191
199
return m_vomsList.count();
202
bool VomsList::write()
204
QString vomsFilename = QDir::homePath() + "/.arc/vomses";
205
QFile vomsFile(vomsFilename);
206
vomsFile.open(QFile::WriteOnly|QFile::Truncate);
208
QTextStream out(&vomsFile);
210
for (int i=0; i<m_vomsList.count(); i++)
212
out << "\"" << m_vomsList.at(i)->alias() << "\" ";
213
out << "\"" << m_vomsList.at(i)->machine() << "\" ";
214
out << "\"" << m_vomsList.at(i)->port() << "\" ";
215
out << "\"" << m_vomsList.at(i)->hostDN() << "\" ";
216
out << "\"" << m_vomsList.at(i)->officialName() << "\" " << endl;
195
229
using namespace ArcCredential;
197
static int create_proxy_file(const std::string& path) {
200
if((::unlink(path.c_str()) != 0) && (errno != ENOENT)) {
201
throw std::runtime_error("Failed to remove proxy file " + path);
203
f = ::open(path.c_str(), O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR);
205
throw std::runtime_error("Failed to create proxy file " + path);
207
if(::chmod(path.c_str(), S_IRUSR | S_IWUSR) != 0) {
208
::unlink(path.c_str());
210
throw std::runtime_error("Failed to change permissions of proxy file " + path);
215
static void write_proxy_file(const std::string& path, const std::string& content) {
216
std::string::size_type off = 0;
217
int f = create_proxy_file(path);
218
while(off < content.length()) {
219
ssize_t l = ::write(f, content.c_str(), content.length()-off);
221
::unlink(path.c_str());
223
throw std::runtime_error("Failed to write into proxy file " + path);
225
off += (std::string::size_type)l;
230
static void remove_proxy_file(const std::string& path) {
231
if((::unlink(path.c_str()) != 0) && (errno != ENOENT)) {
232
throw std::runtime_error("Failed to remove proxy file " + path);
236
static void tls_process_error(Arc::Logger& logger) {
238
err = ERR_get_error();
240
logger.msg(Arc::ERROR, "OpenSSL error -- %s", ERR_error_string(err, NULL));
241
logger.msg(Arc::ERROR, "Library : %s", ERR_lib_error_string(err));
242
logger.msg(Arc::ERROR, "Function : %s", ERR_func_error_string(err));
243
logger.msg(Arc::ERROR, "Reason : %s", ERR_reason_error_string(err));
248
#define PASS_MIN_LENGTH (0)
249
static int input_password(char *password, int passwdsz, bool verify,
250
const std::string& prompt_m_info,
251
const std::string& prompt_verify_m_info,
252
Arc::Logger& logger) {
258
char* buf = new char[passwdsz];
259
memset(buf, 0, passwdsz);
261
char *prompt1 = NULL;
262
char *prompt2 = NULL;
263
prompt1 = UI_construct_prompt(ui, "passphrase", prompt_m_info.c_str());
264
prompt2 = UI_construct_prompt(ui, "passphrase", prompt_verify_m_info.c_str());
265
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
266
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
267
ok = UI_add_input_string(ui, prompt1, ui_flags, password,
268
PASS_MIN_LENGTH, passwdsz - 1);
269
if (ok >= 0 && verify) {
270
ok = UI_add_verify_string(ui, prompt2, ui_flags, buf,
271
PASS_MIN_LENGTH, passwdsz - 1, password);
276
} while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
279
if (ok >= 0) res = strlen(password);
281
logger.msg(Arc::ERROR, "User interface error");
282
tls_process_error(logger);
283
memset(password, 0, (unsigned int)passwdsz);
287
logger.msg(Arc::ERROR, "Aborted!");
288
memset(password, 0, (unsigned int)passwdsz);
293
OPENSSL_free(prompt1);
294
OPENSSL_free(prompt2);
299
static bool is_file(std::string path) {
300
if (Glib::file_test(path, Glib::FILE_TEST_IS_REGULAR))
305
static bool is_dir(std::string path) {
306
if (Glib::file_test(path, Glib::FILE_TEST_IS_DIR))
311
static std::vector<std::string> search_vomses(std::string path) {
312
std::vector<std::string> vomses_files;
313
if(is_file(path)) vomses_files.push_back(path);
314
else if(is_dir(path)) {
315
//if the path 'vomses' is a directory, search all of the files under this directory,
316
//i.e., 'vomses/voA' 'vomses/voB'
317
std::string path_header = path;
318
std::string fullpath;
320
for(Glib::Dir::iterator i = dir.begin(); i != dir.end(); i++ ) {
321
fullpath = path_header + G_DIR_SEPARATOR_S + *i;
322
if(is_file(fullpath)) vomses_files.push_back(fullpath);
323
else if(is_dir(fullpath)) {
324
std::string sub_path = fullpath;
325
//if the path is a directory, search the all of the files under this directory,
326
//i.e., 'vomses/extra/myprivatevo'
327
Glib::Dir subdir(sub_path);
328
for(Glib::Dir::iterator j = subdir.begin(); j != subdir.end(); j++ ) {
329
fullpath = sub_path + G_DIR_SEPARATOR_S + *j;
330
if(is_file(fullpath)) vomses_files.push_back(fullpath);
331
//else if(is_dir(fullpath)) { //if it is again a directory, the files under it will be ignored }
339
static std::string tokens_to_string(std::vector<std::string> tokens) {
341
for(int n = 0; n<tokens.size(); ++n) {
342
s += "\""+tokens[n]+"\" ";
347
231
ArcProxyController::ArcProxyController()
348
232
:logger(Arc::Logger::getRootLogger(), "arcproxy"), logCerr(std::cerr)
350
234
setlocale(LC_ALL, "");
352
m_use_gsi_comm = false;
353
m_use_gsi_proxy = false;
355
m_remove_proxy = false;
356
m_use_empty_passphrase = false; //if use empty passphrase to myproxy server
359
m_use_http_comm = false;
236
use_gsi_comm = false;
237
use_gsi_proxy = false;
239
remove_proxy = false;
240
use_empty_passphrase = false; //if use empty passphrase to myproxy server
243
use_http_comm = false;
363
247
// This ensure command line args overwrite all other options
364
if(!m_cert_path.empty())Arc::SetEnv("X509_USER_CERT", m_cert_path);
365
if(!m_key_path.empty())Arc::SetEnv("X509_USER_KEY", m_key_path);
366
if(!m_proxy_path.empty())Arc::SetEnv("X509_USER_PROXY", m_proxy_path);
367
if(!m_ca_dir.empty())Arc::SetEnv("X509_CERT_DIR", m_ca_dir);
248
if(!cert_path.empty())Arc::SetEnv("X509_USER_CERT", cert_path);
249
if(!key_path.empty())Arc::SetEnv("X509_USER_KEY", key_path);
250
if(!proxy_path.empty())Arc::SetEnv("X509_USER_PROXY", proxy_path);
251
if(!ca_dir.empty())Arc::SetEnv("X509_CERT_DIR", ca_dir);
369
253
m_proxyWindow = 0;
370
254
m_application = 0;
408
292
void ArcProxyController::setUseGSIProxy(bool flag)
410
m_use_gsi_proxy = flag;
294
use_gsi_proxy = flag;
413
297
bool ArcProxyController::getUseGSIProxy()
415
return m_use_gsi_proxy;
299
return use_gsi_proxy;
302
void ArcProxyController::addVomsServerAndRole(const QString& serverAndRole)
304
std::string serverLine = serverAndRole.toStdString();
305
vomslist.push_back(serverLine);
308
void ArcProxyController::addVomsServer(const QString& server, const QString& role)
310
std::string serverLine;
312
if (role.length()!=0)
313
serverLine = server.toStdString() + ":/" + role.toStdString();
315
serverLine = server.toStdString();
317
vomslist.push_back(serverLine);
320
void ArcProxyController::removeVomsServer(const QString& server, const QString& role)
