void LoginRESTService::Run()
{
soap soapServer(SOAP_C_UTFSTRING, SOAP_C_UTFSTRING);
// check every 3 seconds if world ended
soapServer.accept_timeout = 3;
soapServer.recv_timeout = 5;
soapServer.send_timeout = 5;
if (!soap_valid_socket(soap_bind(&soapServer, _bindIP.c_str(), _port, 100)))
{
TC_LOG_ERROR("server.rest", "Couldn't bind to %s:%d", _bindIP.c_str(), _port);
return;
}
TC_LOG_INFO("server.rest", "Login service bound to http://%s:%d", _bindIP.c_str(), _port);
http_post_handlers handlers[] =
{
{ "application/json;charset=utf-8", handle_post_plugin },
{ "application/json", handle_post_plugin },
{ nullptr, nullptr }
};
soap_register_plugin_arg(&soapServer, &http_get, (void*)&handle_get_plugin);
soap_register_plugin_arg(&soapServer, &http_post, handlers);
soap_register_plugin_arg(&soapServer, &ContentTypePlugin::Init, (void*)"application/json;charset=utf-8");
// Use our already ready ssl context
soapServer.ctx = Battlenet::SslContext::instance().native_handle();
soapServer.ssl_flags = SOAP_SSL_RSA;
while (!_stopped)
{
if (!soap_valid_socket(soap_accept(&soapServer)))
continue; // ran into an accept timeout
std::shared_ptr<soap> soapClient = std::make_shared<soap>(soapServer);
boost::asio::ip::address_v4 address(soapClient->ip);
if (soap_ssl_accept(soapClient.get()) != SOAP_OK)
{
TC_LOG_DEBUG("server.rest", "Failed SSL handshake from IP=%s", address.to_string().c_str());
continue;
}
TC_LOG_DEBUG("server.rest", "Accepted connection from IP=%s", address.to_string().c_str());
std::thread([soapClient]
{
soap_serve(soapClient.get());
}).detach();
}
// and release the context handle here - soap does not own it so it should not free it on exit
soapServer.ctx = nullptr;
TC_LOG_INFO("server.rest", "Login service exiting...");
}
/**
* srmCheckPermission method.
*
* \param soap
* \param srm_endpoint
* \param userID
* \param path
* \param checkInLocalCacheOnly
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
CheckPermission(struct soap *soap,
const char *srm_endpoint,
const char *userID,
const tSurlInfoArray path,
bool *checkInLocalCacheOnly, /* yes, no const in gsoap headers */
struct srm__srmCheckPermissionResponse_ *resp)
{
DM_DBG_I;
struct srm__srmCheckPermissionRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK|CGSI_OPT_DELEG_FLAG;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
NEW_STR_VAL(userID,TUserID);
NOT_NULL(req.arrayOfSiteURLs = soap_new_srm__ArrayOfTSURLInfo(soap, -1));
ARRAY_OF_TSURL_INFO(arrayOfSiteURLs);
PBOOL_VAL(checkInLocalCacheOnly);
/* To send the request ... */
SOAP_CALL_SRM(CheckPermission);
RETURN(EXIT_SUCCESS);
}
/**
* srmSuspendRequest method.
*
* \param soap
* \param srm_endpoint
* \param userID
* \param requestToken
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
SuspendRequest(struct soap *soap,
const char *srm_endpoint,
const char *userID,
const char *requestToken,
struct srm__srmSuspendRequestResponse_ *resp)
{
DM_DBG_I;
struct srm__srmSuspendRequestRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK|CGSI_OPT_DELEG_FLAG;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
NEW_STR_VAL(userID,TUserID);
NEW_STR_VAL(requestToken,TRequestToken);
/* To send the request ... */
SOAP_CALL_SRM(SuspendRequest);
RETURN(EXIT_SUCCESS);
}
static int
rmc_init (struct soap *soap, char *errbuf, int errbufsz)
{
int flags;
soap_init (soap);
soap->namespaces = namespaces_rmc;
if (rmc_endpoint == NULL && (rmc_endpoint = getenv ("RMC_ENDPOINT")) == NULL) {
if (!gfal_is_nobdii ()) {
if (get_rls_endpoints (&lrc_endpoint, &rmc_endpoint, errbuf, errbufsz) != 0) {
errno = EINVAL;
return (-1);
}
} else {
gfal_errmsg (errbuf, errbufsz, GFAL_ERRLEVEL_ERROR,
"You have to define 'RMC_ENDPOINT' and 'LRC_ENDPOINT' environment variables, when BDII calls are disabled");
errno = EINVAL;
return (-1);
}
}
#ifdef GFAL_SECURE
if (strncmp (rmc_endpoint, "https", 5) == 0) {
flags = CGSI_OPT_SSL_COMPATIBLE;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
}
#endif
gfal_errmsg (errbuf, errbufsz, GFAL_ERRLEVEL_ERROR,
"RMC/LRC are obsolete! Please use LFC instead.");
return (0);
}
/**
* srmMkdir method.
*
* \param soap
* \param srm_endpoint
* \param userID
* \param SURLOrStFN
* \param storageSystemInfo
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
Mkdir(struct soap *soap,
const char *srm_endpoint,
const char *userID,
const char *SURLOrStFN,
const char *storageSystemInfo,
struct srm__srmMkdirResponse_ *resp)
{
DM_DBG_I;
struct srm__srmMkdirRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK|CGSI_OPT_DELEG_FLAG;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
NEW_STR_VAL(userID,TUserID);
NOT_NULL(req.directoryPath = soap_new_srm__TSURLInfo(soap, -1));
NEW_STR_VAL_OPT(req.directoryPath->SURLOrStFN, SURLOrStFN, TSURL);
NEW_STR_VAL_OPT(req.directoryPath->storageSystemInfo, storageSystemInfo, TStorageSystemInfo);
/* To send the request ... */
SOAP_CALL_SRM(Mkdir);
RETURN(EXIT_SUCCESS);
}
/**
* srmAbortRequest method.
*
* \param soap
* \param srm_endpoint
* \param authorizationID
* \param requestToken
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
AbortRequest(struct soap *soap,
const char *srm_endpoint,
const char *authorizationID,
const char *requestToken,
struct srm__srmAbortRequestResponse_ *resp)
{
DM_DBG_I;
struct srm__srmAbortRequestRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
MV_CSTR2PSTR(req.authorizationID,authorizationID);
MV_CSTR2STR(req.requestToken,requestToken);
/* To send the request ... */
SOAP_CALL_SRM(AbortRequest);
RETURN(EXIT_SUCCESS);
}
/**
* srmLs method.
