int X509Credential::loadFromFileP12(const std::string &p12_cred, const std::string & passwd, DavixError **err){
d_ptr->clear_cert();
if( (d_ptr->_cred = ne_ssl_clicert_read(p12_cred.c_str())) == NULL){
Davix::DavixError::setupError(err, davix_scope_x509cred(),StatusCode::CredentialNotFound, std::string("Impossible to load credential ").append(p12_cred));
return -1;
}
if( ne_ssl_clicert_encrypted(d_ptr->_cred) !=0
&& ne_ssl_clicert_decrypt(d_ptr->_cred, passwd.c_str()) !=0){
Davix::DavixError::setupError(err, davix_scope_x509cred(), StatusCode::LoginPasswordError, std::string("Impossible to decrypt the credential ").append(p12_cred).append(" with the provided password"));
d_ptr->clear_cert();
return -1;
}
return 0;
}
static int setup_ssl(void)
{
char *ccfn = get_option(opt_clicert);
ne_ssl_trust_default_ca(session.sess);
ne_ssl_set_verify(session.sess, cert_verify, NULL);
if (ccfn) {
client_cert = ne_ssl_clicert_read(ccfn);
if (client_cert) {
ne_ssl_provide_clicert(session.sess, provide_clicert, ccfn);
} else {
printf("Could not load client certificate from `%s'.\n",
ccfn);
}
}
return 0;
}
int dav_startsessx(char *server, char *comment, int enable_ssl)
{
FILE *p12 = NULL;
const char *p12cert = "/tmp/usercert.p12";
const char *userkey, *usercert, *userproxy;
char buffer[128];
/* Function to be executed once per thread, used to create the connection structure and set the server name */
if(mutex == 0)
{
/* If no host specified, use the DPNS default one */
if (!server)
server = getenv("DPNS_HOST");
/* Finish the function if the host is still NULL*/
if (!server)
{
dav_error = SENOSHOST;
return -1;
}
/* Trigger an error if the comment is too long */
if(comment && (strlen(comment) > CA_MAXCOMMENTLEN))
{
dav_error = EINVAL;
return -1;
}
pthread_once(&init_once, thread_init_once);
connection = (struct dav_connection *)calloc(sizeof(struct dav_connection), 1);
strcpy(connection->server, server);
mutex = 1;
}
/* exit function if a session already exists */
if(connection->session)
return 0;
/* Retrieve userkey and usercert from environement variable */
userkey = getenv("X509_USER_KEY");
usercert = getenv("X509_USER_CERT");
userproxy = getenv("X509_USER_PROXY");
/* Use a proxy */
if (enable_ssl) {
if (userproxy) {
userkey = usercert = userproxy;
}
/* Try default proxy location */
else if (!userkey && !usercert) {
struct stat stat_buf;
snprintf(buffer, sizeof(buffer), "/tmp/x509up_u%d", getuid());
/* No luck, try with host cert and key */
if (stat(buffer, &stat_buf) != 0) {
usercert = "/etc/grid-security/hostcert.pem";
userkey = "/etc/grid-security/hostkey.pem";
}
}
debug_msg("User certificate: %s", usercert);
debug_msg("User key: %s", userkey);
/* Try to open the certificate, create one if file does not exist yet */
if ((p12 = fopen(p12cert, "r")) == NULL){
if(convert_x509_to_p12(userkey, usercert, p12cert) == -1){
fprintf(stderr, "An error occur in the certificate conversion\n");
return -1;
}
}else {
fclose(p12);
}
/* Try to open a session, return -1 and set the correct errno if it failed */
if ((connection->session = ne_session_create("https", server, 443)) == NULL)
{
dav_error = ENSNACT;
return -1;
}
}
else {
if ((connection->session = ne_session_create("http", server, 80)) == NULL)
{
dav_error = ENSNACT;
return -1;
}
}
/* manual checking for ssl credentials */
ne_ssl_set_verify(connection->session, no_ssl_verification, NULL);
/* Read the pkcs12 certificate */
if (enable_ssl) {
ne_ssl_client_cert *cert = ne_ssl_clicert_read(p12cert);
if (cert == NULL) {
ne_session_destroy(connection->session);
dav_error = SECOMERR;
return -1;
}
ne_ssl_set_clicert(connection->session, cert);
ne_ssl_clicert_free(cert);
}
return 0;
}
