From 177f7db314220928015c9d50e31ca99191fa03bc Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Thu, 1 Mar 2012 02:12:38 +0000 Subject: [PATCH] make delegation sample truly funcional --- emi.canl.canl-c/examples/delegation.c | 22 ++++----------------- emi.canl.canl-c/src/canl_cred.c | 36 +++++++++++++++++++---------------- 2 files changed, 24 insertions(+), 34 deletions(-) diff --git a/emi.canl.canl-c/examples/delegation.c b/emi.canl.canl-c/examples/delegation.c index d05c08d..c3f5c3b 100644 --- a/emi.canl.canl-c/examples/delegation.c +++ b/emi.canl.canl-c/examples/delegation.c @@ -75,7 +75,7 @@ main(int argc, char *argv[]) if (!bits) bits = BITS; - ret = canl_cred_new_req(ctx, &proxy_bob, bits); + ret = canl_cred_new_req(ctx, proxy_bob, bits); if (ret) { fprintf(stderr, "[DELEGATION] Failed to create certificate " "request container: %s\n", canl_get_error_message(ctx)); @@ -165,28 +165,14 @@ main(int argc, char *argv[]) /* Bob - on receiving the final certificate and chain */ /* deserialize the new proxy cert and chain from Alice */ - ret = canl_cred_new(ctx, &proxy); - if (ret){ - fprintf(stderr, "[DELEGATION] Proxy context cannot be created" - ": %s\n", canl_get_error_message(ctx)); - goto end; - } - - ret = canl_cred_load_req(ctx, proxy, proxy_bob); - if (ret){ - fprintf(stderr, "[DELEGATION] Cannot load cert. request container" - ": %s\n", canl_get_error_message(ctx)); - goto end; - } - - ret = canl_cred_load_cert(ctx, proxy, x509_cert); + ret = canl_cred_load_cert(ctx, proxy_bob, x509_cert); if (ret){ fprintf(stderr, "[DELEGATION] Cannot load certificate" ": %s\n", canl_get_error_message(ctx)); goto end; } - ret = canl_cred_load_chain(ctx, proxy, x509_chain); + ret = canl_cred_load_chain(ctx, proxy_bob, x509_chain); if (ret){ fprintf(stderr, "[DELEGATION] Cannot load cert. chain" ": %s\n", canl_get_error_message(ctx)); @@ -195,7 +181,7 @@ main(int argc, char *argv[]) if (!output) output = OUTPUT; - ret = canl_cred_save_proxyfile(ctx, proxy, output); + ret = canl_cred_save_proxyfile(ctx, proxy_bob, output); if (ret){ fprintf(stderr, "[PROXY-INIT] Cannot save new proxy" ": %s\n", canl_get_error_message(ctx)); diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c index 97b24a2..71ea678 100644 --- a/emi.canl.canl-c/src/canl_cred.c +++ b/emi.canl.canl-c/src/canl_cred.c @@ -158,7 +158,7 @@ canl_cred_load_chain(canl_ctx ctx, canl_cred cred, STACK_OF(X509) *cert_stack) crd->c_cert_chain = NULL; } crd->c_cert_chain = sk_X509_dup(cert_stack); - if (crd->c_cert_chain) + if (!crd->c_cert_chain) return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy" " certificate chain" ); //TODO check ret val return 0; @@ -212,7 +212,7 @@ canl_cred_load_cert(canl_ctx ctx, canl_cred cred, X509 *cert) } crd->c_cert = X509_dup(cert); - if (crd->c_cert) + if (!crd->c_cert) return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy" " certificate" ); //TODO check ret val return 0; @@ -322,7 +322,7 @@ canl_cred_sign_proxy(canl_ctx ctx, canl_cred signer_cred, canl_cred proxy_cred) proxy_crd->c_cert_chain = sk_X509_dup(signer_crd->c_cert_chain); if (!proxy_crd->c_cert_chain) proxy_crd->c_cert_chain = sk_X509_new_null(); - sk_X509_push(proxy_crd->c_cert_chain, signer_crd->c_cert); + sk_X509_push(proxy_crd->c_cert_chain, X509_dup(signer_crd->c_cert)); return 0; @@ -335,6 +335,7 @@ canl_cred_save_proxyfile(canl_ctx ctx, canl_cred cred, const char *proxy_file) creds *crd = (creds*) cred; FILE *cert_file = NULL; int ret = 0; + int o_ret = 0; unsigned long ssl_err = 0; X509 *cert_from_chain = NULL; @@ -348,26 +349,29 @@ canl_cred_save_proxyfile(canl_ctx ctx, canl_cred cred, const char *proxy_file) return set_error(cc, EINVAL, POSIX_ERROR, "Invalid proxy file name"); /*posix compliant*/ - ret = open(proxy_file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR); - if (ret == -1){ + o_ret = open(proxy_file, O_CREAT | O_EXCL |O_WRONLY, S_IRUSR | S_IWUSR); + if (o_ret == -1){ ret = errno; set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing"); - return ret; } - close(ret); - if (ret == -1){ - ret = errno; - set_error(cc, ret, POSIX_ERROR, "Cannot open file for writing"); - return ret; + else { + ret = close(o_ret); + if (ret == -1){ + ret = errno; + set_error(cc, ret, POSIX_ERROR, "Cannot close file for writing"); + return ret; + } } - - cert_file = fopen(proxy_file, "ab"); + if (o_ret) + cert_file = fopen(proxy_file, "wb"); + else + cert_file = fopen(proxy_file, "ab"); if (!cert_file) { ret = errno; set_error(cc, ret, POSIX_ERROR, "cannot open file for writing"); return ret; } - + ERR_clear_error(); /*new cert + priv key + chain*/ @@ -438,7 +442,7 @@ canl_cred_save_cert(canl_ctx ctx, canl_cred cred, X509 ** cert) } *cert = X509_dup(crd->c_cert); - if (*cert) + if (!(*cert)) return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy" " certificate" ); //TODO check ret val @@ -474,7 +478,7 @@ canl_cred_save_chain(canl_ctx ctx, canl_cred cred, STACK_OF(X509) **cert_stack) *cert_stack = NULL; } *cert_stack = sk_X509_dup(crd->c_cert_chain); - if (*cert_stack) + if (!(*cert_stack)) return set_error(cc, ENOMEM, POSIX_ERROR, "Cannot copy" " certificate chain" ); //TODO check ret val return 0; -- 1.8.2.3