abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change
on this file since 19be896 was
f7040d8,
checked in by Mike Ryan <mikeryan@…>, 14 years ago
|
perl preprover
SSL key id differs from our (libabac) keyid
SSL: sha1(whole cert)
us: sha1(pub key)
|
-
Property mode set to
100755
|
File size:
1.2 KB
|
Rev | Line | |
---|
[f7040d8] | 1 | #!/usr/bin/perl |
---|
| 2 | |
---|
| 3 | use strict; |
---|
| 4 | use Data::Dumper; |
---|
| 5 | use XMLRPC; |
---|
| 6 | |
---|
| 7 | use lib '../swig/perl'; |
---|
| 8 | use ABAC; |
---|
| 9 | |
---|
| 10 | ABAC::libabac_init; |
---|
| 11 | |
---|
| 12 | use constant { |
---|
| 13 | PORT => 8000, |
---|
| 14 | }; |
---|
| 15 | |
---|
| 16 | my $keystore = shift || die "Usage: $0 <keystore>\n"; |
---|
| 17 | my $ctx = ABAC::Context->new; |
---|
| 18 | $ctx->load_directory($keystore); |
---|
| 19 | |
---|
| 20 | my $server = XMLRPC->new(); |
---|
| 21 | $server->add_method({ |
---|
| 22 | name => 'abac.query', |
---|
| 23 | code => \&abac_query, |
---|
| 24 | signature => [ 'struct struct' ], |
---|
| 25 | }); |
---|
| 26 | $server->run(8000); |
---|
| 27 | |
---|
| 28 | sub abac_query { |
---|
| 29 | my ($server, $request) = @_; |
---|
| 30 | |
---|
| 31 | my $peer_cert = $server->{peer_cert}; |
---|
| 32 | my $peer_id = ABAC::SSL_keyid($peer_cert); |
---|
| 33 | |
---|
| 34 | # clone the context so the state remains pure between requests |
---|
| 35 | my $local_ctx = ABAC::Context->new($ctx); |
---|
| 36 | foreach my $cred (@{$request->{credentials}}) { |
---|
| 37 | my $ret = $local_ctx->load_id_chunk($cred->{issuer_cert}); |
---|
| 38 | warn "Invalid issuer certificate" unless $ret == $ABAC::ABAC_CERT_SUCCESS; |
---|
| 39 | |
---|
| 40 | $ret = $local_ctx->load_attribute_chunk($cred->{attribute_cert}); |
---|
| 41 | warn "Invalid attribute certificate" unless $ret == $ABAC::ABAC_CERT_SUCCESS; |
---|
| 42 | } |
---|
| 43 | |
---|
| 44 | my $role = $request->{role}; |
---|
| 45 | print "$role <- $peer_id\n"; |
---|
| 46 | my ($success, $credentials) = $local_ctx->query($role, $peer_id); |
---|
| 47 | |
---|
| 48 | return $success; |
---|
| 49 | } |
---|
Note: See
TracBrowser
for help on using the repository browser.