--- loncom/lonssl.pm	2004/05/26 11:12:58	1.2
+++ loncom/lonssl.pm	2004/05/28 09:37:03	1.6
@@ -1,5 +1,5 @@
 #
-# $Id: lonssl.pm,v 1.2 2004/05/26 11:12:58 foxr Exp $
+# $Id: lonssl.pm,v 1.6 2004/05/28 09:37:03 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -23,7 +23,7 @@
 #
 # http://www.lon-capa.org/
 #
-
+package lonssl;
 #  lonssl.pm
 #    This file contains common functions used by lond and lonc when 
 #    negotiating the exchange of the session encryption key via an 
@@ -32,9 +32,30 @@
 #
 
 use strict;
+
+# CPAN/Standard  modules:
+
+use English;
 use IO::Socket::INET;
 use IO::Socket::SSL;
 
+#  Loncapa modules:
+
+use LONCAPA::Configuration;
+
+#  Global storage:
+
+my $perlvar;			#  this refers to the apache perlsetvar 
+                                # variable hash.
+
+my $pathsep = "/";		# We're on unix after all.
+
+
+# Initialization code:
+
+$perlvar = LONCAPA::Configuration::read_conf('loncapa.conf');
+
+
 
 #--------------------------------------------------------------------------
 #
@@ -55,24 +76,25 @@ use IO::Socket::SSL;
 #               IO::Socket::SSL
 
 sub PromoteClientSocket {
-  my $PlaintextSocket    = shift;
-  my $CACert             = shift;
-  my $MyCert             = shift;
-  my $KeyFile            = shift;
-
-  # To create the ssl socket we need to duplicate the existing
-  # socket.  Otherwise closing the ssl socket will close the plaintext socket
-  # too:
-
-  open (DUPLICATE, "+>$PlaintextSocket");
-
-  my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
-					    SSL_user_cert => 1,
-					    SSL_key_file  => $KeyFile,
-					    SSL_cert_file => $MyCert,
-					    SSL_ca_fie    => $$CACert);
-
-  return $client;		# Undef if the client negotiation fails.
+    my ($PlaintextSocket,
+	$CACert,
+	$MyCert,
+	$KeyFile)          = @ARG;
+    
+    
+    # To create the ssl socket we need to duplicate the existing
+    # socket.  Otherwise closing the ssl socket will close the plaintext socket
+    # too:
+    
+    open (DUPLICATE, "+>$PlaintextSocket");
+    
+    my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
+					      SSL_user_cert => 1,
+					      SSL_key_file  => $KeyFile,
+					      SSL_cert_file => $MyCert,
+					      SSL_ca_fie    => $$CACert);
+    
+    return $client;		# Undef if the client negotiation fails.
 }
 
 #----------------------------------------------------------------------
@@ -91,27 +113,27 @@ sub PromoteClientSocket {
 #	-	Reference to an SSL socket on success
 #       -	undef on failure.  Reason for failure can be interrogated from 
 #               IO::Socket::SSL
-sub PromoteServerSocket 
-{
-  my $PlaintextSocket    = shift;
-  my $CACert             = shift;
-  my $MyCert             = shift;
-  my $KeyFile            = shift;
-
-
-  # To create the ssl socket we need to duplicate the existing
-  # socket.  Otherwise closing the ssl socket will close the plaintext socket
-  # too:
-
-  open (DUPLICATE, "+>$PlaintextSocket");
-
-  my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
-					    SSL_server    => 1, # Server role.
-					    SSL_user_cert => 1,
-					    SSL_key_file  => $KeyFile,
-					    SSL_cert_file => $MyCert,
-					    SSL_ca_fie    => $$CACert);
-  return $client;
+sub PromoteServerSocket {
+    my ($PlaintextSocket,
+	$CACert,
+	$MyCert,
+	$KeyFile)          = @ARG;
+
+
+
+    # To create the ssl socket we need to duplicate the existing
+    # socket.  Otherwise closing the ssl socket will close the plaintext socket
+    # too:
+
+    open (DUPLICATE, "+>$PlaintextSocket");
+
+    my $client = IO::Socket::SSL->new_from_fd(fileno(DUPLICATE),
+					      SSL_server    => 1, # Server role.
+					      SSL_user_cert => 1,
+					      SSL_key_file  => $KeyFile,
+					      SSL_cert_file => $MyCert,
+					      SSL_ca_fie    => $$CACert);
+    return $client;
 }
 
