/*
* main
*/
int main(void) {
/* Argus PEP client handle */
PEP * pep;
/* functions return code */
pep_error_t pep_rc; /* PEP function error */
int rc; /* others functions */
/* XACML request and response */
xacml_request_t * request;
xacml_response_t * response;
char * pep_url, * subjectid, * resourceid, * actionid;
/* dump library version */
fprintf(stdout,"using %s\n",pep_version());
/* create the PEP client handle */
pep= pep_initialize();
if (pep == NULL) {
fprintf(stderr,"failed to create PEP client\n");
exit(1);
}
/* debugging options */
pep_setoption(pep,PEP_OPTION_LOG_STDERR,stderr);
pep_setoption(pep,PEP_OPTION_LOG_LEVEL,PEP_LOGLEVEL_DEBUG);
/* configure PEP client: PEP Server endpoint url */
pep_url= "https://chaos.switch.ch:8154/authz";
pep_rc= pep_setoption(pep,PEP_OPTION_ENDPOINT_URL,pep_url);
if (pep_rc != PEP_OK) {
fprintf(stderr,"failed to set PEP endpoint: %s: %s\n", pep_url, pep_strerror(pep_rc));
exit(1);
}
/* configure PEP client: private key and certificate required to access the PEP Server */
/* endpoint (HTTPS with client authentication) */
pep_rc= pep_setoption(pep,PEP_OPTION_ENDPOINT_CLIENT_KEY,"/etc/grid-security/hostkey.pem");
if (pep_rc != PEP_OK) {
fprintf(stderr,"failed to set client key: %s: %s\n", "/etc/grid-security/hostkey.pem", pep_strerror(pep_rc));
exit(1);
}
pep_rc= pep_setoption(pep,PEP_OPTION_ENDPOINT_CLIENT_CERT,"/etc/grid-security/hostcert.pem");
if (pep_rc != PEP_OK) {
fprintf(stderr,"failed to set client cert: %s: %s\n", "/etc/grid-security/hostcert.pem", pep_strerror(pep_rc));
exit(1);
}
/* server certificate CA path for validation */
pep_rc= pep_setoption(pep,PEP_OPTION_ENDPOINT_SERVER_CAPATH,"/etc/grid-security/certificates");
if (pep_rc != PEP_OK) {
fprintf(stderr,"failed to set server CA path: %s: %s\n", "/etc/grid-security/certificates", pep_strerror(pep_rc));
exit(1);
}
/* create the XACML request */
subjectid= "CN=Valery Tschopp 9FEE5EE3,O=Switch - Teleinformatikdienste fuer Lehre und Forschung,DC=slcs,DC=switch,DC=ch";
resourceid= "switch";
actionid= "switch";
rc= create_xacml_request(&request,subjectid,resourceid,actionid);
if (rc != 0) {
fprintf(stderr,"failed to create XACML request\n");
exit(1);
}
/* submit the XACML request */
pep_rc= pep_authorize(pep,&request, &response);
if (pep_rc != PEP_OK) {
fprintf(stderr,"failed to authorize XACML request: %s\n", pep_strerror(pep_rc));
exit(1);
}
/* parse and process XACML response */
rc= process_xacml_response(response);
/* delete resquest and response objs */
xacml_request_delete(request);
xacml_response_delete(response);
/* release the PEP client handle */
pep_destroy(pep);
return 0;
}
/*
* MAIN
*
* usage: ./test-pep <URL>
*/
int main(int argc, char **argv) {
PEP * pep;
pep_error_t pep_rc;
char * url= "http://localhost:8080/PEPd/authz?random";
if (argc == 2) {
url= argv[1];
info("%s: using endpoint URL: %s",argv[0], url);
}
info("initialize PEP...");
pep= pep_initialize();
if (pep == NULL) {
error("test_pep: pep_initialize() failed");
return -1;
}
info("set LOG options...");
pep_setoption(pep,PEP_OPTION_LOG_STDERR,stderr);
pep_setoption(pep,PEP_OPTION_LOG_LEVEL,PEP_LOGLEVEL_DEBUG); // DEBUG, INFO, WARN and ERROR
pep_setoption(pep,PEP_OPTION_LOG_HANDLER,log_handler_pep); // will override stderr log handler
info("create PIP");
pep_pip_t * pip= pip_create("PIPRequestDumper",pip_init,pip_process,pip_destroy);
if (pip == NULL) {
error("test_pep: pip_create(...) failed");
pep_destroy(pep);
return -1;
}
info("install PIP: %s",pip->id);
pep_rc= pep_addpip(pep,pip);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addpip() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
info("install PIP: %s",authzinterop2gridwn_adapter_pip->id);
pep_rc= pep_addpip(pip,authzinterop2gridwn_adapter_pip);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addpip() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
info("install PIP: %s",pip->id);
pep_rc= pep_addpip(pep,pip);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addpip() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
info("create OH and add to PEP...");
pep_obligationhandler_t * oh= oh_create("OHResponseDumper",oh_init,oh_process,oh_destroy);
