_pemFile name of the PEM key file
[in]passwordPassword for the private key. Password is not saved internally, but the private key is.
Returns
True on success, false otherwise

Definition at line 153 of file signature.cc.

Referenced by publish::Publisher().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadPublicRsaKeys ( const std::string &  path_list)

Loads a list of public RSA keys separated by ":".

Definition at line 277 of file signature.cc.

Referenced by MountPoint::CreateSignatureManager(), and publish::Repository().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::LoadTrustedCaCrl ( const std::string &  path_list)

Loads CA certificates CRLs from a ":" separated list of paths. The information is used for proper X509 verification. The format of the certificates and CRLs has to be OpenSSL hashed certs. The path can be something like /etc/grid-security/certificates. If path_list is empty, the default path is taken.

Definition at line 552 of file signature.cc.

Referenced by MountPoint::CreateSignatureManager().

Here is the call graph for this function:

Here is the caller graph for this function:

shash::Any signature::SignatureManager::MkFromFingerprint ( const std::string &  fingerprint)
static

Parses a fingerprint from the whitelist

Definition at line 623 of file signature.cc.

Referenced by whitelist::Whitelist::ParseWhitelist(), and whitelist::Whitelist::VerifyLoadedCertificate().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::Sign ( const unsigned char *  buffer,
const unsigned  buffer_size,
unsigned char **  signature,
unsigned *  signature_size 
)

Signs a data block using the loaded private key.

Returns
True on sucess, false otherwise

Definition at line 730 of file signature.cc.

Referenced by publish::PushManifest(), SigningTool::Run(), and letter::Letter::Sign().

Here is the caller graph for this function:

bool signature::SignatureManager::SignRsa ( const unsigned char *  buffer,
const unsigned  buffer_size,
unsigned char **  signature,
unsigned *  signature_size 
)

Signs a data block using the loaded private master key.

Returns
True on sucess, false otherwise

Definition at line 778 of file signature.cc.

Referenced by whitelist::Whitelist::CreateString().

Here is the caller graph for this function:

void signature::SignatureManager::UnloadCertificate ( )

Definition at line 196 of file signature.cc.

void signature::SignatureManager::UnloadPrivateKey ( )

Clears the memory storing the private key.

Definition at line 190 of file signature.cc.

void signature::SignatureManager::UnloadPrivateMasterKey ( )

Clears the memory storing the private RSA master key (whitelist signing).

Definition at line 205 of file signature.cc.

void signature::SignatureManager::UnloadPublicRsaKeys ( )

Definition at line 327 of file signature.cc.

bool signature::SignatureManager::Verify ( const unsigned char *  buffer,
const unsigned  buffer_size,
const unsigned char *  signature,
unsigned  signature_size 
)

Veryfies a signature against loaded certificate.

Returns
True if signature is valid, false on error or otherwise

Definition at line 812 of file signature.cc.

bool signature::SignatureManager::VerifyCaChain ( )

Verifies the currently loaded certificate against the trusted CA chain.

Definition at line 709 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::VerifyLetter ( const unsigned char *  buffer,
const unsigned  buffer_size,
const bool  by_rsa 
)

Checks a document of the form

<hash> <signature>

Definition at line 929 of file signature.cc.

Referenced by manifest::DoVerify(), and letter::Letter::Verify().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::VerifyPkcs7 ( const unsigned char *  buffer,
const unsigned  buffer_size,
unsigned char **  content,
unsigned *  content_size,
std::vector< std::string > *  alt_uris 
)

Verifies a PKCS#7 binary content + signature structure using the loaded trusted CAs/CRLs

Definition at line 970 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::VerifyRsa ( const unsigned char *  buffer,
const unsigned  buffer_size,
const unsigned char *  signature,
unsigned  signature_size 
)

Veryfies a signature against all loaded public keys.

Returns
True if signature is valid with any public key, false on error or otherwise

Definition at line 859 of file signature.cc.

string signature::SignatureManager::Whois ( )
Returns
Some human-readable information about the loaded certificate.

Definition at line 642 of file signature.cc.

bool signature::SignatureManager::WriteCertificateMem ( unsigned char **  buffer,
unsigned *  buffer_size 
)

Definition at line 663 of file signature.cc.

Referenced by letter::Letter::Sign().

Here is the caller graph for this function:

Member Data Documentation

std::vector<std::string> signature::SignatureManager::blacklist_
private

Definition at line 101 of file signature.h.

X509* signature::SignatureManager::certificate_
private

Definition at line 98 of file signature.h.

pthread_mutex_t signature::SignatureManager::lock_blacklist_
private

Definition at line 100 of file signature.h.

EVP_PKEY* signature::SignatureManager::private_key_
private

Definition at line 96 of file signature.h.

RSA* signature::SignatureManager::private_master_key_
private

Definition at line 97 of file signature.h.

std::vector<RSA *> signature::SignatureManager::public_keys_
private

Contains cvmfs public master keys

Definition at line 99 of file signature.h.

X509_LOOKUP* signature::SignatureManager::x509_lookup_
private

Definition at line 103 of file signature.h.

X509_STORE* signature::SignatureManager::x509_store_
private

Definition at line 102 of file signature.h.


The documentation for this class was generated from the following files: