source: libabac/abac_xml.c @ 94605f2

abac0-leakabac0-meitvf-new-xml
Last change on this file since 94605f2 was 94605f2, checked in by Ted Faber <faber@…>, 11 years ago

checkpoint Lots of the way toward mnemonic names, some parsing fixes

  • Property mode set to 100644
File size: 47.1 KB
Line 
1/* abac_xml.c, specifically for GENI */
2
3/* in xml, rc in general is, 1 is good, 0 or -1 is bad */
4
5#define _GNU_SOURCE
6#include <stdio.h>
7#include <stdlib.h>
8#include <string.h>
9#include <time.h>
10
11#include <libxml/tree.h>
12#include <libxml/xmlmemory.h>
13#include <libxml/parser.h>
14
15#ifndef XMLSEC_NO_XSLT
16#include <libxslt/xslt.h>
17#include <libxslt/security.h>
18#endif /* XMLSEC_NO_XSLT */
19
20#include <xmlsec/xmlsec.h>
21#include <xmlsec/xmltree.h>
22#include <xmlsec/xmldsig.h>
23#include <xmlsec/base64.h>
24#include <xmlsec/templates.h>
25#include <xmlsec/crypto.h>
26#include <xmlsec/list.h>
27
28#include <openssl/sha.h>
29
30#include "abac.h"
31#include "abac_util.h"
32
33extern int abac_verifier_load_id_chars(void *, char*); 
34extern void* abac_get_sha_from_nake_pem(char *npem, char **sha1);
35extern void abac_split(char *string, char *delim, char **ret, int *num);
36static int debug=0;
37
38/* from Ted's reader */
39
40/* for accessing GENI privilege credentials */
41#define GENI_signed_credential "signed-credential"
42#define GENI_credential "credential"
43#define GENI_type "type"
44#define GENI_serial "serial"
45#define GENI_owner_gid "owner_gid"
46#define GENI_owner_urn "owner_urn"
47#define GENI_target_gid "target_gid"
48#define GENI_target_urn "target_urn"
49#define GENI_uuid "uuid"
50#define GENI_expires "expires"
51#define GENI_privileges "privileges"
52#define GENI_privilege "privilege"
53#define GENI_name "name"
54#define GENI_can_delegate "can_delegate"
55#define GENI_x509_certificate "X509Certificate"
56
57/* for accessing GENI abac credentials. signed-credential, credential, type and
58 * expires are present as well.  */
59#define GENI_abac "abac"
60#define GENI_rt0 "rt0"
61#define GENI_version "version"
62
63/* maximum credential stringlen */
64#define CREDLEN 1024
65/* Maximum version len */
66#define VERSIONLEN 256
67
68/* These templates are given in defines so that they can initialize the
69 * specialization structures. */
70
71/* XML template for a new RT0 v1.0 credential.  Fill in the RT0 to store (XML
72 * escaped) and the expiration time (formated using strftime_format and
73 * strftime). */
74#define template_v10 "<signed-credential>\n"\
75"    <credential xml:id=\"ref0\">\n"\
76"       <type>abac</type>\n"\
77"       <version>1.0</version>\n"\
78"       <expires>%s</expires>\n"\
79"       <rt0>%s</rt0>\n"\
80"    </credential>\n"\
81"    <signatures>\n"\
82"       <Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"\
83"           <SignedInfo>\n"\
84"               <CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>\n"\
85"               <SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\n"\
86"               <Reference URI=\"#ref0\">\n"\
87"                   <Transforms>\n"\
88"                       <Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n"\
89"                   </Transforms>\n"\
90"                   <DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n"\
91"                   <DigestValue/>\n"\
92"               </Reference>\n"\
93"           </SignedInfo>\n"\
94"           <SignatureValue/>\n"\
95"           <KeyInfo>\n"\
96"             <KeyValue/>\n"\
97"               <X509Data>\n"\
98"                   <X509Certificate/>\n"\
99"                   <X509SubjectName/>\n"\
100"                   <X509IssuerSerial/>\n"\
101"               </X509Data>\n"\
102"           </KeyInfo>\n"\
103"       </Signature>\n"\
104"    </signatures>\n"\
105"</signed-credential>"
106
107/* XML template for a new RT0 v1.1 credential.  Fill in the RT0 to store (XML
108 * escaped) and the expiration time (formated using strftime_format and
109 * strftime). */
110#define template_v11 "<signed-credential>\n"\
111"    <credential xml:id=\"ref0\">\n"\
112"       <type>abac</type>\n"\
113"       <serial/>\n"\
114"       <owner_gid/>\n"\
115"       <target_gid/>\n"\
116"       <uuid/>\n"\
117"       <expires>%s</expires>\n"\
118"       <abac>\n"\
119"           <rt0>\n"\
120"               <version>1.1</version>\n"\
121"               %s\n"\
122"           </rt0>\n"\
123"       </abac>\n"\
124"    </credential>\n"\
125"    <signatures>\n"\
126"       <Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"\
127"           <SignedInfo>\n"\
128"               <CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>\n"\
129"               <SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\n"\
130"               <Reference URI=\"#ref0\">\n"\
131"                   <Transforms>\n"\
132"                       <Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n"\
133"                   </Transforms>\n"\
134"                   <DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n"\
135"                   <DigestValue/>\n"\
136"               </Reference>\n"\
137"           </SignedInfo>\n"\
138"           <SignatureValue/>\n"\
139"           <KeyInfo>\n"\
140"             <KeyValue/>\n"\
141"               <X509Data>\n"\
142"                   <X509Certificate/>\n"\
143"                   <X509SubjectName/>\n"\
144"                   <X509IssuerSerial/>\n"\
145"               </X509Data>\n"\
146"           </KeyInfo>\n"\
147"       </Signature>\n"\
148"    </signatures>\n"\
149"</signed-credential>"
150
151/* Forward declarations of functions to parse and generate rt0 elements in
152 * various formats */
153xmlChar *encode_rt0_xml_v10(abac_attribute_t *);
154xmlChar *encode_rt0_xml_v11(abac_attribute_t *);
155xmlChar **parse_rt0_xml_v10(xmlNodePtr);
156xmlChar **parse_rt0_xml_v11(xmlNodePtr);
157
158/* Structure that specializes XML parsing */
159typedef struct {
160    /* Version to use these functions for */
161    char *version; 
162    /* Convert an ABAC attribute into an rt0 element */
163    xmlChar *(*rt0_to_xml)(abac_attribute_t *);
164    /* Convert an rt0 element into a list of RT0 strings */
165    xmlChar **(*xml_to_rt0)(xmlNodePtr);
166    /* The overall template to generate this version of credential */
167    char *out_template;
168} GENI_xml_processing_t;
169
170/* The processing specializations */
171GENI_xml_processing_t xml_proc[] = {
172    { "GENIv1.0", encode_rt0_xml_v10, parse_rt0_xml_v10, template_v10},
173    { "1.0", encode_rt0_xml_v10, parse_rt0_xml_v10, template_v10},
174    { "GENIv1.1", encode_rt0_xml_v11, parse_rt0_xml_v11, template_v11},
175    { "1.1", encode_rt0_xml_v11, parse_rt0_xml_v11, template_v11},
176    { NULL, NULL, NULL},
177};
178
179/* Query funtion to convert a processing version into the functions above */
180GENI_xml_processing_t *get_xml_processing(char *ver) {
181    int i ;
182
183    for (i = 0; xml_proc[i].version; i++) {
184        if (!strcmp(xml_proc[i].version, ver))
185            return &xml_proc[i];
186    }
187    return NULL;
188}
189
190
191/* Hex dump the contents of buf (length len) to stderr.  For debugging */
192static void dump_it(xmlChar *buf, int len) {
193    int i;
194
195    for (i=0; i < len; i++ ) 
196        fprintf(stderr, "%02x ", buf[i] & 0xff);
197    fprintf(stderr, "\n");
198}
199
200/* Convert a SHA1 hash to text for printing or use in strings.  keyid is the
201 * hash (SHA_DIGEST_LENGTH bytes long) and text is the output string (at least
202 * 2 * SHA_DIGEST_LENGTH +1 bytes long).  The caller is responsible for
203 * allocating and deallocating each of them. */
204static void sha1_to_text(xmlChar *keyid, xmlChar *text) {
205    int i = 0;
206
207    for (i=0; i < SHA_DIGEST_LENGTH; i++) 
208        snprintf((char *) text+2*i, 3, "%02x", keyid[i] & 0xff);
209}
210
211/*
212 * Returns the content pointer of the XML_TEXT node that is the child of the
213 * node passed in.  Node must point to an XML_ELEMENT node.  the return value
214 * is still part of node's XML document, so treat it as read only. */
215static xmlChar *get_element_content(xmlNodePtr node) {
216    xmlNodePtr text = NULL;
217
218    if ( node->type != XML_ELEMENT_NODE ) return NULL;
219    if ( !( text = node->children) ) return NULL;
220    if ( text->type != XML_TEXT_NODE ) return NULL;
221    return text->content;
222}
223
224/*Find the XML element named field that is a at or below node in the XML
225 * document and return a copy of the base64 decoded content of its content.
226 * For example, find key day in a signature and return it base64decoded.  buf
227 * is allocated and its length is returned in len.  Any values for buf and len
228 * are ignored and overwritten. */
229static int get_base64_field(xmlNodePtr node, xmlChar *field, 
230        xmlChar **buf, int *len) {
231    xmlChar *txt = NULL;
232
233    *buf = NULL;
234
235    if ( !(node = xmlSecFindNode(node, field, xmlSecDSigNs)))
236        goto fail;
237
238    if ( !(txt = get_element_content(node))) 
239            goto fail;
240   
241    *len = strlen((char *) txt);
242    if ( !(*buf = malloc(*len))) 
243        goto fail;
244
245    if ( (*len = xmlSecBase64Decode(txt, *buf, *len)) < 0 ) 
246        goto fail;
247
248    return 1;
249fail:
250    if ( *buf) free(*buf);
251    *len = 0;
252    return 0;
253}
254/* Construct an ASN.1 header for a field of type h that is len bytes long.
255 * Mosttly this creates the proper length encoding under ASN.1's length
256 * encoding rules. buf will contain the new header (and the caller is
257 * responsible for making sure it is at least 6 bytes long, though fewer are
258 * usually used.  The length of the constructed header is returned. This is
259 * used in creating a key hash from key data.*/
260static int make_asn1_header(char h, size_t len, xmlChar *buf) {
261    if ( len > 0x00ffffff) {
262        buf[0] = h;
263        buf[1] = 0x84;
264        buf[2] = (len >> 24) & 0xff;
265        buf[3] = (len >> 16) & 0xff;
266        buf[4] = (len >> 8) & 0xff;
267        buf[5] = (len) & 0xff;
268        return 6;
269    } else if ( len > 0x0000ffff ) {
270        buf[0] = h;
271        buf[1] = 0x83;
272        buf[2] = (len >> 16) & 0xff;
273        buf[3] = (len >> 8) & 0xff;
274        buf[4] = (len) & 0xff;
275        return 5;
276    } else if ( len > 0x000000ff ) {
277        buf[0] = h;
278        buf[1] = 0x82;
279        buf[2] = (len >> 8) & 0xff;
280        buf[3] = (len) & 0xff;
281        return 4;
282    } else if ( len > 0x80 ) {
283        buf[0] = h;
284        buf[1] = 0x81;
285        buf[2] = (len) & 0xff;
286        return 3;
287    } else {
288        buf[0] = h;
289        buf[1] = (len) & 0xff;
290        return 2;
291    }
292}
293
294/* Find the RSA key parameters in the KeyInfo section of the XML document
295 * pointed to by doc, construct the ASN.1 encoding of that key and SHA1 hash
296 * it.    This gives the standard keyid of that key.  keyid will be the binary
297 * encoding of that (the bits of the hash)  sha1_to_text will turn it to text.
298 * keyid must be at least SHA_DIGEST_LENGTH bytes long, and the caller is
299 * responsible for it. This routine returns 1 on success and 0 on failure. */
300static int get_keyid_from_keyinfo(xmlDocPtr doc, xmlChar *keyid) {
301    xmlNodePtr root = NULL; /* XML document root */
302    xmlNodePtr node = NULL; /* Scratch XML node */
303
304    xmlChar b0[20];         /* Header for the sequence */
305    xmlChar b1[20];         /* Header for the modulus */
306    xmlChar b2[20];         /* Header for the exponent */
307    int l0 = 0;             /* Header length for the sequence */
308    int l1 = 0;             /* Header length for the modulus */
309    int l2 = 0;             /* Header length for the exponent */
310
311    xmlChar *modBuf = NULL; /* Bytes of the modulus */
312    xmlChar *expBuf = NULL; /* Bytes of the exponent */
313    int modLen = 0;         /* Length of the modulus */
314    int expLen = 0;         /* Length of the exponent */
315
316    SHA_CTX sha;            /* SHA1 hash context */
317
318    int rv = 0;             /* return value */
319
320    if ( !SHA1_Init(&sha)) goto fail;
321
322    if ( !doc || !(root = xmlDocGetRootElement(doc)) ) 
323        goto fail;
324
325    /* Find the KeyInfo section to be the root of later searches */
326    if ( !(node = xmlSecFindNode(root, 
327                    xmlSecNodeKeyInfo, xmlSecDSigNs)))
328        goto fail;
329
330    /* Get the binary for the modulus and exponent */
331    if ( !get_base64_field(node, (xmlChar *) "Modulus", &modBuf, &modLen)) 
332        goto fail;
333    if ( !get_base64_field(node, (xmlChar *) "Exponent", &expBuf, &expLen)) 
334        goto fail;
335
336    /* Construct the headers for modulus and exponent.  Another weird fact
337     * about ASN.1 is that all the integers are signed, so if either the
338     * modulus or exponent has the high order bit of its first byte set, the
339     * ASN.1 encoding has a 0 byte prepended.  This code appends the 0 byte to
340     * the header, which results in the same hash. */
341    if ( modBuf[0] & 0x80 ) {
342        l1 = make_asn1_header(0x02, modLen +1, b1);
343        b1[l1++] = '\0';
344    } else {
345        l1 = make_asn1_header(0x02, modLen, b1);
346    }
347
348    if ( expBuf[0] & 0x80 ) {
349        l2 = make_asn1_header(0x02, expLen +1, b2);
350        b2[l2++] = '\0';
351    } else {
352        l2 = make_asn1_header(0x02, expLen, b2);
353    }
354
355    /* Sequence header: have to do it after we know the lengths of the inner
356     * headers. */
357    l0 = make_asn1_header(0x30, modLen + expLen + l1 + l2, b0);
358    /* Hash it all up in parts */
359    SHA1_Update(&sha, b0, l0);
360    SHA1_Update(&sha, b1, l1);
361    SHA1_Update(&sha, modBuf, modLen);
362    SHA1_Update(&sha, b2, l2);
363    SHA1_Update(&sha, expBuf, expLen);
364    SHA1_Final(keyid, &sha);
365    rv = 1;
366fail:
367
368    if (modBuf) free(modBuf);
369    if (expBuf) free(expBuf);
370    return rv;
371}
372
373/* Check the signature of either kind of credential - it'll work for basically
374 * any signed XML. Returns true if the signature checks and false otherwise.
375 * Takes a pointer to the XML document to check.  Similar to the examples at
376 * http://www.aleksey.com/xmlsec/api/xmlsec-examples.html */
377static int check_signature(xmlDocPtr doc) {
378    xmlNodePtr root = NULL;         /* Root XML node */
379    xmlNodePtr node = NULL;         /* Scratch XML node */
380    xmlSecKeyInfoCtxPtr keyCtx = NULL;/* Key info context.  Used to parse
381                                         KeyInfo */
382    xmlSecKeysMngrPtr keyMan = NULL;/* Key manager - used because we have
383                                       certificated. */
384    xmlSecKeyPtr key = NULL;        /* The key extracted */
385    xmlSecDSigCtxPtr dsigCtx = NULL;/* Signature context */
386    int rv = 0;                     /* Return value */
387
388    if ( doc && !(root = xmlDocGetRootElement(doc)) ) 
389        goto fail;
390
391    /* Find the KeyInfo section to pull the keys out. */
392    if ( !(node = xmlSecFindNode(root, 
393                    xmlSecNodeKeyInfo, xmlSecDSigNs)))
394        goto fail;
395
396    /* Create and initialize key, key manager, and context */
397    if ( !(key = xmlSecKeyCreate() ) )
398            goto fail;
399    if ( !(keyMan = xmlSecKeysMngrCreate()) ) 
400        goto fail;
401
402    if ( xmlSecCryptoAppDefaultKeysMngrInit(keyMan) < 0)
403        goto fail;
404
405    if ( !(keyCtx = xmlSecKeyInfoCtxCreate(keyMan)) ) 
406        goto fail;
407
408    /* Do not check certificate signatures */
409    keyCtx->flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
410
411    /* Gather up the key data */
412    if ( xmlSecKeyInfoNodeRead(node, key, keyCtx) < 0 ) 
413        goto fail;
414
415    /* Set up the signature context and attack the keys */
416    if ( !(dsigCtx = xmlSecDSigCtxCreate(NULL)))
417        goto fail;
418
419    dsigCtx->signKey = key;
420
421    /* find the Signature section */
422    if ( !(node = xmlSecFindNode(root, 
423                    xmlSecNodeSignature, xmlSecDSigNs)))
424        goto fail;
425
426    /* Check it */
427    if ( (rv = xmlSecDSigCtxVerify(dsigCtx, node)) < 0 ) 
428        goto fail;
429
430    /* Strangely xmlSecDSigCtxVerify can return success even if the status is
431     * bad.  Check the status in the context explicitly and override the result
432     * above if necessary.*/
433    if ( dsigCtx->status != xmlSecDSigStatusSucceeded) 
434        goto fail;
435
436    return 1;
437fail:
438    if ( key ) xmlSecKeyDestroy(key);
439    if ( keyCtx ) xmlSecKeyInfoCtxDestroy(keyCtx);
440    if ( dsigCtx) xmlSecDSigCtxDestroy(dsigCtx);
441    return 0;
442}
443
444/* Extract a sha from PEM blob */
445static void extract_owner_sha1(xmlChar *pem, xmlChar **sha1) {
446    abac_get_sha_from_nake_pem((char *) pem, (char **)sha1); 
447    if(debug) fprintf(stderr,"owner sha1 is (%s)..\n", *sha1);
448}
449static void extract_target_sha1(xmlChar *pem, xmlChar **sha1) {
450    abac_get_sha_from_nake_pem((char *) pem,(char **)sha1); 
451    if(debug) fprintf(stderr,"group sha1 is (%s)..\n", *sha1);
452}
453
454/* Parse the content of the expires field and compare it to the time passed in
455 * n.  If expires is earlier, return false, else true.  If n is null, compare
456 * it to the current time. */
457static int check_GENI_expires(xmlChar *expires, struct tm *n) {
458    struct tm tv;   /* Parsed expires field */
459    time_t now;     /* Now in seconds since the epoch */
460    time_t exp;     /* expires in seconds since the epoch */
461
462    if (n) now = mktime(n);
463    else time(&now);
464
465    strptime((char *) expires, "%FT%TZ", &tv);
466    exp = timegm(&tv);
467
468    return difftime(exp, now) > 0.0;
469}
470
471/* Convert a parsed privilege in a GENI privilege string into one or more ABAC
472 * creds.  Rules are as in http://groups.geni.net/geni/wiki/TIEDCredentials .
473 * keyid is  the issuer's keyid, text_owner is the owners keyid (XXX:a
474 * placeholder) text_target is the target's keyid (XXX: a placeholder), priv is
475 * the privilege being assigned, and delegate is true if it can be delegated.
476 * carray is the output array of character strings that currently has *nc
477 * entries in it.  If nc has nothing in it, insert the "speaks_for" delegation
478 * rules.  Then add the privilege specific rules. On failure ***carray and its
479 * contents are freed and *nc is set to zero.*/
480static void add_privilege_credential_string(xmlChar *text_keyid, xmlChar *text_owner, 
481        xmlChar *text_target, xmlChar *priv, int delegate, xmlChar ***carray,
482        int *nc) {
483    xmlChar **rv = *carray;     /* Local pointer to the array of strings */
484    xmlChar **newrv = NULL;     /* Used to realloc the array of strings */
485    int ncred = *nc;            /* Local copy of the number of creds in rv */
486    int newc = (delegate) ? 3 : 1;  /* Number of new creds to add */
487    int base = ncred;           /* First new credential index.  This advances
488                                   as we add creds to rv. */
489    int i = 0;                  /* Scratch */
490
491    /* If rv is empty, add the speaks_for rules */
492    if (base == 0 ) newc += 2;
493
494    /* Resize rv */
495    if (!(newrv = realloc(rv, (base + newc) * sizeof(xmlChar *))))
496        goto fail;
497
498    for ( i = base; i < base +newc; i ++) { 
499        newrv[i] = NULL;
500    }
501
502    /* So fail works */
503    rv = newrv;
504    ncred = base + newc;
505
506    /* Add speaks_for rules  if needed */
507    if ( base == 0 ) {
508        if ( !(rv[base] = malloc(CREDLEN))) goto fail;
509        snprintf((char *) rv[base], CREDLEN, 
510                "%s.speaks_for_%s <- %s.speaks_for_%s",
511                text_keyid, text_owner, text_owner, text_owner);
512        base++;
513        if ( !(rv[base] = malloc(CREDLEN))) goto fail;
514        snprintf((char *) rv[base], CREDLEN, 
515                "%s.speaks_for_%s <- %s",
516                text_keyid, text_owner, text_owner);
517        base++;
518    }
519
520    /* The assignemnt of priv.  Always happens */
521    if ( !(rv[base] = malloc(CREDLEN))) goto fail;
522    snprintf((char *) rv[base], CREDLEN, 
523            "%s.%s_%s <- %s.speaks_for_%s",
524            text_keyid, priv, text_target, text_keyid, text_owner);
525    base++;
526    /* Add delegation rules */
527    if ( delegate ) {
528        if ( !(rv[base] = malloc(CREDLEN))) goto fail;
529        snprintf((char *) rv[base], CREDLEN, 
530                "%s.%s_%s <- %s.can_delegate_%s_%s.%s_%s",
531                text_keyid, priv, text_target, text_keyid, priv, 
532                text_target, priv, text_target);
533        base++;
534        if ( !(rv[base] = malloc(CREDLEN))) goto fail;
535        snprintf((char *) rv[base], CREDLEN, 
536                "%s.can_delegate_%s_%s <- %s",
537                text_keyid, priv, text_target, text_owner);
538        base++;
539    }
540    /* And return new values */
541    *carray = rv;
542    *nc = ncred;
543    return;
544fail:
545    if ( rv ) {
546        /* Delete all the allocations, ours or not, and clear the caller's
547         * variables */
548        for (i = 0; i < ncred; i++) 
549            if (rv[i]) free(rv[i]);
550        free(rv);
551    }
552    *carray = NULL;
553    *nc = 0;
554}
555
556
557/* Grab the issuer x509 blob */
558static xmlChar *get_issuer(xmlDocPtr doc) {
559    xmlNodePtr root = NULL;         /* Root XML node */
560    xmlNodePtr node = NULL;         /* Scratch XML node */
561    xmlNodePtr x509ptr = NULL;      /* XML X509Certificate node */
562    int rv = 0;                     /* Return value */
563    xmlChar *pem=NULL;
564
565    if (!(root = xmlDocGetRootElement(doc)) )
566        goto fail;
567
568    /* Find the KeyInfo section to be the root of later searches */
569    if ( !(node = xmlSecFindNode(root,
570                    xmlSecNodeKeyInfo, xmlSecDSigNs)))
571        goto fail;
572
573    if ( !(node = xmlSecFindNode(node,
574                    xmlSecNodeX509Data, xmlSecDSigNs)))
575        goto fail;
576
577    /* Find the X509Certificate from KeyInfo section */
578    if ( x509ptr = xmlSecFindNode(node, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
579        pem=get_element_content(x509ptr);
580        } else {
581            goto fail;
582    }
583    return pem;
584fail:
585    return NULL;
586}
587
588/* Parse a GENI privilege credential (that has already had its signature
589 * checked) and return the RT0 strings that the credential is encoded as.  The
590 * return value is an array of strings, zero-terminated (like argv) that holds
591 * the RT0 strings.  It is NULL on failure. */
592static xmlChar **parse_privilege(xmlDocPtr doc, void *ctxt_id_certs) {
593    xmlNodePtr root = NULL;     /* XML root node */
594    xmlNodePtr node = NULL;     /* XML scratch node */
595    xmlNodePtr owner = NULL;    /* XML owner_gid node */
596    xmlNodePtr expires = NULL;  /* XML expires node */
597    xmlNodePtr target = NULL;   /* XML target_gid node */
598    xmlNodePtr privs = NULL;    /* XML privileges node */
599    xmlNodePtr priv = NULL;     /* XML privilege node - used to iterate */
600    xmlChar keyid[SHA_DIGEST_LENGTH];   /* Issuer key SHA1 */
601    xmlChar text_keyid[2*SHA_DIGEST_LENGTH+1];/* Issuer keyid as text */
602    xmlChar *owner_sha1 = NULL;         /* owner gid as text */
603    xmlChar *target_sha1 = NULL;        /* target gid as text */
604    xmlChar **newrv = NULL;     /* Used to realloc rv to add the NULL
605                                   terminator*/
606    xmlChar **rv = NULL;        /* return value */
607    int ncred = 0;              /* number of creds in rv, incase we need to
608                                   deallocate it */
609    int i = 0;                  /* scratch */
610
611    if ( doc && !(root = xmlDocGetRootElement(doc)) ) 
612        goto fail;
613
614    /* Get the issuer keyid */
615    if ( !get_keyid_from_keyinfo(doc, keyid)) 
616        goto fail;
617    sha1_to_text(keyid, text_keyid);
618
619    /* Find the various fields of interest */
620    if ( !(node = xmlSecFindNode(root, (xmlChar *) GENI_credential, NULL)))
621        goto fail;
622
623    /* Make sure this is not expired */
624    if ( !(expires = xmlSecFindNode(node, (xmlChar *) GENI_expires, NULL)))
625        goto fail;
626
627    if ( !check_GENI_expires(get_element_content(expires), NULL))
628        goto fail;
629
630    /* owner and target will be X.509 pem files from which we need to
631     * extract keyids for add_privilege_credential_string.  */
632    if ( !(owner = xmlSecFindNode(node, (xmlChar *) GENI_owner_gid, NULL)))
633        goto fail;
634    extract_owner_sha1(get_element_content(owner),&owner_sha1);
635
636    if ( !(target = xmlSecFindNode(node, (xmlChar *) GENI_target_gid, NULL)))
637        goto fail;
638    extract_target_sha1(get_element_content(target),&target_sha1);
639
640    /* extract issuer pem */
641    xmlChar *issuer_ptr=get_issuer(doc);
642
643    if ( !(privs = xmlSecFindNode(node, (xmlChar *) GENI_privileges, NULL)))
644        goto fail;
645
646    /* Iterate through the privileges, parsing out names and can_delegate and
647     * generating the strings from it. */
648    for (priv = privs->children; priv; priv = priv->next) {
649        /* reinitialized every time around */
650        xmlNodePtr n = NULL;
651        xmlChar *name = NULL;
652        int delegate = -1;
653
654        /* Ignore wayward text and other gook */
655        if ( priv->type != XML_ELEMENT_NODE) 
656            continue;
657
658        /* Ignore things that are not privilege nodes */
659        if ( strcmp((char *) priv->name, (char *) GENI_privilege) ) 
660            continue;
661
662        /* looking for name and can_delegate */
663        for (n = priv->children; n; n = n->next) {
664            if ( n->type != XML_ELEMENT_NODE ) 
665                continue;
666            if ( !strcmp((char *) n->name, (char *) GENI_name)) {
667                name = get_element_content(n);
668                continue;
669            }
670            if ( !strcmp((char *) n->name, (char *) GENI_can_delegate)) {
671                xmlChar *boolean = get_element_content(n);
672
673                if ( !strcmp((char *) boolean, "true") ||
674                        !strcmp((char *) boolean, "1") ) {
675                    delegate = 1;
676                } else if ( !strcmp((char *) boolean, "false") ||
677                        !strcmp((char *) boolean, "0") ) {
678                    delegate = 0;
679                } else {
680                    fprintf(stderr, "Unknown delegation value %s", boolean);
681                }
682            }
683        }
684        /* Found both name and can_delegate, add the RT0 to rv and ncred */
685        if ( name && delegate != -1 ) {
686            add_privilege_credential_string(text_keyid, 
687                    (xmlChar *) owner_sha1, (xmlChar *) target_sha1, name,
688                    delegate, &rv, &ncred);
689            if ( !rv ) goto fail;
690        }
691    }
692
693    /* Add the terminating NULL */
694    if (!(newrv = realloc(rv, sizeof(xmlChar*)*(ncred+1))))
695        goto fail;
696
697    newrv[ncred] = NULL;
698    /* able to extract some RT0s, load issuer credential as side-effect */
699    if(ncred !=1) {
700        /* load  issuer_ptr */ 
701        if(issuer_ptr && abac_verifier_load_id_chars(ctxt_id_certs, issuer_ptr) != 0 /*ABAC_CERT_SUCCESS*/)
702            goto fail;
703    }
704    return newrv;
705
706fail:
707    /* Throw away all of rv if there's an error */
708    if ( rv ) {
709        for (i = 0; i < ncred; i++) 
710            if (rv[i]) free(rv[i]);
711        free(rv);
712    }
713    return NULL;
714}
715
716/*
717 * If n has a child that is an element named name, return a pointer to it,
718 * other wise return NULL.
719 */
720static xmlNodePtr get_direct_child(xmlNodePtr n, xmlChar *name) {
721    xmlNodePtr c = NULL;
722
723    if ( !n ) return NULL;
724
725    for (c = n->children; c; c = c->next) {
726        if ( c->type != XML_ELEMENT_NODE ) 
727            continue;
728        if ( !strcmp((char *) c->name, (char *) name)) 
729            return c;
730    }
731    return NULL;
732}
733
734/*
735 * Convert a version 1.0 rt0 section to an RT0 string, returned in an array of
736 * strings.  This is just allocating the array and copying the string.  RT0 1.0
737 * has no structure.
738 */
739xmlChar **parse_rt0_xml_v10(xmlNodePtr n) {
740    xmlChar *txt;
741    xmlChar **rv = NULL;
742
743    /* read the RT0 and return it */
744    if ( !(txt = get_element_content(n)) ) return NULL;
745
746    if ( !(rv = malloc(2 * sizeof(xmlChar *)))) return NULL;
747    if (!(rv[0] = malloc(strlen((char *) txt)+1))) {
748        free(rv);
749        return NULL;
750    }
751    strcpy((char *) rv[0], (char *) txt);
752    rv[1] = NULL;
753    return rv;
754}
755
756/* Return the length of the string pointed to by rn, ignoring whitespace */
757static int role_len(xmlChar *rn) {
758    xmlChar *p;
759    int len = 0;
760
761    for (p = rn; *p; p++) 
762        if ( !isspace(*p) ) len++;
763    return len;
764}
765
766/* Return the length of the RT0 string represented bt the RT0 1.1 term.  That
767 * term looks like:
768 * <head>
769 *  <ABACprincipal><keyid>...</keyid><mnemonic>...</menmonic></ABACprincipal>
770 *  <role>...</role>
771 *  <linking_role>...</linking_role>
772 * </head>
773 * The container can be either a head or a tail, and the role and linking_role
774 * are optional.  The result is the number of non whitespace characters in the
775 * keyid, role, and linking_role fields (if present) plus a dot to separate
776 * each field.
777 */
778static int term_len(xmlNodePtr n) {
779    int len = 0;
780    xmlNodePtr c = NULL;/* Scratch */
781
782    for (c = n->children; c; c = c->next) {
783        if ( c->type != XML_ELEMENT_NODE ) 
784            continue;
785        if ( !strcmp((char *) c->name, "ABACprincipal")) {
786            xmlNodePtr k = get_direct_child(c, "keyid");
787            if ( !k ) return -1;
788            len += role_len(get_element_content(k));
789        } else if (!strcmp((char *) c->name, "role")) {
790            len += role_len(get_element_content(c)) +1;
791        } else if (!strcmp((char *) c->name, "linking_role")) {
792            len += role_len(get_element_content(c)) +1;
793        }
794    }
795    return len;
796}
797
798/* Copy non-whitespace characters from rn to dest.  Return the final vaue of
799 * dest, but no guarantees are made about it.  The caller must make sure there
800 * is enough space in dest.
801 */
802static xmlChar *role_copy(xmlChar *rn, xmlChar *dest) {
803    while (*rn) {
804        if (!isspace(*rn)) *dest++ = *rn;
805        rn++;
806    }
807    return dest;
808}
809
810/* Turn the contents of the node pointer into a dotted string representation of
811 * the RT0 term.  For example
812 * <tail>
813 *  <ABACprincipal><keyid>P</keyid><mnemonic>...</menmonic></ABACprincipal>
814 *  <role>r2</role>
815 *  <linking_role>r1</linking_role>
816 * </tail>
817 * becomes P.r1.r2.
818 */
819static xmlChar *term_copy(xmlNodePtr n, xmlChar *dest) {
820    xmlNodePtr p = get_direct_child(n, "ABACprincipal");
821
822    if ( !p ) return NULL;
823    if ( !(p = get_direct_child(p, "keyid"))) return NULL;
824    if ( !(dest = role_copy(get_element_content(p), dest))) return NULL;
825    if ( (p = get_direct_child(n, "linking_role"))) {
826        *dest++ = '.';
827        if ( !(dest = role_copy(get_element_content(p), dest))) return NULL;
828    }
829    if ( (p = get_direct_child(n, "role"))) {
830        *dest++ = '.';
831        if ( !(dest = role_copy(get_element_content(p), dest))) return NULL;
832    }
833    return dest;
834}
835
836/*
837 * Append at most sz characters from a to d and advance d by sz characters.  No
838 * checking is done.
839 */
840static xmlChar *append_and_move(xmlChar *d, xmlChar *a, int sz) {
841    int i = 0; 
842    for ( i = 0; i < sz && a[i] != '\0'; i++) 
843        *d++ = a[i];
844    return d;
845}
846
847static void partial_string_dump(char *s, char *e) {
848    for (; s!= e; s++) 
849        fprintf(stderr, "%c", *s);
850    fprintf(stderr, "\n");
851}
852
853
854/*
855 * Parse a structured RT0 v 1.1 xml into an RT0 string.  For example
856 * <head>
857 *  <ABACprincipal><keyid>A</keyid><mnemonic>...</menmonic></ABACprincipal>
858 *  <role>r</role>
859 * </head>
860 * <tail>
861 *  <ABACprincipal><keyid>B</keyid><mnemonic>...</menmonic></ABACprincipal>
862 *  <role>r2</role>
863 *  <linking_role>r1</linking_role>
864 * </tail>
865 * <tail>
866 *  <ABACprincipal><keyid>C</keyid><mnemonic>...</menmonic></ABACprincipal>
867 *  <role>r2</role>
868 * </tail>
869 *
870 * Converts to A.r<-B.r1.r2 & C.r2
871 */
872xmlChar **parse_rt0_xml_v11(xmlNodePtr n) {
873    int len = 3;    /* Length of the RT0 string we're building. Initially 3 for
874                       the <- and end-of-string */
875    int heads = 0;  /* number of tails so far */
876    int tails = 0;  /* number of tails so far */
877    xmlNodePtr c = NULL;/* Scratch */
878    xmlChar **rv = NULL;
879    xmlChar *d = NULL;
880
881    /* Compute the length of the new string and make sure we have a head and at
882     * least one tail.
883     */
884    if ( !n ) return NULL;
885
886    for (c = n->children; c; c = c->next) {
887        if ( c->type != XML_ELEMENT_NODE ) 
888            continue;
889        if ( !strcmp((char *) c->name, "head") ) {
890            len += term_len(c);
891            heads ++;
892        } else if (!strcmp((char *) c->name, "tail")) {
893            len += term_len(c);
894            /* if more than one tail, add space for " & " */
895            if ( tails++) len += 3; 
896        }
897    }
898    if ( heads != 1 || tails < 1) return NULL;
899
900    /* Allocate the return value */
901    if ( !(rv = malloc(2 * sizeof(xmlChar *)))) return NULL;
902    if (!(rv[0] = malloc(len)) ) {
903        free(rv);
904        return NULL;
905    }
906
907    /* Translate term by term */
908    d = rv[0];
909    if ( !( c = get_direct_child(n, "head"))) goto fail;
910    if ( !(d = term_copy(c, d))) goto fail;
911    d = append_and_move(d, "<-", 2);
912    tails = 0;
913    for (c = n->children; c; c = c->next) {
914        if ( c->type != XML_ELEMENT_NODE ) 
915            continue;
916        if ( !strcmp((char *) c->name, "tail") ) {
917            /* if more than one tail, add " & " */
918            if ( tails++) 
919                d = append_and_move(d, " & ", 3);
920            if ( !(d = term_copy(c, d))) goto fail;
921        }
922    }
923    *d++ = '\0';
924    return rv;
925
926fail:
927    free(rv[0]);
928    free(rv);
929    return NULL;
930} 
931/*
932 * Parse an ABAC credential (that has had its signature checked.  Make sure it
933 * has not expired and that its version is one we know.  Return the RT0 it
934 * encodes as the only entry in an NULL-terminated array of strings (just like
935 * parse_privilege). On failure return NULL.  In addition to parsing the
936 * certificate, we add the issuer's identity from the signature to the
937 * controlling context, if any.  ctxt_id_certs is the list of certificates to
938 * which the new certificate is added.
