Back to index

nordugrid-arc-nox  1.1.0~rc6
testvoms.cpp
Go to the documentation of this file.
00001 #ifdef WIN32
00002 
00003 int main(void) {
00004   return -1;
00005 }
00006 
00007 #else
00008 
00009 #ifdef HAVE_CONFIG_H
00010 #include <config.h>
00011 #endif
00012 
00013 #include <string>
00014 #include <iostream>
00015 #include <fstream>
00016 #include <arc/Logger.h>
00017 #include "VOMSUtil.h"
00018 #include "Credential.h"
00019 
00020 
00021 int main(void) {
00022   Arc::LogStream cdest(std::cerr);
00023   Arc::Logger::getRootLogger().addDestination(cdest);
00024   Arc::Logger::getRootLogger().setThreshold(Arc::VERBOSE);
00025   std::string cert("../../../tests/echo/testcert.pem");
00026   std::string key("../../../tests/echo/testkey-nopass.pem");
00027   std::string cafile("../../../tests/echo/testcacert.pem");
00028   std::string cadir("../../../tests/echo/certificates");
00029 
00030   int keybits = 1024;
00031   int proxydepth = 10;
00032 
00033   Arc::Time t;
00034 
00036   //Get information from a credential which acts as AC issuer.
00037 
00038   Arc::Credential issuer_cred(cert, key, cadir, cafile);
00039 
00040   //Get information from credential which acts as AC holder
00041   //Here we use the same credential for holder and issuer
00042   std::string cert1("./out.pem");
00043   std::string key1("./out.pem");
00044   Arc::Credential holder_cred(cert1, "", cadir, cafile);
00045 
00046 
00049   /* Prepare the AC and put it into string
00050   * in voms scenario, it is the voms server who prepare AC.
00051   * so voms server will then transfer the string into some Base64 (not sure) format, 
00052   * and then put the Base64 format into XML item
00053   * Here we just demostrate the process without using Base64 and XML encoding
00054   */
00055 
00056   std::vector<std::string> fqan;
00057   fqan.push_back("/knowarc.eu");
00058 
00059   std::vector<std::string> targets;
00060   targets.push_back("www.nordugrid.no");
00061  
00062   std::vector<std::string> attrs;
00063   attrs.push_back("::role=admin");
00064   attrs.push_back("::role=guest");
00065 
00066   std::string voname = "knowarc";
00067   std::string uri = "testvoms.knowarc.eu:50000";
00068 
00069   std::string ac_str;
00070   Arc::createVOMSAC(ac_str, issuer_cred, holder_cred, fqan, targets, attrs, voname, uri, 3600*12);
00071   //std::cout<<"AC: "<<ac_str<<std::endl;
00072 
00073   /* Parse the Attribute Certificate with string format
00074   * In real senario the Attribute Certificate with string format should be received from the other end, 
00075   * i.e. the voms-proxy-init(voms client) receives a few Attribute Certificates from different VOs
00076   * (voms server, and voms server signs AC), then composes the ACs into a AC list, and puts the AC 
00077   * list as a proxy certificate's extension.
00078   */
00079   ArcCredential::AC** aclist = NULL;
00080   std::string acorder;
00081   Arc::addVOMSAC(aclist, acorder, ac_str);
00082    
00083 
00090   //Use file location as parameters
00091   //Request side
00092   std::string req_file_ac("./request_withac.pem");
00093   std::string out_file_ac("./out_withac.pem");
00094 
00095   //The voms server is not supposed to generate rfc proxy?
00096   //no, voms server can only generate proxy with "CN=proxy", AFAIK
00097   //The current voms code is not supposed to parsing proxy with "CN=336628850"?
00098   //Arc::Credential request(t, Arc::Period(12*3600), keybits, "gsi2", "limited", "", proxydepth);
00099   Arc::Credential request(t, Arc::Period(12*3600), keybits);
00100   request.GenerateRequest(req_file_ac.c_str());
00101 
00102   //Signing side
00103   Arc::Credential proxy;
00104   proxy.InquireRequest(req_file_ac.c_str());
00105   proxy.SetProxyPolicy("gsi2", "limited", "", proxydepth);
00106   //Add AC extension to proxy certificat before signing it
00107   proxy.AddExtension("acseq", (char**) aclist);
00108 
00109   //X509_EXTENSION* ext = NULL;
00110   //ext = X509V3_EXT_conf_nid(NULL, NULL, OBJ_txt2nid("acseq"), (char*)aclist);
00111 
00112   std::string cert2("../../../tests/echo/testcert.pem");
00113   std::string key2("../../../tests/echo/testkey-nopass.pem");
00114 
00115   Arc::Credential signer(cert2, key2, cadir, cafile);
00116   signer.SignRequest(&proxy, out_file_ac.c_str());
00117 
00118   //Back to request side, compose the signed proxy certificate, local private key,
00119   //and signing certificate into one file.
00120   std::string private_key, signing_cert, signing_cert_chain;
00121   request.OutputPrivatekey(private_key);
00122   signer.OutputCertificate(signing_cert);
00123   signer.OutputCertificateChain(signing_cert_chain);
00124   std::ofstream out_f(out_file_ac.c_str(), std::ofstream::app);
00125   out_f.write(private_key.c_str(), private_key.size());
00126   out_f.write(signing_cert.c_str(), signing_cert.size());
00127   out_f.write(signing_cert_chain.c_str(), signing_cert_chain.size());
00128   out_f.close();
00129 
00130 
00131   /*2. Get the proxy certificate with voms AC extension, and parse the extension.*/
00132   //Use file location as parameters
00133   // Consume the proxy certificate with AC extenstion
00134  
00135   std::string in_file_ac("./out_withac.pem");
00136   //std::string in_file_ac("./knowarc_voms.pem"); //Put here the proxy certificate generated from voms-proxy-init
00137   //std::string in_file_ac("./out.pem");
00138   std::string ca_cert_dir("../../../tests/echo/certificates");
00139   std::string ca_cert_file("../../../tests/echo/testcacert.pem");
00140   std::vector<std::string> vomscert_trust_dn;
00141 
00142   vomscert_trust_dn.push_back("^/O=Grid/O=NorduGrid");
00143   //vomscert_trust_dn.push_back("/O=Grid/O=NorduGrid/CN=NorduGrid ***");
00144   //vomscert_trust_dn.push_back("/O=Grid/O=NorduGrid/CN=NorduGrid abc");
00145 //  vomscert_trust_dn.push_back("NEXT CHAIN");
00146 //  vomscert_trust_dn.push_back("/O=Grid/O=NorduGrid/OU=fys.uio.no/CN=Weizhong Qiang");
00147 //  vomscert_trust_dn.push_back("/O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority");
00148   vomscert_trust_dn.push_back("NEXT CHAIN");
00149   vomscert_trust_dn.push_back("/O=Grid/O=Test/CN=localhost");
00150   vomscert_trust_dn.push_back("/O=Grid/O=Test/CN=CA");
00151 
00152   Arc::Credential proxy2(in_file_ac, "", ca_cert_dir, ca_cert_file);
00153   std::vector<std::string> attributes;
00154   Arc::parseVOMSAC(proxy2, ca_cert_dir, ca_cert_file, vomscert_trust_dn, attributes); 
00155 
00156   int i;
00157   for(i=0; i<attributes.size(); i++) {
00158     std::cout<<"Line "<<i<<" of the attributes returned: "<<attributes[i]<<std::endl;
00159   }
00160   return 0;
00161 }
00162 
00163 #endif