Gobby::CertificateManager::CertificateManager(Preferences& preferences):
m_preferences(preferences),
m_dh_params(NULL), m_key(NULL), m_certificates(NULL),
m_credentials(NULL), m_key_error(NULL), m_certificate_error(NULL),
m_trust_error(NULL)
{
m_conn_key_file = m_preferences.security.key_file.
signal_changed().connect(sigc::mem_fun(
*this, &CertificateManager::on_key_file_changed));
m_conn_certificate_file = m_preferences.security.certificate_file.
signal_changed().connect(sigc::mem_fun(
*this,
&CertificateManager::on_certificate_file_changed));
m_preferences.security.use_system_trust.signal_changed().connect(
sigc::mem_fun(
*this, &CertificateManager::on_trusted_cas_changed));
m_preferences.security.trusted_cas.signal_changed().connect(
sigc::mem_fun(
*this, &CertificateManager::on_trusted_cas_changed));
m_preferences.security.authentication_enabled.
signal_changed().connect(
sigc::mem_fun(
*this,
&CertificateManager::
on_authentication_enabled_changed));
// TODO: Load these only on request, to improve the startup time
load_dh_params();
load_key();
load_certificate();
load_trust();
make_credentials();
}
void TLSEncryptionSocketServer::init(const char* certificate_buf, int socket, ConnectionStateListener* listener)
{
m_ctx = SSL_CTX_new(TLSv1_server_method());
if (!load_certificate(certificate_buf)) {
if (listener) listener->OnError(ConnectionStateListener::SSL_CERTIFICATE_LOAD_ERR);
return;
}
m_ssl = SSL_new(m_ctx);
SSL_set_fd(m_ssl, socket);
#ifdef SSL_LIB_OPENSSL
SSL_set_accept_state(m_ssl);
#endif
//if (m_ctx != NULL && m_ssl != NULL) printf("TLSEncryptionSocketServer setup done\n");
}
void Gobby::CertificateManager::set_private_key(gnutls_x509_privkey_t key,
const GError* error)
{
g_assert(key == NULL || error == NULL);
gnutls_x509_privkey_t old_key = m_key;
InfCertificateChain* old_certificates = m_certificates;
if(old_certificates != NULL)
inf_certificate_chain_ref(old_certificates);
m_key = key;
if(m_key_error != NULL)
g_error_free(m_key_error);
if(error != NULL)
m_key_error = g_error_copy(error);
else
m_key_error = NULL;
// Attempt to re-load the certificate if there was an error -- maybe
// the new key fixes the problem. This makes sure that if the new key
// is compatible to the certificate, the certificate is loaded.
// TODO: It would be nicer to still keep the certificate in memory
// when it does not match the key, so we don't need to re-load it.
// Basically we just need to be able to handle the case when both
// cert_error and certificate itself are non-NULL.
if(m_certificate_error != NULL)
{
load_certificate();
}
else
{
check_certificate_signature();
make_credentials();
}
// Note that this relies on the fact that
// gnutls_certificate_set_x509_key makes a copy of the key
// and certificate
if(old_certificates != NULL)
inf_certificate_chain_unref(old_certificates);
if(old_key != NULL) gnutls_x509_privkey_deinit(old_key);
}
int main(int argc, char *argv[])
{
char *address = NULL;
bool listen = FALSE;
int port = 0, times = -1, res;
identification_t *server, *client;
tls_cache_t *cache;
host_t *host;
init();
while (TRUE)
{
struct option long_opts[] = {
{"help", no_argument, NULL, 'h' },
{"connect", required_argument, NULL, 'c' },
{"listen", required_argument, NULL, 'l' },
{"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' },