 #-------------------------------------------------------------------------
@@ -127,9 +149,100 @@ sub PromoteServerSocket
 #   NONE
 #
 sub Close {
-  my $Socket = shift;
+    my $Socket = shift;
+    
+    $Socket->close(SSL_no_shutdown =>1); # Otherwise the parent socket 
+                                         # gets torn down.
+}
+#---------------------------------------------------------------------------
+#
+# Name   	GetPeerCertificate
+# Description	Inquires about the certificate of the peer of a connection.
+# Parameters	Name	        Type	          Description
+#               SSLSocket	IO::Socket::SSL	  SSL tunnel socket open on 
+#                                                 the peer.
+# Returns
+#	A two element list.  The first element of the list is the name of 
+#       the certificate authority.  The second element of the list is the name 
+#       of the owner of the certificate.
+sub GetPeerCertificate {
+    my $SSLSocket = shift;
+    
+    my $CertOwner = $SSLSocket->peer_certificate("owner");
+    my $CertCA    = $SSLSocket->peer_certificate("authority");
+    
+    return \($CertCA, $CertOwner);
+}
+#----------------------------------------------------------------------------
+#
+# Name  	CertificateFile
+# Description	Locate the certificate files for this host.
+# Returns
+#	Returns a two element array.  The first element contains the name of
+#  the certificate file for this host.  The second element contains the name
+#  of the  certificate file for the CA that granted the certificate.  If 
+#  either file cannot be located, returns undef.
+#
+sub CertificateFile {
+
+    # I need some perl variables from the configuration file for this:
+    
+    my $CertificateDir  = $perlvar->{lonCertificateDirectory};
+    my $CaFilename      = $perlvar->{lonnetCertificateAuthority};
+    my $CertFilename    = $perlvar->{lonnetCertificate};
+    
+    #  Ensure the existence of these variables:
+    
+    if((!$CertificateDir)  || (!$CaFilename) || (!$CertFilename)) {
+	return undef;
+    }
+    
+    #   Build the actual filenames and check for their existence and
+    #   readability.
+    
+    my $CaFilename   = $CertificateDir.$pathsep.$CaFilename;
+    my $CertFilename = $CertificateDir.$pathsep.$CertFilename;
+    
+    if((! -r $CaFilename) || (! -r $CertFilename)) {
+	return undef;
+    }
+    
+    # Everything works fine!!
+    
+    return \($CaFilename, $CertFilename);
+
+}
+#------------------------------------------------------------------------
+#
+# Name	        KeyFile
+# Description
+#      Returns the name of the private key file of the current host.
+# Returns
+#      Returns the name of the key file or undef if the file cannot 
+#      be found.
+#
+sub KeyFile {
 
-  $Socket->close(SSL_no_shutdown =>1); # Otherwise the parent socket 
-                                       # gets torn down.
+    # I need some perl variables from the configuration file for this:
+    
+    my $CertificateDir   = $perlvar->{lonCertificateDirectory};
+    my $KeyFilename      = $perlvar->{lonnetPrivateKey};
+    
+    # Ensure the variables exist:
+    
+    if((!$CertificateDir) || (!$KeyFilename)) {
+	return undef;
+    }
+    
+    # Build the actual filename and ensure that it not only exists but
+    # is also readable:
+    
+    my $KeyFilename    = $CertificateDir.$pathsep.$KeyFilename;
+    if(! (-r $KeyFilename)) {
+	return undef;
+    }
+    
+    return $KeyFilename;
 }
 
+1;