939 */
940xmlChar **parse_abac(xmlDocPtr doc, void *ctxt_id_certs) {
941    xmlNodePtr root = NULL;     /* XML root node */
942    xmlNodePtr node = NULL;     /* XML credential node */
943    xmlNodePtr rt0 = NULL;      /* XML rt0 node */
944    xmlNodePtr expires = NULL;  /* XML expires node */
945    xmlNodePtr version = NULL;  /* XML version node */
946    xmlChar keyid[SHA_DIGEST_LENGTH];/* issuer SHA1 hash */
947    xmlChar text_keyid[2*SHA_DIGEST_LENGTH+1];/* Issuer keyid in text */
948    xmlChar *txt;               /* rt0 content */
949    xmlChar **rv = NULL;        /* return value */
950    xmlChar *issuer_ptr=NULL;   /* Issuer certificate to add to ctxt_id_certs */
951    GENI_xml_processing_t *proc = NULL; /* Specialization for version number */
952    int ncred = 0;              /* number of creds in rv */
953    int i = 0;                  /* Scratch (used only in fail:)  */
954
955    if ( doc && !(root = xmlDocGetRootElement(doc)) ) 
956        goto fail;
957
958    /* Get the issuer keyid */
959    if ( !get_keyid_from_keyinfo(doc, keyid)) 
960        goto fail;
961    sha1_to_text(keyid, text_keyid);
962    /* get the various nodes of interest */
963    if ( !(node = xmlSecFindNode(root, (xmlChar *) GENI_credential, NULL)))
964        goto fail;
965    if ( !(expires = get_direct_child(node, (xmlChar *) GENI_expires)))
966        goto fail;
967    if ( !check_GENI_expires(get_element_content(expires), NULL))
968        goto fail;
969
970    if ( !(rt0 = get_direct_child(node, (xmlChar *) GENI_rt0))) {
971        if ( !(rt0 = get_direct_child(node, (xmlChar *) GENI_abac))) 
972            goto fail;
973        if ( !(rt0 = get_direct_child(rt0, (xmlChar *) GENI_rt0))) 
974            goto fail;
975    }
976
977    /* There are two places to look for a version.  The credential node and the
978     * rt0 node that is a child of the credential node.  The version element is
979     * only under the credential in the misdefined GENI abac v1.0. */
980    if ( !(version = get_direct_child(node, (xmlChar *) GENI_version))) {
981        if ( !(version = get_direct_child(rt0, (xmlChar *) GENI_version))) 
982            goto fail;
983    }
984
985
986    /* Pick parsing specialization based on the version.  If we can't resolve a
987     * processor, this is an unknown version. */
988    if ( !(proc = get_xml_processing(get_element_content(version))))
989        goto fail;
990
991    /* read the RT0 and return it */
992    if ( !(rv = proc->xml_to_rt0(rt0)) ) goto fail;
993    ncred=1;
994
995    /* extract issuer pem and insert */
996    issuer_ptr=get_issuer(doc);
997    if( issuer_ptr && 
998            abac_verifier_load_id_chars(ctxt_id_certs,issuer_ptr) != 
999            ABAC_CERT_SUCCESS) {
1000        goto fail;
1001    }
1002
1003    return rv;
1004fail:
1005    if ( rv ) {
1006        for (i = 0; i < ncred; i++) 
1007            if (rv[i]) free(rv[i]);
1008        free(rv);
1009    }
1010    return NULL;
1011}
1012
1013/* Check and parse a GENI credential.  Return the new RT0 rules in a
1014 * NULL-terminated array of strings.  If the signature or parsing fails, return
1015 * NULL. Demultiplexed to parse_privilege or parse_abac to do the parsing and
1016 * uses check_signature to confirm the sig. If ctxt_id_certs is a list of
1017 * identities known to a context.  If it is not NULL and identity certs appear
1018 * (as they do in GENI credentials) add them to that list, which adds them to
1019 * the ABAC context. */
1020char **read_credential(void *ctxt_id_certs, char *infile, 
1021        char **in_xml) {
1022    xmlChar **xml = (xmlChar **) in_xml;    /* Cast */
1023    xmlDocPtr doc = xmlParseFile(infile);   /* Parse the document */
1024    xmlNodePtr node = NULL;                 /* XML scratch node */
1025    xmlChar *text = NULL;                   /* Text of the type field */
1026    xmlChar **rv = NULL;                    /* return value from parse_* */
1027
1028    if ( !check_signature(doc) ) 
1029        goto fail;
1030    /* Parse out the type field */
1031    if ( !(node = xmlDocGetRootElement(doc)) ) 
1032        goto fail;
1033    if ( !(node = xmlSecFindNode(node, (xmlChar *) GENI_credential, NULL)))
1034        goto fail;
1035    if ( !(node = xmlSecFindNode(node, (xmlChar *) GENI_type, NULL)))
1036        goto fail;
1037
1038    if ( !(text = get_element_content(node)) ) 
1039        goto fail;
1040
1041    /* Demux on type */
1042    if ( !strcmp((char *) text, "privilege")) {
1043        rv = parse_privilege(doc, ctxt_id_certs);
1044    } else if ( !strcmp((char *) text, "abac")) {
1045        rv = parse_abac(doc, ctxt_id_certs);
1046    } else { 
1047        goto fail;
1048    }
1049    int len=0;
1050    xmlDocDumpMemoryEnc(doc, xml, &len, "UTF-8");
1051    if(len == 0)
1052       goto fail;
1053
1054fail:
1055    xmlFreeDoc(doc);
1056    return (char **) rv;
1057}
1058
1059
1060/* format for dates in <expires> */
1061char *strftime_fmt = "%FT%TZ";
1062#define EXPIRESLEN 20
1063
1064/* Return a copy of str with > < and & replaced by &gt; &lt; and &amp; for
1065 * embedding in XML.  Caller is responsible for deallocating the return value
1066 * using xmlFree().
1067 */
1068static xmlChar *minimal_xml_escaping(xmlChar *str) {
1069    /* A quickie translation table with the character to escape, the output
1070     * string and the length of the output in it. The table is initialized with
1071     * the three translations we want. */
1072    static struct esc {
1073        xmlChar c;
1074        xmlChar *esc;
1075        int l;
1076    } escapes[] = {
1077        { (xmlChar) '<', (xmlChar *) "&lt;", 4 }, 
1078        { (xmlChar) '>', (xmlChar *) "&gt;", 4},
1079        { (xmlChar) '&', (xmlChar *) "&amp;", 5},
1080        { (xmlChar) '\0', NULL, 0 },
1081    };
1082
1083    xmlChar *rv = NULL;     /* Return value */
1084    xmlChar *p = NULL;      /* Scratch (walking str) */
1085    xmlChar *q = NULL;      /* Scratch (walking rv) */
1086    struct esc *e = NULL;   /* Scratch for walking escapes */
1087    int len = 0;            /* Length of rv */
1088
1089    /* Walk str and calculate how long the escaped version is */
1090    for ( p = str; *p ; p++) {
1091        int foundit = 0;
1092        for ( e = escapes; !foundit && e->c ; e++ ) {
1093            if ( *p == e->c ) {
1094                len += e->l;
1095                foundit = 1;
1096            }
1097        }
1098        if ( !foundit ) len++;
1099    }
1100    /* Allocate the new string */
1101    q = rv = (xmlChar *) xmlMalloc(len+1);
1102    /* copy str to rv, escaping when necessary */
1103    for ( p = str; *p ; p++) {
1104        int foundit = 0;
1105        for ( e = escapes; !foundit && e->c ; e++ ) {
1106            if ( *p == e->c ) {
1107                strncpy((char *) q, (char *) e->esc, e->l);
1108                q += e->l;
1109                foundit = 1;
1110            }
1111        }
1112        if ( !foundit ) *q++ = *p;
1113    }
1114    /* terminate rv */
1115    *q = '\0';
1116    return rv;
1117}
1118
1119xmlChar *encode_rt0_xml_v10(abac_attribute_t *a) {
1120    return minimal_xml_escaping(abac_attribute_role_string(a));
1121}
1122
1123/* Template to create a head element in structured XML for RT0 (v1.1).  All
1124 * heads are a single role element */
1125static char *head_template = 
1126"<head>\n"
1127"   <ABACprincipal><keyid>%s</keyid></ABACprincipal>\n"
1128"   <role>%s</role>\n"
1129"</head>\n";
1130
1131/* Templates to create a tail in structured XML  based on how many of
1132 * principal, role, and linking role are present. */
1133static char *tail_template[] = {
1134"<tail>\n"
1135"   <ABACprincipal><keyid>%s</keyid></ABACprincipal>\n"
1136"</tail>\n",
1137"<tail>\n"
1138"   <ABACprincipal><keyid>%s</keyid></ABACprincipal>\n"
1139"   <role>%s</role>\n"
1140"</tail>\n",
1141"<tail>\n"
1142"   <ABACprincipal><keyid>%s</keyid></ABACprincipal>\n"
1143"   <role>%s</role>\n"
1144"   <linking_role>%s</linking_role>\n"
1145"</tail>\n",
1146};
1147
1148/* Convert the given attribute to the RT0 structured XML representation used by
1149 * version 1.1 credentials.
