Back to index

nordugrid-arc-nox  1.1.0~rc6
GSSCredential.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <fstream>
00006 
00007 #include <arc/Logger.h>
00008 
00009 #include "GlobusErrorUtils.h"
00010 #include "GSSCredential.h"
00011 
00012 namespace Arc {
00013 
00014   static Logger logger(Logger::getRootLogger(), "GSSCredential");
00015 
00016   GSSCredential::GSSCredential(const std::string& proxyPath,
00017                             const std::string& certificatePath,
00018                             const std::string& keyPath)
00019     : credential(GSS_C_NO_CREDENTIAL) {
00020 
00021     std::string credbuf;
00022   
00023     if (!proxyPath.empty()) {
00024       std::ifstream is(proxyPath.c_str());
00025       getline(is, credbuf, '\0');
00026       if(!is || credbuf.empty()) {
00027        logger.msg(ERROR, "Failed to read proxy file: %s", proxyPath);
00028        return;
00029       }
00030     }
00031     else if (!certificatePath.empty() && !keyPath.empty()) {
00032       std::ifstream is(certificatePath.c_str());
00033       getline(is, credbuf, '\0');
00034       if(!is || credbuf.empty()) {
00035        logger.msg(ERROR, "Failed to read certificate file: %s",
00036                  certificatePath);
00037        return;
00038       }
00039       std::string keybuf;
00040       std::ifstream ik(keyPath.c_str());
00041       getline(ik, keybuf, '\0');
00042       if(!ik || keybuf.empty()) {
00043        logger.msg(ERROR, "Failed to read private key file: %s", keyPath);
00044        return;
00045       }
00046       credbuf += "\n";
00047       credbuf += keybuf;
00048     }
00049 
00050     if(!credbuf.empty()) { 
00051       //Convert to GSS credental only if find credential content
00052       OM_uint32 majstat, minstat;
00053       gss_buffer_desc gbuf;
00054 
00055       gbuf.value = (void*)credbuf.c_str();
00056       gbuf.length = credbuf.length();
00057 
00058       majstat = gss_import_cred(&minstat, &credential, NULL, 0,
00059                            &gbuf, GSS_C_INDEFINITE, NULL);
00060 
00061       if (GSS_ERROR(majstat)) {
00062         logger.msg(ERROR, "Failed to convert GSI credential to "
00063                     "GSS credential (major: %d, minor: %d)%s", majstat, minstat, ErrorStr(majstat, minstat));
00064         return;
00065       }
00066     }
00067   }
00068 
00069   GSSCredential::~GSSCredential() {
00070 
00071     if (credential != GSS_C_NO_CREDENTIAL) {
00072       OM_uint32 majstat, minstat;
00073       majstat = gss_release_cred(&minstat, &credential);
00074       if (GSS_ERROR(majstat)) {
00075        logger.msg(ERROR, "Failed to release GSS credential "
00076                  "(major: %d, minor: %d):%s", majstat, minstat, ErrorStr(majstat, minstat));
00077        return;
00078       }
00079     }
00080   }
00081 
00082   GSSCredential::operator gss_cred_id_t&() {
00083     return credential;
00084   }
00085 
00086   GSSCredential::operator gss_cred_id_t*() {
00087     return &credential;
00088   }
00089 
00090   std::string GSSCredential::ErrorStr(OM_uint32 majstat, OM_uint32 /*minstat*/) {
00091     std::string errstr;
00092     if(majstat & GSS_S_BAD_MECH) errstr+=":GSS_S_BAD_MECH";
00093     if(majstat & GSS_S_BAD_NAME) errstr+=":GSS_S_BAD_NAME";
00094     if(majstat & GSS_S_BAD_NAMETYPE) errstr+=":GSS_S_BAD_NAMETYPE";
00095     if(majstat & GSS_S_BAD_BINDINGS) errstr+=":GSS_S_BAD_BINDINGS";
00096     if(majstat & GSS_S_BAD_STATUS) errstr+=":GSS_S_BAD_STATUS";
00097     if(majstat & GSS_S_BAD_SIG) errstr+=":GSS_S_BAD_SIG";
00098     if(majstat & GSS_S_NO_CRED) errstr+=":GSS_S_NO_CRED";
00099     if(majstat & GSS_S_NO_CONTEXT) errstr+=":GSS_S_NO_CONTEXT";
00100     if(majstat & GSS_S_DEFECTIVE_TOKEN) errstr+=":GSS_S_DEFECTIVE_TOKEN";
00101     if(majstat & GSS_S_DEFECTIVE_CREDENTIAL) errstr+=":GSS_S_DEFECTIVE_CREDENTIAL";
00102     if(majstat & GSS_S_CREDENTIALS_EXPIRED) errstr+=":GSS_S_CREDENTIALS_EXPIRED";
00103     if(majstat & GSS_S_CONTEXT_EXPIRED) errstr+=":GSS_S_CONTEXT_EXPIRED";
00104     if(majstat & GSS_S_FAILURE) errstr+=":GSS_S_FAILURE";
00105     if(majstat & GSS_S_BAD_QOP) errstr+=":GSS_S_BAD_QOP";
00106     if(majstat & GSS_S_UNAUTHORIZED) errstr+=":GSS_S_UNAUTHORIZED";
00107     if(majstat & GSS_S_UNAVAILABLE) errstr+=":GSS_S_UNAVAILABLE";
00108     if(majstat & GSS_S_DUPLICATE_ELEMENT) errstr+=":GSS_S_DUPLICATE_ELEMENT";
00109     if(majstat & GSS_S_NAME_NOT_MN) errstr+=":GSS_S_NAME_NOT_MN";
00110     if(majstat & GSS_S_EXT_COMPAT) errstr+=":GSS_S_EXT_COMPAT";
00111     return errstr;
00112   }
00113 } // namespace Arc