source: preprover/server.pl @ 19be896

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 19be896 was f7040d8, checked in by Mike Ryan <mikeryan@…>, 14 years ago

perl preprover

SSL key id differs from our (libabac) keyid

SSL: sha1(whole cert)
us: sha1(pub key)
  • Property mode set to 100755
File size: 1.2 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4use Data::Dumper;
5use XMLRPC;
6
7use lib '../swig/perl';
8use ABAC;
9
10ABAC::libabac_init;
11
12use constant {
13    PORT    => 8000,
14};
15
16my $keystore = shift || die "Usage: $0 <keystore>\n";
17my $ctx = ABAC::Context->new;
18$ctx->load_directory($keystore);
19
20my $server = XMLRPC->new();
21$server->add_method({
22    name        => 'abac.query',
23    code        => \&abac_query,
24    signature   => [ 'struct struct' ],
25});
26$server->run(8000);
27
28sub abac_query {
29    my ($server, $request) = @_;
30
31    my $peer_cert = $server->{peer_cert};
32    my $peer_id = ABAC::SSL_keyid($peer_cert);
33
34    # clone the context so the state remains pure between requests
35    my $local_ctx = ABAC::Context->new($ctx);
36    foreach my $cred (@{$request->{credentials}}) {
37        my $ret = $local_ctx->load_id_chunk($cred->{issuer_cert});
38        warn "Invalid issuer certificate" unless $ret == $ABAC::ABAC_CERT_SUCCESS;
39
40        $ret = $local_ctx->load_attribute_chunk($cred->{attribute_cert});
41        warn "Invalid attribute certificate" unless $ret == $ABAC::ABAC_CERT_SUCCESS;
42    }
43
44    my $role = $request->{role};
45    print "$role <- $peer_id\n";
46    my ($success, $credentials) = $local_ctx->query($role, $peer_id);
47
48    return $success;
49}
Note: See TracBrowser for help on using the repository browser.