From: Daniel Kouřil <kouril@ics.muni.cz>
Date: Fri, 13 Jan 2012 14:52:01 +0000 (+0000)
Subject: Added examples for the new API (X.509 credentials handling)
X-Git-Tag: emi-canl-c_R_1_0_0_0~62
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=92139187c8af66946c369ce77b3cf557233827cd;p=jra1mw.git

Added examples for the new API (X.509 credentials handling)
---

diff --git a/emi.canl.canl-c/examples/delegation.c b/emi.canl.canl-c/examples/delegation.c
new file mode 100644
index 0000000..cef8fb5
--- /dev/null
+++ b/emi.canl.canl-c/examples/delegation.c
@@ -0,0 +1,70 @@
+#include <canl.h>
+#include <canl_cred.h>
+
+int
+main(int argc, char *argv[])
+{
+    canl_cred signer = NULL;
+    canl_cred proxy = NULL;
+    canl_cred proxy_cert = NULL;
+    canl_x509_req proxy_req = NULL;
+    X509_REQ *req = NULL;
+    X509 *x509_cert = NULL;
+    STACK_OF(X509) *x509_chain= NULL;
+    canl_ctx ctx = NULL;
+    canl_err_code ret;
+
+    ctx = canl_create_ctx();
+
+/* Bob - after Alice has asked to delegate her credentials */
+    ret = canl_req_create(ctx, &proxy_req);
+    ret = canl_req_gen_key(ctx, proxy_req, 1024);
+    ret = canl_req_get_req(ctx, proxy_req, &req);
+
+    /* serialize 'req' and send it to Alice */
+
+/* Alice - after receiving the CSR from Bob. (The private key stays with Bob.) */
+    {
+	ret = canl_cred_create(ctx, &signer);
+	ret = canl_cred_load_cert_file(ctx, signer, "$HOME/.globus/usercert.pem");
+	ret = canl_cred_load_priv_key_file(ctx, signer, "$HOME/.globus/userkey.pem",
+			  		   NULL, NULL);
+
+	/* deserialize 'req' from Bob */
+	ret = canl_cred_create(ctx, &proxy_cert);
+	ret = canl_cred_load_req(ctx, proxy_cert, req);
+	ret = canl_cred_set_lifetime(ctx, proxy_cert, 60*10);
+	ret = canl_cred_set_cert_type(ctx, proxy_cert, CANL_RFC);
+	ret = canl_cred_sign_proxy(ctx, signer, proxy_cert);
+
+	ret = canl_cred_save_cert(ctx, proxy_cert, &x509_cert);
+	ret = canl_cred_save_chain(ctx, proxy_cert, &x509_chain);
+	/* serialize the new proxy cert and chain and send it back to Bob */
+    }
+
+/* Bob - on receiving the final certificate and chain */
+    /* deserialize the new proxy cert and chain from Alice */
+
+    ret = canl_cred_create(ctx, &proxy);
+    ret = canl_cred_load_req(ctx, proxy, proxy_req);
+    ret = canl_cred_load_cert(ctx, proxy, x509_cert);
+    ret = canl_cred_load_chain(ctx, proxy, x509_chain);
+    ret = canl_cred_save_proxyfile(ctx, proxy, "/tmp/x509up_u11930");
+
+    ret = 0;
+
+    if (signer)
+	canl_cred_free(ctx, signer);
+    if (proxy)
+	canl_cred_free(ctx, proxy);
+    if (proxy_cert)
+	canl_cred_free(ctx, proxy_cert);
+    if (proxy_req)
+	canl_req_free(ctx, proxy_req);
+    if (req)
+	X509_REQ_free(req);
+    if (ctx)
+	canl_free_ctx(ctx);
+
+    return ret;
+}
diff --git a/emi.canl.canl-c/examples/grid-proxy-init.c b/emi.canl.canl-c/examples/grid-proxy-init.c
new file mode 100644
index 0000000..0a86b37
--- /dev/null
+++ b/emi.canl.canl-c/examples/grid-proxy-init.c
@@ -0,0 +1,72 @@
+#include <canl.h>
+#include <canl_cred.h>
+
+int
+main(int argc, char *argv[])
+{
+    canl_cred signer = NULL;
+    canl_cred proxy = NULL;
+    canl_x509_req proxy_req = NULL;
+    canl_ctx ctx = NULL;
+    canl_err_code ret;
+
+    ctx = canl_create_ctx();
+    if (ctx == NULL) {
+	fprintf(stderr, "Failed to create library context\n");
+	return 1;
+    }
+
+/* First create a certificate request with a brand-new keypair */
+    ret = canl_req_create(ctx, &proxy_req);
+    if (ret) {
+	fprintf(stderr, "Failed to create certificate request container: %s\n",
+		canl_get_error_message(ctx));
+	return 1;
+    }
+
+    ret = canl_req_gen_key(ctx, proxy_req, 1024);
+    if (ret) {
+	fprintf(stderr, "Failed to generate key-pair: %s\n",
+		canl_get_error_message(ctx));
+	ret = 1;
+	goto end;
+    }
+
+/* Create a new structure for the proxy certificate to be signed copying the key-pairs just created */
+    ret = canl_cred_create(ctx, &proxy);
+    ret = canl_cred_load_req(ctx, proxy, proxy_req);
+    ret = canl_cred_set_lifetime(ctx, proxy, 60*10);
+    ret = canl_cred_set_cert_type(ctx, proxy, CANL_RFC);
+
+/* Load the signing credentials */
+    ret = canl_cred_create(ctx, &signer);
+    ret = canl_cred_load_cert_file(ctx, signer, "$HOME/.globus/usercert.pem");
+    ret = canl_cred_load_priv_key_file(ctx, signer, "$HOME/.globus/userkey.pem", NULL, NULL);
+    /* export lookup routines ?? */
+
+#ifdef VOMS
+    GET_VOMS_EXTS(ctx, signer, STACK_OF(EXTS));
+    foreach (EXTS)
+	ret = canl_cred_set_ext(ctx, proxy, ext);
+#endif
+
+/* Create the proxy certificate */
+    ret = canl_cred_sign_proxy(ctx, signer, proxy);
+
+/* and store it in a file */
+    ret = canl_cred_save_proxyfile(ctx, proxy, "/tmp/x509up_u11930");
+
+    ret = 0;
+
+end:
+    if (signer)
+	canl_cred_free(ctx, signer);
+    if (proxy)
+	canl_cred_free(ctx, proxy);
+    if (proxy_req)
+	canl_req_free(ctx, proxy_req);
+    if (ctx)
+	canl_free_ctx(ctx);
+
+    return ret;
+}