1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
#define _XOPEN_SOURCE 600
#include <stdlib.h>
#include <stdio.h>
#include <locale.h>
#include <time.h>
#include <string.h>
#include <isds.h>
#include "common.h"
#define TLS_PREFIX SRCDIR "/server/tls/"
#define NSS_DIR TLS_PREFIX "client_nss"
void usage(const char *command) {
const char *name = NULL;
if (command) {
name = strrchr(command, '/');
if (name) name++;
}
if (!name) name = command;
fprintf(stderr, "Usage: %s {openssl|nss} {sw|hw ID}\n"
"\tID\tIdentifier of cryptographic material in hardware engine\n",
name);
exit(EXIT_FAILURE);
}
int main(int argc, char **argv) {
struct isds_ctx *ctx = NULL;
isds_error err;
struct isds_pki_credentials *pki_credentials = NULL;
_Bool use_nss = 0;
/* Software: OpenSSL, GnuTLS */
struct isds_pki_credentials pki_software_ossl = {
.engine = NULL,
.passphrase = NULL,
.key_format = PKI_FORMAT_PEM,
.key = TLS_PREFIX "client.key",
.certificate_format = PKI_FORMAT_PEM,
.certificate = TLS_PREFIX "client.cert"
};
/* Software: NSS */
struct isds_pki_credentials pki_software_nss = {
.engine = NULL,
.passphrase = NULL,
.key_format = PKI_FORMAT_PEM,
.key = NULL,
.certificate_format = PKI_FORMAT_PEM,
.certificate = "The Client Material"
};
/* Hardware engine: OpenSSL */
struct isds_pki_credentials pki_hardware_ossl = {
.engine = "pkcs11",
.passphrase = NULL,
.key_format = PKI_FORMAT_ENG,
.key = "id_45",
.certificate_format = PKI_FORMAT_ENG,
.certificate = NULL
};
/* Hardware engine: NSS */
struct isds_pki_credentials pki_hardware_nss = {
.engine = NULL,
.passphrase = NULL,
.key_format = PKI_FORMAT_PEM,
.key = NULL,
.certificate_format = PKI_FORMAT_PEM,
.certificate = "OpenSC Card (Bob Tester):Certificate"
};
setlocale(LC_ALL, "");
/* Parse arguments */
if (argc < 3 || !argv[1] || !argv[2]) usage(argv[0]);
if (!strcmp(argv[1], "openssl")) {
use_nss = 0;
if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_ossl;
else if (!strcmp(argv[2], "hw")) {
pki_credentials = &pki_hardware_ossl;
if (argc < 4 || !argv[3]) usage(argv[0]);
pki_credentials->key = argv[3];
} else usage(argv[0]);
} else if (!strcmp(argv[1], "nss")) {
use_nss = 1;
if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_nss;
else if (!strcmp(argv[2], "hw")) {
pki_credentials = &pki_hardware_nss;
if (argc < 4 || !argv[3]) usage(argv[0]);
pki_credentials->certificate = argv[3];
} else usage(argv[0]);
} else
usage(argv[0]);
/* ISDS stuff */
err = isds_init();
if (err) {
printf("isds_init() failed: %s\n", isds_strerror(err));
exit(EXIT_FAILURE);
}
isds_set_logging(ILF_ALL, ILL_ALL);
ctx = isds_ctx_create();
if (!ctx) {
printf("isds_ctx_create() failed");
}
err = isds_set_timeout(ctx, 10000);
if (err) {
printf("isds_set_timeout() failed: %s\n", isds_strerror(err));
}
/* err = isds_set_opt(ctx, IOPT_TLS_VERIFY_SERVER, 0);
if (err) {
printf("isds_set_opt(IOPT_TLS_VERIFY_SERVER) failed: %s\n",
isds_strerror(err));
}*/
if (use_nss) {
if (setenv("SSL_DIR", NSS_DIR, 0)) {
printf("setenv(\"SSL_DIR\", \"%s\") failed\n", NSS_DIR);
}
} else {
err = isds_set_opt(ctx, IOPT_TLS_CA_FILE, TLS_PREFIX "ca.cert");
if (err) {
printf("isds_set_opt(IOPT_TLS_CA_FILE) failed: %s\n",
isds_strerror(err));
}
}
err = isds_login(ctx, "https://localhost:1443/", username(), password(),
pki_credentials, NULL);
if (err) {
printf("isds_login() failed: %s: %s\n", isds_strerror(err),
isds_long_message(ctx));
} else {
printf("Logged in :)\n");
}
err = isds_logout(ctx);
if (err) {
printf("isds_logout() failed: %s\n", isds_strerror(err));
}
err = isds_ctx_free(&ctx);
if (err) {
printf("isds_ctx_free() failed: %s\n", isds_strerror(err));
}
err = isds_cleanup();
if (err) {
printf("isds_cleanup() failed: %s\n", isds_strerror(err));
}
exit (EXIT_SUCCESS);
}
|