322
std::string serverLine;
324
if (role.length()!=0)
325
serverLine = server.toStdString() + ":/" + role.toStdString();
327
serverLine = server.toStdString();
329
std::vector<std::string>::iterator it;
331
it = find(vomslist.begin(), vomslist.end(), serverLine);
333
if (it!=vomslist.end())
337
QString ArcProxyController::getVomsServer(int idx)
339
QString returnString = vomslist[idx].c_str();
343
int ArcProxyController::vomsServerCount()
345
return vomslist.size();
418
349
ArcProxyController::TCertStatus ArcProxyController::checkCert()
420
351
Arc::ArcLocation::Init("");
422
Arc::UserConfig usercfg(m_conffile,
353
Arc::UserConfig usercfg(conffile,
423
354
Arc::initializeCredentialsType(Arc::initializeCredentialsType::TryCredentials));
425
356
return CS_INVALID_CONFIG;
536
461
proxy_cred_str.append(proxy_privk_str).append(eec_cert_str);
537
462
write_proxy_file(proxy_path, proxy_cred_str);
539
Arc::Credential proxy_cred(proxy_path, proxy_path, "", "");
540
Arc::Time left = proxy_cred.GetEndTime();
541
std::cout << Arc::IString("Proxy generation succeeded") << std::endl;
542
std::cout << Arc::IString("Your proxy is valid until: %s", left.str(Arc::UserTime)) << std::endl;
544
464
return EXIT_SUCCESS;
548
468
// If debug is specified as argument, it should be set before loading the configuration.
470
Arc::Logger::getRootLogger().setThreshold(Arc::string_to_level(debug));
550
if (!m_debug.empty())
551
Arc::Logger::getRootLogger().setThreshold(Arc::string_to_level(m_debug));
472
// This ensure command line args overwrite all other options
473
if(!cert_path.empty())Arc::SetEnv("X509_USER_CERT", cert_path);
474
if(!key_path.empty())Arc::SetEnv("X509_USER_KEY", key_path);
475
if(!proxy_path.empty())Arc::SetEnv("X509_USER_PROXY", proxy_path);
476
if(!ca_dir.empty())Arc::SetEnv("X509_CERT_DIR", ca_dir);
553
478
// Set default, predefined or guessed credentials. Also check if they exist.
555
Arc::UserConfig usercfg(m_conffile,
479
Arc::UserConfig usercfg(conffile,
556
480
Arc::initializeCredentialsType(Arc::initializeCredentialsType::TryCredentials));
558
482
logger.msg(Arc::ERROR, "Failed configuration initialization.");
584
508
// By running credentials initialization once more all set values
585
509
// won't change. But proxy will get default value if not set.
587
Arc::UserConfig tmpcfg(m_conffile,
511
Arc::UserConfig tmpcfg(conffile,
588
512
Arc::initializeCredentialsType(Arc::initializeCredentialsType::NotTryCredentials));
589
if(m_proxy_path.empty()) m_proxy_path = tmpcfg.ProxyPath();
590
usercfg.ProxyPath(m_proxy_path);
513
if(proxy_path.empty()) proxy_path = tmpcfg.ProxyPath();
514
usercfg.ProxyPath(proxy_path);
592
516
// Get back all paths
593
if(m_key_path.empty()) m_key_path = usercfg.KeyPath();
594
if(m_cert_path.empty()) m_cert_path = usercfg.CertificatePath();
595
if(m_ca_dir.empty()) m_ca_dir = usercfg.CACertificatesDirectory();
596
if(m_voms_dir.empty()) m_voms_dir = Arc::GetEnv("X509_VOMS_DIR");
517
if(key_path.empty()) key_path = usercfg.KeyPath();
518
if(cert_path.empty()) cert_path = usercfg.CertificatePath();
519
if(ca_dir.empty()) ca_dir = usercfg.CACertificatesDirectory();
520
if(voms_dir.empty()) voms_dir = Arc::GetEnv("X509_VOMS_DIR");
598
if (m_debug.empty() && !usercfg.Verbosity().empty())
522
if (debug.empty() && !usercfg.Verbosity().empty())