{"key", required_argument, NULL, 'k' },
{"times", required_argument, NULL, 't' },
{"debug", required_argument, NULL, 'd' },
{0,0,0,0 }
};
switch (getopt_long(argc, argv, "", long_opts, NULL))
{
case EOF:
break;
case 'h':
usage(stdout, argv[0]);
return 0;
case 'x':
if (!load_certificate(optarg))
{
return 1;
}
continue;
case 'k':
if (!load_key(optarg))
{
return 1;
}
continue;
case 'l':
listen = TRUE;
/* fall */
case 'c':
if (address)
{
usage(stderr, argv[0]);
return 1;
}
address = optarg;
continue;
case 'p':
port = atoi(optarg);
continue;
case 't':
times = atoi(optarg);
continue;
case 'd':
tls_level = atoi(optarg);
continue;
default:
usage(stderr, argv[0]);
return 1;
}
break;
}
if (!port || !address)
{
usage(stderr, argv[0]);
return 1;
}
host = host_create_from_dns(address, 0, port);
if (!host)
{
DBG1(DBG_TLS, "resolving hostname %s failed", address);
return 1;
}
server = identification_create_from_string(address);
cache = tls_cache_create(100, 30);
if (listen)
{
res = serve(host, server, times, cache);
}
else
{
client = find_client_id();
res = run_client(host, server, client, times, cache);
DESTROY_IF(client);
}
cache->destroy(cache);
host->destroy(host);
server->destroy(server);
return res;
}
int openconnect_open_https(struct openconnect_info *vpninfo)
{
method_const SSL_METHOD *ssl3_method;
SSL *https_ssl;
BIO *https_bio;
int ssl_sock;
int err;
if (vpninfo->https_ssl)
return 0;
if (vpninfo->peer_cert) {
X509_free(vpninfo->peer_cert);
vpninfo->peer_cert = NULL;
}
ssl_sock = connect_https_socket(vpninfo);
if (ssl_sock < 0)
return ssl_sock;
ssl3_method = TLSv1_client_method();
if (!vpninfo->https_ctx) {
vpninfo->https_ctx = SSL_CTX_new(ssl3_method);
/* Some servers (or their firewalls) really don't like seeing
extensions. */
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(vpninfo->https_ctx, SSL_OP_NO_TICKET);
#endif
if (vpninfo->cert) {
err = load_certificate(vpninfo);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Loading certificate failed. Aborting.\n"));
SSL_CTX_free(vpninfo->https_ctx);
vpninfo->https_ctx = NULL;
close(ssl_sock);
return err;
}
check_certificate_expiry(vpninfo);
}
/* We just want to do:
SSL_CTX_set_purpose(vpninfo->https_ctx, X509_PURPOSE_ANY);
... but it doesn't work with OpenSSL < 0.9.8k because of
problems with inheritance (fixed in v1.1.4.6 of
crypto/x509/x509_vpm.c) so we have to play silly buggers
instead. This trick doesn't work _either_ in < 0.9.7 but
I don't know of _any_ workaround which will, and can't
be bothered to find out either. */
#if OPENSSL_VERSION_NUMBER >= 0x00908000
SSL_CTX_set_cert_verify_callback(vpninfo->https_ctx,
ssl_app_verify_callback, NULL);
#endif
SSL_CTX_set_default_verify_paths(vpninfo->https_ctx);
#ifdef ANDROID_KEYSTORE
if (vpninfo->cafile && !strncmp(vpninfo->cafile, "keystore:", 9)) {
STACK_OF(X509_INFO) *stack;
X509_STORE *store;
X509_INFO *info;
BIO *b = BIO_from_keystore(vpninfo, vpninfo->cafile);
if (!b) {
SSL_CTX_free(vpninfo->https_ctx);
vpninfo->https_ctx = NULL;
close(ssl_sock);
return -EINVAL;
}
stack = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
BIO_free(b);
if (!stack) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to read certs from CA file '%s'\n"),
vpninfo->cafile);
openconnect_report_ssl_errors(vpninfo);
SSL_CTX_free(vpninfo->https_ctx);
vpninfo->https_ctx = NULL;
close(ssl_sock);
return -ENOENT;
}
store = SSL_CTX_get_cert_store(vpninfo->https_ctx);
while ((info = sk_X509_INFO_pop(stack))) {
if (info->x509)
X509_STORE_add_cert(store, info->x509);
if (info->crl)
X509_STORE_add_crl(store, info->crl);
X509_INFO_free(info);
}
sk_X509_INFO_free(stack);
} else
#endif
if (vpninfo->cafile) {
if (!SSL_CTX_load_verify_locations(vpninfo->https_ctx, vpninfo->cafile, NULL)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to open CA file '%s'\n"),
vpninfo->cafile);
openconnect_report_ssl_errors(vpninfo);
SSL_CTX_free(vpninfo->https_ctx);
vpninfo->https_ctx = NULL;
close(ssl_sock);
return -EINVAL;
}
}
}
https_ssl = SSL_new(vpninfo->https_ctx);
workaround_openssl_certchain_bug(vpninfo, https_ssl);
https_bio = BIO_new_socket(ssl_sock, BIO_NOCLOSE);
BIO_set_nbio(https_bio, 1);
SSL_set_bio(https_ssl, https_bio, https_bio);
vpn_progress(vpninfo, PRG_INFO, _("SSL negotiation with %s\n"),
vpninfo->hostname);
while ((err = SSL_connect(https_ssl)) <= 0) {
fd_set wr_set, rd_set;
int maxfd = ssl_sock;
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
err = SSL_get_error(https_ssl, err);
if (err == SSL_ERROR_WANT_READ)
FD_SET(ssl_sock, &rd_set);
else if (err == SSL_ERROR_WANT_WRITE)
FD_SET(ssl_sock, &wr_set);
else {
vpn_progress(vpninfo, PRG_ERR, _("SSL connection failure\n"));
openconnect_report_ssl_errors(vpninfo);
SSL_free(https_ssl);
close(ssl_sock);
return -EINVAL;
}
cmd_fd_set(vpninfo, &rd_set, &maxfd);
select(maxfd + 1, &rd_set, &wr_set, NULL, NULL);
if (is_cancel_pending(vpninfo, &rd_set)) {
vpn_progress(vpninfo, PRG_ERR, _("SSL connection cancelled\n"));
SSL_free(https_ssl);
close(ssl_sock);
return -EINVAL;
}
}
if (verify_peer(vpninfo, https_ssl)) {
SSL_free(https_ssl);
close(ssl_sock);
return -EINVAL;
}
vpninfo->ssl_fd = ssl_sock;
vpninfo->https_ssl = https_ssl;
/* Stash this now, because it might not be available later if the
server has disconnected. */
vpninfo->peer_cert = SSL_get_peer_certificate(vpninfo->https_ssl);
vpn_progress(vpninfo, PRG_INFO, _("Connected to HTTPS on %s\n"),
vpninfo->hostname);
return 0;
}
int main()
{
FILE *filehd;
struct sockaddr_in server, client;
struct stat obj;
int sock1, sock2;
char command[20];
int k, i, size, len, c,ret,p;
char filel[300],gfiln[20];
char ch,pfiln[20],inp[1000];
int err[5];
char usern[20],passwd[20],susern[20],spasswd[20],shut[10],*f;
int j=0,auth[5],fsize;
i=0;
strcpy(susern,"ankith");
strcpy(spasswd,"123456");
SSL_CTX *ctx; //SSL pointers
SSL *ssl;
sock1 = socket(AF_INET, SOCK_STREAM, 0); //socket
if(sock1 == -1)
{
printf("Socket creation failed\n");
exit(1);
}
server.sin_family=AF_INET;
server.sin_port = htons(3000);
inet_aton("127.0.0.1",&(server.sin_addr));
k = bind(sock1,(const struct sockaddr*)&server,sizeof(server)); //bind
if(k == -1)
{
printf("Binding error\n");
exit(1);
}
k = listen(sock1,1); //listen
if(k == -1)
{
printf("Listen failed\n");
exit(1);
}
printf("listening\n");
strcpy(password,"spfile"); //SSL
SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *meth=SSLv23_server_method(); //method
if(meth==NULL)
{ //perror(error);
printf("ctx method creation failed\n");
return -1;
}
ctx=SSL_CTX_new(meth); //CTX Method
if(ctx==NULL)
{ //perror(error);
printf("ctx method creation failed\n");
return -1;
}
load_certificate(ctx); //load_certificate call
len = sizeof(client);
sock2 = accept(sock1,(struct sockaddr*)&client, &len);
i = 1;
if(sock2<0)
{
//perror(error);
printf("unable to create accept fd\n");
return -1;
}
ssl=SSL_new(ctx); //SSL OBJECTS
if(ssl==NULL)
{
printf("unable to create ssl object \n");
return -1;
}
SSL_set_fd(ssl,sock2);
ret=SSL_accept(ssl);
if(ret<0)
{ //perror(error);
p=SSL_get_error(ssl,ret);
printf("p value: %d \n",p);
return -1;
}
/*SSL_read(ssl,mss,sizeof(mss));
printf("data read : %s\n",mss);*/
SSL_read(ssl,usern,sizeof(usern));
SSL_read(ssl,passwd,sizeof(passwd));
if(!strcmp(susern,usern)&&!strcmp(spasswd,passwd))
{
auth[0]=0;
}
else
{
auth[0]=1;
SSL_shutdown(ssl);
close(sock2);
exit(1);
}
SSL_write(ssl,auth,sizeof(auth));
while(1)
{
SSL_read(ssl, command, 100); //recv to read
// sscanf(buf, "%s", command);
if(!strcmp(command, "ls"))
{
list(filel);
SSL_write(ssl,filel,sizeof(filel));
memset(command,'\0',sizeof(command));
}
else if(!strcmp(command,"get"))
{
SSL_read(ssl,gfiln,sizeof(gfiln));
//err[0]=get(gfiln,f,fsize);
stat(gfiln,&obj);
filehd=fopen(gfiln,"r");
fsize = obj.st_size;
printf("file size=%d\n",fsize);
if(filehd!=NULL)
{
f=malloc(fsize);
err[0]=get(gfiln,f);
SSL_write(ssl,err,sizeof(err));
SSL_write(ssl,&fsize,sizeof(int));
SSL_write(ssl,f,fsize);
fclose(filehd);
}
else
{
err[0]=1;
SSL_write(ssl,err,sizeof(err));
fclose(filehd);
}
}
else if(!strcmp(command, "put"))
{
SSL_read(ssl,pfiln,sizeof(pfiln));
SSL_read(ssl,&fsize,sizeof(int));
f=malloc(fsize);
SSL_read(ssl,f,fsize);
put(pfiln,f);
memset(f,'\0',fsize);
memset(command,'\0',sizeof(command));
}
else if(!strcmp(command, "quit"))
{
SSL_read(ssl,shut,sizeof(shut));
if(shut[0]==-1)
{
SSL_shutdown(ssl);//close the waiting ports
close(sock2);
exit(0);
}
}
}
SSL_shutdown(ssl);
close(sock2);
return 0;
}
/*
* initialize tls virtual domains
*/
int
init_tls_domains(struct tls_domain *d)
{
struct tls_domain *dom;
dom = d;
while (d) {
if (d->name.len) {
LM_INFO("Processing TLS domain '%.*s'\n",
d->name.len, ZSW(d->name.s));
} else {
LM_INFO("Processing TLS domain [%s:%d]\n",
ip_addr2a(&d->addr), d->port);
}
/*
* set method
*/
if (d->method == TLS_METHOD_UNSPEC) {
LM_DBG("no method for tls[%s:%d], using default\n",
ip_addr2a(&d->addr), d->port);
d->method = tls_method;
}
/*
* create context
*/
d->ctx = SSL_CTX_new(ssl_methods[d->method - 1]);
if (d->ctx == NULL) {
LM_ERR("cannot create ssl context for "
"tls[%s:%d]\n", ip_addr2a(&d->addr), d->port);
return -1;
}
if (init_ssl_ctx_behavior( d ) < 0)
return -1;
/*
* load certificate
*/
if (!d->cert_file) {
LM_NOTICE("no certificate for tls[%s:%d] defined, using default"
"'%s'\n", ip_addr2a(&d->addr), d->port, tls_cert_file);
d->cert_file = tls_cert_file;
}
if (load_certificate(d->ctx, d->cert_file) < 0)
return -1;
/*
* load ca
*/
if (!d->ca_file) {
LM_NOTICE("no CA for tls[%s:%d] defined, "
"using default '%s'\n", ip_addr2a(&d->addr), d->port,
tls_ca_file);
d->ca_file = tls_ca_file;
}
if (d->ca_file && load_ca(d->ctx, d->ca_file) < 0)
return -1;
/*
* load ca from directory
*/
if (!d->ca_directory) {
LM_NOTICE("no CA for tls[%s:%d] defined, "
"using default '%s'\n", ip_addr2a(&d->addr), d->port,
tls_ca_dir);
d->ca_directory = tls_ca_dir;
}
if (d->ca_directory && load_ca_dir(d->ctx, d->ca_directory) < 0)
return -1;
d = d->next;
}
/*
* load all private keys as the last step (may prompt for password)
*/
d = dom;
while (d) {
if (!d->pkey_file) {
LM_NOTICE("no private key for tls[%s:%d] defined, using default"
"'%s'\n", ip_addr2a(&d->addr), d->port, tls_pkey_file);
d->pkey_file = tls_pkey_file;
}
if (load_private_key(d->ctx, d->pkey_file) < 0)
return -1;
d = d->next;
}
return 0;
}
/*
* called once from main.c (main process)
*/
int
init_tls(void)
{
struct tls_domain *d;
DBG("init_tls: Entered\n");
#if OPENSSL_VERSION_NUMBER < 0x00907000L
LOG(L_ERR, "WARNING! You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
#endif
LOG(L_ALERT, "WARNING! TLS is considered as an EXPERIMENTAL module\n" );
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
LOG(L_ERR,
"init_tls: Unable to set the memory allocation functions\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
/*
* initialize default context first
*/
default_ctx = SSL_CTX_new(ssl_methods[tls_method - 1]);
if (default_ctx == NULL) {
LOG(L_ERR, "init_tls: Cannot create default ssl context\n");
return -1;
}
init_ssl_ctx_behavior( default_ctx );
if (load_certificate(default_ctx, tls_cert_file) < 0)
return -1;
if (tls_ca_file && load_ca(default_ctx, tls_ca_file) < 0)
return -1;
if (load_private_key(default_ctx, tls_pkey_file) < 0)
return -1;
/*
* now initialize tls virtual domains
*/
d = tls_domains;
while (d) {
DBG("init_tls: Processing TLS domain [%s:%d]\n",
ip_addr2a(&d->addr), d->port);
/*
* create context
*/
if (d->method == TLS_METHOD_UNSPEC) {
DBG("init_tls: No method for tls[%s:%d], using default\n",
ip_addr2a(&d->addr), d->port);
d->method = tls_method;
}
d->ctx = SSL_CTX_new(ssl_methods[d->method - 1]);
if (d->ctx == NULL) {
LOG(L_ERR,
"init_tls: Cannot create ssl context for tls[%s:%d]\n",
ip_addr2a(&d->addr), d->port);
return -1;
}
init_ssl_ctx_behavior( d->ctx );
/*
* load certificate
*/
if (!d->cert_file) {
LOG(L_NOTICE,
"init_tls: No certificate for tls[%s:%d] defined, using default '%s'\n",
ip_addr2a(&d->addr), d->port, tls_cert_file);
d->cert_file = tls_cert_file;
}
if (load_certificate(d->ctx, d->cert_file) < 0)
return -1;
/*
* load ca
*/
if (!d->ca_file) {
LOG(L_NOTICE,
"init_tls: No CA for tls[%s:%d] defined, using default '%s'\n",
ip_addr2a(&d->addr), d->port, tls_ca_file);
d->ca_file = tls_ca_file;
}
if (d->ca_file && load_ca(d->ctx, d->ca_file) < 0)
return -1;
d = d->next;
}
/*
* load all private keys as the last step (may prompt for password)
*/
d = tls_domains;
while (d) {
if (!d->pkey_file) {
LOG(L_NOTICE,
"init_tls: No private key for tls[%s:%d] defined, using default '%s'\n",
ip_addr2a(&d->addr), d->port, tls_pkey_file);
d->pkey_file = tls_pkey_file;
}
if (load_private_key(d->ctx, d->pkey_file) < 0)
return -1;
d = d->next;
}
/*
* we are all set
*/
return 0;
}
static int certificate_signer_tag (cxml_handler_t* const _h, cxml_tag_t * const tag)
{
int rc = 0;
// write signer info
cert_cxml_handler_t * h = (cert_cxml_handler_t *)_h;
if (cxml_tag_is_open(tag)){
h->signer_type = 1; // digest by default
const char * v = cxml_tag_attr_value(tag, "type");
if(v){
h->signer_type = STR2ENUM(_signer_types, v);
if(h->signer_type <0){
fprintf(stderr, "%s: Unknown signer type\n", v);
return -1;
}
