/*
* Creates a XACML Request containing a XACML Subject with the given subjectid, a XACML Resource
* with the given resourceid and a XACML Action with the given actionid.
*
* @param [in/out] request address of the pointer to the XACML request object
* @param [in] subjectid, a X.509 DN, attribute value of the XACML Request/Subject element
* @param [in] resourceid attribute value of the XACML Request/Resource element
* @param [in] actionid attribute value of the XACML Request/Action element
* @return 0 on success or error code on failure.
*/
static int create_xacml_request(xacml_request_t ** request,const char * subjectid, const char * resourceid, const char * actionid)
{
xacml_subject_t * subject;
xacml_attribute_t * subject_attr_id;
xacml_resource_t * resource;
xacml_attribute_t * resource_attr_id;
xacml_action_t * action;
xacml_attribute_t * action_attr_id;
/* XACML Subject with subjectid Attribute value */
subject= xacml_subject_create();
if (subject == NULL) {
fprintf(stderr,"can not create XACML Subject\n");
return 1;
}
subject_attr_id= xacml_attribute_create(XACML_SUBJECT_ID);
if (subject_attr_id == NULL) {
fprintf(stderr,"can not create XACML Subject/Attribute:%s\n",XACML_SUBJECT_ID);
xacml_subject_delete(subject);
return 1;
}
// set X.509 DN value
xacml_attribute_addvalue(subject_attr_id,subjectid);
// set attribute datatype for X.509 DN
xacml_attribute_setdatatype(subject_attr_id,XACML_DATATYPE_X500NAME);
xacml_subject_addattribute(subject,subject_attr_id);
/* XACML Resource with resourceid Attribute value */
resource= xacml_resource_create();
if (resource == NULL) {
fprintf(stderr,"can not create XACML Resource\n");
xacml_subject_delete(subject);
return 2;
}
resource_attr_id= xacml_attribute_create(XACML_RESOURCE_ID);
if (resource_attr_id == NULL) {
fprintf(stderr,"can not create XACML Resource/Attribute:%s\n",XACML_RESOURCE_ID);
xacml_subject_delete(subject);
xacml_resource_delete(resource);
return 2;
}
xacml_attribute_addvalue(resource_attr_id,resourceid);
xacml_resource_addattribute(resource,resource_attr_id);
/* XACML Action with actionid Attribute value */
action= xacml_action_create();
if (action == NULL) {
fprintf(stderr,"can not create XACML Action\n");
xacml_subject_delete(subject);
xacml_resource_delete(resource);
return 3;
}
action_attr_id= xacml_attribute_create(XACML_ACTION_ID);
if (action_attr_id == NULL) {
fprintf(stderr,"can not create XACML Action/Attribute:%s\n",XACML_ACTION_ID);
xacml_subject_delete(subject);
xacml_resource_delete(resource);
xacml_action_delete(action);
return 3;
}
xacml_attribute_addvalue(action_attr_id,actionid);
xacml_action_addattribute(action,action_attr_id);
/* XACML Request with all elements */
*request= xacml_request_create();
if (*request == NULL) {
fprintf(stderr,"can not create XACML Request\n");
xacml_subject_delete(subject);
xacml_resource_delete(resource);
xacml_action_delete(action);
return 4;
}
xacml_request_addsubject(*request,subject);
xacml_request_addresource(*request,resource);
xacml_request_setaction(*request,action);
return 0;
}
/*
* MAIN
*
* usage: ./test-pep <URL>
*/
int main(int argc, char **argv) {
PEP * pep;
pep_error_t pep_rc;
char * url= "http://localhost:8080/PEPd/authz?random";
if (argc == 2) {
url= argv[1];
info("%s: using endpoint URL: %s",argv[0], url);
}
info("initialize PEP...");
pep= pep_initialize();
if (pep == NULL) {
error("test_pep: pep_initialize() failed");
return -1;
}
info("set LOG options...");
pep_setoption(pep,PEP_OPTION_LOG_STDERR,stderr);
pep_setoption(pep,PEP_OPTION_LOG_LEVEL,PEP_LOGLEVEL_DEBUG); // DEBUG, INFO, WARN and ERROR
pep_setoption(pep,PEP_OPTION_LOG_HANDLER,log_handler_pep); // will override stderr log handler
info("create PIP");
pep_pip_t * pip= pip_create("PIPRequestDumper",pip_init,pip_process,pip_destroy);
if (pip == NULL) {
error("test_pep: pip_create(...) failed");
pep_destroy(pep);
return -1;
}
info("install PIP: %s",pip->id);
pep_rc= pep_addpip(pep,pip);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addpip() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
info("install PIP: %s",authzinterop2gridwn_adapter_pip->id);
pep_rc= pep_addpip(pip,authzinterop2gridwn_adapter_pip);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addpip() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
info("install PIP: %s",pip->id);