1150 */
1151xmlChar *encode_rt0_xml_v11(abac_attribute_t *a) {
1152    int htlen = strlen(head_template);      /* head template length */
1153    int ttlen = strlen(tail_template[2]);   /* length of the longest tail
1154                                               template */
1155    /* Size of the string we'll need - start with a head template and string */
1156    int sz = strlen(abac_attribute_get_head(a)) + htlen;
1157    /* Number of tails in the sttribute */
1158    int ntails = abac_attribute_get_ntails(a);
1159    char *princ_role[2];    /* Used to split the head role */
1160    char *copy = abac_xstrdup(abac_attribute_get_head(a)); /* splitting */
1161    int npr = 2;            /* Number of parts in the head role */
1162    char *tmp = NULL;       /* A temporary to build each tail element */
1163    char *rv = NULL;        /* The return value */
1164    int i;                  /* Scratch */
1165
1166    /* Add the tail lengths to the total length (assume all tails will need the
1167     * largest template for slop). */
1168    for ( i = 0 ; i < ntails; i++)
1169        sz += strlen(abac_attribute_get_tail_n(a, i)) + ttlen;
1170
1171    /* Get the rv and scratch string.  Since tmp is as long as the whole
1172     * string, it's big enough for any substring */
1173    if ( !(rv = (char *) xmlMalloc(sz)) ) goto fail;
1174    if ( !(tmp = (char *) xmlMalloc(sz)) ) goto fail;
1175
1176    abac_split(copy, ".", princ_role, &npr);
1177    if ( npr != 2) 
1178        goto fail;
1179
1180    /* Put the head in */
1181    sz -= snprintf(rv, sz, head_template, princ_role[0], princ_role[1]);
1182
1183    for ( i = 0 ; i < ntails; i++) {
1184        /* Make a role for each tail and use those functions to write out the
1185         * structures for the different kinds of role. */
1186        abac_role_t *r = abac_role_from_string(abac_attribute_get_tail_n(a,i));
1187        int ts;
1188
1189        if ( !r )
1190            goto fail;
1191
1192        if ( abac_role_is_principal(r)) {
1193            char *p = minimal_xml_escaping(abac_role_principal(r));
1194
1195            ts = snprintf(tmp, sz, tail_template[0], p);
1196            free(p);
1197        } else if (abac_role_is_role(r)) {
1198            char *p = minimal_xml_escaping(abac_role_principal(r));
1199            char *ro = minimal_xml_escaping(abac_role_role_name(r));
1200
1201            ts = snprintf(tmp, sz, tail_template[1], p, ro);
1202            free(p);
1203            free(ro);
1204        } else if (abac_role_is_linking(r)) {
1205            char *p = minimal_xml_escaping(abac_role_principal(r));
1206            char *ro = minimal_xml_escaping(abac_role_role_name(r));
1207            char *li = minimal_xml_escaping(abac_role_linking_role(r));
1208
1209            ts = snprintf(tmp, sz, tail_template[2], p, ro, li);
1210            free(p);
1211            free(ro);
1212            free(li);
1213        }
1214
1215        free(r);
1216
1217        if ( ts < 0 ) 
1218            goto fail;
1219
1220        strncat(rv, tmp, sz);
1221        sz -= ts;
1222    }
1223    free(tmp);
1224    return (xmlChar *) rv;
1225
1226fail:
1227    if (rv ) free(rv);
1228    if (tmp) free(tmp);
1229    return NULL;
1230}
1231
1232/* Make an new GENI abac credential with the rt0 rule that expires secs from
1233 * now.  cert is the PEM encoded X.509 of the issuer's certificate as a string.
1234 * certlen is the length of cert.  Returns the XML. Caller is responsible for
1235 * freeing it. */
1236char *make_credential(abac_attribute_t *attr, int secs, char *in_cert, 
1237        int in_certlen) {
1238    xmlSecByte *cert = (xmlSecByte *) in_cert; /* Cast of certificate */
1239    xmlSecSize certlen = (xmlSecSize) in_certlen; /* Cast of len */
1240    xmlDocPtr doc = NULL;       /* parsed XML document */
1241    xmlNodePtr root = NULL;     /* Root of the document */
1242    xmlNodePtr signNode = NULL; /* <Signature> element */
1243    xmlSecDSigCtxPtr dsigCtx = NULL;  /* Signing context */
1244    xmlChar *rt0_xml = NULL;    /* attr's RT0 as xml */
1245    xmlChar *rv = NULL;         /* return value */
1246    time_t exp;                 /* expriation time (seconds since epoch) */
1247    struct tm exp_tm;           /* expiration for formatting */
1248    char estr[EXPIRESLEN+1];    /* String with formatted expiration */
1249    char *temp = NULL;          /* populated XML template */
1250    int len = 0;                /* length of the populated template (temp) */
1251
1252    GENI_xml_processing_t *proc = get_xml_processing(
1253            abac_attribute_get_output_format(attr));
1254
1255    if ( !proc ) goto fail;
1256    if ( !(rt0_xml = proc->rt0_to_xml(attr))) goto fail;
1257
1258    /* Calculate the length of the populated template and allocate it */
1259    len = strlen((char *) proc->out_template)+EXPIRESLEN+
1260        strlen((char *) rt0_xml)+1;
1261
1262    if ( !(temp = malloc(len)) )
1263        goto fail;
1264
1265    /* format expiration */
1266    time(&exp);
1267    exp += secs;
1268    gmtime_r(&exp, &exp_tm);
1269
1270    if (strftime(estr, EXPIRESLEN+1, strftime_fmt, &exp_tm) == 0 ) 
1271        goto fail;
1272
1273    /* Populate template with  expiration and escaped rt0 */
1274    snprintf(temp, len, proc->out_template, estr, (char *) rt0_xml);
1275
1276    /* parse the populated template */
1277    if ( !(doc = xmlParseMemory(temp, len))) 
1278        goto fail;
1279
1280    if (!(root = xmlDocGetRootElement(doc)) )
1281        goto fail;
1282
1283    /* Find the signature element for the Signing call */
1284    signNode = xmlSecFindNode(root, xmlSecNodeSignature, xmlSecDSigNs);
1285
1286    /* Create the context */
1287    if ( !(dsigCtx = xmlSecDSigCtxCreate(NULL))) 
1288        goto fail;
1289
1290    /* Assign the key (a PEM key) */
1291    if (!(dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory(cert, certlen,
1292                    xmlSecKeyDataFormatPem, NULL, NULL, NULL)) )
1293        goto fail;
1294
1295    /* Load the certificate */
1296    if ( xmlSecCryptoAppKeyCertLoadMemory(dsigCtx->signKey, cert, certlen,
1297                xmlSecKeyDataFormatPem) < 0)
1298        goto fail;
1299
1300    /* Sign it */
1301    if ( xmlSecDSigCtxSign(dsigCtx, signNode) < 0)
1302        goto fail;
1303
1304    /* Store the signed credential to rv */
1305    xmlDocDumpMemoryEnc(doc, &rv, &len, "UTF-8");
1306fail:
1307    /* clean up */
1308    if (dsigCtx) 
1309        xmlSecDSigCtxDestroy(dsigCtx);
1310    if ( doc) xmlFreeDoc(doc);
1311    if (rt0_xml) xmlFree(rt0_xml);
1312    if ( temp) free(temp);
1313    return (char *) rv;
1314}
1315
1316#define CERTSIZE 4096
1317/* Read a file into a the dynamically allocated array buf.  Whatever was in buf
1318 * is discarded w/o freeing so it should initially be NULL and len 0. On return
1319 * buf contains as much of the contents of filename as possible and len is the
1320 * length of it.  The caller must free() buf. buf is zero terminated.*/
1321static void read_cert(char *filename, char **buf, int *len) {
1322    FILE *cert = NULL;
1323    char *nbuf = NULL;
1324    int cap = CERTSIZE;
1325    int r = 0;
1326
1327    *len = 0; 
1328    if (!(*buf = malloc(CERTSIZE))) return;
1329
1330    if ( !(cert = fopen(filename, "r"))) 
1331        goto fail;
1332
1333    /* Read cert, expanding buf as necessary */
1334    while ( (r = fread(*buf + *len, 1, cap - *len, cert)) != 0) {
1335        *len += r;
1336        if ( *len == cap ) {
1337            if ( !(nbuf = realloc(*buf, cap + CERTSIZE)) ) 
1338                goto fail;
1339            memcpy(nbuf, *buf, cap);
1340            cap += CERTSIZE;
1341            *buf = nbuf;
1342        }
1343    }
1344    /* Extend if we read exactly cap bytes so we can terminate the string */
1345    if ( *len == cap ) {
1346        if ( !(nbuf = realloc(*buf, cap + CERTSIZE)) ) 
1347            goto fail;
1348        memcpy(nbuf, *buf, cap);
1349        cap += CERTSIZE;
1350        *buf = nbuf;
1351    }
1352    (*buf)[*len] = '\0';
1353    return;
1354fail:
1355    if ( *buf) free(*buf);
1356    *buf = NULL;
1357    *len = 0;
1358    return;
1359}
1360
1361
1362/******** helper functions used by libabac **********************/
1363
1364/* Function to disable libXML2's debugging */
1365static void _nullGenericErrorFunc(void* ctxt, const char* msg, ...) { return; }
1366
1367/* Straight off http://www.aleksey.com/xmlsec/api/xmlsec-examples.html .
1368 * Voodoo.  But call it. */
1369int init_xmlsec() {
1370    /* Init xmlsec library */
1371    if(xmlSecInit() < 0) {
1372        fprintf(stderr, "Error: xmlsec initialization failed.\n");
1373        return(-1);
1374    }
1375
1376    /* Check loaded library version */
1377    if(xmlSecCheckVersion() != 1) {
1378        fprintf(stderr,
1379                "Error: loaded xmlsec library version is not compatible.\n");
1380        return(-1);
1381    }
1382
1383    /* Load default crypto engine if we are supporting dynamic
1384     * loading for xmlsec-crypto libraries. Use the crypto library
1385     * name ("openssl", "nss", etc.) to load corresponding
1386     * xmlsec-crypto library.
1387     */
1388#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
1389    if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
1390        fprintf(stderr, "Error: unable to load default xmlsec-crypto library. "
1391                "Make sure\n" 
1392                "that you have it installed and check shared libraries path\n"
1393                "(LD_LIBRARY_PATH) envornment variable.\n");
1394        return(-1);     
1395    }
1396#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
1397
1398    /* Init crypto library */
1399    if(xmlSecCryptoAppInit(NULL) < 0) {
1400        fprintf(stderr, "Error: crypto initialization failed.\n");
1401        return(-1);
1402    }
1403
1404    /* Init xmlsec-crypto library */
1405    if(xmlSecCryptoInit() < 0) {
1406        fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
1407        return(-1);
1408    }
1409    /* Turn off the built in debugging */
1410    xmlThrDefSetGenericErrorFunc(NULL, _nullGenericErrorFunc);
1411    xmlSetGenericErrorFunc(NULL, _nullGenericErrorFunc);
1412
1413    return 0;
1414}
1415
1416int deinit_xmlsec() {
1417  /* no op for now */
1418    return 0;
1419}
1420
1421
1422/* parse the xml blob and extract keyid */ 
1423char *get_keyid_from_xml(char *xml) {
1424    xmlDocPtr doc=xmlParseMemory(xml,strlen(xml));
1425    xmlChar keyid[SHA_DIGEST_LENGTH];   /* Issuer key SHA1 */
1426    xmlChar text_keyid[2*SHA_DIGEST_LENGTH+1];/* Issuer keyid as text */
1427    char *ret=NULL;
1428
1429    /* Get the issuer keyid */
1430    if ( !get_keyid_from_keyinfo(doc, keyid))
1431        goto fail;
1432    sha1_to_text(keyid, text_keyid);
1433    ret=strdup((char *)text_keyid);
1434fail:
1435    xmlFreeDoc(doc);
1436    return ret;
1437}
1438
1439/* parse xml and get the expected expiration time and returns
1440 * (expiration time-current time)
1441 */
1442long get_validity_from_xml(char *xml) {
1443    xmlDocPtr doc=xmlParseMemory(xml,strlen(xml));
1444    xmlNodePtr node = NULL;                 /* XML scratch node */
1445    xmlNodePtr expires = NULL;  /* XML expires node */
1446    struct tm tv;   /* Parsed expires field */
1447    time_t now;     /* Now in seconds since the epoch */
1448    time_t exp;     /* expires in seconds since the epoch */
1449    long dtime=0;
1450
1451    if ( !(node = xmlDocGetRootElement(doc)) )
1452        goto fail;
1453
1454    if ( !(expires = xmlSecFindNode(node, (xmlChar *) GENI_expires, NULL)))
1455        goto fail;
1456
1457    xmlChar *etime=get_element_content(expires);
1458    time(&now);
1459
1460    strptime((char *) etime, "%FT%TZ", &tv);
1461    exp = timegm(&tv);
1462    dtime=difftime(exp, now);
1463
1464fail:
1465    xmlFreeDoc(doc);
1466    return dtime;
1467}
1468
1469/* parse xml structure and extract the attribute rules */
1470char **get_rt0_from_xml(void *ctxt_id_certs,char *xml) {
1471    xmlDocPtr doc=xmlParseMemory(xml,strlen(xml));
1472    xmlNodePtr node = NULL;                 /* XML scratch node */
1473    xmlChar *text = NULL;                   /* Text of the type field */
1474    xmlChar **rv = NULL;                    /* return value from parse_* */
1475   
1476    if ( !check_signature(doc) )
1477        goto fail;
1478    /* Parse out the type field */
1479    if ( !(node = xmlDocGetRootElement(doc)) )
1480        goto fail;
1481    if ( !(node = xmlSecFindNode(node, (xmlChar *) GENI_credential, NULL)))
1482        goto fail;
1483    if ( !(node = xmlSecFindNode(node, (xmlChar *) GENI_type, NULL)))
1484        goto fail;
1485
1486    if ( !(text = get_element_content(node)) )
1487        goto fail;
1488
1489    /* Demux on type */
1490    if ( !strcmp((char *) text, "privilege")) {
1491        rv = parse_privilege(doc,ctxt_id_certs);
1492    } else if ( !strcmp((char *) text, "abac")) {
1493        rv = parse_abac(doc, ctxt_id_certs);
1494    } else {
1495        goto fail;
1496    }
1497fail:
1498    xmlFreeDoc(doc);
1499    return (char **)rv;
1500}
1501
1502
Note: See TracBrowser for help on using the repository browser.