}
cint8_write(h->signer_type, &h->ptr, h->end, &rc);
if (h->signer_type > 0){
if (_signerName){
h->signer = _signerName;
}
else{
v = cxml_tag_attr_value(tag, "name");
if (v == NULL){
fprintf(stderr, "%s: Signer name shall be provided\n", v);
return -1;
}
h->signer = v;
}
}
}else{
// write signer info
if (h->signer_type > 0){
if (h->signer_type > 2){
fprintf(stderr, "%d: signer method unsupported\n", h->signer_type);
rc = -1;
}
else{
// load signer certificate
int plen = strlen(_searchPath) + strlen(h->signer);
char * path = malloc(plen + 16);
cvstrncpy(path, plen + 16, _searchPath, "/", h->signer, ".crt", NULL);
size_t size = load_certificate(path, h->ptr, h->end);
if (size < 0){
fprintf(stderr, "%s: signer certificate not found or error\n", h->signer);
rc = -1;
}
else{
if (h->signer_type == 1){ // digest
char hash[sha256_hash_size];
// change eccpoint type of the signature to x_coordinate_only(0)
// to follow canonical encoding
h->ptr[size-65] = 0;
sha256_calculate(hash, h->ptr, size);
#ifdef DEBUG_DATA
fprintf(stderr, "HASH (%s): ", h->signer);
print_x(stderr, hash, sha256_hash_size);
fprintf(stderr, "\n");
fprintf(stderr, "DIGEST (%s): ", h->signer);
print_x(stderr, &hash[sha256_hash_size - 8], 8);
fprintf(stderr, "\n");
#endif
cbuf_write(hash + sha256_hash_size - 8, 8, &h->ptr, h->end, &rc);
}
else {// certificate
h->ptr += size;
}
}
free(path);
}
}
}
return rc;
}
void setup_configuration(fl::configuration& configuration, const boost::filesystem::path& root, const po::variables_map& vm)
{
typedef boost::asio::ip::udp::resolver::query query;
typedef fl::security_configuration::cert_type cert_type;
typedef cryptoplus::pkey::pkey pkey;
// Server options
configuration.server.enabled = vm["server.enabled"].as<bool>();
if (vm.count("server.host"))
{
configuration.server.host = vm["server.host"].as<fl::endpoint>();
}
if (vm.count("server.https_proxy"))
{
configuration.server.https_proxy = vm["server.https_proxy"].as<fl::endpoint>();
}
if (vm.count("server.username"))
{
configuration.server.username = vm["server.username"].as<std::string>();
}
if (vm.count("server.password"))
{
configuration.server.password = vm["server.password"].as<std::string>();
}
else
{
const char* default_password = getenv("FREELAN_SERVER_PASSWORD");
if (default_password)
{
configuration.server.password = default_password;
}
}
if (vm.count("server.network"))
{
configuration.server.network= vm["server.network"].as<std::string>();
}
else
{
const char* default_network = getenv("FREELAN_SERVER_NETWORK");
if (default_network)
{
configuration.server.network = default_network;
}
}
configuration.server.public_endpoint_list = vm["server.public_endpoint"].as<std::vector<fl::endpoint> >();
if (vm.count("server.user_agent"))
{
configuration.server.user_agent = vm["server.user_agent"].as<std::string>();
}
else
{
configuration.server.user_agent = FREELAN_USER_AGENT;
}
configuration.server.protocol = vm["server.protocol"].as<fl::server_configuration::server_protocol_type>();
configuration.server.ca_info = vm["server.ca_info_file"].as<fs::path>().empty() ? fs::path() : fs::absolute(vm["server.ca_info_file"].as<fs::path>(), root);
configuration.server.disable_peer_verification = vm["server.disable_peer_verification"].as<bool>();
