Reimplemented from XrdCryptoX509Chain.
Definition at line 45 of file XrdCryptogsiX509Chain.cc.
46{
47
48 EPNAME(
"X509Chain::Verify");
50
51
53 DEBUG(
"Nothing to verify (size: "<<
size<<
")");
54 return 0;
55 }
57
58
59
64 return 0;
65 }
66
67
68
69 int opt = (vopt) ? vopt->
opt : 0;
70 int when = (vopt) ? vopt->
when : (int)time(0);
71 int plen = (vopt) ? vopt->
pathlen : -1;
73
74
75
76 if (plen > -1 && plen <
size) {
80 }
81
82
83
84
91 return 0;
96 return 0;
97 }
98
99
100
101 if (plen > -1)
102 plen -= 1;
103
104
106 xsig = xcer;
107 node = node->Next();
108 xcer = node->Cert();
109 if (!XrdCryptoX509Chain::Verify(errcode, "Sub-CA: ",
110 XrdCryptoX509::kCA,
111 when, xcer, xsig, crl))
112 return 0;
113
114
115 if (plen > -1)
116 plen -= 1;
117 }
118
119
120
122
123
124
127 errcode = kNoEEC;
128 lastError = X509ChainError(errcode);
129 return 0;
130 }
131
132
133
134 xsig = xcer;
139 when, xcer, xsig, crl))
140 return 0;
141
142
143 if (plen > -1)
144 plen -= 1;
145
146
147
149 errcode = kTooManyEEC;
150 lastError = X509ChainError(errcode);
151 return 0;
152 }
153
154
155
156 xsig = xcer;
158 while (node && (plen == -1 || plen > 0)) {
159
160
162
163
164
168 return 0;
169 }
170
171
172 if (!SubjectOK(errcode, xcer))
173 return 0;
174
175
176 int pxplen = -1; bool b;
180 if (!extdata || !cfact || !(cfact && (*(cfact->
ProxyCertInfo()))(extdata, pxplen, &b))) {
184 return 0;
185 }
186 }
187
188 if (plen == -1) {
189 plen = (pxplen > -1) ? pxplen : plen;
190 } else {
191 plen--;
192
193 plen = (pxplen > -1 && pxplen < plen) ? pxplen : plen;
194 }
195
196
199 return 0;
200
201
202 xsig = xcer;
204 }
205
206
207 return 1;
208}
#define gsiProxyCertInfo_OID
#define gsiProxyCertInfo_OLD_OID
const int kOptsCheckSubCA
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
XrdCryptoX509 * Cert() const
XrdCryptoX509ChainNode * Next() const
virtual bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)
XrdCryptoX509ChainNode * begin
const char * X509ChainError(EX509ChainErr e)
virtual XrdCryptoX509data GetExtension(const char *oid)
References XrdCryptoX509Chain::begin, XrdCryptoX509ChainNode::Cert(), x509ChainVerifyOpt_t::crl, DEBUG, XrdCryptoX509Chain::Dump(), EPNAME, XrdCryptoX509::GetExtension(), gsiProxyCertInfo_OID, gsiProxyCertInfo_OLD_OID, XrdCryptoX509Chain::kAbsent, XrdCryptoX509::kCA, XrdCryptoX509::kEEC, XrdCryptoX509Chain::kInconsistent, XrdCryptoX509Chain::kInvalid, XrdCryptoX509Chain::kInvalidProxy, XrdCryptoX509Chain::kMissingExtension, XrdCryptoX509Chain::kNoCA, XrdCryptoX509Chain::kNoEEC, XrdCryptoX509Chain::kNone, kOptsCheckSubCA, kOptsRfc3820, XrdCryptoX509::kProxy, XrdCryptoX509Chain::kTooMany, XrdCryptoX509Chain::kTooManyEEC, XrdCryptoX509::kUnknown, XrdCryptoX509Chain::kUnknown, XrdCryptoX509Chain::kValid, XrdCryptoX509Chain::lastError, XrdCryptoX509ChainNode::Next(), x509ChainVerifyOpt_t::opt, x509ChainVerifyOpt_t::pathlen, XrdCryptoFactory::ProxyCertInfo(), QTRACE, XrdCryptoX509Chain::Reorder(), XrdCryptoX509Chain::size, XrdCryptoX509Chain::statusCA, XrdCryptoX509::type, XrdCryptoX509Chain::Verify(), x509ChainVerifyOpt_t::when, and XrdCryptoX509Chain::X509ChainError().
Referenced by main().