*
* \param soap
* \param srm_endpoint
* \param userID
* \param path
* \param fileStorageType
* \param fullDetailedList
* \param allLevelRecursive
* \param numOfLevels
* \param offset
* \param count
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
Ls(struct soap *soap,
const char *srm_endpoint,
const char *userID,
const tSurlInfoArray path,
const long int *fileStorageType,
bool *fullDetailedList, /* yes, no const in gsoap headers */
bool *allLevelRecursive, /* yes, no const in gsoap headers */
int *numOfLevels, /* yes, no const in gsoap headers */
int *offset, /* yes, no const in gsoap headers */
int *count, /* yes, no const in gsoap headers */
struct srm__srmLsResponse_ *resp)
{
DM_DBG_I;
struct srm__srmLsRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK|CGSI_OPT_DELEG_FLAG;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
NEW_STR_VAL(userID,TUserID);
NOT_NULL(req.paths = soap_new_srm__ArrayOfTSURLInfo(soap, -1));
ARRAY_OF_TSURL_INFO(paths);
req.fileStorageType = (srm__TFileStorageType *)fileStorageType;
DM_LOG(DM_N(2), "fileStorageType == `%s'\n", getTFileStorageType(*req.fileStorageType).c_str());
PBOOL_VAL(fullDetailedList);
PBOOL_VAL(allLevelRecursive);
PINT_VAL(numOfLevels);
PINT_VAL(offset);
PINT_VAL(count);
/* To send the request ... */
SOAP_CALL_SRM(Ls);
RETURN(EXIT_SUCCESS);
}
int main(int argc, char **argv)
{ char *buf;
size_t len;
struct soap soap;
soap_init(&soap);
/* chunking conserves memory and is generally faster: */
soap_set_omode(&soap, SOAP_IO_CHUNK);
if (argc < 2)
{ /* CGI server */
struct http_post_handlers handlers[] =
{ { "image/jpg", jpg_handler },
{ "image/*", image_handler },
{ "image/*;*", image_handler },
{ "text/*", text_handler },
{ "text/*;*", text_handler },
{ NULL }
};
soap_register_plugin_arg(&soap, http_post, handlers); /* register plugin (server only) */
soap_serve(&soap);
exit(0);
}
/* client */
if (soap_post_connect(&soap, argv[1], NULL, "text/html")
|| soap_send(&soap, "<html>")
|| soap_send(&soap, argc == 2 ? "Hello" : argv[2])
|| soap_send(&soap, "</html>")
|| soap_end_send(&soap))
{ soap_print_fault(&soap, stderr);
exit(1);
}
/* after sending, receive body (note: POST handlers should not be set) */
if (soap_begin_recv(&soap)
|| soap_http_body(&soap, &buf, &len)
|| soap_end_recv(&soap))
{ soap_print_fault(&soap, stderr);
exit(1);
}
printf("Received %lu bytes of type %s:\n", (unsigned long)len, soap.http_content?soap.http_content:"");
soap_end(&soap);
soap_done(&soap);
return 0;
}
int main() {
struct soap *mydlo = NULL;
glite_gsplugin_Context gsplugin_ctx = NULL;
int ok1;
// test 1 - stdsoap2.c compatibility
if ((mydlo = soap_new()) == NULL) {
std::cerr << "Couldn't create soap" << std::endl;
return 1;
}
soap_set_endpoint(mydlo, TEST_STR);
std::cout << mydlo->endpoint << std::endl;
ok1 = strcmp(mydlo->endpoint, TEST_STR);
// test 2 - glite_gsplugin.c compatibility
//
// not real test, just may crash in bad test case on calling
// soap->fdelete where will be other function
if ( glite_gsplugin_init_context(&gsplugin_ctx) ) {
std::cerr << "Couldn't create gSOAP plugin context" << std::endl;
goto err;
}
if (soap_register_plugin_arg(mydlo, glite_gsplugin, gsplugin_ctx)) {
std::cerr << "Couldn't register gSoap plugin" << std::endl;
goto err;
}
soap_done(mydlo);
free(mydlo);
glite_gsplugin_free_context(gsplugin_ctx);
return ok1;
err:
if (gsplugin_ctx) glite_gsplugin_free_context(gsplugin_ctx);
if (mydlo) soap_destroy(mydlo);
return 1;
}
/**
* srmPurgeFromSpace method.
*
* \param soap
* \param srm_endpoint
* \param authorizationID
* \param SURL
* \param spaceToken
* \param storageSystemInfo
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
PurgeFromSpace(struct soap *soap,
const char *srm_endpoint,
const char *authorizationID,
std::vector <std::string *> SURL,
const char *spaceToken,
tStorageSystemInfo storageSystemInfo,
struct srm__srmPurgeFromSpaceResponse_ *resp)
{
DM_DBG_I;
struct srm__srmPurgeFromSpaceRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
MV_CSTR2PSTR(req.authorizationID,authorizationID);
/* SURL */
MV_ARRAY_OF_STR_VAL(req.arrayOfSURLs,SURL,urlArray,AnyURI);
MV_CSTR2STR(req.spaceToken,spaceToken);
/* Storage system info */
MV_STORAGE_SYSTEM_INFO(req.storageSystemInfo,storageSystemInfo);
/* To send the request ... */
SOAP_CALL_SRM(PurgeFromSpace);
RETURN(EXIT_SUCCESS);
}
/**
* srmPrepareToGet method.
*
* \param soap
* \param srm_endpoint
* \param userID
* \param arrayOfFileRequests
* \param arrayOfTransferProtocols
* \param userRequestDescription
* \param storageSystemInfo
* \param totalRetryTime
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
PrepareToGet(struct soap *soap,
const char *srm_endpoint,
const char *userID,
const tArrayOfGetFileRequests arrayOfFileRequests,
std::vector <std::string *> arrayOfTransferProtocols,
const char *userRequestDescription,
const char *storageSystemInfo,
const int64_t *totalRetryTime,
struct srm__srmPrepareToGetResponse_ *resp)
{
DM_DBG_I;
struct srm__srmPrepareToGetRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK|CGSI_OPT_DELEG_FLAG;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
NEW_STR_VAL(userID,TUserID);
NOT_NULL(req.arrayOfFileRequests = soap_new_srm__ArrayOfTGetFileRequest(soap, -1));
/* Create the file request */
DM_LOG(DM_N(2), "arrayOfFileRequests.SURLOrStFN.size() == %d\n", arrayOfFileRequests.SURLOrStFN.size());
for (uint u = 0; u < arrayOfFileRequests.SURLOrStFN.size(); u++) {
srm__TGetFileRequest *fileRequest;
NOT_NULL(fileRequest = soap_new_srm__TGetFileRequest(soap, -1));
NOT_NULL(fileRequest->dirOption = soap_new_srm__TDirOption(soap, -1));
if(NOT_NULL_VEC(arrayOfFileRequests,allLevelRecursive)) {
fileRequest->dirOption->allLevelRecursive = (bool *)arrayOfFileRequests.allLevelRecursive[u];
DM_LOG(DM_N(2), "allLevelRecursive[%u] == %d\n", u, *(fileRequest->dirOption->allLevelRecursive));
} else {
fileRequest->dirOption->allLevelRecursive = NULL;
DM_LOG(DM_N(2), "allLevelRecursive[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,isSourceADirectory)) {
fileRequest->dirOption->isSourceADirectory = arrayOfFileRequests.isSourceADirectory[u];
DM_LOG(DM_N(2), "isSourceADirectory[%u] == %d\n", u, fileRequest->dirOption->isSourceADirectory);
} else {
fileRequest->dirOption->isSourceADirectory = 0;
DM_LOG(DM_N(2), "isSourceADirectory[%u] == 0\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,numOfLevels)) {
fileRequest->dirOption->numOfLevels = arrayOfFileRequests.numOfLevels[u];
DM_LOG(DM_N(2), "numOfLevels[%u] == %d\n", u, fileRequest->dirOption->numOfLevels);
} else {
fileRequest->dirOption->numOfLevels = 0;
DM_LOG(DM_N(2), "numOfLevels[%u] == 0\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,fileStorageType)) {
fileRequest->fileStorageType = (srm__TFileStorageType *)getTFileStorageType(arrayOfFileRequests.fileStorageType[u]->c_str());
DM_LOG(DM_N(2), "fileStorageType[%u] == `%s'\n", u, getTFileStorageType(*fileRequest->fileStorageType).c_str());
} else {
fileRequest->fileStorageType = NULL;
DM_LOG(DM_N(2), "fileStorageType[%u] == NULL\n", u);
}
NOT_NULL(fileRequest->fromSURLInfo = soap_new_srm__TSURLInfo(soap, -1));
if(NOT_NULL_VEC(arrayOfFileRequests,SURLOrStFN)) {
NOT_NULL(fileRequest->fromSURLInfo->SURLOrStFN = soap_new_srm__TSURL(soap, -1));
fileRequest->fromSURLInfo->SURLOrStFN->value.assign(arrayOfFileRequests.SURLOrStFN[u]->c_str());
DM_LOG(DM_N(2), "SURLOrStFN[%u] == `%s'\n", u, fileRequest->fromSURLInfo->SURLOrStFN->value.c_str());
} else {
fileRequest->fromSURLInfo->SURLOrStFN = NULL;
DM_LOG(DM_N(2), "SURLOrStFN[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,storageSystemInfo)) {
NOT_NULL(fileRequest->fromSURLInfo->storageSystemInfo = soap_new_srm__TStorageSystemInfo(soap, -1));
fileRequest->fromSURLInfo->storageSystemInfo->value.assign(arrayOfFileRequests.storageSystemInfo[u]->c_str());
DM_LOG(DM_N(2), "storageSystemInfo[%u] == `%s'\n", u, fileRequest->fromSURLInfo->storageSystemInfo->value.c_str());
} else {
fileRequest->fromSURLInfo->storageSystemInfo = NULL;
DM_LOG(DM_N(2), "storageSystemInfo[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,lifetime)) {
NOT_NULL(fileRequest->lifetime = soap_new_srm__TLifeTimeInSeconds(soap, -1));
fileRequest->lifetime->value = *arrayOfFileRequests.lifetime[u];
DM_LOG(DM_N(2), "lifetime[%u] == %"PRIi64"\n", u, fileRequest->lifetime->value);
} else {
fileRequest->lifetime = NULL;
DM_LOG(DM_N(2), "lifetime[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,spaceToken)) {
NOT_NULL(fileRequest->spaceToken = soap_new_srm__TSpaceToken(soap, -1));
fileRequest->spaceToken->value.assign(arrayOfFileRequests.spaceToken[u]->c_str());
DM_LOG(DM_N(2), "spaceToken[%u] == `%s'\n", u, fileRequest->spaceToken->value.c_str());
} else {
fileRequest->spaceToken = NULL;
DM_LOG(DM_N(2), "spaceToken[%u] == NULL\n", u);
}
req.arrayOfFileRequests->getRequestArray.push_back(fileRequest);
}
req.arrayOfTransferProtocols = soap_new_srm__ArrayOf_USCORExsd_USCOREstring(soap, -1);
/* Fill in transfer protocols */
DM_LOG(DM_N(2), "arrayOfTransferProtocols.size() == %d\n", arrayOfTransferProtocols.size());
for(uint u = 0; u < arrayOfTransferProtocols.size(); u++) {
if(arrayOfTransferProtocols[u]) {
req.arrayOfTransferProtocols->stringArray.push_back(arrayOfTransferProtocols[u]->c_str());
DM_LOG(DM_N(2), "arrayOfTransferProtocols[%i] == `%s'\n", u, arrayOfTransferProtocols[u]->c_str());
} else {
DM_LOG(DM_N(2), "arrayOfTransferProtocols[%i] == NULL\n", u);
}
}
NEW_STDSTRING(userRequestDescription);
NEW_STR_VAL(storageSystemInfo,TStorageSystemInfo);
NEW_INT64_VAL(totalRetryTime,TLifeTimeInSeconds);
/* To send the request ... */
SOAP_CALL_SRM(PrepareToGet);
RETURN(EXIT_SUCCESS);
}
int main(int argc, char **argv)
{
FILE *fd;
BIGNUM *bn = BN_new();
/* init OpenSSL before any OpenSSL and crypto operations */
soap_ssl_init();
/* server's RSA private key for signing */
if ((fd = fopen("serverWCF.pem", "r")))
{ srv_privk = PEM_read_PrivateKey(fd, NULL, NULL, (void*)"password");
fclose(fd);
if (!srv_privk)
{ fprintf(stderr, "Could not read private RSA key from server.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
/* server's certificate with public key for encryption and signature verification */
if ((fd = fopen("servercertWCF.pem", "r")))
{ srv_cert = PEM_read_X509(fd, NULL, NULL, NULL);
fclose(fd);
if (!srv_cert)
{ fprintf(stderr, "Could not read certificate from clientcert.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
/* server's RSA public key from the certificate */
srv_pubk = X509_get_pubkey(srv_cert);
if (!srv_pubk)
{ fprintf(stderr, "Could not get public key from certificate\n");
exit(1);
}
/* server's certificate subject, issuer and serial number */
X509_NAME_oneline(X509_get_subject_name(srv_cert), srv_subject, sizeof(srv_subject));
X509_NAME_oneline(X509_get_issuer_name(srv_cert), srv_issuer, sizeof(srv_issuer));
ASN1_INTEGER_to_BN(X509_get_serialNumber(srv_cert), bn);
srv_serial = BN_bn2dec(bn);
fprintf(stderr, "Server certificate issuer = \"%s\"\n", srv_issuer);
fprintf(stderr, "Server certificate serial = %s (%s)\n", BN_bn2hex(bn), srv_serial);
/* client's RSA private key for signing */
if ((fd = fopen("clientWCF.pem", "r")))
{ clt_privk = PEM_read_PrivateKey(fd, NULL, NULL, (void*)"password");
fclose(fd);