configuration.server.disable_host_verification = vm["server.disable_host_verification"].as<bool>();
// FSCP options
configuration.fscp.hostname_resolution_protocol = vm["fscp.hostname_resolution_protocol"].as<fl::fscp_configuration::hostname_resolution_protocol_type>();
configuration.fscp.listen_on = vm["fscp.listen_on"].as<fl::endpoint>();
configuration.fscp.hello_timeout = vm["fscp.hello_timeout"].as<millisecond_duration>();
configuration.fscp.contact_list = vm["fscp.contact"].as<std::vector<fl::endpoint> >();
configuration.fscp.accept_contact_requests = vm["fscp.accept_contact_requests"].as<bool>();
configuration.fscp.accept_contacts = vm["fscp.accept_contacts"].as<bool>();
const std::vector<std::string> dynamic_contact_file_list = vm["fscp.dynamic_contact_file"].as<std::vector<std::string> >();
configuration.fscp.dynamic_contact_list.clear();
BOOST_FOREACH(const fs::path& dynamic_contact_file, dynamic_contact_file_list)
{
configuration.fscp.dynamic_contact_list.push_back(load_certificate(fs::absolute(dynamic_contact_file, root)));
}
int main(int argc, char *argv[])
{
char *address = NULL, *identity = "%any", *secret = NULL;
int port = PT_TLS_PORT;
init();
while (TRUE)
{
struct option long_opts[] = {
{"help", no_argument, NULL, 'h' },
{"connect", required_argument, NULL, 'c' },
{"client", required_argument, NULL, 'i' },
{"secret", required_argument, NULL, 's' },
{"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' },
{"key", required_argument, NULL, 'k' },
{"mutual", no_argument, NULL, 'm' },
{"quiet", no_argument, NULL, 'q' },
{"debug", required_argument, NULL, 'd' },
{"optionsfrom", required_argument, NULL, '+' },
{0,0,0,0 }
};
switch (getopt_long(argc, argv, "", long_opts, NULL))
{
case EOF:
break;
case 'h': /* --help */
usage(stdout);
return 0;
case 'x': /* --cert <file> */
if (!load_certificate(optarg))
{
return 1;
}
continue;
case 'k': /* --key <file> */
if (!load_key(optarg))
{
return 1;
}
continue;
case 'c': /* --connect <hostname|address> */
if (address)
{
usage(stderr);
return 1;
}
address = optarg;
continue;
case 'i': /* --client <client-id> */
identity = optarg;
continue;
case 's': /* --secret <password> */
secret = optarg;
continue;
case 'p': /* --port <port> */
port = atoi(optarg);
continue;
case 'm': /* --mutual */
lib->settings->set_bool(lib->settings,
"%s.plugins.tnccs-20.mutual", TRUE, lib->ns);
continue;
case 'q': /* --quiet */
log_to_stderr = FALSE;
continue;
case 'd': /* --debug <level> */
default_loglevel = atoi(optarg);
continue;
case '+': /* --optionsfrom <filename> */
if (!options->from(options, optarg, &argc, &argv, optind))
{
return 1;
}
continue;
default:
usage(stderr);
return 1;
}
break;
}
if (!address)
{
usage(stderr);
return 1;
}
if (secret)
{
creds->add_shared(creds, shared_key_create(SHARED_EAP,
chunk_clone(chunk_from_str(secret))),
identification_create_from_string(identity), NULL);
}
return client(address, port, identity);
}
int main(int argc,char *argv[])
{
FILE *filehd;
struct sockaddr_in server;
int sock;
int choice;
char command[20];
int k, size, status,ret,j=0;
char usern[20],passwd[20],ip[15],shut[10],ch;
struct stat obj;
char filel[300],gfiln[20],pfnam[20],pfilc[1000],*f;
int err[5],p,auth[5],csize;
strcpy(ip,argv[1]);
printf("ip:%s\n",ip);
printf("enter username:\n");
scanf("%s",usern);
printf("enter password\n");