pep_rc= pep_addpip(pep,pip);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addpip() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
info("create OH and add to PEP...");
pep_obligationhandler_t * oh= oh_create("OHResponseDumper",oh_init,oh_process,oh_destroy);
if (oh == NULL) {
error("test_pep: oh_create(...) failed");
pep_destroy(pep);
return -1;
}
pep_rc= pep_addobligationhandler(pep,oh);
if (pep_rc != PEP_OK) {
error("test_pep: pep_addobligationhandler() failed: %s",pep_strerror(pep_rc));
pep_destroy(pep);
return -1;
}
// create a XACML request
info("create XACML request...");
xacml_request_t * request= xacml_request_create();
assert(request);
info("add XACML subject(cert-chain)...");
xacml_subject_t * subject= xacml_subject_create();
assert(subject);
xacml_attribute_t * certchain= xacml_attribute_create(XACML_AUTHZINTEROP_SUBJECT_CERTCHAIN);
assert(certchain);
xacml_attribute_addvalue(certchain,"PEM_ENCODE_PROXY_CERTCHAIN...");
xacml_attribute_setdatatype(certchain,XACML_DATATYPE_BASE64BINARY);
xacml_subject_addattribute(subject,certchain);
xacml_request_addsubject(request,subject);
info("add XACML resource(resource-id)...");
xacml_resource_t * resource= xacml_resource_create();
assert(resource);
xacml_attribute_t * resource_id= xacml_attribute_create(XACML_RESOURCE_ID);
assert(resource_id);
xacml_attribute_addvalue(resource_id,"http://authz-interop.org/xacml/resource/resource-type/wn");
xacml_resource_addattribute(resource,resource_id);
xacml_request_addresource(request,resource);
info("set XACML action(action-id)...");
xacml_action_t * action= xacml_action_create();
assert(action);
xacml_attribute_t * action_id= xacml_attribute_create(XACML_ACTION_ID);
assert(action_id);
xacml_attribute_addvalue(action_id,"http://authz-interop.org/xacml/action/action-type/execute-now");
xacml_action_addattribute(action,action_id);
xacml_request_setaction(request,action);
info("set XACML environment(path)...");
xacml_environment_t * environment= xacml_environment_create();
assert(environment);
xacml_attribute_t * path= xacml_attribute_create("x-urn:authz:env:path");
assert(path);
xacml_attribute_addvalue(path,"/usr/bin");
xacml_attribute_addvalue(path,"/opt/glite/bin");
xacml_attribute_addvalue(path,"/home/johndoe/bin");
xacml_environment_addattribute(environment,path);
xacml_request_setenvironment(request,environment);
// add many PEPd endpoints for failover testing
info("set PEPd endpoint: %s", url);
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, url);
info("set PEPd endpoint: %s", "http://www.google.com");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://www.google.com");
info("set PEPd endpoint: %s", "http://localhost:8080/PEPd/authz?s7");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://localhost:8080/PEPd/authz?s7");
info("set PEPd endpoint: %s", "http://nasjflkasdjflj.com");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://nasjflkasdjflj.com");
info("set PEPd endpoint: %s", "http://localhost:8080/PEPd/authz?s3");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://localhost:8080/PEPd/authz?s3");
info("set PEPd endpoint: %s", "http://hestia.switch.ch/PEPd/authz?s8");
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://hestia.switch.ch/PEPd/authz?s8");
info("set PEPd endpoint: %s", "http://localhost:8080"); // respond OK 200
pep_rc= pep_setoption(PEP_OPTION_ENDPOINT_URL, "http://localhost:8080");
// send authz request and process
if (pep_rc != PEP_OK) {
error("test_pep: pep_setoption(PEP_OPTION_ENDPOINT_URL,%s) failed: %s",url,pep_strerror(pep_rc));
pep_destroy();
return -1;
}
info("send XACML request to PEPd");
xacml_response_t * response= NULL;
pep_rc= pep_authorize(&request,&response);
if (pep_rc != PEP_OK) {
error("test_pep: pep_authorize(request,response) failed: %s",pep_strerror(pep_rc));
xacml_request_delete(request);
xacml_response_delete(response);
pep_destroy();
pip_delete(pip);
oh_delete(oh);
return -1;
}
info("delete XACML request and response...");
xacml_request_delete(request);
xacml_response_delete(response);
info("destroy PEP...");
pep_rc= pep_destroy();
if (pep_rc != PEP_OK) {
error("test_pep: pep_destroy() failed: %s",pep_strerror(pep_rc));
pip_delete(pip);
oh_delete(oh);
return pep_rc;
}
// WARNING: call these only AFTER pep_destroy()...
info("delete PIP and OH structs...");
pip_delete(pip);
oh_delete(oh);
info("done.");
return 0;
}