static
void
import_names()
{
OM_uint32 major_status, minor_status;
globus_gsi_cred_handle_t handle;
gss_buffer_desc buffer;
X509 * cert;
gss_OID_set name_types;
globus_result_t result;
globus_list_t *i, *j;
compare_name_test_case_t * test_case;
int present;
major_status = gss_inquire_names_for_mech(
&minor_status,
(gss_OID) globus_i_gss_mech_globus_gssapi_openssl,
&name_types);
if (major_status == GSS_S_COMPLETE)
{
major_status = gss_test_oid_set_member(
&minor_status,
GLOBUS_GSS_C_NT_X509,
name_types,
&present);
if (major_status == GSS_S_COMPLETE && present)
{
gss_l_x509_support = GLOBUS_TRUE;
}
major_status = gss_test_oid_set_member(
&minor_status,
GLOBUS_GSS_C_NT_HOST_IP,
name_types,
&present);
if (major_status == GSS_S_COMPLETE && present)
{
gss_l_host_ip_support = GLOBUS_TRUE;
}
major_status = gss_release_oid_set(&minor_status, &name_types);
}
for (i = test_cases; !globus_list_empty(i); i = globus_list_rest(i))
{
test_case = globus_list_first(i);
if (test_case->name1 == GSS_C_NO_NAME)
{
switch (test_case->name_type1)
{
case GSS_L_ANONYMOUS:
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_ANONYMOUS, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing <anonymous>\n");
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_NO_OID:
buffer.value = test_case->name_token1;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NO_OID, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOSTBASED_SERVICE:
buffer.value = test_case->name_token1;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOST_IP:
if (gss_l_host_ip_support)
{
buffer.value = test_case->name_token1;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_HOST_IP, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
}
break;
case GSS_L_X509:
if (gss_l_x509_support)
{
result = globus_gsi_cred_handle_init(&handle, NULL);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-1);
}
result = globus_gsi_cred_read_cert(handle, test_case->name_token1);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-2);
}
result = globus_gsi_cred_get_cert(handle, &cert);
buffer.value = cert;
buffer.length = sizeof(X509);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_X509, &test_case->name1);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token1);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
X509_free(cert);
globus_gsi_cred_handle_destroy(handle);
}
break;
}
for (j = i; !globus_list_empty(j); j = globus_list_rest(j))
{
compare_name_test_case_t *test_case2 = globus_list_first(j);
if (test_case->name_type1 == test_case2->name_type1 &&
test_case->name_token1 && test_case2->name_token1 &&
strcmp(test_case->name_token1, test_case2->name_token1) == 0 &&
test_case2->name1 == GSS_C_NO_NAME)
{
test_case2->name1 = test_case->name1;
}
if (test_case->name_type1 == test_case2->name_type2 &&
test_case->name_token1 && test_case2->name_token2 &&
strcmp(test_case->name_token1, test_case2->name_token2) == 0 &&
test_case2->name2 == GSS_C_NO_NAME)
{
test_case2->name2 = test_case->name1;
}
}
}
if (test_case->name2 == GSS_C_NO_NAME)
{
switch (test_case->name_type2)
{
case GSS_L_ANONYMOUS:
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_ANONYMOUS, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing <anonymous>\n");
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_NO_OID:
buffer.value = test_case->name_token2;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NO_OID, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOSTBASED_SERVICE:
buffer.value = test_case->name_token2;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
break;
case GSS_L_HOST_IP:
if (gss_l_host_ip_support)
{
buffer.value = test_case->name_token2;