scanf("%s",passwd);
SSL_CTX *ctx; //SSL pointers
SSL *ssl;
sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock == -1)
{
printf("socket creation failed\n");
exit(1);
}
strcpy(password,"clpfile");
SSL_library_init(); //SSL
SSL_load_error_strings();
const SSL_METHOD *meth=SSLv23_client_method(); //method
ctx=SSL_CTX_new(meth); //CTX Method
if(ctx==NULL)
{
printf("ctx method creation failed\n");
return -1;
}
load_certificate(ctx); //load_certificate call
server.sin_family=AF_INET;
server.sin_port = htons(3000);
inet_aton(ip,&(server.sin_addr));
k = connect(sock,(struct sockaddr*)&server, sizeof(server));
if(k == -1)
{
printf("Connect Error\n");
exit(1);
}
//int i = 1;
ssl=SSL_new(ctx); //SSL OBJECTS
if(ctx==NULL)
{
printf("unable to create ssl object \n");
return -1;
}
SSL_set_fd(ssl,sock);
ret=SSL_connect(ssl);
if(ret<0)
{
printf("error mapping ssl object\n");
return -1;
}
/*strcpy(mss,"hello world");
SSL_write(ssl,mss,sizeof(mss));*/
SSL_write(ssl,usern,sizeof(usern));
SSL_write(ssl,passwd,sizeof(passwd));
SSL_read(ssl,auth,sizeof(auth));
if(auth[0]!=0)
{
printf("invalid credentials!!\n");
printf("server shutting down\n");
SSL_shutdown(ssl);
close(sock);
exit(1);
}
while(1)
{
printf("Enter a choice:\n1. get 2. put 3.ls 4. help 5. quit\n");
scanf("%d", &choice);
switch(choice)
{
case 1:
strcpy(command,"get");
SSL_write(ssl,command,sizeof(command));
printf("enter file name\n");
scanf("%s",gfiln);
SSL_write(ssl,gfiln,sizeof(gfiln));
//printf("file name sent\n");
SSL_read(ssl,err,sizeof(err));
if(err[0]==1)
{
printf("file not found!!\n");
SSL_shutdown(ssl);
close(sock); //file not found
}
else
{
SSL_read(ssl,&csize,sizeof(int));
printf("file size=%d\n",csize);
f=malloc(csize);
SSL_read(ssl,f,csize);
getf(gfiln,f);
printf("file %s copied from server successfully !\n",gfiln);
//memset(f,'\0',csize);
}
break;
case 2:
strcpy(command,"put");
SSL_write(ssl,command,sizeof(command));
printf("enter file to be put:\n");
scanf("%s",pfnam);
filehd=fopen(pfnam,"r");
stat(pfnam,&obj);
csize = obj.st_size;
printf("file size=%d\n",csize);
if(filehd!=NULL)
{
SSL_write(ssl,pfnam,sizeof(pfnam));
SSL_write(ssl,&csize,sizeof(int));
f=malloc(csize);
putf(pfnam,f);
SSL_write(ssl,f,csize);
printf("%s\n",f);
printf("file sent successfully !!\n");
}
else
{
printf("file doesn't exsist !!\n");
SSL_shutdown(ssl);
close(sock);// close as file doesn't exsist
}
break;
case 3:
strcpy(command,"ls");
SSL_write(ssl,command,sizeof(command));
SSL_read(ssl,filel,sizeof(filel));
printf("list of files :\n%s \n",filel);
break;
case 4:
printf("command help! :\n");
printf("> get : get command can be used to get files from the server onto the client's systsem.\n");
printf("> put : put command can be used to put a file from client's system onto the server.\n");
printf("> ls : ls command lists the files in the current directory of the server.\n");
printf("> quit : terminates the connection \n");
break;
case 5:
strcpy(command,"quit");
SSL_write(ssl,command,sizeof(command));
shut[0]=-1;
SSL_write(ssl,shut,sizeof(shut));
printf("Server closed\nQuitting..\n");
SSL_shutdown(ssl);
close(sock);
exit(0);
}
}
SSL_shutdown(ssl);
close(sock);
return 0;
}
void Gobby::CertificateManager::on_certificate_file_changed()
{
load_certificate();
//make_credentials();
}