599
523
Arc::Logger::getRootLogger().setThreshold(Arc::string_to_level(usercfg.Verbosity()));
601
if (m_timeout > 0) usercfg.Timeout(m_timeout);
525
if (timeout > 0) usercfg.Timeout(timeout);
604
530
QString ArcProxyController::getIdentity()
606
532
QString identity;
608
Arc::Credential cred(m_cert_path, "", "", "");
534
Arc::Credential cred(cert_path, "", "", "");
610
536
identity = cred.GetDN().c_str();
653
579
int ArcProxyController::printInformation()
655
581
const Arc::Time now;
656
583
std::vector<Arc::VOMSACInfo> voms_attributes;
657
584
bool res = false;
659
if (m_proxy_path.empty()) {
586
if (proxy_path.empty()) {
660
587
logger.msg(Arc::ERROR, "Cannot find the path of the proxy file, "
661
588
"please setup environment X509_USER_PROXY, "
662
589
"or proxypath in a configuration file");
663
590
return EXIT_FAILURE;
665
else if (!(Glib::file_test(m_proxy_path, Glib::FILE_TEST_EXISTS))) {
592
else if (!(Glib::file_test(proxy_path, Glib::FILE_TEST_EXISTS))) {
666
593
logger.msg(Arc::ERROR, "Cannot find file at %s for getting the proxy. "
667
"Please make sure this file exists.", m_proxy_path);
594
"Please make sure this file exists.", proxy_path);
668
595
return EXIT_FAILURE;
671
Arc::Credential holder(m_proxy_path, "", "", "");
598
Arc::Credential holder(proxy_path, "", "", "");
672
599
std::cout << Arc::IString("Subject: %s", holder.GetDN()) << std::endl;
673
600
std::cout << Arc::IString("Issuer: %s", holder.GetIssuerName()) << std::endl;
674
601
std::cout << Arc::IString("Identity: %s", holder.GetIdentityName()) << std::endl;
785
712
int ArcProxyController::generateProxy()
787
Arc::UserConfig usercfg("", Arc::initializeCredentialsType( Arc::initializeCredentialsType::TryCredentials));
790
logger.msg(Arc::ERROR, "Failed configuration initialization");
794
715
const Arc::Time now;
797
if ((m_cert_path.empty() || m_key_path.empty()) &&
798
((m_myproxy_command == "PUT") || (m_myproxy_command == "put") || (m_myproxy_command == "Put"))) {
799
if (m_cert_path.empty())
717
if ((cert_path.empty() || key_path.empty()) &&
718
((myproxy_command == "PUT") || (myproxy_command == "put") || (myproxy_command == "Put"))) {
719
if (cert_path.empty())
800
720
logger.msg(Arc::ERROR, "Cannot find the user certificate path, "
801
721
"please setup environment X509_USER_CERT, "
802
722
"or certificatepath in a configuration file");
803
if (m_key_path.empty())
723
if (key_path.empty())
804
724
logger.msg(Arc::ERROR, "Cannot find the user private key path, "
805
725
"please setup environment X509_USER_KEY, "
806
726
"or keypath in a configuration file");
807
727
return EXIT_FAILURE;
730
Arc::UserConfig usercfg(conffile,
731
Arc::initializeCredentialsType(Arc::initializeCredentialsType::SkipCredentials));
733
logger.msg(Arc::ERROR, "Failed configuration initialization.");
810
737
std::map<std::string, std::string> constraints;
811
for (std::list<std::string>::iterator it = m_constraintlist.begin();
812
it != m_constraintlist.end(); it++) {
738
for (std::list<std::string>::iterator it = constraintlist.begin();
739
it != constraintlist.end(); it++) {
813
740
std::string::size_type pos = it->find('=');
814
741
if (pos != std::string::npos)
815
742
constraints[it->substr(0, pos)] = it->substr(pos + 1);
920
847
//information about the existence of stored credentials
921
848
//on the myproxy server.
923
if (m_myproxy_command == "info" || m_myproxy_command == "INFO" || m_myproxy_command == "Info") {
924
if (m_myproxy_server.empty())
850
if (myproxy_command == "info" || myproxy_command == "INFO" || myproxy_command == "Info") {
851
if (myproxy_server.empty())
925
852
throw std::invalid_argument("URL of MyProxy server is missing");
927
if(m_user_name.empty()) {
928
Arc::Credential proxy_cred(m_proxy_path, "", "", "");
854
if(user_name.empty()) {
855
Arc::Credential proxy_cred(proxy_path, "", "", "");
929
856
std::string cert_dn = proxy_cred.GetIdentityName();
930
m_user_name = cert_dn;
932
if (m_user_name.empty())
859
if (user_name.empty())
933
860
throw std::invalid_argument("Username to MyProxy server is missing");
935
862
std::string respinfo;
937
864
//if(usercfg.CertificatePath().empty()) usercfg.CertificatePath(cert_path);
938
865
//if(usercfg.KeyPath().empty()) usercfg.KeyPath(key_path);
939
if(usercfg.ProxyPath().empty() && !m_proxy_path.empty()) usercfg.ProxyPath(m_proxy_path);
866
if(usercfg.ProxyPath().empty() && !proxy_path.empty()) usercfg.ProxyPath(proxy_path);
941
if(usercfg.CertificatePath().empty() && !m_cert_path.empty()) usercfg.CertificatePath(m_cert_path);
942
if(usercfg.KeyPath().empty() && !m_key_path.empty()) usercfg.KeyPath(m_key_path);
868
if(usercfg.CertificatePath().empty() && !cert_path.empty()) usercfg.CertificatePath(cert_path);
869
if(usercfg.KeyPath().empty() && !key_path.empty()) usercfg.KeyPath(key_path);
944
if(usercfg.CACertificatesDirectory().empty()) usercfg.CACertificatesDirectory(m_ca_dir);
871
if(usercfg.CACertificatesDirectory().empty()) usercfg.CACertificatesDirectory(ca_dir);
946
Arc::CredentialStore cstore(usercfg,Arc::URL("myproxy://"+m_myproxy_server));
873
Arc::CredentialStore cstore(usercfg,Arc::URL("myproxy://"+myproxy_server));
947
874
std::map<std::string,std::string> myproxyopt;
948
myproxyopt["username"] = m_user_name;
875
myproxyopt["username"] = user_name;
949
876
if(!cstore.Info(myproxyopt,respinfo))
950
877
throw std::invalid_argument("Failed to get info from MyProxy service");
1073
1000
//For "GET" command, certificate and key are not needed, and
1074
1001
//anonymous GSSAPI is used (GSS_C_ANON_FLAG)
1076
if (m_myproxy_command == "get" || m_myproxy_command == "GET" || m_myproxy_command == "Get") {
1077
if (m_myproxy_server.empty())
1003
if (myproxy_command == "get" || myproxy_command == "GET" || myproxy_command == "Get") {
1004
if (myproxy_server.empty())
1078
1005
throw std::invalid_argument("URL of MyProxy server is missing");
1080
if(m_user_name.empty()) {
1081
Arc::Credential proxy_cred(m_proxy_path, "", "", "");
1007
if(user_name.empty()) {
1008
Arc::Credential proxy_cred(proxy_path, "", "", "");
1082
1009
std::string cert_dn = proxy_cred.GetIdentityName();
1083
m_user_name = cert_dn;
1010
user_name = cert_dn;
1085
if (m_user_name.empty())
1012
if (user_name.empty())
1086
1013
throw std::invalid_argument("Username to MyProxy server is missing");
1088
1015
std::string prompt1 = "MyProxy server";
1089
1016
char password[256];
1091
1018
std::string passphrase = password;
1092
if(!m_use_empty_passphrase) {
1019
if(!use_empty_passphrase) {
1093
1020
int res = input_password(password, 256, false, prompt1, "", logger);
1095
1022
throw std::invalid_argument("Error entering passphrase");
1099
1026
std::string proxy_cred_str_pem;
1101
Arc::initializeCredentialsType cred_type(Arc::initializeCredentialsType::SkipCredentials);
1102
