From 679436f48c8facf25a31bf4ae1cbc99e84528fee Mon Sep 17 00:00:00 2001
From: Andrew McNab <andrew.mcnab@manchester.ac.uk>
Date: Tue, 8 Feb 2005 11:02:17 +0000
Subject: [PATCH] Put proxy private key 2nd in the proxy files

---
 org.gridsite.core/CHANGES         |  3 +++
 org.gridsite.core/src/grst_x509.c | 50 +++++++++++++++++++++++++++++++++------
 2 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES
index fd3935f..b28fe9a 100644
--- a/org.gridsite.core/CHANGES
+++ b/org.gridsite.core/CHANGES
@@ -2,6 +2,9 @@
 - Include GRSTx509MakeProxyFileName() and 
   GRSTx509StringToChain() (code to used hashes in cached
   proxy file names.)
+- Change ordering of output proxy file produced by 
+  GRSTx509CacheProxy so proxy private key is the 2nd PEM
+  encoded block (rather than at the end.)
 * Tue Feb 8 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
 - ==== GridSite version 1.1.5 ====
 * Tue Dec 14 2004 Andrew McNab <Andrew.McNab@man.ac.uk>
diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c
index 0e43705..8c22381 100644
--- a/org.gridsite.core/src/grst_x509.c
+++ b/org.gridsite.core/src/grst_x509.c
@@ -1477,9 +1477,12 @@ int GRSTx509CacheProxy(char *proxydir, char *delegation_id,
                                        char *user_dn, char *proxychain)
 {
   int   c, len = 0, i;
-  char *cert, *upcertfile, *upcertpath, *prvkeyfile, *p;
+  char *upcertfile, *upcertpath, *prvkeyfile, *p, *ptr;
   FILE *ifp, *ofp;
   STACK_OF(X509) *certstack;
+  BIO  *certmem;
+  X509 *cert;
+  long  ptrlen;
     
   prvkeyfile = GRSTx509CachedProxyKeyFind(proxydir, delegation_id, user_dn);
 
@@ -1521,18 +1524,51 @@ int GRSTx509CacheProxy(char *proxydir, char *delegation_id,
 
   fprintf(ofp, "%s\n%s\n", delegation_id, user_dn);
  
-  fputs(proxychain, ofp); /* write out certificates */
+  /* write out the most recent proxy by itself */
+ 
+  if (cert = sk_X509_value(certstack, 0))
+    {
+      certmem = BIO_new(BIO_s_mem());
+      if (PEM_write_bio_X509(certmem, cert) == 1)
+        {
+          ptrlen = BIO_get_mem_data(certmem, &ptr);
+          fwrite(ptr, 1, ptrlen, ofp);               
+        }
+             
+      BIO_free(certmem);           
+    }         
   
-  while ((c = fgetc(ifp)) != EOF) fputc(c, ofp); /* append proxy private key */
-      
-  if (fclose(ifp) != 0) return GRST_RET_FAILED;
-  if (fclose(ofp) != 0) return GRST_RET_FAILED;
+  /* insert proxy private key */
   
+  while ((c = fgetc(ifp)) != EOF) fputc(c, ofp);
   unlink(prvkeyfile);
-  
   free(prvkeyfile);
+
+  for (i=1; i <= sk_X509_num(certstack) - 1; ++i)
+        /* loop through the proxy chain starting at 2nd most recent proxy */
+     {
+       if (cert = sk_X509_value(certstack, i))
+         {
+           certmem = BIO_new(BIO_s_mem());
+           if (PEM_write_bio_X509(certmem, cert) == 1)
+             {
+               ptrlen = BIO_get_mem_data(certmem, &ptr);
+               fwrite(ptr, 1, ptrlen, ofp);
+             }
+             
+           BIO_free(certmem);           
+         }         
+     }
+
+  fputs(proxychain, ofp); /* write out certificates */
+
+
+  sk_X509_free(certstack);
   free(upcertfile);
   
+  if (fclose(ifp) != 0) return GRST_RET_FAILED;
+  if (fclose(ofp) != 0) return GRST_RET_FAILED;
+  
 /* should also check validity of proxy cert to avoid suprises? */
       
   return GRST_RET_OK;
-- 
1.8.2.3