if (!clt_privk)
{ fprintf(stderr, "Could not read private RSA key from server.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
/* client's certificate with public key for encryption and signature verification */
if ((fd = fopen("clientcertWCF.pem", "r")))
{ clt_cert = PEM_read_X509(fd, NULL, NULL, NULL);
fclose(fd);
if (!clt_cert)
{ fprintf(stderr, "Could not read certificate from clientcert.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
/* client's RSA public key from the certificate */
clt_pubk = X509_get_pubkey(clt_cert);
if (!clt_pubk)
{ fprintf(stderr, "Could not get public key from certificate\n");
exit(1);
}
/* client's certificate subject, issuer and serial number */
X509_NAME_oneline(X509_get_subject_name(clt_cert), clt_subject, sizeof(clt_subject));
X509_NAME_oneline(X509_get_issuer_name(clt_cert), clt_issuer, sizeof(clt_issuer));
ASN1_INTEGER_to_BN(X509_get_serialNumber(clt_cert), bn);
clt_serial = BN_bn2dec(bn);
fprintf(stderr, "Client certificate issuer = \"%s\"\n", clt_issuer);
fprintf(stderr, "Client certificate serial = %s (%s)\n", BN_bn2hex(bn), clt_serial);
OPENSSL_free(bn);
if (argc >= 2)
{
// Service sample application
int port = atoi(argv[1]);
BasicHttpBinding_USCOREICalculatorService service(SOAP_XML_INDENT | SOAP_XML_CANONICAL);
soap_register_plugin_arg(service.soap, soap_wsse, (void*)token_handler);
service.soap->send_timeout = service.soap->recv_timeout = 10; // 10 sec
/* need cacert to verify certificates */
service.soap->cafile = "clientcertWCF.pem";
service.soap->fsslverify = ssl_verify;
if (!soap_valid_socket(service.bind(NULL, port, 100)))
{
service.soap_stream_fault(std::cerr);
exit(1);
}
std::cerr << "Server running" << std::endl;
for (;;)
{
soap_wsse_verify_auto(service.soap, SOAP_WSSE_IGNORE_EXTRA_REFS, NULL, 0);
soap_wsse_decrypt_auto(service.soap, SOAP_MEC_ENV_DEC_AES256_CBC, srv_privk, 0);
if (!soap_valid_socket(service.accept())
|| service.serve())
service.soap_stream_fault(std::cerr);
service.destroy();
}
}
else
{
// Client sample application
BasicHttpBinding_USCOREICalculatorProxy proxy(endpoint, SOAP_XML_INDENT | SOAP_XML_CANONICAL);
soap_register_plugin_arg(proxy.soap, soap_wsse, (void*)token_handler);
proxy.soap->send_timeout = proxy.soap->recv_timeout = 10; // 10 sec
/* need cacert to verify certificates */
proxy.soap->cafile = "servercertWCF.pem";
proxy.soap->fsslverify = ssl_verify;
double n1 = 3.14, n2 = 1.41;
if (set_clt_security(proxy.soap))
proxy.soap_stream_fault(std::cerr);
else
{
_mssamm__Add areq;
_mssamm__AddResponse ares;
areq.n1 = &n1;
areq.n2 = &n2;
if (proxy.Add(&areq, &ares) == SOAP_OK && ares.AddResult && chk_security(proxy.soap) == SOAP_OK)
printf("Add(%g, %g) = %g\n", *areq.n1, *areq.n2, *ares.AddResult);
else
proxy.soap_stream_fault(std::cerr);
proxy.destroy();
}
if (set_clt_security(proxy.soap))
proxy.soap_stream_fault(std::cerr);
else
{
_mssamm__Subtract sreq;
_mssamm__SubtractResponse sres;
sreq.n1 = &n1;
sreq.n2 = &n2;
if (proxy.Subtract(&sreq, &sres) == SOAP_OK && sres.SubtractResult && chk_security(proxy.soap) == SOAP_OK)
printf("Subtract(%g, %g) = %g\n", *sreq.n1, *sreq.n2, *sres.SubtractResult);
else
proxy.soap_stream_fault(std::cerr);
proxy.destroy();
}
if (set_clt_security(proxy.soap))
proxy.soap_stream_fault(std::cerr);
else
{
_mssamm__Multiply mreq;
_mssamm__MultiplyResponse mres;
mreq.n1 = &n1;
mreq.n2 = &n2;
if (proxy.Multiply(&mreq, &mres) == SOAP_OK && mres.MultiplyResult && chk_security(proxy.soap) == SOAP_OK)
printf("Multiply(%g, %g) = %g\n", *mreq.n1, *mreq.n2, *mres.MultiplyResult);
else
proxy.soap_stream_fault(std::cerr);
proxy.destroy();
}
if (set_clt_security(proxy.soap))
proxy.soap_stream_fault(std::cerr);
else
{
_mssamm__Divide dreq;
_mssamm__DivideResponse dres;
dreq.n1 = &n1;
dreq.n2 = &n2;
if (proxy.Divide(&dreq, &dres) == SOAP_OK && dres.DivideResult && chk_security(proxy.soap) == SOAP_OK)
printf("Divide(%g, %g) = %g\n", *dreq.n1, *dreq.n2, *dres.DivideResult);
else
proxy.soap_stream_fault(std::cerr);
proxy.destroy();
}
}
OPENSSL_free(clt_serial);
OPENSSL_free(srv_serial);
return 0;
}
/**
* srmCopy method.
*
* \param srm_endpoint
* \param userID
* \param arrayOfFileRequests
* \param userRequestDescription
* \param overwriteOption
* \param removeSourceFiles
* \param storageSystemInfo
* \param totalRetryTime
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
Copy(struct soap *soap,
const char *srm_endpoint,
const char *userID,
const tArrayOfCopyFileRequests arrayOfFileRequests,
const char *userRequestDescription,
const long int *overwriteOption,
bool *removeSourceFiles, /* yes, no const in gsoap headers */
const char *storageSystemInfo,
const int64_t *totalRetryTime,
struct srm__srmCopyResponse_ *resp
)
{
DM_DBG_I;
struct srm__srmCopyRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK|CGSI_OPT_DELEG_FLAG;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
NEW_STR_VAL(userID,TUserID);
NOT_NULL(req.arrayOfFileRequests = soap_new_srm__ArrayOfTCopyFileRequest(soap, -1));
/* Create the file request */
DM_LOG(DM_N(2), "arrayOfFileRequests.fromSURLOrStFN.size() == %d\n", arrayOfFileRequests.fromSURLOrStFN.size());
for (uint u = 0; u < arrayOfFileRequests.fromSURLOrStFN.size(); u++) {
srm__TCopyFileRequest *fileRequest;
NOT_NULL(fileRequest = soap_new_srm__TCopyFileRequest(soap, -1));
NOT_NULL(fileRequest->dirOption = soap_new_srm__TDirOption(soap, -1));
if(NOT_NULL_VEC(arrayOfFileRequests,allLevelRecursive)) {
fileRequest->dirOption->allLevelRecursive = (bool *)arrayOfFileRequests.allLevelRecursive[u];
DM_LOG(DM_N(2), "allLevelRecursive[%u] == %d\n", u, *(fileRequest->dirOption->allLevelRecursive));
