This is an example how to use the PEP client.
#include <stdio.h>
#include <stdlib.h>
static int create_xacml_request(
xacml_request_t ** request,
const char * subjectid,
const char * resourceid,
const char * actionid);
int main(void) {
int rc;
char * pep_url, * subjectid, * resourceid, * actionid;
if (pep == NULL) {
fprintf(stderr,"failed to create PEP client\n");
exit(1);
}
pep_url= "https://chaos.switch.ch:8154/authz";
fprintf(stderr,
"failed to set PEP endpoint: %s: %s\n", pep_url,
pep_strerror(pep_rc));
exit(1);
}
fprintf(stderr,
"failed to set client key: %s: %s\n",
"/etc/grid-security/hostkey.pem",
pep_strerror(pep_rc));
exit(1);
}
fprintf(stderr,
"failed to set client cert: %s: %s\n",
"/etc/grid-security/hostcert.pem",
pep_strerror(pep_rc));
exit(1);
}
fprintf(stderr,
"failed to set server CA path: %s: %s\n",
"/etc/grid-security/certificates",
pep_strerror(pep_rc));
exit(1);
}
subjectid= "CN=Valery Tschopp 9FEE5EE3,O=Switch - Teleinformatikdienste fuer Lehre und Forschung,DC=slcs,DC=switch,DC=ch";
resourceid= "switch";
actionid= "switch";
rc= create_xacml_request(&request,subjectid,resourceid,actionid);
if (rc != 0) {
fprintf(stderr,"failed to create XACML request\n");
exit(1);
}
fprintf(stderr,
"failed to authorize XACML request: %s\n",
pep_strerror(pep_rc));
exit(1);
}
rc= process_xacml_response(response);
return 0;
}
static int create_xacml_request(
xacml_request_t ** request,
const char * subjectid,
const char * resourceid,
const char * actionid)
{
if (subject == NULL) {
fprintf(stderr,"can not create XACML Subject\n");
return 1;
}
if (subject_attr_id == NULL) {
return 1;
}
if (resource == NULL) {
fprintf(stderr,"can not create XACML Resource\n");
return 2;
}
if (resource_attr_id == NULL) {
return 2;
}
if (action == NULL) {
fprintf(stderr,"can not create XACML Action\n");
return 3;
}
if (action_attr_id == NULL) {
fprintf(stderr,
"can not create XACML Action/Attribute:%s\n",
XACML_ACTION_ID);
return 3;
}
if (*request == NULL) {
fprintf(stderr,"can not create XACML Request\n");
return 4;
}
return 0;
}
size_t results_l;
int i, j, k;
if (response == NULL) {
fprintf(stderr,"response is NULL\n");
return 1;
}
fprintf(stdout,"response: %d results\n", (int)results_l);
for(i= 0; i<results_l; i++) {
size_t obligations_l;
if (subcode != NULL) {
}
fprintf(stdout,"response.result[%d]: %d obligations\n", i, (int)obligations_l);
for(j= 0; j<obligations_l; j++) {
size_t attrs_l;
fprintf(stdout,"response.result[%d].obligation[%d]: %d attribute assignments\n",i,j,(int)attrs_l);
for (k= 0; k<attrs_l; k++) {
}
}
}
return 0;
}
switch(decision) {
return "Deny";
break;
return "Permit";
break;
return "Indeterminate";
break;
return "Not Applicable";
break;
default:
return "ERROR (Unknown Decision)";
break;
}
}
switch(fulfillon) {
return "Deny";
break;
return "Permit";
break;
default:
return "ERROR (Unknown FulfillOn)";
break;
}
}