CernVM-FS  2.10.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
signature::SignatureManager Class Reference

#include <signature.h>

Public Types

enum  ESignMethod { kSignManifest, kSignWhitelist }
 

Public Member Functions

 SignatureManager ()
 
void Init ()
 
void Fini ()
 
std::string GetCryptoError ()
 
void UnloadPrivateKey ()
 
void UnloadPublicRsaKeys ()
 
void UnloadPrivateMasterKey ()
 
void UnloadCertificate ()
 
bool LoadPrivateMasterKeyPath (const std::string &file_pem)
 
bool LoadPrivateKeyPath (const std::string &file_pem, const std::string &password)
 
bool LoadPrivateMasterKeyMem (const std::string &key)
 
bool LoadPrivateKeyMem (const std::string &key)
 
bool LoadCertificatePath (const std::string &file_pem)
 
bool LoadCertificateMem (const unsigned char *buffer, const unsigned buffer_size)
 
bool WriteCertificateMem (unsigned char **buffer, unsigned *buffer_size)
 
bool KeysMatch ()
 
bool VerifyCaChain ()
 
std::string Whois ()
 
shash::Any HashCertificate (const shash::Algorithms hash_algorithm)
 
std::string FingerprintCertificate (const shash::Algorithms hash_algorithm)
 
bool LoadPublicRsaKeys (const std::string &path_list)
 
bool LoadBlacklist (const std::string &path_blacklist, bool append)
 
std::vector< std::string > GetBlacklist ()
 
bool LoadTrustedCaCrl (const std::string &path_list)
 
bool Sign (const unsigned char *buffer, const unsigned buffer_size, unsigned char **signature, unsigned *signature_size)
 
bool SignRsa (const unsigned char *buffer, const unsigned buffer_size, unsigned char **signature, unsigned *signature_size)
 
bool Verify (const unsigned char *buffer, const unsigned buffer_size, const unsigned char *signature, unsigned signature_size)
 
bool VerifyRsa (const unsigned char *buffer, const unsigned buffer_size, const unsigned char *signature, unsigned signature_size)
 
bool VerifyLetter (const unsigned char *buffer, const unsigned buffer_size, const bool by_rsa)
 
bool VerifyPkcs7 (const unsigned char *buffer, const unsigned buffer_size, unsigned char **content, unsigned *content_size, std::vector< std::string > *alt_uris)
 
std::string GetActivePubkeys () const
 
std::string GetPrivateMasterKey ()
 
std::string GetCertificate () const
 
std::string GetPrivateKey ()
 
void GenerateMasterKeyPair ()
 
void GenerateCertificate (const std::string &cn)
 

Static Public Member Functions

static shash::Any MkFromFingerprint (const std::string &fingerprint)
 
static void CutLetter (const unsigned char *buffer, const unsigned buffer_size, const char separator, unsigned *letter_length, unsigned *pos_after_mark)
 

Private Member Functions

RSA * GenerateRsaKeyPair ()
 
std::string GenerateKeyText (RSA *pubkey) const
 
void InitX509Store ()
 

Private Attributes

EVP_PKEY * private_key_
 
RSA * private_master_key_
 
X509 * certificate_
 
std::vector< RSA * > public_keys_
 
pthread_mutex_t lock_blacklist_
 
std::vector< std::string > blacklist_
 
X509_STORE * x509_store_
 
X509_LOOKUP * x509_lookup_
 

Detailed Description

Definition at line 29 of file signature.h.

Member Enumeration Documentation

Enumerator
kSignManifest 
kSignWhitelist 

Definition at line 31 of file signature.h.

Constructor & Destructor Documentation

signature::SignatureManager::SignatureManager ( )

Definition at line 69 of file signature.cc.

Here is the call graph for this function:

Member Function Documentation

void signature::SignatureManager::CutLetter ( const unsigned char *  buffer,
const unsigned  buffer_size,
const char  separator,
unsigned *  letter_length,
unsigned *  pos_after_mark 
)
static

Strips a signature from the letter (if exists)

Definition at line 929 of file signature.cc.

Referenced by letter::Letter::Verify().

Here is the caller graph for this function:

string signature::SignatureManager::FingerprintCertificate ( const shash::Algorithms  hash_algorithm)

Returns cryptographic hash from DER encoded certificate, encoded the same way OpenSSL does (01:AB:...). Empty string on failure.

Definition at line 637 of file signature.cc.

Referenced by whitelist::Whitelist::CreateString().

Here is the call graph for this function:

Here is the caller graph for this function:

void signature::SignatureManager::Fini ( )

Definition at line 123 of file signature.cc.

Referenced by publish::Repository(), MountPoint::~MountPoint(), and publish::~Repository().

Here is the caller graph for this function:

void signature::SignatureManager::GenerateCertificate ( const std::string &  cn)

Creates a new RSA key pair (private key) and a self-signed certificate

Definition at line 488 of file signature.cc.

