Back to index

nordugrid-arc-nox  1.1.0~rc6
testproxy2proxy.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <string>
00006 #include <iostream>
00007 #include <fstream>
00008 #include <arc/Logger.h>
00009 #include "Credential.h"
00010 
00011 #include <openssl/x509.h>
00012 
00013 int main(void) {
00014   Arc::LogStream cdest(std::cerr);
00015   Arc::Logger::getRootLogger().addDestination(cdest);
00016   Arc::Logger::getRootLogger().setThreshold(Arc::DEBUG);
00017 
00018   std::string cafile("../../../tests/echo/testcacert.pem");
00019   std::string cadir("../../../tests/echo/certificates");
00020 
00021   int keybits = 1024;
00022   int proxydepth = 10;
00023 
00024   Arc::Time t;
00025 
00027   //Request side
00028   std::string req_file1("./request1.pem");
00029   std::string out_file1("./proxy1.pem");
00030   //Arc::Credential request1(t, Arc::Period(168*3600), keybits, "rfc", "independent", "", proxydepth);
00031   Arc::Credential request1(t, Arc::Period(168*3600), keybits);
00032   request1.GenerateRequest(req_file1.c_str());
00033 
00034   //Signing side
00035   Arc::Credential proxy1;
00036   std::string signer_cert1("./out.pem");
00037   Arc::Credential signer1(signer_cert1, "", cadir, cafile);
00038   proxy1.InquireRequest(req_file1.c_str());
00039   proxy1.SetProxyPolicy("rfc","independent","",proxydepth);
00040   signer1.SignRequest(&proxy1, out_file1.c_str());
00041 
00042   std::string id_name = signer1.GetIdentityName();
00043   std::string dn_name = signer1.GetDN();
00044   std::cout<<"Identity name: "<<id_name<<std::endl;
00045   std::cout<<"DN name: "<<dn_name<<std::endl;
00046 
00047   //Get the proxy information
00048   std::string policy = signer1.GetProxyPolicy();
00049   std::cout<<"Policy information: "<<policy<<std::endl;
00050 
00051   //Back to request side, compose the signed proxy certificate, local private key,
00052   //and signing certificate into one file.
00053   std::string private_key1, signing_cert1, signing_cert1_chain;
00054   request1.OutputPrivatekey(private_key1);
00055   signer1.OutputCertificate(signing_cert1);
00056   signer1.OutputCertificateChain(signing_cert1_chain);
00057   std::ofstream out_f1(out_file1.c_str(), std::ofstream::app);
00058   out_f1.write(private_key1.c_str(), private_key1.size());
00059   out_f1.write(signing_cert1.c_str(), signing_cert1.size());
00060   out_f1.write(signing_cert1_chain.c_str(), signing_cert1_chain.size());
00061   out_f1.close();
00062 
00063   //Generate one more proxy based on the proxy which just has been generated
00064   std::string req_file2("./request2.pem");
00065   std::string out_file2("./proxy2.pem");
00066   //Arc::Credential request2(t, Arc::Period(168*3600), keybits,  "rfc", "independent", "", proxydepth);
00067   Arc::Credential request2(t, Arc::Period(168*3600), keybits);
00068   request2.GenerateRequest(req_file2.c_str());
00069 
00070   //Signing side
00071   Arc::Credential proxy2;
00072   std::string signer_cert2("./proxy1.pem");
00073   Arc::Credential signer2(signer_cert2, "", cadir, cafile);
00074   proxy2.InquireRequest(req_file2.c_str());
00075   proxy2.SetProxyPolicy("rfc","independent","",proxydepth);
00076   signer2.SignRequest(&proxy2, out_file2.c_str());
00077 
00078   id_name = signer2.GetIdentityName();
00079   dn_name = signer2.GetDN();
00080   std::cout<<"Identity name: "<<id_name<<std::endl;
00081   std::cout<<"DN name: "<<dn_name<<std::endl;
00082 
00083   //Back to request side, compose the signed proxy certificate, local private key,
00084   //and signing certificate into one file.
00085   std::string private_key2, signing_cert2, signing_cert2_chain;
00086   request2.OutputPrivatekey(private_key2);
00087   signer2.OutputCertificate(signing_cert2);
00088   signer2.OutputCertificateChain(signing_cert2_chain);
00089   std::ofstream out_f2(out_file2.c_str(), std::ofstream::app);
00090   out_f2.write(private_key2.c_str(), private_key2.size());
00091   out_f2.write(signing_cert2.c_str(), signing_cert2.size());
00092   //Here add the up-level signer certificate
00093   out_f2.write(signing_cert2_chain.c_str(), signing_cert2_chain.size());
00094   out_f2.close();
00095 
00096   /*****************************************/
00097   std::string cert_file("./proxy2.pem"), issuer_file("./proxy1.pem");
00098 
00099   BIO *cert_in=NULL;
00100   BIO *issuer_in=NULL;
00101   X509 *cert = NULL;
00102   X509 *issuer = NULL;
00103   issuer_in=BIO_new_file(issuer_file.c_str(), "r"); 
00104   PEM_read_bio_X509(issuer_in,&issuer,NULL,NULL); 
00105 
00106   cert_in=BIO_new_file(cert_file.c_str(), "r");
00107   PEM_read_bio_X509(cert_in,&cert,NULL,NULL);
00108 
00109   EVP_PKEY *pkey=NULL;
00110   pkey = X509_get_pubkey(issuer);
00111   int n = X509_verify(cert,pkey);
00112 
00113   BIO *pubkey;
00114   std::string pubkey_file("pubkey1.pem");
00115   pubkey = BIO_new_file(pubkey_file.c_str(), "w");
00116   PEM_write_bio_PUBKEY(pubkey, pkey);
00117 
00118   std::cout<<"Verification result: "<<(n==1?"Succeeded":"Failed")<<std::endl;
00119 
00120 }