static int tests_init(void) {
int ok = 0;
#ifdef NO_SERVER
char preferences_dir[80];
char library_dir[70];
setup("tests_init");
/* Create scratch dir for tests to run in. */
sprintf(scratch_dir, "/tmp/tst-%d", getpid());
if (keep_scratch_dir) {
printf("running tests with HOME=%s\n", scratch_dir);
}
sprintf(library_dir, "%s/Library", scratch_dir);
sprintf(preferences_dir, "%s/Preferences", library_dir);
ok = (ok_unix(mkdir(scratch_dir, 0755), "mkdir") &&
ok_unix(current_dir = open(".", O_RDONLY), "open") &&
ok_unix(chdir(scratch_dir), "chdir") &&
ok_unix(setenv("HOME", scratch_dir, 1), "setenv") &&
/* @@@ Work around a bug that the prefs code in
libsecurity_keychain never creates the Library/Preferences
dir. */
ok_unix(mkdir(library_dir, 0755), "mkdir") &&
ok_unix(mkdir(preferences_dir, 0755), "mkdir") &&
ok(home_var = getenv("HOME"), "getenv"));
if (ok > 0)
securityd_init(scratch_dir);
#endif
return ok;
}
int main(int argc, char *argv[])
{
securityd_init();
register_server();
register_timeout();
CFRunLoopRun();
return 0;
}
int main(int argc, char * const *argv)
{
securityd_init(NULL);
int result = tests_begin(argc, argv);
fflush(stdout);
fflush(stderr);
return result;
}
int main(int argc, char *argv[])
{
//printf("Build date : %s %s\n", __DATE__, __TIME__);
/* We run this as if we are secd, so we need to initialize this */
securityd_init(NULL);
int result = tests_begin(argc, argv);
fflush(stdout);
fflush(stderr);
sleep(1);
return result;
}
int main(int argc, char **argv)
{
OSStatus err;
int arg;
char fullFileBase[100];
SSLProtocol negVersion;
SSLCipherSuite negCipher;
Boolean sessionWasResumed;
unsigned char sessionID[MAX_SESSION_ID_LENGTH];
size_t sessionIDLength;
CFArrayRef peerCerts = NULL;
char *argp;
otSocket listenSock;
CFArrayRef serverCerts = nil; // required
CFArrayRef encryptCerts = nil; // optional
SecKeychainRef serverKc = nil;
SecKeychainRef encryptKc = nil;
int loopNum;
int errCount = 0;
SSLClientCertificateState certState; // obtained from sslServe
/* user-spec'd parameters */
unsigned short portNum = DEFAULT_PORT;
bool allowExpired = false;
bool allowAnyRoot = false;
char *fileBase = NULL;
bool displayCerts = false;
char cipherRestrict = '\0';
SSLProtocol attemptProt = kTLSProtocol1;
bool protXOnly = false; // kSSLProtocol3Only,
// kTLSProtocol1Only
char *acceptedProts = NULL; // "23t" ==> SSLSetProtocolVersionEnabled
bool quiet = false;
bool resumableEnable = true;
bool pause = false;
char *keyChainName = NULL;
char *encryptKeyChainName = NULL;
int loops = 1;
SSLAuthenticate authenticate = kNeverAuthenticate;
bool nonBlocking = false;
bool allowExpiredRoot = false;
bool disableCertVerify = false;
char *anchorFile = NULL;
bool replaceAnchors = false;
bool vfyCertState = false;
SSLClientCertificateState expectCertState = kSSLClientCertNone;
char *password = NULL;
char *dhParamsFile = NULL;
unsigned char *dhParams = NULL;
unsigned dhParamsLen = 0;
bool doIdSearch = false;
bool completeCertChain = false;
uint32_t sessionCacheTimeout = 0;
bool disableAnonCiphers = false;
CFMutableArrayRef acceptableDNList = NULL;
for(arg=1; arg<argc; arg++) {
argp = argv[arg];
switch(argp[0]) {
case 'P':
portNum = atoi(&argp[2]);
break;
case 'k':
keyChainName = &argp[2];
break;
case 'y':
encryptKeyChainName = &argp[2];
break;
case 'e':
allowExpired = true;
break;
case 'E':
allowExpiredRoot = true;
break;
case 'x':
disableCertVerify = true;
break;
case 'a':
if(++arg == argc) {
/* requires another arg */
usage(argv);
}
anchorFile = argv[arg];
break;
case 'A':
if(++arg == argc) {
/* requires another arg */
usage(argv);
}
anchorFile = argv[arg];
replaceAnchors = true;
break;
case 'T':
if(argp[1] != '=') {
usage(argv);
}
vfyCertState = true;
switch(argp[2]) {
case 'n':
expectCertState = kSSLClientCertNone;
break;
case 'r':
expectCertState = kSSLClientCertRequested;
break;
case 's':
expectCertState = kSSLClientCertSent;
break;
case 'j':
expectCertState = kSSLClientCertRejected;
break;
default:
usage(argv);
}
break;
case 'r':
allowAnyRoot = true;
break;
case 'd':
break;
case 'c':
displayCerts = true;
break;
case 'f':
fileBase = &argp[2];
break;
case 'C':
cipherRestrict = argp[2];
break;
case '2':
