char *GRSTx509FindProxyFileName(void);
int GRSTx509MakeProxyCert(char **, FILE *, char *, char *, char *, int);
char *GRSTx509CachedProxyKeyFind(char *, char *, char *);
+int GRSTx509ProxyDestroy(char *, char *, char *);
+int GRSTx509ProxyGetTimes(char *, char *, char *, time_t *, time_t *);
int GRSTx509MakeProxyRequest(char **, char *, char *, char *);
int GRSTx509StringToChain(STACK_OF(X509) **, char *);
char *GRSTx509MakeDelegationID(void);
build: apidoc \
libgridsite.so.$(VERSION) libgridsite.a htcp mod_gridsite.so \
urlencode findproxyfile real-gridsite-admin.cgi gsexec \
- gridsite-copy.cgi # gridsite-delegation.cgi # htproxyput
+ gridsite-copy.cgi
build: libgridsite_globus.so.$(VERSION) libgridsite_globus.a
-I/usr/kerberos/include -lgridsite \
-lssl -lcrypto -lxml2 -lz -lm
-#
-# Delegation machinery, including SOAP delegation portType. To build this
-# you need to install gSOAP and set GSOAPDIR to the directory containing
-# soapcpp2 and stdsoap2.h (unless GSOAPDIR is set already)
-#
-
-ifndef GSOAPDIR
-export GSOAPDIR=/usr/local/
-endif
-
-delegation.wsdl: delegation.h
- ls -lR $(GSOAPDIR)
- $(GSOAPDIR)/bin/soapcpp2 -c delegation.h
-
-libstdsoap2.a: $(GSOAPDIR)/stdsoap2.c
- gcc -g -c -DWITH_OPENSSL $(GSOAPDIR)/stdsoap2.c
- ar src libstdsoap2.a stdsoap2.o
-
-gridsite-delegation.cgi: grst-delegation.c delegation.h delegation.wsdl \
- soapC.c soapServer.c
- gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o gridsite-delegation.cgi \
- grst-delegation.c \
- -I/usr/kerberos/include -I$(GSOAPDIR)/include \
- -DVERSION=\"$(VERSION)\" -L$(GSOAPDIR)/lib \
- soapC.c soapServer.c -lgsoap \
- -lgridsite -lcurl -lz -lssl -lcrypto -lxml2 -lm
-
-htproxyput: htproxyput.c delegation.h delegation.wsdl \
- soapC.c soapServer.c
- gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o htproxyput \
- htproxyput.c \
- -I/usr/kerberos/include \
- -g -DVERSION=\"$(VERSION)\" \
- -I$(GSOAPDIR)/include -DWITH_OPENSSL -L$(GSOAPDIR)/lib \
- soapC.c soapClient.c -lgsoap \
- -lgridsite -lcurl -lz -lssl -lcrypto -lxml2 -lm
-
-proxyput-example: proxyput-example.c delegation.h delegation.wsdl \
- soapC.c soapServer.c
- gcc -g $(MYCFLAGS) $(MYLDFLAGS) -o proxyput-example \
- proxyput-example.c \
- -I/usr/kerberos/include \
- -g -DVERSION=\"$(VERSION)\" \
- -I$(GSOAPDIR) -DWITH_OPENSSL \
- soapC.c soapClient.c libstdsoap2.a \
- -lgridsite -lcurl -lz -lssl -lcrypto -lxml2 -lm
clean:
../gridsite-$(PATCH_VERSION)/interface
cp -f ../VERSION ../README ../LICENSE ../CHANGES ../INSTALL \
../gridsite-$(PATCH_VERSION)
- cp -f Makefile grst*.c htproxyput.c proxyput-example.c htcp.c \
+ cp -f Makefile grst*.c htcp.c \
urlencode.c findproxyfile.c gaclexample.c mod_gridsite.c \
- delegation.h grst_admin.h mod_ssl-private.h \
+ grst_admin.h mod_ssl-private.h \
gsexec.c gsexec.h gridsite-copy.c \
roffit gridsite.spec \
Doxyfile doxygen.css doxyheader.html \
*/
int GRSTx509MakeProxyCert(char **proxychain, FILE *debugfp,
- char *reqtxt, char *cert, char *key, int minutes)
+ char *reqtxt, char *cert, char *key, int minutes)
{
char *ptr, *certchain;
int i, subjAltName_pos, ncerts;
return 0;
}
+/// Destroy stored GSI proxy files
+/**
+ * Returns GRST_RET_OK on success, non-zero otherwise.
+ * (Including GRST_RET_NO_SUCH_FILE if the private key or cert chain
+ * were not found.)
+ */
+
+int GRSTx509ProxyDestroy(char *proxydir, char *delegation_id, char *user_dn)
+{
+ int ret = GRST_RET_OK;
+ char *docroot, *filename, *user_dn_enc;
+
+ if (strcmp(user_dn, "cache") == 0) return GRST_RET_FAILED;
+
+ user_dn_enc = GRSThttpUrlEncode(user_dn);
+
+ /* private key */
+
+ asprintf(&filename, "%s/%s/%s/userkey.pem",
+ proxydir, user_dn_enc, delegation_id);
+
+ if (filename == NULL)
+ {
+ free(user_dn_enc);
+ return GRST_RET_FAILED;
+ }
+
+ if (unlink(filename) != 0) ret = GRST_RET_NO_SUCH_FILE;
+ free(filename);
+
+ /* cert chain */
+
+ asprintf(&filename, "%s/%s/%s/usercert.pem",
+ proxydir, user_dn_enc, delegation_id);
+
+ if (filename == NULL)
+ {
+ free(user_dn_enc);
+ return GRST_RET_FAILED;
+ }
+
+ if (unlink(filename) != 0) ret = GRST_RET_NO_SUCH_FILE;
+ free(filename);
+
+ /* voms file */
+
+ asprintf(&filename, "%s/%s/%s/voms.attributes",
+ proxydir, user_dn_enc, delegation_id);
+
+ if (filename == NULL)
+ {
+ free(user_dn_enc);
+ return GRST_RET_FAILED;
+ }
+
+ unlink(filename);
+ free(filename);
+
+ return ret;
+}
+
+/// Get start and finish validity times of stored GSI proxy file
+/**
+ * Returns GRST_RET_OK on success, non-zero otherwise.
+ * (Including GRST_RET_NO_SUCH_FILE if the cert chain was not found.)
+ */
+
+int GRSTx509ProxyGetTimes(char *proxydir, char *delegation_id, char *user_dn,
+ time_t *start, time_t *finish)
+{
+ char *docroot, *filename, *user_dn_enc;
+ FILE *fp;
+ X509 *cert;
+
+ if (strcmp(user_dn, "cache") == 0) return GRST_RET_FAILED;
+
+ user_dn_enc = GRSThttpUrlEncode(user_dn);
+
+ /* cert chain */
+
+ asprintf(&filename, "%s/%s/%s/usercert.pem",
+ proxydir, user_dn_enc, delegation_id);
+
+ free(user_dn_enc);
+
+ if (filename == NULL) return GRST_RET_FAILED;
+
+ fp = fopen(filename, "r");
+ free(filename);
+
+ if (fp == NULL) return GRST_RET_NO_SUCH_FILE;
+
+ cert = PEM_read_X509(fp, NULL, NULL, NULL);
+
+ fclose(fp);
+
+ *start = GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notBefore(cert)),0);
+ *finish = GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0);
+
+ X509_free(cert);
+
+ return GRST_RET_OK;
+}
+
/// Create a stack of X509 certificate from a PEM-encoded string
/**
* Creates a dynamically allocated stack of X509 certificate objects
+++ /dev/null
-/*
- Copyright (c) 2002-4, Andrew McNab, University of Manchester
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or
- without modification, are permitted provided that the following
- conditions are met:
-
- o Redistributions of source code must retain the above
- copyright notice, this list of conditions and the following
- disclaimer.
- o Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials
- provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*
- Change the hard-coded defaults below to your set up.
-*/
-
-#define LOCALPROXY "/tmp/x509up"
-#define DELEGATIONURL "https://testing.hep.man.ac.uk/gridsite-delegation.cgi"
-#define CAPATH "/etc/grid-security/certificates"
-#define DELEGATIONID "1234567890"
-#define EXPIREMINUTES 60
-
-#ifndef VERSION
-#define VERSION "0.0.0"
-#endif
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <string.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-#include "gridsite.h"
-
-#include "soapH.h"
-#include "delegation.nsmap"
-
-int main(int argc, char *argv[])
-{
- char *reqtxt, *certtxt;
- struct ns__putProxyResponse *unused;
- struct soap soap_get, soap_put;
-
- ERR_load_crypto_strings ();
- OpenSSL_add_all_algorithms();
-
- soap_init(&soap_get);
-
- if (soap_ssl_client_context(&soap_get,
- SOAP_SSL_DEFAULT,
- LOCALPROXY,
- "",
- NULL,
- CAPATH,
- NULL))
- {
- soap_print_fault(&soap_get, stderr);
- return 1;
- }
-
- soap_call_ns__getProxyReq(&soap_get,
- DELEGATIONURL, /* HTTPS url of service */
- "", /* no password on proxy */
- DELEGATIONID,
- &reqtxt);
-
- if (soap_get.error)
- {
- soap_print_fault(&soap_get, stderr);
- return 1;
- }
-
- if (GRSTx509MakeProxyCert(&certtxt, stderr, reqtxt,
- LOCALPROXY, LOCALPROXY, EXPIREMINUTES)
- != GRST_RET_OK)
- {
- return 1;
- }
-
- soap_init(&soap_put);
-
- if (soap_ssl_client_context(&soap_put,
- SOAP_SSL_DEFAULT,
- LOCALPROXY,
- "",
- NULL,
- CAPATH,
- NULL))
- {
- soap_print_fault(&soap_put, stderr);
- return 1;
- }
-
- soap_call_ns__putProxy(&soap_put, DELEGATIONURL, "", DELEGATIONID,
- certtxt, unused);
- if (soap_put.error)
- {
- soap_print_fault(&soap_put, stderr);
- return 1;
- }
-
- return 0;
-}
-
git://scientific.zcu.cz / jra1mw.git / commitdiff