} else {
fileRequest->dirOption->allLevelRecursive = NULL;
DM_LOG(DM_N(2), "allLevelRecursive[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,isSourceADirectory)) {
fileRequest->dirOption->isSourceADirectory = arrayOfFileRequests.isSourceADirectory[u];
DM_LOG(DM_N(2), "isSourceADirectory[%u] == %d\n", u, fileRequest->dirOption->isSourceADirectory);
} else {
fileRequest->dirOption->isSourceADirectory = 0;
DM_LOG(DM_N(2), "isSourceADirectory == 0\n");
}
if(NOT_NULL_VEC(arrayOfFileRequests,numOfLevels)) {
fileRequest->dirOption->numOfLevels = arrayOfFileRequests.numOfLevels[u];
DM_LOG(DM_N(2), "numOfLevels[%u] == %d\n", u, fileRequest->dirOption->numOfLevels);
} else {
fileRequest->dirOption->numOfLevels = 0;
DM_LOG(DM_N(2), "numOfLevels == 0\n");
}
if(NOT_NULL_VEC(arrayOfFileRequests,fileStorageType)) {
fileRequest->fileStorageType = (srm__TFileStorageType *)getTFileStorageType(arrayOfFileRequests.fileStorageType[u]->c_str());
DM_LOG(DM_N(2), "fileStorageType[%u] == `%s'\n", u, getTFileStorageType(*fileRequest->fileStorageType).c_str());
} else {
fileRequest->fileStorageType = NULL;
DM_LOG(DM_N(2), "fileStorageType[%u] == NULL\n", u);
}
NOT_NULL(fileRequest->fromSURLInfo = soap_new_srm__TSURLInfo(soap, -1));
if(NOT_NULL_VEC(arrayOfFileRequests,fromSURLOrStFN)) {
NOT_NULL(fileRequest->fromSURLInfo->SURLOrStFN = soap_new_srm__TSURL(soap, -1));
fileRequest->fromSURLInfo->SURLOrStFN->value.assign(arrayOfFileRequests.fromSURLOrStFN[u]->c_str());
DM_LOG(DM_N(2), "fromSURLOrStFN[%u] == `%s'\n", u, fileRequest->fromSURLInfo->SURLOrStFN->value.c_str());
} else {
fileRequest->fromSURLInfo->SURLOrStFN = NULL;
DM_LOG(DM_N(2), "fromSURLOrStFN[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,fromStorageSystemInfo)) {
NOT_NULL(fileRequest->fromSURLInfo->storageSystemInfo = soap_new_srm__TStorageSystemInfo(soap, -1));
fileRequest->fromSURLInfo->storageSystemInfo->value.assign(arrayOfFileRequests.fromStorageSystemInfo[u]->c_str());
DM_LOG(DM_N(2), "fromStorageSystemInfo[%u] == `%s'\n", u, fileRequest->fromSURLInfo->storageSystemInfo->value.c_str());
} else {
fileRequest->fromSURLInfo->storageSystemInfo = NULL;
DM_LOG(DM_N(2), "fromStorageSystemInfo[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,lifetime)) {
NOT_NULL(fileRequest->lifetime = soap_new_srm__TLifeTimeInSeconds(soap, -1));
fileRequest->lifetime->value = *arrayOfFileRequests.lifetime[u];
DM_LOG(DM_N(2), "lifetime[%u] == %"PRIi64"\n", u, fileRequest->lifetime->value);
} else {
fileRequest->lifetime = NULL;
DM_LOG(DM_N(2), "lifetime[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,overwriteMode)) {
fileRequest->overwriteMode = (srm__TOverwriteMode *) arrayOfFileRequests.overwriteMode[u];
DM_LOG(DM_N(2), "overwriteMode[%u] == `%s'\n", u, getTOverwriteMode(*fileRequest->overwriteMode).c_str());
} else {
fileRequest->overwriteMode = NULL;
DM_LOG(DM_N(2), "overwriteMode[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,spaceToken)) {
NOT_NULL(fileRequest->spaceToken = soap_new_srm__TSpaceToken(soap, -1));
fileRequest->spaceToken->value.assign(arrayOfFileRequests.spaceToken[u]->c_str());
DM_LOG(DM_N(2), "spaceToken[%u] == `%s'\n", u, fileRequest->spaceToken->value.c_str());
} else {
fileRequest->spaceToken = NULL;
DM_LOG(DM_N(2), "spaceToken[%u] == NULL\n", u);
}
NOT_NULL(fileRequest->toSURLInfo = soap_new_srm__TSURLInfo(soap, -1));
if(NOT_NULL_VEC(arrayOfFileRequests,toSURLOrStFN)) {
NOT_NULL(fileRequest->toSURLInfo->SURLOrStFN = soap_new_srm__TSURL(soap, -1));
fileRequest->toSURLInfo->SURLOrStFN->value.assign(arrayOfFileRequests.toSURLOrStFN[u]->c_str());
DM_LOG(DM_N(2), "toSURLOrStFN[%u] == `%s'\n", u, fileRequest->toSURLInfo->SURLOrStFN->value.c_str());
} else {
fileRequest->toSURLInfo->SURLOrStFN = NULL;
DM_LOG(DM_N(2), "toSURLOrStFN[%u] == NULL\n", u);
}
if(NOT_NULL_VEC(arrayOfFileRequests,toStorageSystemInfo)) {
NOT_NULL(fileRequest->toSURLInfo->storageSystemInfo = soap_new_srm__TStorageSystemInfo(soap, -1));
fileRequest->toSURLInfo->storageSystemInfo->value.assign(arrayOfFileRequests.toStorageSystemInfo[u]->c_str());
DM_LOG(DM_N(2), "toStorageSystemInfo[%u] == `%s'\n", u, fileRequest->toSURLInfo->storageSystemInfo->value.c_str());
} else {
fileRequest->toSURLInfo->storageSystemInfo = NULL;
DM_LOG(DM_N(2), "toStorageSystemInfo[%u] == NULL\n", u);
}
req.arrayOfFileRequests->copyRequestArray.push_back(fileRequest);
}
NEW_STDSTRING(userRequestDescription);
req.overwriteOption = (srm__TOverwriteMode *) overwriteOption;
DM_LOG(DM_N(2), "overwriteOption == `%s'\n", getTOverwriteMode(*req.overwriteOption).c_str());
PBOOL_VAL(removeSourceFiles);
NEW_STR_VAL(storageSystemInfo,TStorageSystemInfo);
NEW_INT64_VAL(totalRetryTime,TLifeTimeInSeconds);
/* To send the request ... */
SOAP_CALL_SRM(Copy);
RETURN(EXIT_SUCCESS);
}
/**
* List all replicas of a given InputDataType. A replica needs to contain
* a valid SEId that is registered with the Information Service.
*
* @param inputDataType Defines one of the following InputDataTypes:
* lfn ... LogicalFileName
* guid ... GUID Global Unique Idenifier
* lds ... LogicalDataSet
* query ... generic query to the catalogue
* Further InputDataTypes can be extended in the future but need to
* be understood by the remote catalogue.
* Note that a catalogue does not need to implement all of the four
* InputDataTypes but is free to support any subset.
* @param inputData Actutual InputData variable
*
* @returns a vector of URLs that represent the locations of where
* the InputData is located. The URL can either be a full URL
* of the form protocol://hostname/pathname
* or hostname
* where hostname is a registered SEId.
*/
std::vector<std::string>
dli::DataLocationInterfaceSOAP::listReplicas(std::string inputDataType,
std::string inputData,
const classad::ClassAd & ad,
const std::string& endpoint)
{
///////////////////...for using secure endpoint
bool proxyInJdl = true;
std::string proxy;
try {
proxy = jdl::get_x509_user_proxy(ad);
} catch(...) {
proxyInJdl = false;
}
if(0 == strncasecmp(endpoint.c_str(), "https://", 8)) {
if (proxyInJdl) {
if (!m_ctx) {
if ( glite_gsplugin_init_context(&m_ctx) ) {
throw DLIerror("gsplugin_init_context FAILED");
}
}
if (glite_gsplugin_set_credential(m_ctx, proxy.c_str(), proxy.c_str())) {
std::string gss_err(m_ctx->error_msg);
glite_gsplugin_free_context(m_ctx);
m_ctx = NULL;
throw DLIerror("Cannot set credentials in the gsoap-plugin context: " + gss_err);
}
} else {
throw DLIerror("UserProxy not specified in the ClassAd");
}
if (soap_register_plugin_arg(&m_soap, glite_gsplugin, m_ctx)) {
std::stringstream ss;
ss << m_soap.error;
std::string soap_err = ss.str();
throw DLIerror("soap_register_plugin_arg FAILED: " + soap_err);
}
}
std::vector<std::string> urlVector;
struct datalocationinterface__listReplicasResponse theList;
// Call listReplicas and handle potential SOAP Faults
if (soap_call_datalocationinterface__listReplicas(
&m_soap,
endpoint.c_str(),
"",
inputDataType, inputData, theList)) {
std::string ex;
if (m_soap.error) {
soap_set_fault(&m_soap);
const char** faultdetail_ptr = soap_faultdetail(&m_soap);
std::string faultdetail;
if (*faultdetail_ptr != NULL) {
faultdetail = *faultdetail_ptr;
} else {
faultdetail = "unknown";
}
const char** faultcode_ptr = soap_faultcode(&m_soap);
std::string faultcode;
if ( *faultcode_ptr != NULL ) faultcode = *faultcode_ptr;
else faultcode = "unknown";
const char** faultstring_ptr = soap_faultstring(&m_soap);
std::string faultstring;
if (*faultstring_ptr != NULL ) faultstring = *faultstring_ptr;
else faultstring = "unknown";
std::string SOAP_FAULTCODE = "SOAP_FAULTCODE: ";
std::string SOAP_FAULTSTRING = "SOAP_FAULTSTRING: ";
std::string SOAP_FAULT_DETAIL = "SOAP_FAULT_DETAIL: ";
std::string new_line = "\n";
ex = new_line + SOAP_FAULTCODE + faultcode + new_line +
SOAP_FAULTSTRING + faultstring + new_line +
SOAP_FAULT_DETAIL + faultdetail + new_line;
} else {
ex = "Error in soap request towards StorageIndex Catalog. Unknown error.";
}
throw DLIerror(ex);
}
for (int i = 0; i < (theList.urlList)->__size; i++) {
#ifdef GSOAP_279_TRICK
std::string *thisS = *(theList.urlList->__ptritem);
#else
std::string *thisS = (theList.urlList->__ptritem);
#endif
//std::string str( ((theList.urlList)->__ptritem)[i] );
std::string str( *(thisS + i) );
urlVector.push_back( str );
}
return urlVector;
} // listReplicas
int main(int argc, char **argv)
{ struct soap *soap;
int server = 0;
int text = 0;
int port = 0;
FILE *fd;
double result;
char *user;
int runs = 1;
/* create context */
soap = soap_new();
/* register wsse plugin */
soap_register_plugin_arg(soap, soap_wsse, (void*)token_handler);
/* options */
if (argc >= 2)
{ if (strchr(argv[1], 'c'))
soap_set_omode(soap, SOAP_IO_CHUNK);
else if (strchr(argv[1], 'y'))
soap_set_omode(soap, SOAP_IO_STORE);
if (strchr(argv[1], 'i'))
soap_set_omode(soap, SOAP_XML_INDENT);
if (strchr(argv[1], 'n'))
soap_set_omode(soap, SOAP_XML_CANONICAL);
if (strchr(argv[1], 'a'))
aes = 1;
if (strchr(argv[1], 'o'))
oaep = 1;
if (strchr(argv[1], 'd'))
sym = 1;
if (strchr(argv[1], 'e'))
enc = 1;
if (strchr(argv[1], 'f'))
addenc = 1;
/* if (strchr(argv[1], 'F'))
addenca = 1; */
if (strchr(argv[1], 'h'))
hmac = 1;
if (strchr(argv[1], 'k'))
nokey = 1;
if (strchr(argv[1], 's'))
server = 1;
if (strchr(argv[1], 't'))
text = 1;
if (strchr(argv[1], 'g'))
addsig = 1;
if (strchr(argv[1], 'b'))
nobody = 1;
if (strchr(argv[1], 'x'))
nohttp = 1;
if (strchr(argv[1], 'z'))
soap_set_mode(soap, SOAP_ENC_ZLIB);
if (isdigit(argv[1][strlen(argv[1])-1]))
{ runs = argv[1][strlen(argv[1])-1] - '0';
soap_set_mode(soap, SOAP_IO_KEEPALIVE);
}
}
/* soap->actor = "..."; */ /* set only when required */
user = getenv("USER");
if (!user)
user = "******";
/* read RSA private key for signing */
if ((fd = fopen("server.pem", "r")))
{ rsa_privk = PEM_read_PrivateKey(fd, NULL, NULL, (void*)"password");
fclose(fd);
if (!rsa_privk)
{ fprintf(stderr, "Could not read private RSA key from server.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
/* read certificate (more efficient is to keep certificate in memory)
to obtain public key for encryption and signature verification */
if ((fd = fopen("servercert.pem", "r")))
{ cert = PEM_read_X509(fd, NULL, NULL, NULL);
fclose(fd);
if (!cert)
{ fprintf(stderr, "Could not read certificate from servercert.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
rsa_pubk = X509_get_pubkey(cert);
if (!rsa_pubk)
{ fprintf(stderr, "Could not get public key from certificate\n");
exit(1);
}
/* port argument */
if (argc >= 3)
port = atoi(argv[2]);
/* need cacert to verify certificates with CA (cacert.pem for testing and
cacerts.pem for production, which contains the trusted CA certificates) */
soap->cafile = "cacert.pem";
/* server or client/ */
if (server)
{ if (port)
{ /* stand-alone server serving messages over port */
if (!soap_valid_socket(soap_bind(soap, NULL, port, 100)))
{ soap_print_fault(soap, stderr);
exit(1);
}
printf("Server started at port %d\n", port);
while (soap_valid_socket(soap_accept(soap)))
{ if (hmac)
soap_wsse_verify_auto(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else if (nokey)
soap_wsse_verify_auto(soap, SOAP_SMD_VRFY_RSA_SHA1, rsa_pubk, 0);
else
soap_wsse_verify_auto(soap, SOAP_SMD_NONE, NULL, 0);
if (sym)
{ if (aes)
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_AES256_CBC, aes_key, sizeof(aes_key));
else
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_DES_CBC, des_key, sizeof(des_key));
}
else if (enc)
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
if (soap_serve(soap))
{ soap_wsse_delete_Security(soap);
soap_print_fault(soap, stderr);
soap_print_fault_location(soap, stderr);
}
soap_destroy(soap);
soap_end(soap);
}
soap_print_fault(soap, stderr);
exit(1);
}
else
{ /* CGI-style server serving messages over stdin/out */
if (hmac)
soap_wsse_verify_auto(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else if (nokey)
soap_wsse_verify_auto(soap, SOAP_SMD_VRFY_RSA_SHA1, rsa_pubk, 0);
else
soap_wsse_verify_auto(soap, SOAP_SMD_NONE, NULL, 0);
if (sym)
{ if (aes)
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_AES256_CBC, aes_key, sizeof(aes_key));
else
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_DES_CBC, des_key, sizeof(des_key));
}
else if (enc)
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