buffer.length = strlen(buffer.value);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_HOST_IP, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
}
break;
case GSS_L_X509:
if (gss_l_x509_support)
{
result = globus_gsi_cred_handle_init(&handle, NULL);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-1);
}
result = globus_gsi_cred_read_cert(handle, test_case->name_token2);
if (result != GLOBUS_SUCCESS)
{
globus_gsi_gssapi_test_print_result(stderr, result);
exit(-2);
}
result = globus_gsi_cred_get_cert(handle, &cert);
buffer.value = cert;
buffer.length = sizeof(X509);
major_status = gss_import_name(&minor_status, &buffer, GLOBUS_GSS_C_NT_X509, &test_case->name2);
if (major_status != GSS_S_COMPLETE)
{
fprintf(stderr, "Error importing %s\n", test_case->name_token2);
globus_gsi_gssapi_test_print_error(stderr, major_status, minor_status);
exit(-1);
}
X509_free(cert);
globus_gsi_cred_handle_destroy(handle);
}
break;
}
for (j = i; !globus_list_empty(j); j = globus_list_rest(j))
{
compare_name_test_case_t *test_case2 = globus_list_first(j);
if (test_case->name_type2 == test_case2->name_type1 &&
test_case->name_token2 && test_case2->name_token1 &&
strcmp(test_case->name_token2, test_case2->name_token1) == 0 &&
test_case2->name1 == GSS_C_NO_NAME)
{
test_case2->name1 = test_case->name2;
}
if (test_case->name_type2 == test_case2->name_type2 &&
test_case->name_token2 && test_case2->name_token2 &&
strcmp(test_case->name_token2, test_case2->name_token2) == 0 &&
test_case2->name2 == GSS_C_NO_NAME)
{
test_case2->name2 = test_case->name2;
}
}
}
}
}
gss_cred_id_t read_globus_credentials(const std::string& filename) {
Arc::Credential cred(filename, "", "", "", "", true);
X509* cert = cred.GetCert();
STACK_OF(X509)* cchain = cred.GetCertChain();
EVP_PKEY* key = cred.GetPrivKey();
globus_gsi_cred_handle_t chandle;
globus_gsi_cred_handle_init(&chandle, NULL);
if(cert) globus_gsi_cred_set_cert(chandle, cert);
if(key) globus_gsi_cred_set_key(chandle, key);
if(cchain) globus_gsi_cred_set_cert_chain(chandle, cchain);
gss_cred_id_desc* ccred = (gss_cred_id_desc*)::malloc(sizeof(gss_cred_id_desc));
if(ccred) {
::memset(ccred,0,sizeof(gss_cred_id_desc));
ccred->cred_handle = chandle; chandle = NULL;
// cred_usage
// ssl_context
X509* identity_cert = NULL;
if(cert) {
globus_gsi_cert_utils_cert_type_t ctype = GLOBUS_GSI_CERT_UTILS_TYPE_DEFAULT;
globus_gsi_cert_utils_get_cert_type(cert,&ctype);
if(ctype == GLOBUS_GSI_CERT_UTILS_TYPE_EEC) {
identity_cert = cert;
};
};
if(!identity_cert && cchain) {
// For compatibility with older globus not using
//globus_gsi_cert_utils_get_identity_cert(cchain,&identity_cert);
for(int n = 0; n < sk_X509_num(cchain); ++n) {
X509* tmp_cert = sk_X509_value(cchain, n);
if(tmp_cert) {
globus_gsi_cert_utils_cert_type_t ctype = GLOBUS_GSI_CERT_UTILS_TYPE_DEFAULT;
globus_gsi_cert_utils_get_cert_type(tmp_cert,&ctype);
if(ctype == GLOBUS_GSI_CERT_UTILS_TYPE_EEC) {
identity_cert = tmp_cert;
break;
};
};
};
};
gss_buffer_desc peer_buffer;
peer_buffer.value = identity_cert;
peer_buffer.length = identity_cert?sizeof(X509):0;
OM_uint32 majstat, minstat;
majstat = gss_import_name(&minstat, &peer_buffer,
identity_cert?GLOBUS_GSS_C_NT_X509:GSS_C_NT_ANONYMOUS,
&ccred->globusid);
if (GSS_ERROR(majstat)) {
logger.msg(Arc::ERROR, "Failed to convert GSI credential to "
"GSS credential (major: %d, minor: %d)", majstat, minstat);
majstat = gss_release_cred(&minstat, &ccred);
};
} else {
ccred = GSS_C_NO_CREDENTIAL;
};
if(cert) X509_free(cert);
if(key) EVP_PKEY_free(key);
if(cchain) sk_X509_pop_free(cchain, X509_free);
if(chandle) globus_gsi_cred_handle_destroy(chandle);
return ccred;
}