Arc::UserConfig usercfg_tmp(cred_type);
1028
Arc::UserConfig usercfg_tmp( (Arc::initializeCredentialsType(Arc::initializeCredentialsType::SkipCredentials)) );
1103
1029
usercfg_tmp.CACertificatesDirectory(usercfg.CACertificatesDirectory());
1105
Arc::CredentialStore cstore(usercfg_tmp,Arc::URL("myproxy://"+m_myproxy_server));
1031
Arc::CredentialStore cstore( (usercfg_tmp,Arc::URL("myproxy://"+myproxy_server)) );
1106
1032
std::map<std::string,std::string> myproxyopt;
1107
myproxyopt["username"] = m_user_name;
1033
myproxyopt["username"] = user_name;
1108
1034
myproxyopt["password"] = passphrase;
1109
1035
myproxyopt["lifetime"] = myproxy_period;
1110
1036
if(!cstore.Retrieve(myproxyopt,proxy_cred_str_pem))
1111
1037
throw std::invalid_argument("Failed to retrieve proxy from MyProxy service");
1112
write_proxy_file(m_proxy_path,proxy_cred_str_pem);
1038
write_proxy_file(proxy_path,proxy_cred_str_pem);
1114
1040
//Assign proxy_path to cert_path and key_path,
1115
1041
//so the later voms functionality can use the proxy_path
1116
1042
//to create proxy with voms AC extension. In this
1117
1043
//case, "--cert" and "--key" is not needed.
1118
m_cert_path = m_proxy_path;
1119
m_key_path = m_proxy_path;
1120
std::cout << Arc::IString("Succeeded to get a proxy in %s from MyProxy server %s", m_proxy_path, m_myproxy_server) << std::endl;
1044
cert_path = proxy_path;
1045
key_path = proxy_path;
1046
std::cout << Arc::IString("Succeeded to get a proxy in %s from MyProxy server %s", proxy_path, myproxy_server) << std::endl;
1122
1048
return EXIT_SUCCESS;
1136
1062
proxy_period.SetPeriod(proxy_period.GetPeriod() + 300);
1066
Credential(const std::string& cert, const std::string& key, const std::string& cadir,
1067
const std::string& cafile, const std::string& passphrase4key = "",
1068
const bool is_file = true);*/
1139
1070
//Create proxy or voms proxy
1141
Arc::Credential signer(m_cert_path, m_key_path, "", "", this->m_passphrase.toStdString());
1072
Arc::Credential signer(cert_path, key_path, "", "", m_passphrase.toStdString());
1074
std::cout << signer.GetIdentityName() << std::endl;
1142
1076
if (signer.GetIdentityName().empty()) {
1143
1077
std::cerr << Arc::IString("Proxy generation failed: No valid certificate found.") << std::endl;
1144
1078
return EXIT_FAILURE;
1146
1083
EVP_PKEY* pkey = signer.GetPrivKey();
1148
1085
std::cerr << Arc::IString("Proxy generation failed: No valid private key found.") << std::endl;
1149
1086
return EXIT_FAILURE;
1151
1088
if(pkey) EVP_PKEY_free(pkey);
1152
1092
std::cout << Arc::IString("Your identity: %s", signer.GetIdentityName()) << std::endl;
1153
1093
if (now > signer.GetEndTime()) {
1154
1094
std::cerr << Arc::IString("Proxy generation failed: Certificate has expired.") << std::endl;
1361
1301
std::string ordering;
1362
for(std::list<std::string>::iterator o_it = m_orderlist.begin(); o_it != m_orderlist.end(); o_it++) {
1363
ordering.append(o_it == m_orderlist.begin() ? "" : ",").append(*o_it);
1302
for(std::list<std::string>::iterator o_it = orderlist.begin(); o_it != orderlist.end(); o_it++) {
1303
ordering.append(o_it == orderlist.begin() ? "" : ",").append(*o_it);
1365
1305
logger.msg(Arc::VERBOSE, "Try to get attribute from VOMS server with order: %s", ordering);
1366
1306
send_msg.append("<order>").append(ordering).append("</order>");
1367
1307
send_msg.append("<lifetime>").append(voms_period).append("</lifetime></voms>");
1368
1308
logger.msg(Arc::VERBOSE, "Message sent to VOMS server %s is: %s", voms_name, send_msg);
1310
Arc::ClientTCP client(cfg, address, atoi(port.c_str()), use_gsi_comm ? Arc::GSISec : Arc::SSL3Sec, usercfg.Timeout());
1311
Arc::PayloadRaw request;
1312
request.Insert(send_msg.c_str(), 0, send_msg.length());
1313
Arc::PayloadStreamInterface *response = NULL;
1314
Arc::MCC_Status status = client.process(&request, &response, true);
1316
//logger.msg(Arc::ERROR, (std::string)status);
1317
if (response) delete response;
1318
std::cout << Arc::IString("The VOMS server with the information:\n\t%s\"\ncan not be reached, please make sure it is available", tokens_to_string(voms_line)) << std::endl;
1319
continue; //There could be another voms replicated server with the same name exists
1322
logger.msg(Arc::ERROR, "No stream response from VOMS server");
1370
1326
std::string ret_str;
1371
if(m_use_http_comm) {
1372
// Use http to contact voms server, for the RESRful interface provided by voms server
1373
// The format of the URL: https://moldyngrid.org:15112/generate-ac?fqans=/testbed.univ.kiev.ua/blabla/Role=test-role&lifetime=86400
1374
// fqans is composed of the voname, group name and role, i.e., the "command" for voms.
1375
std::string url_str;
1376
if(!command.empty()) url_str = "https://" + address + ":" + port + "/generate-ac?" + "fqans=" + command + "&lifetime=" + voms_period;
1377
else url_str = "https://" + address + ":" + port + "/generate-ac?" + "lifetime=" + voms_period;
1378
Arc::URL voms_url(url_str);
1379
Arc::ClientHTTP client(cfg, voms_url, usercfg.Timeout());
1380
client.RelativeURI(true);
1381
Arc::PayloadRaw request;
1382
Arc::PayloadRawInterface* response;
1383
Arc::HTTPClientInfo info;
1384
Arc::MCC_Status status = client.process("GET", &request, &info, &response);
1386
if (response) delete response;
1387
std::cout << Arc::IString("The VOMS server with the information:\n\t%s\"\ncan not be reached, please make sure it is available", tokens_to_string(voms_line)) << std::endl;
1388
continue; //There could be another voms replicated server with the same name exists
1391
logger.msg(Arc::ERROR, "No http response from VOMS server");
1394
if(response->Content() != NULL) ret_str.append(response->Content());
1395
if (response) delete response;
1396
logger.msg(Arc::VERBOSE, "Returned message from VOMS server: %s", ret_str);
1399
// Use GSI or TLS to contact voms server
1400
Arc::ClientTCP client(cfg, address, atoi(port.c_str()), m_use_gsi_comm ? Arc::GSISec : Arc::SSL3Sec, usercfg.Timeout());
1401
Arc::PayloadRaw request;
1402
request.Insert(send_msg.c_str(), 0, send_msg.length());
1403
Arc::PayloadStreamInterface *response = NULL;
1404
Arc::MCC_Status status = client.process(&request, &response, true);
1406
//logger.msg(Arc::ERROR, (std::string)status);
1407
if (response) delete response;
1408
std::cout << Arc::IString("The VOMS server with the information:\n\t%s\"\ncan not be reached, please make sure it is available", tokens_to_string(voms_line)) << std::endl;
1409
continue; //There could be another voms replicated server with the same name exists
1412
logger.msg(Arc::ERROR, "No stream response from VOMS server");
1416
int len = sizeof(ret_buf);
1417
while(response->Get(ret_buf, len)) {
1418
ret_str.append(ret_buf, len);
1419
len = sizeof(ret_buf);
1421
if (response) delete response;
1422
logger.msg(Arc::VERBOSE, "Returned message from VOMS server: %s", ret_str);
1328
int len = sizeof(ret_buf);
1329