attemptProt = kSSLProtocol2;
break;
case '3':
attemptProt = kSSLProtocol3;
break;
case 't':
attemptProt = kTLSProtocol1;
break;
case 'o':
protXOnly = true;
break;
case 'g':
if(argp[1] != '=') {
usage(argv);
}
acceptedProts = &argp[2];
break;
case 'R':
resumableEnable = false;
break;
case 'b':
nonBlocking = true;
break;
case 'u':
if(argp[1] != '=') {
usage(argv);
}
switch(argp[2]) {
case 'a': authenticate = kAlwaysAuthenticate; break;
case 'n': authenticate = kNeverAuthenticate; break;
case 't': authenticate = kTryAuthenticate; break;
default: usage(argv);
}
break;
case 'D':
if(++arg == argc) {
/* requires another arg */
usage(argv);
}
dhParamsFile = argv[arg];
break;
case 'z':
password = &argp[2];
break;
case 'H':
doIdSearch = true;
break;
case 'M':
completeCertChain = true;
break;
case 'i':
sessionCacheTimeout = atoi(&argp[2]);
break;
case '4':
disableAnonCiphers = true;
break;
case 'p':
pause = true;
break;
case 'q':
quiet = true;
break;
#if 0
case 'U':
if(++arg == argc) {
/* requires another arg */
usage(argv);
}
if(cspReadFile(argv[arg], &caCert, &caCertLen)) {
printf("***Error reading file %s. Aborting.\n", argv[arg]);
exit(1);
}
if(acceptableDNList == NULL) {
acceptableDNList = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
}
certData.Data = caCert;
certData.Length = caCertLen;
ortn = SecCertificateCreateFromData(&certData,
CSSM_CERT_X_509v3,
CSSM_CERT_ENCODING_DER,
&secCert);
if(ortn) {
cssmPerror("SecCertificateCreateFromData", ortn);
exit(1);
}
CFArrayAppendValue(acceptableDNList, secCert);
CFRelease(secCert);
break;
#endif
case 'l':
if(argp[1] == '\0') {
/* no loop count --> loop forever */
loops = 0;
break;
}
else if(argp[1] != '=') {
usage(argv);
}
loops = atoi(&argp[2]);
break;
default:
usage(argv);
}
}
#if NO_SERVER
# if DEBUG
securityd_init(NULL);
# endif
#endif
/* get server cert and optional encryption cert as CFArrayRef */
if(keyChainName) {
serverCerts = getSslCerts(keyChainName, false, completeCertChain,
anchorFile, &serverKc);
if(serverCerts == nil) {
exit(1);
}
}
else
#if 0
if(doIdSearch) {
OSStatus ortn = sslIdentityPicker(NULL, anchorFile, true, NULL, &serverCerts);
if(ortn) {
printf("***IdentitySearch failure; aborting.\n");
exit(1);
}
}
if(password) {
OSStatus ortn = SecKeychainUnlock(serverKc, strlen(password), password, true);
if(ortn) {
printf("SecKeychainUnlock returned %d\n", (int)ortn);
/* oh well */
}
}
if(encryptKeyChainName) {
encryptCerts = getSslCerts(encryptKeyChainName, true, completeCertChain,
anchorFile, &encryptKc);
if(encryptCerts == nil) {
exit(1);
}
}
#else
(void) doIdSearch;
(void) encryptKeyChainName;
#endif
if(protXOnly) {
switch(attemptProt) {
case kTLSProtocol1:
attemptProt = kTLSProtocol1Only;
break;
case kSSLProtocol3:
attemptProt = kSSLProtocol3Only;
break;
default:
break;
}
}
#if 0
if(dhParamsFile) {
int r = cspReadFile(dhParamsFile, &dhParams, &dhParamsLen);
if(r) {
printf("***Error reading diffie-hellman params from %s; aborting\n",
dhParamsFile);
}
}
#else
(void) dhParamsFile;
#endif
/* one-time only server port setup */
err = ListenForClients(portNum, nonBlocking, &listenSock);
if(err) {
printf("ListenForClients returned %d; aborting\n", (int)err);
exit(1);
}
for(loopNum=1; ; loopNum++) {
err = sslServe(listenSock,
portNum,
attemptProt,
acceptedProts,
serverCerts,
password,
encryptCerts,
allowExpired,
allowAnyRoot,
allowExpiredRoot,
disableCertVerify,
anchorFile,
replaceAnchors,
cipherRestrict,
authenticate,
dhParams,
dhParamsLen,
acceptableDNList,
resumableEnable,
sessionCacheTimeout,
disableAnonCiphers,
quiet,
pause,
&negVersion,
&negCipher,
&certState,
&sessionWasResumed,
sessionID,
&sessionIDLength,
&peerCerts,
argv);
if(err) {
errCount++;
}
if(!quiet) {
SSLProtocol tryProt = attemptProt;
showSSLResult(tryProt,
acceptedProts,
err,
negVersion,
negCipher,
sessionWasResumed,
sessionID,
sessionIDLength,
peerCerts,
displayCerts,
certState,
fileBase ? fullFileBase : NULL);
}
errCount += verifyClientCertState(vfyCertState, expectCertState,
certState);
freePeerCerts(peerCerts);
if(loops && (loopNum == loops)) {
break;
}
};
endpointShutdown(listenSock);
if(serverKc) {
CFRelease(serverKc);
}
if(encryptKc) {
CFRelease(encryptKc);
}
return errCount;
}