if (oh == NULL) {
error("test_pep: oh_create(...) failed");
pep_destroy(pep);
return -1;
}
pep_rc= pep_addobligationhandler(pep,oh);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addobligationhandler() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
// create a XACML request
info("create XACML request...");
xacml_request_t * request= xacml_request_create();
assert(request);
info("add XACML subject(cert-chain)...");
xacml_subject_t * subject= xacml_subject_create();
assert(subject);
xacml_attribute_t * certchain= xacml_attribute_create(XACML_AUTHZINTEROP_SUBJECT_CERTCHAIN);
assert(certchain);
xacml_attribute_addvalue(certchain,"PEM_ENCODE_PROXY_CERTCHAIN...");
xacml_attribute_setdatatype(certchain,XACML_DATATYPE_BASE64BINARY);
xacml_subject_addattribute(subject,certchain);
xacml_request_addsubject(request,subject);
info("add XACML resource(resource-id)...");
xacml_resource_t * resource= xacml_resource_create();
assert(resource);
xacml_attribute_t * resource_id= xacml_attribute_create(XACML_RESOURCE_ID);
assert(resource_id);
xacml_attribute_addvalue(resource_id,"http://authz-interop.org/xacml/resource/resource-type/wn");
xacml_resource_addattribute(resource,resource_id);
xacml_request_addresource(request,resource);
info("set XACML action(action-id)...");
xacml_action_t * action= xacml_action_create();
assert(action);
xacml_attribute_t * action_id= xacml_attribute_create(XACML_ACTION_ID);
assert(action_id);
xacml_attribute_addvalue(action_id,"http://authz-interop.org/xacml/action/action-type/execute-now");
xacml_action_addattribute(action,action_id);
xacml_request_setaction(request,action);
info("set XACML environment(path)...");
xacml_environment_t * environment= xacml_environment_create();
assert(environment);
xacml_attribute_t * path= xacml_attribute_create("x-urn:authz:env:path");
assert(path);
xacml_attribute_addvalue(path,"/usr/bin");
xacml_attribute_addvalue(path,"/opt/glite/bin");
xacml_attribute_addvalue(path,"/home/johndoe/bin");
xacml_environment_addattribute(environment,path);
xacml_request_setenvironment(request,environment);
// add many PEPd endpoints for failover testing
info("set PEPd endpoint: %s", url);
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, url);
info("set PEPd endpoint: %s", "http://www.google.com");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://www.google.com");
info("set PEPd endpoint: %s", "http://localhost:8080/PEPd/authz?s7");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://localhost:8080/PEPd/authz?s7");
info("set PEPd endpoint: %s", "http://nasjflkasdjflj.com");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://nasjflkasdjflj.com");
info("set PEPd endpoint: %s", "http://localhost:8080/PEPd/authz?s3");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://localhost:8080/PEPd/authz?s3");
info("set PEPd endpoint: %s", "http://hestia.switch.ch/PEPd/authz?s8");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://hestia.switch.ch/PEPd/authz?s8");
info("set PEPd endpoint: %s", "http://localhost:8080"); // respond OK 200
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://localhost:8080");
// send authz request and process
if (pep_rc != PEP_OK) {
error("test_pep: pep_setoption(PEP_OPTION_ENDPOINT_URL,%s) failed: %s",url,pep_strerror(pep_rc));
pep_destroy();
return -1;
}
info("send XACML request to PEPd");
xacml_response_t * response= NULL;
pep_rc= pep_authorize(&request,&response);
if (pep_rc != PEP_OK) {
error("test_pep: pep_authorize(request,response) failed: %s",pep_strerror(pep_rc));
xacml_request_delete(request);
xacml_response_delete(response);
pep_destroy();
pip_delete(pip);
oh_delete(oh);
return -1;
}
info("delete XACML request and response...");
xacml_request_delete(request);
xacml_response_delete(response);
info("destroy PEP...");
pep_rc= pep_destroy();
if (pep_rc != PEP_OK) {
error("test_pep: pep_destroy() failed: %s",pep_strerror(pep_rc));
pip_delete(pip);
oh_delete(oh);
return pep_rc;
}
// WARNING: call these only AFTER pep_destroy()...
info("delete PIP and OH structs...");
pip_delete(pip);
oh_delete(oh);
info("done.");
return 0;
}