Author: dumindu
Date: Tue Dec 4 10:24:18 2007
New Revision: 10491
Log:
Added support for the user to specify the ca files.
Modified:
trunk/solutions/identity/modules/mod-cspace/cspace_config.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
trunk/solutions/identity/modules/mod-cspace/process_request.c
trunk/solutions/identity/modules/mod-cspace/process_request.h
trunk/solutions/identity/modules/mod-cspace/process_request_defines.h
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_config.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_config.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_config.c Tue Dec 4
10:24:18 2007
@@ -113,6 +113,15 @@
return NULL;
}
+static const char *cmd_ca_file(cmd_parms *cmd, void *mconfig,
+ const char *arg)
+{
+ cspace_svr_cfg *cfg = ap_get_module_config(cmd->server->module_config,
+ &cspace_module);
+ cfg->ca_file = (char *)arg;
+ return NULL;
+}
+
static const char *cmd_sdbm_file(cmd_parms *cmd, void *mconfig,
const char *arg)
{
@@ -164,6 +173,8 @@
"SSL Server Private Key file"),*/
AP_INIT_TAKE1("SSLCertificateKeyFile", cmd_key_file, NULL, RSRC_CONF,
"SSL Server Private Key file"),
+ AP_INIT_TAKE1("CardSpaceCAFile", cmd_ca_file, NULL, RSRC_CONF,
+ "CardSpace CA file"),
AP_INIT_TAKE1("CardSpaceGlobalSessionCache", cmd_global_sdbm_file, NULL,
RSRC_CONF, "Path to global session cache sdbm file"),
AP_INIT_TAKE1("CardSpaceSessionCache", cmd_sdbm_file, NULL, OR_ALL,
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c Tue Dec 4
10:24:18 2007
@@ -37,6 +37,8 @@
#define UNAUTHORIZED_REDIRECT(r, u) redirect((r), (u))
+#define CARDSPACE_HEADER_PFX "cardspace_"
+
/* TODO:This function should ideally redirect the browser to the url specified
* by url. This is only used to redirect the browser to the login page when an
* HTTP_UNAUTHORIZED occurs.
@@ -174,7 +176,6 @@
/*return (res == OK);*/
}
-#define CARDSPACE_HEADER_PFX "cardspace_"
static void set_header(char *uri, char *key, char *val, void* table, void
*pool)
{
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.h (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.h Tue Dec 4
10:24:18 2007
@@ -48,6 +48,8 @@
typedef struct cspace_svr_cfg {
apr_pool_t *pool;
char *key_file;
+ char *ca_path;
+ char *ca_file;
char *session_file;
/*void *session_ctx;*/ /*of session_ctx_t type*/
long int session_expire; /*session expire time in seconds*/
@@ -64,7 +66,7 @@
#define cfg_dir_printf(st, cfg, nl)
#endif
-const command_rec cspace_cmds[10];
+const command_rec cspace_cmds[11];
void *cspace_svr_cfg_create(apr_pool_t *p, server_rec *s);
Modified: trunk/solutions/identity/modules/mod-cspace/process_request.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/process_request.c
(original)
+++ trunk/solutions/identity/modules/mod-cspace/process_request.c Tue Dec
4 10:24:18 2007
@@ -189,14 +189,16 @@
fprintf(stderr, "Error: failed to initialize keys manager.\n");
goto done;
}
-
-/* if(xmlSecCryptoAppKeysMngrCertLoad(vfy_mngr, "cacert.pem",
- xmlSecKeyDataFormatPem,
- xmlSecKeyDataTypeTrusted) < 0) {
- fprintf(stderr,"Error: failed to load pem certificate from \n" );
- goto done;
+
+ if (ctx->ca_file) {
+ if(xmlSecCryptoAppKeysMngrCertLoad(vfy_mngr, ctx->ca_file,
+ xmlSecKeyDataFormatPem,
+ xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \n" );
+ goto done;
+ }
}
-*/
+
/* Add the ID for non-standard reference
refer to http://ml.osdir.com/text.xml.xmlsec/2003-12/msg00019.html */
if (!register_id(doc, xmlDocGetRootElement(doc), BAD_CAST ASSERTION_ID)) {
@@ -504,6 +506,16 @@
return SUCC;
}
+int cspace_process_context_set_ca_file(process_context_t *ctx,
+ const char* ca_file)
+{
+ ctx->ca_file = pc_malloc(strlen(ca_file) + 1, ctx);
+ if (!ctx->ca_file)
+ return FAIL;
+
+ cspace_strcpy(ctx->ca_file, ca_file);
+ return SUCC;
+}
void cspace_process_context_set_header_callback(process_context_t *ctx,
set_header_cb_t set_header_fn,
void *container)
@@ -539,6 +551,7 @@
ctx->allocator->fctx = fctx;
ctx->key_file = NULL;
+ ctx->ca_file = NULL;
/* This call needs to be moved to user
* For example in module we need this before the
Modified: trunk/solutions/identity/modules/mod-cspace/process_request.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/process_request.h
(original)
+++ trunk/solutions/identity/modules/mod-cspace/process_request.h Tue Dec
4 10:24:18 2007
@@ -15,7 +15,8 @@
#define CARDSPACE_STATE_SUCCESS "success"
#define CARDSPACE_STATE_FAIL "failure"
-#define cspace_process_context_create
cspace_process_context_create_with_allocator
+#define cspace_process_context_create \
+ cspace_process_context_create_with_allocator
typedef struct allocator allocator_t;
typedef struct process_context process_context_t;
@@ -39,6 +40,9 @@
int cspace_process_context_set_key_file(process_context_t *ctx,
const char* key_file);
+int cspace_process_context_set_ca_file(process_context_t *ctx,
+ const char* ca_file);
+
void cspace_process_context_set_header_callback(process_context_t *ctx,
set_header_cb_t set_header_fn,
void *container);
Modified: trunk/solutions/identity/modules/mod-cspace/process_request_defines.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/process_request_defines.h
(original)
+++ trunk/solutions/identity/modules/mod-cspace/process_request_defines.h
Tue Dec 4 10:24:18 2007
@@ -29,7 +29,7 @@
void *set_header_cb_ctx;
char *key_file;
- char *cafile;
+ char *ca_file;
char **white_list;
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev