} $certNode = $cert_nodes->item(0); $pemCert = $certNode->nodeValue; $beginpem = "-----BEGIN CERTIFICATE-----\n"; $endpem = "-----END CERTIFICATE-----\n"; $signer_urn = pem_cert_geni_urn($beginpem . $pemCert . $endpem); /* Test if the signer is from the same GENI Authority as the portal. We really would like to compare the signer to the authenticated user, but in the speaks-for world we have no way of getting the user info without the speaks-for credential. This is an attempt to weed out obviously bad signers, while not necessarily an indication that the speaks-for credential will work. */ $tool = Portal::getInstance(); $tool_pem = $tool->certificate(); $tool_urn = pem_cert_geni_urn($tool_pem); parse_urn($tool_urn, $tool_authority, $tool_type, $tool_name); parse_urn($signer_urn, $signer_authority, $signer_type, $signer_name); if ($signer_authority != $tool_authority) { header('HTTP/1.1 406 Not Acceptable'); exit; } /* Now put the credential in the database. */ $db_result = store_speaks_for($key_token, $raw_cred, $signer_urn, $expires); if (!$db_result) { header('HTTP/1.1 500 Cannot store uploaded credential'); exit; } // All done. Signal success without passing any content. $_SESSION['lastmessage'] = "You succesfully authorized the GENI Portal"; header('HTTP/1.1 204 No Content');
// WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS // IN THE WORK. //---------------------------------------------------------------------- /* * Request a speaks-for credential from the user. */ require_once 'header.php'; require_once 'portal.php'; require_once 'cert_utils.php'; require_once 'user.php'; require_once 'db-util.php'; require_once 'settings.php'; $portal = Portal::getInstance(); $toolcert = $portal->certificate(); $toolurn = pem_cert_geni_urn($toolcert); $ma_url = 'https://portal.geni.net/secure/loadcert.php'; $ma_name = 'GPO Member Authority'; /* XXX FIXME: put the signing tool host and URL in a config file. */ if (!isset($genilib_trusted_host)) { $genilib_trusted_host = 'https://ch.geni.net:8444'; if (array_key_exists('SERVER_NAME', $_SERVER)) { $server_name = $_SERVER['SERVER_NAME']; $portal_prefix = 'portal-'; // Handle development hosts via their naming conventions. // Currently named "portal-XX" and "ch-XX" where XX are the // developer's initials. if (strpos($server_name, $portal_prefix) === 0) { // server name starts with 'portal-'. Replace 'portal-' with 'ch-' // for name of ch host. $ch_name = 'ch-' . substr($server_name, strlen($portal_prefix));