while(response->Get(ret_buf, len)) {
1330
ret_str.append(ret_buf, len);
1331
len = sizeof(ret_buf);
1333
logger.msg(Arc::VERBOSE, "Returned message from VOMS server: %s", ret_str);
1426
1334
Arc::XMLNode(ret_str).Exchange(node);
1427
1335
if((!node) || ((bool)(node["error"]))) {
1428
1336
if((bool)(node["error"])) {
1526
1439
//Delegate the former self-delegated credential to
1527
1440
//myproxy server
1529
if (m_myproxy_command == "put" || m_myproxy_command == "PUT" || m_myproxy_command == "Put") {
1530
if (m_myproxy_server.empty())
1442
if (myproxy_command == "put" || myproxy_command == "PUT" || myproxy_command == "Put") {
1443
if (myproxy_server.empty())
1531
1444
throw std::invalid_argument("URL of MyProxy server is missing");
1532
if(m_user_name.empty()) {
1533
Arc::Credential proxy_cred(m_proxy_path, "", "", "");
1445
if(user_name.empty()) {
1446
Arc::Credential proxy_cred(proxy_path, "", "", "");
1534
1447
std::string cert_dn = proxy_cred.GetIdentityName();
1535
m_user_name = cert_dn;
1448
user_name = cert_dn;
1537
if (m_user_name.empty())
1450
if (user_name.empty())
1538
1451
throw std::invalid_argument("Username to MyProxy server is missing");
1540
1453
std::string prompt1 = "MyProxy server";
1541
1454
std::string prompt2 = "MyProxy server";
1542
1455
char password[256];
1543
1456
std::string passphrase;
1544
if(m_retrievable_by_cert.empty()) {
1457
if(retrievable_by_cert.empty()) {
1545
1458
int res = input_password(password, 256, true, prompt1, prompt2, logger);
1547
1460
throw std::invalid_argument("Error entering passphrase");
1551
1464
std::string proxy_cred_str_pem;
1552
std::ifstream proxy_cred_file(m_proxy_path.c_str());
1465
std::ifstream proxy_cred_file(proxy_path.c_str());
1553
1466
if(!proxy_cred_file)
1554
throw std::invalid_argument("Failed to read proxy file "+m_proxy_path);
1467
throw std::invalid_argument("Failed to read proxy file "+proxy_path);
1555
1468
std::getline(proxy_cred_file,proxy_cred_str_pem,'\0');
1556
1469
if(proxy_cred_str_pem.empty())
1557
throw std::invalid_argument("Failed to read proxy file "+m_proxy_path);
1470
throw std::invalid_argument("Failed to read proxy file "+proxy_path);
1558
1471
proxy_cred_file.close();
1560
usercfg.ProxyPath(m_proxy_path);
1561
if(usercfg.CACertificatesDirectory().empty()) { usercfg.CACertificatesDirectory(m_ca_dir); }
1473
usercfg.ProxyPath(proxy_path);
1474
if(usercfg.CACertificatesDirectory().empty()) { usercfg.CACertificatesDirectory(ca_dir); }
1563
Arc::CredentialStore cstore(usercfg,Arc::URL("myproxy://"+m_myproxy_server));
1476
Arc::CredentialStore cstore(usercfg,Arc::URL("myproxy://"+myproxy_server));
1564
1477
std::map<std::string,std::string> myproxyopt;
1565
myproxyopt["username"] = m_user_name;
1478
myproxyopt["username"] = user_name;
1566
1479
myproxyopt["password"] = passphrase;
1567
1480
myproxyopt["lifetime"] = myproxy_period;
1568
if(!m_retrievable_by_cert.empty()) {
1569
myproxyopt["retriever_trusted"] = m_retrievable_by_cert;
1481
if(!retrievable_by_cert.empty()) {
1482
myproxyopt["retriever_trusted"] = retrievable_by_cert;
1571
1484
if(!cstore.Store(myproxyopt,proxy_cred_str_pem,true,proxy_start,proxy_period))
1572
1485
throw std::invalid_argument("Failed to delegate proxy to MyProxy service");
1574
remove_proxy_file(m_proxy_path);
1487
remove_proxy_file(proxy_path);
1576
1489
std::cout << Arc::IString("Succeeded to put a proxy onto MyProxy server") << std::endl;
added
removed
src/common/arcproxy-utils.cpp