if (soap_serve(soap))
{ soap_wsse_delete_Security(soap);
soap_print_fault(soap, stderr);
soap_print_fault_location(soap, stderr);
}
soap_destroy(soap);
soap_end(soap);
}
}
else /* client */
{ int run;
char endpoint[80];
/* ns1:test data */
struct ns1__add a;
struct ns1__sub b;
a.a = 123;
a.b = 456;
b.a = 789;
b.b = -99999;
/* client sending messages to stdout or over port */
if (port)
sprintf(endpoint, "http://localhost:%d", port);
else if (nohttp)
strcpy(endpoint, "");
else
strcpy(endpoint, "http://");
for (run = 0; run < runs; run++)
{
/* message lifetime of 60 seconds */
soap_wsse_add_Timestamp(soap, "Time", 60);
/* add user name with text or digest password */
if (text)
soap_wsse_add_UsernameTokenText(soap, "User", user, "userPass");
else
soap_wsse_add_UsernameTokenDigest(soap, "User", user, "userPass");
if (sym)
{ if (aes)
{ /* symmetric encryption with AES */
soap_wsse_add_EncryptedData_KeyInfo_KeyName(soap, "My AES Key");
if (soap_wsse_encrypt_body(soap, SOAP_MEC_ENC_AES256_CBC, aes_key, sizeof(aes_key)))
soap_print_fault(soap, stderr);
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_AES256_CBC, aes_key, sizeof(aes_key));
}
else
{ /* symmetric encryption with DES */
soap_wsse_add_EncryptedData_KeyInfo_KeyName(soap, "My DES Key");
if (soap_wsse_encrypt_body(soap, SOAP_MEC_ENC_DES_CBC, des_key, sizeof(des_key)))
soap_print_fault(soap, stderr);
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_DES_CBC, des_key, sizeof(des_key));
}
}
else if (addenc || addenca)
{ /* RSA encryption of the <ns1:add> element */
const char *SubjectKeyId = NULL; /* set to non-NULL to use SubjectKeyIdentifier in Header rather than a full cert key */
/* MUST set wsu:Id of the elements to encrypt */
if (addenc) /* encrypt element <ns1:add> */
{ soap_wsse_set_wsu_id(soap, "ns1:add");
if (soap_wsse_add_EncryptedKey_encrypt_only(soap, SOAP_MEC_ENV_ENC_DES_CBC, "Cert", cert, SubjectKeyId, NULL, NULL, "ns1:add"))
soap_print_fault(soap, stderr);
}
else /* encrypt element <a> */
{ soap_wsse_set_wsu_id(soap, "a");
if (soap_wsse_add_EncryptedKey_encrypt_only(soap, SOAP_MEC_ENV_ENC_DES_CBC, "Cert", cert, SubjectKeyId, NULL, NULL, "a"))
soap_print_fault(soap, stderr);
}
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
}
else if (enc)
{ /* RSA encryption of the SOAP Body */
const char *SubjectKeyId = NULL; /* set to non-NULL to use SubjectKeyIdentifier in Header rather than a full cert key */
if (oaep)
{ if (soap_wsse_add_EncryptedKey(soap, SOAP_MEC_ENV_ENC_AES256_CBC | SOAP_MEC_OAEP, "Cert", cert, SubjectKeyId, NULL, NULL))
soap_print_fault(soap, stderr);
}
else if (aes)
{ if (soap_wsse_add_EncryptedKey(soap, SOAP_MEC_ENV_ENC_AES256_CBC, "Cert", cert, SubjectKeyId, NULL, NULL))
soap_print_fault(soap, stderr);
}
else
{ if (soap_wsse_add_EncryptedKey(soap, SOAP_MEC_ENV_ENC_DES_CBC, "Cert", cert, SubjectKeyId, NULL, NULL))
soap_print_fault(soap, stderr);
}
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
}
if (hmac)
{ /* symmetric signature */
if (nobody)
soap_wsse_sign(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else
soap_wsse_sign_body(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
/* WS-SecureConversation contect token */
soap_wsse_add_SecurityContextToken(soap, "SCT", contextId);
}
else
{ if (nokey)
soap_wsse_add_KeyInfo_KeyName(soap, "MyKey");
else
{ soap_wsse_add_BinarySecurityTokenX509(soap, "X509Token", cert);
soap_wsse_add_KeyInfo_SecurityTokenReferenceX509(soap, "#X509Token");
}
if (nobody || addsig) /* do not sign body */
soap_wsse_sign(soap, SOAP_SMD_SIGN_RSA_SHA1, rsa_privk, 0);
else
soap_wsse_sign_body(soap, SOAP_SMD_SIGN_RSA_SHA256, rsa_privk, 0);
}
/* enable automatic signature verification of server responses */
if (hmac)
soap_wsse_verify_auto(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else if (nokey)
soap_wsse_verify_auto(soap, SOAP_SMD_VRFY_RSA_SHA1, rsa_pubk, 0);
else
soap_wsse_verify_auto(soap, SOAP_SMD_NONE, NULL, 0);
/* sign the response message in unsigned body? If so, set wsu:Id */
if (addsig)
{ soap_wsse_set_wsu_id(soap, "ns1:add");
soap_wsse_sign_only(soap, "User ns1:add");
}
/* invoke the server. You can choose add, sub, mul, or div operations
* that show different security aspects (intentional message rejections)
* for demonstration purposes (see server operations below) */
if (!soap_call_ns1__add(soap, endpoint, NULL, 1.0, 2.0, &result))
{ if (!soap_wsse_verify_Timestamp(soap))
{ const char *servername = soap_wsse_get_Username(soap);
if (servername
&& !strcmp(servername, "server")
&& !soap_wsse_verify_Password(soap, "serverPass"))
printf("Result = %g\n", result);
else
{ fprintf(stderr, "Server authentication failed\n");
soap_print_fault(soap, stderr);
}
}
else
{ fprintf(stderr, "Server response expired\n");
soap_print_fault(soap, stderr);
}
}
else
{ soap_print_fault(soap, stderr);
soap_print_fault_location(soap, stderr);
}
/* clean up security header */
soap_wsse_delete_Security(soap);
/* disable soap_wsse_verify_auto */
soap_wsse_verify_done(soap);
} /* run */
}
/* clean up keys */
if (rsa_privk)
EVP_PKEY_free(rsa_privk);
if (rsa_pubk)
EVP_PKEY_free(rsa_pubk);
if (cert)
X509_free(cert);
/* clean up gSOAP engine */
soap_destroy(soap);
soap_end(soap);
soap_done(soap);
free(soap);
/* done */
return 0;
}
int32 LoginRESTService::HandlePost(soap* soapClient)
{
boost::asio::ip::address_v4 address(soapClient->ip);
std::string ip_address = address.to_string();
TC_LOG_DEBUG("server.rest", "[%s:%d] Handling POST request path=\"%s\"", ip_address.c_str(), soapClient->port, soapClient->path);
static std::string const expectedPath = "/bnetserver/login/";
if (strstr(soapClient->path, expectedPath.c_str()) != &soapClient->path[0])
return 404;
char *buf;
size_t len;
soap_http_body(soapClient, &buf, &len);
Battlenet::JSON::Login::LoginForm loginForm;
Battlenet::JSON::Login::LoginResult loginResult;
if (!JSON::Deserialize(buf, &loginForm))
{
if (soap_register_plugin_arg(soapClient, &ResponseCodePlugin::Init, nullptr) != SOAP_OK)
return 500;
ResponseCodePlugin* responseCode = reinterpret_cast<ResponseCodePlugin*>(soap_lookup_plugin(soapClient, ResponseCodePlugin::PluginId));
ASSERT(responseCode);
responseCode->ErrorCode = 400;
loginResult.set_authentication_state(Battlenet::JSON::Login::LOGIN);
loginResult.set_error_code("UNABLE_TO_DECODE");
loginResult.set_error_message("There was an internal error while connecting to Battle.net. Please try again later.");
return SendResponse(soapClient, loginResult);
}
std::string login;
std::string password;
for (int32 i = 0; i < loginForm.inputs_size(); ++i)
{
if (loginForm.inputs(i).input_id() == "account_name")
login = loginForm.inputs(i).value();
