diff options
author | Simon Josefsson <simon@josefsson.org> | 2007-02-22 07:15:26 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2007-02-22 07:15:26 +0000 |
commit | bc823fcdaf96d99d7d57980b9493b5a518e7efbc (patch) | |
tree | 5c5b5d45c7e584033d5992ee7e397e680a296bf5 /src | |
parent | 4f1fdecdea9272ee48533f15b912d2fa2e33e91b (diff) | |
download | gnutls-bc823fcdaf96d99d7d57980b9493b5a518e7efbc.tar.gz |
Support gnutls-cli --authz-x509-attr-cert and --authz-saml-assertion.
Diffstat (limited to 'src')
-rw-r--r-- | src/cli.c | 98 | ||||
-rw-r--r-- | src/cli.gaa | 6 |
2 files changed, 104 insertions, 0 deletions
@@ -139,6 +139,18 @@ static int cert_type_priority[PRI_MAX] = { 0 }; +static int authz_client_formats[PRI_MAX] = { + 0 +}; + +static int authz_server_formats[PRI_MAX] = { + GNUTLS_AUTHZ_X509_ATTR_CERT, + GNUTLS_AUTHZ_X509_ATTR_CERT_URL, + GNUTLS_AUTHZ_SAML_ASSERTION, + GNUTLS_AUTHZ_SAML_ASSERTION_URL, + 0 +}; + /* end of global stuff */ /* prototypes */ @@ -410,6 +422,89 @@ cert_callback (gnutls_session session, } +int +authz_send_callback (gnutls_session_t session, + const int *client_formats, + const int *server_formats) +{ + size_t i; + int ret; + + printf ("- Server authorization formats: "); + for (i = 0; server_formats[i]; i++) + printf ("%d ", server_formats[i]); + printf ("\n"); + + for (i = 0; client_formats[i]; i++) + { + if (client_formats[i] == GNUTLS_AUTHZ_X509_ATTR_CERT + && info.authz_x509_attr_cert) + { + size_t x509ac_len; + const char *x509ac = read_binary_file (info.authz_x509_attr_cert, + &x509ac_len); + if (!x509ac) + error (EXIT_FAILURE, errno, "%s", info.authz_x509_attr_cert); + + printf (" Sending X.509 Attribute Certificate\n"); + + ret = gnutls_authz_send_x509_attr_cert (session, + x509ac, x509ac_len); + if (ret < 0) + return ret; + } + + if (client_formats[i] == GNUTLS_AUTHZ_SAML_ASSERTION + && info.authz_saml_assertion) + { + size_t samlass_len; + const char *samlass = read_binary_file (info.authz_saml_assertion, + &samlass_len); + if (!samlass) + error (EXIT_FAILURE, errno, "%s", info.authz_saml_assertion); + + printf (" Sending SAML assertion\n"); + + ret = gnutls_authz_send_saml_assertion (session, + samlass, samlass_len); + if (ret < 0) + return ret; + } + } + + return 0; +} + +int +authz_recv_callback (gnutls_session_t session, + const int *authz_formats, + gnutls_datum_t *infos, + const int *hashtypes, + gnutls_datum_t *hash) +{ + size_t i, j; + + for (i = 0; authz_formats[i]; i++) + { + printf ("- Received authorization data, format %02x of %d bytes\n", + authz_formats[i], infos[i].size); + + printf (" data: "); + for (j = 0; j < infos[i].size; j++) + printf ("%02x", infos[i].data[j]); + printf ("\n"); + + if (hash[i].size > 0) + { + printf (" hash: "); + for (j = 0; j < hash[i].size; j++) + printf ("%02x", hash[i].data[j]); + printf (" type %02x\n", hashtypes[i]); + } + } + + return 0; +} /* initializes a gnutls_session with some defaults. */ @@ -463,6 +558,9 @@ init_tls_session (const char *hostname) } } + gnutls_authz_enable (session, authz_client_formats, authz_server_formats, + authz_recv_callback, authz_send_callback); + return session; } diff --git a/src/cli.gaa b/src/cli.gaa index 366e858e3e..8a33c86fa1 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -104,6 +104,12 @@ option (pskusername) STR "NAME" { $psk_username = $1 } "PSK username to use." #char *psk_key; option (pskkey) STR "KEY" { $psk_key = $1 } "PSK key (in hex) to use." +#char *authz_x509_attr_cert; +option (authz-x509-attr-cert) STR "FILE" { $authz_x509_attr_cert = $1 } "Use X.509 Attribute Certificate in FILE as authorization data." + +#char *authz_saml_assertion; +option (authz-saml-assertion) STR "FILE" { $authz_saml_assertion = $1 } "Use SAML Assertion in FILE as authorization data." + #char *port; option (p, port) STR "PORT" { $port = $1 } "The port to connect to." |