From: Marcel Poul Date: Tue, 31 Jan 2012 15:09:38 +0000 (+0000) Subject: canl_cred_save_proxyfile() - save proxy into the file (proxy,key,chain) X-Git-Tag: glite-jobid-api-c_R_2_1_0_2~18 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=841e17585ae9cbae95a7e816be509317b23dcbbf;p=jra1mw.git canl_cred_save_proxyfile() - save proxy into the file (proxy,key,chain) --- diff --git a/emi.canl.canl-c/src/canl_cert.c b/emi.canl.canl-c/src/canl_cert.c index ebbbceb..057311f 100644 --- a/emi.canl.canl-c/src/canl_cert.c +++ b/emi.canl.canl-c/src/canl_cert.c @@ -105,7 +105,7 @@ int set_key_file(glb_ctx *cc, EVP_PKEY **to, const char *key) *to = PEM_read_PrivateKey(key_file, NULL, NULL, NULL); if (!(*to)) { ssl_err = ERR_peek_error(); - set_error(cc, ssl_err, SSL_ERROR, "error while writing key to context"); + err = set_error(cc, ssl_err, SSL_ERROR, "error while writing key to context"); goto end; } if (fclose(key_file)){ @@ -120,7 +120,7 @@ end: err = errno; update_error(cc, errno, POSIX_ERROR, "cannot close file with key"); } - return 1; + return err; } int set_cert_file(glb_ctx *cc, X509 **to, const char *cert) @@ -146,7 +146,7 @@ int set_cert_file(glb_ctx *cc, X509 **to, const char *cert) *to = PEM_read_X509(cert_file, NULL, NULL, NULL); if (!(*to)) { ssl_err = ERR_get_error(); - set_error(cc, ssl_err, SSL_ERROR, "error while writing certificate" + err = set_error(cc, ssl_err, SSL_ERROR, "error while writing certificate" " to context"); goto end; } @@ -163,7 +163,7 @@ end: err = errno; update_error(cc, errno, POSIX_ERROR, "cannot close file with certificate"); } - return 1; + return err; } int set_cert_chain_file(glb_ctx *cc, STACK_OF(X509) **to, const char *file) diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c index 22ba64a..f0cf84b 100644 --- a/emi.canl.canl-c/src/canl_cred.c +++ b/emi.canl.canl-c/src/canl_cred.c @@ -360,8 +360,76 @@ canl_cred_sign_proxy(canl_ctx ctx, canl_cred signer_cred, canl_cred proxy_cred) canl_err_code CANL_CALLCONV canl_cred_save_proxyfile(canl_ctx ctx, canl_cred cred, const char *proxy_file) -{ - return ENOSYS; +{ + glb_ctx *cc = (glb_ctx*) ctx; + creds *crd = (creds*) cred; + FILE *cert_file = NULL; + int ret = 0; + unsigned long ssl_err = 0; + X509 *cert_from_chain = NULL; + + if (!ctx) + return EINVAL; + + if (!cred) + return set_error(cc, EINVAL, POSIX_ERROR, "Cred. handler" + " not initialized" ); + if (!proxy_file) + return set_error(cc, EINVAL, POSIX_ERROR, "Invalid proxy file name"); + + cert_file = fopen(proxy_file, "wb"); + if (!cert_file) { + ret = errno; + set_error(cc, ret, POSIX_ERROR, "cannot open file with cert"); + return ret; + } + + ERR_clear_error(); + + /*new cert + priv key + chain*/ + ret = PEM_write_X509(cert_file, crd->c_cert); + if (!ret) { + ssl_err = ERR_get_error(); + ret = set_error(cc, ssl_err, SSL_ERROR, "Error while writing" + " the certificate to the file"); + goto end; + } + ret = PEM_write_PrivateKey(cert_file, crd->c_key, NULL, NULL, 0, 0, NULL); + if (!ret) { + ssl_err = ERR_get_error(); + ret = set_error(cc, ssl_err, SSL_ERROR, "Error while writing" + " the key to the file"); + goto end; + } + + while ((cert_from_chain = sk_X509_pop(crd->c_cert_chain)) != NULL) { + ret = PEM_write_X509(cert_file, cert_from_chain); + if (!ret) { + ssl_err = ERR_get_error(); + ret = set_error(cc, ssl_err, SSL_ERROR, "Error while writing" + " the certificate to the file"); + goto end; + } + } + + + if (fclose(cert_file)){ + ret = errno; + set_error(cc, ret, POSIX_ERROR, "cannot close file with certificate"); + return errno; + } + + return 0; + +end: + if (fclose(cert_file)){ + ret = errno; + update_error(cc, ret, POSIX_ERROR, "cannot close file with certificate"); + return errno; + } + + return ret; + } canl_err_code CANL_CALLCONV