else if (loginForm.inputs(i).input_id() == "password")
password = loginForm.inputs(i).value();
}
Utf8ToUpperOnlyLatin(login);
Utf8ToUpperOnlyLatin(password);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_BNET_ACCOUNT_INFO);
stmt->setString(0, login);
if (PreparedQueryResult result = LoginDatabase.Query(stmt))
{
std::string pass_hash = result->Fetch()[13].GetString();
std::unique_ptr<Battlenet::Session::AccountInfo> accountInfo = Trinity::make_unique<Battlenet::Session::AccountInfo>();
accountInfo->LoadResult(result);
if (CalculateShaPassHash(login, std::move(password)) == pass_hash)
{
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_BNET_CHARACTER_COUNTS_BY_BNET_ID);
stmt->setUInt32(0, accountInfo->Id);
if (PreparedQueryResult characterCountsResult = LoginDatabase.Query(stmt))
{
do
{
Field* fields = characterCountsResult->Fetch();
accountInfo->GameAccounts[fields[0].GetUInt32()]
.CharacterCounts[Battlenet::RealmHandle{ fields[3].GetUInt8(), fields[4].GetUInt8(), fields[2].GetUInt32() }.GetAddress()] = fields[1].GetUInt8();
} while (characterCountsResult->NextRow());
}
stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_BNET_LAST_PLAYER_CHARACTERS);
stmt->setUInt32(0, accountInfo->Id);
if (PreparedQueryResult lastPlayerCharactersResult = LoginDatabase.Query(stmt))
{
Field* fields = lastPlayerCharactersResult->Fetch();
Battlenet::RealmHandle realmId{ fields[1].GetUInt8(), fields[2].GetUInt8(), fields[3].GetUInt32() };
Battlenet::Session::LastPlayedCharacterInfo& lastPlayedCharacter = accountInfo->GameAccounts[fields[0].GetUInt32()]
.LastPlayedCharacters[realmId.GetSubRegionAddress()];
lastPlayedCharacter.RealmId = realmId;
lastPlayedCharacter.CharacterName = fields[4].GetString();
lastPlayedCharacter.CharacterGUID = fields[5].GetUInt64();
lastPlayedCharacter.LastPlayedTime = fields[6].GetUInt32();
}
BigNumber ticket;
ticket.SetRand(20 * 8);
loginResult.set_login_ticket("TC-" + ByteArrayToHexStr(ticket.AsByteArray(20).get(), 20));
AddLoginTicket(loginResult.login_ticket(), std::move(accountInfo));
}
else if (!accountInfo->IsBanned)
{
uint32 maxWrongPassword = uint32(sConfigMgr->GetIntDefault("WrongPass.MaxCount", 0));
if (sConfigMgr->GetBoolDefault("WrongPass.Logging", false))
TC_LOG_DEBUG("server.rest", "[%s, Account %s, Id %u] Attempted to connect with wrong password!", ip_address.c_str(), login.c_str(), accountInfo->Id);
if (maxWrongPassword)
{
SQLTransaction trans = LoginDatabase.BeginTransaction();
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_FAILED_LOGINS);
stmt->setUInt32(0, accountInfo->Id);
trans->Append(stmt);
++accountInfo->FailedLogins;
TC_LOG_DEBUG("server.rest", "MaxWrongPass : %u, failed_login : %u", maxWrongPassword, accountInfo->Id);
if (accountInfo->FailedLogins >= maxWrongPassword)
{
BanMode banType = BanMode(sConfigMgr->GetIntDefault("WrongPass.BanType", uint16(BanMode::BAN_IP)));
int32 banTime = sConfigMgr->GetIntDefault("WrongPass.BanTime", 600);
if (banType == BanMode::BAN_ACCOUNT)
{
stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_BNET_ACCOUNT_AUTO_BANNED);
stmt->setUInt32(0, accountInfo->Id);
}
else
{
stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_IP_AUTO_BANNED);
stmt->setString(0, ip_address);
}
stmt->setUInt32(1, banTime);
trans->Append(stmt);
stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_BNET_RESET_FAILED_LOGINS);
stmt->setUInt32(0, accountInfo->Id);
trans->Append(stmt);
}
LoginDatabase.CommitTransaction(trans);
}
}
}
loginResult.set_authentication_state(Battlenet::JSON::Login::DONE);
return SendResponse(soapClient, loginResult);
}
/**
* srmPrepareToPut method.
*
* \param soap
* \param srm_endpoint
* \param authorizationID
* \param fileRequests
* \param userRequestDescription
* \param overwriteOption
* \param storageSystemInfo
* \param desiredTotalRequestTime
* \param desiredPinLifeTime
* \param desiredFileLifeTime
* \param desiredFileStorageType
* \param targetSpaceToken
* \param retentionPolicy
* \param accessLatency
* \param accessPattern
* \param connectionType
* \param clientNetworks
* \param transferProtocols
* \param resp request response
*
* \returns request exit status (EXIT_SUCCESS/EXIT_FAILURE)
*/
extern int
PrepareToPut(struct soap *soap,
const char *srm_endpoint,
const char *authorizationID,
const tArrayOfPutFileRequests fileRequests,
const char *userRequestDescription,
const long *overwriteOption,
tStorageSystemInfo storageSystemInfo,
int *desiredTotalRequestTime,
int *desiredPinLifeTime,
int *desiredFileLifeTime,
const long *desiredFileStorageType,
const char *targetSpaceToken,
const long *retentionPolicy,
const long *accessLatency,
const long *accessPattern,
const long *connectionType,
std::vector <std::string *> clientNetworks,
std::vector <std::string *> transferProtocols,
struct srm__srmPrepareToPutResponse_ *resp)
{
DM_DBG_I;
struct srm__srmPrepareToPutRequest req;
DO_SOAP_INIT(soap);
#ifdef HAVE_CGSI_PLUGIN
int flags;
flags = CGSI_OPT_DISABLE_NAME_CHECK;
soap_register_plugin_arg (soap, client_cgsi_plugin, &flags);
#else
#warning "Compiling without CGSI plugin support, i.e. no security"
#endif
MV_CSTR2PSTR(req.authorizationID,authorizationID);
/* Create the file request */
NOT_0(fileRequests.SURL, req.arrayOfFileRequests, soap_new_srm__ArrayOfTPutFileRequest(soap, -1));
for (uint u = 0; u < fileRequests.SURL.size(); u++) {
DM_LOG(DM_N(2), "fileRequests.SURL[%u]\n", u);
srm__TPutFileRequest *fileRequest;
NOT_NULL(fileRequest = soap_new_srm__TPutFileRequest(soap, -1));
MV_PSTR2PSTR(fileRequest->targetSURL,fileRequests.SURL[u]);
if(NOT_NULL_VEC(fileRequests,expectedFileSize)) {
fileRequest->expectedFileSize = fileRequests.expectedFileSize[u];
DM_LOG(DM_N(2), "expectedFileSize[%u] = %"PRIi64"\n", u, *(fileRequest->expectedFileSize));
} else {
fileRequest->expectedFileSize = NULL;
DM_LOG(DM_N(2), "expectedFileSize[%u] == NULL\n", u);
}
req.arrayOfFileRequests->requestArray.push_back(fileRequest);
}
MV_CSTR2PSTR(req.userRequestDescription,userRequestDescription);
MV_PSOAP(OverwriteMode,req.overwriteOption,overwriteOption);
/* Storage system info */
MV_STORAGE_SYSTEM_INFO(req.storageSystemInfo,storageSystemInfo);
MV_PINT(req.desiredTotalRequestTime,desiredTotalRequestTime);
MV_PINT(req.desiredPinLifeTime,desiredPinLifeTime);
MV_PINT(req.desiredFileLifeTime,desiredFileLifeTime);
MV_PSOAP(FileStorageType,req.desiredFileStorageType,desiredFileStorageType);
MV_CSTR2PSTR(req.targetSpaceToken,targetSpaceToken);
/* Retention */
MV_RETENTION_POLICY(req.targetFileRetentionPolicyInfo,retentionPolicy,accessLatency);
/* Transfer parameters */
MV_TRANSFER_PARAMETERS(req.transferParameters);
/* To send the request ... */
SOAP_CALL_SRM(PrepareToPut);
RETURN(EXIT_SUCCESS);
}