Referenced by publish::CreateKeychain().

Here is the call graph for this function:

Here is the caller graph for this function:

std::string signature::SignatureManager::GenerateKeyText ( RSA *  pubkey) const
private

Definition at line 370 of file signature.cc.

void signature::SignatureManager::GenerateMasterKeyPair ( )

Creates the RSA master key pair for whitelist signing

Definition at line 475 of file signature.cc.

Referenced by publish::CreateKeychain().

Here is the caller graph for this function:

RSA * signature::SignatureManager::GenerateRsaKeyPair ( )
private

Definition at line 454 of file signature.cc.

Here is the call graph for this function:

std::string signature::SignatureManager::GetActivePubkeys ( ) const

Definition at line 393 of file signature.cc.

Referenced by publish::ExportKeychain(), and PubkeysMagicXattr::PrepareValueFenced().

Here is the caller graph for this function:

vector< string > signature::SignatureManager::GetBlacklist ( )

Definition at line 575 of file signature.cc.

Referenced by catalog::ClientCatalogManager::IsRevisionBlacklisted().

Here is the caller graph for this function:

std::string signature::SignatureManager::GetCertificate ( ) const

Definition at line 406 of file signature.cc.

Referenced by publish::ExportKeychain(), and publish::PushCertificate().

Here is the call graph for this function:

Here is the caller graph for this function:

string signature::SignatureManager::GetCryptoError ( )

OpenSSL error strings.

Definition at line 144 of file signature.cc.

std::string signature::SignatureManager::GetPrivateKey ( )

Definition at line 422 of file signature.cc.

Referenced by publish::ExportKeychain().

Here is the call graph for this function:

Here is the caller graph for this function:

std::string signature::SignatureManager::GetPrivateMasterKey ( )

Definition at line 438 of file signature.cc.

Referenced by publish::ExportKeychain().

Here is the call graph for this function:

Here is the caller graph for this function:

shash::Any signature::SignatureManager::HashCertificate ( const shash::Algorithms  hash_algorithm)

Returns cryptographic hash from DER encoded certificate, encoded the same way OpenSSL does (01:AB:...). Empty string on failure.

Definition at line 610 of file signature.cc.

Here is the call graph for this function:

void signature::SignatureManager::Init ( )

Definition at line 117 of file signature.cc.

Referenced by MountPoint::CreateSignatureManager(), and publish::Repository().

Here is the caller graph for this function:

void signature::SignatureManager::InitX509Store ( )
private

Definition at line 88 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::KeysMatch ( )

Checks, whether the loaded certificate and the loaded private key match.

Returns
True, if private key and certificate match, false otherwise.

Definition at line 723 of file signature.cc.

Referenced by publish::Publisher().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::LoadBlacklist ( const std::string &  path_blacklist,
bool  append 
)

Loads a list of blacklisted certificates (fingerprints) from a file.

Definition at line 544 of file signature.cc.

Referenced by MountPoint::CheckBlacklists(), and MountPoint::ReloadBlacklists().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::LoadCertificateMem ( const unsigned char *  buffer,
const unsigned  buffer_size 
)

See the function that loads the certificate from file.

Definition at line 280 of file signature.cc.

Referenced by manifest::DoVerify(), and letter::Letter::Verify().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadCertificatePath ( const std::string &  file_pem)

Loads a certificate. This certificate is used for the following signature verifications

Returns
True on success, false otherwise

Definition at line 253 of file signature.cc.

Referenced by publish::Publisher().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadPrivateKeyMem ( const std::string &  key)

Definition at line 208 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::LoadPrivateKeyPath ( const std::string &  file_pem,
const std::string &  password 
)
Parameters
[in]file_pemFile name of the PEM key file
[in]passwordPassword for the private key. Password is not saved internally, but the private key is.
Returns
True on success, false otherwise

Definition at line 193 of file signature.cc.

Referenced by publish::Publisher().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadPrivateMasterKeyMem ( const std::string &  key)

Definition at line 172 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::LoadPrivateMasterKeyPath ( const std::string &  file_pem)
Parameters
[in]file_pemFile name of the PEM key file
[in]passwordPassword for the private key. Password is not saved internally, but the private key is.
Returns
True on success, false otherwise

Definition at line 161 of file signature.cc.

Referenced by publish::Publisher().

Here is the caller graph for this function:

bool signature::SignatureManager::LoadPublicRsaKeys ( const std::string &  path_list)

Loads a list of public RSA keys separated by ":".

Definition at line 313 of file signature.cc.

Referenced by MountPoint::CreateSignatureManager(), and publish::Repository().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::LoadTrustedCaCrl ( const std::string &  path_list)

Loads CA certificates CRLs from a ":" separated list of paths. The information is used for proper X509 verification. The format of the certificates and CRLs has to be OpenSSL hashed certs. The path can be something like /etc/grid-security/certificates. If path_list is empty, the default path is taken.

Definition at line 588 of file signature.cc.

Referenced by MountPoint::CreateSignatureManager().

Here is the call graph for this function:

Here is the caller graph for this function:

shash::Any signature::SignatureManager::MkFromFingerprint ( const std::string &  fingerprint)
static

Parses a fingerprint from the whitelist

Definition at line 659 of file signature.cc.

Referenced by whitelist::Whitelist::ParseWhitelist(), and whitelist::Whitelist::VerifyLoadedCertificate().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::Sign ( const unsigned char *  buffer,
const unsigned  buffer_size,
unsigned char **  signature,
unsigned *  signature_size 
)

Signs a data block using the loaded private key.

Returns
True on sucess, false otherwise

Definition at line 766 of file signature.cc.

Referenced by publish::PushManifest(), SigningTool::Run(), and letter::Letter::Sign().

Here is the caller graph for this function:

bool signature::SignatureManager::SignRsa ( const unsigned char *  buffer,
const unsigned  buffer_size,
unsigned char **  signature,
unsigned *  signature_size 
)

Signs a data block using the loaded private master key.

Returns
True on sucess, false otherwise

Definition at line 814 of file signature.cc.

Referenced by whitelist::Whitelist::CreateString().

Here is the caller graph for this function:

void signature::SignatureManager::UnloadCertificate ( )

Definition at line 232 of file signature.cc.

void signature::SignatureManager::UnloadPrivateKey ( )

Clears the memory storing the private key.

Definition at line 226 of file signature.cc.

void signature::SignatureManager::UnloadPrivateMasterKey ( )

Clears the memory storing the private RSA master key (whitelist signing).

Definition at line 241 of file signature.cc.

void signature::SignatureManager::UnloadPublicRsaKeys ( )

Definition at line 363 of file signature.cc.

bool signature::SignatureManager::Verify ( const unsigned char *  buffer,
const unsigned  buffer_size,
const unsigned char *  signature,
unsigned  signature_size 
)

Veryfies a signature against loaded certificate.

Returns
True if signature is valid, false on error or otherwise

Definition at line 848 of file signature.cc.

bool signature::SignatureManager::VerifyCaChain ( )

Verifies the currently loaded certificate against the trusted CA chain.

Definition at line 745 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::VerifyLetter ( const unsigned char *  buffer,
const unsigned  buffer_size,
const bool  by_rsa 
)

Checks a document of the form

<hash> <signature>

Definition at line 965 of file signature.cc.

Referenced by manifest::DoVerify(), and letter::Letter::Verify().

Here is the call graph for this function:

Here is the caller graph for this function:

bool signature::SignatureManager::VerifyPkcs7 ( const unsigned char *  buffer,
const unsigned  buffer_size,
unsigned char **  content,
unsigned *  content_size,
std::vector< std::string > *  alt_uris 
)

Verifies a PKCS#7 binary content + signature structure using the loaded trusted CAs/CRLs

Definition at line 1006 of file signature.cc.

Here is the call graph for this function:

bool signature::SignatureManager::VerifyRsa ( const unsigned char *  buffer,
const unsigned  buffer_size,
const unsigned char *  signature,
unsigned  signature_size 
)

Veryfies a signature against all loaded public keys.

Returns
True if signature is valid with any public key, false on error or otherwise

Definition at line 895 of file signature.cc.

string signature::SignatureManager::Whois ( )
Returns
Some human-readable information about the loaded certificate.

Definition at line 678 of file signature.cc.

bool signature::SignatureManager::WriteCertificateMem ( unsigned char **  buffer,
unsigned *  buffer_size 
)

Definition at line 699 of file signature.cc.

Referenced by letter::Letter::Sign().

Here is the caller graph for this function:

Member Data Documentation

std::vector<std::string> signature::SignatureManager::blacklist_
private

Definition at line 108 of file signature.h.

X509* signature::SignatureManager::certificate_
private

Definition at line 105 of file signature.h.

pthread_mutex_t signature::SignatureManager::lock_blacklist_
private

Definition at line 107 of file signature.h.

EVP_PKEY* signature::SignatureManager::private_key_
private

Definition at line 103 of file signature.h.

RSA* signature::SignatureManager::private_master_key_
private

Definition at line 104 of file signature.h.

std::vector<RSA *> signature::SignatureManager::public_keys_
private

Contains cvmfs public master keys

Definition at line 106 of file signature.h.

X509_LOOKUP* signature::SignatureManager::x509_lookup_
private

Definition at line 110 of file signature.h.

X509_STORE* signature::SignatureManager::x509_store_
private

Definition at line 109 of file signature.h.


The documentation for this class was generated from the following files: