C++ (Cpp) zcert_save_public Examples

Example #1

File: zcert.c Project: bakirtasa/czmq

int
zcert_save (zcert_t *self, char *format, ...)
{
    assert (self);
    assert (format);
    va_list argptr;
    va_start (argptr, format);
    char *filename = zsys_vprintf (format, argptr);
    va_end (argptr);

    //  Save public certificate using specified filename
    zcert_save_public (self, filename);

    //  Now save secret certificate using filename with "_secret" suffix
    s_save_metadata_all (self);
    zconfig_comment (self->config, "   ZeroMQ CURVE **Secret** Certificate");
    zconfig_comment (self->config, "   DO NOT PROVIDE THIS FILE TO OTHER USERS nor change its permissions.");
    zconfig_put (self->config, "/curve/public-key", self->public_txt);
    zconfig_put (self->config, "/curve/secret-key", self->secret_txt);
    
    char filename_secret [256];
    snprintf (filename_secret, 256, "%s_secret", filename);
    zsys_file_mode_private ();
    int rc = zconfig_save (self->config, filename_secret);
    zsys_file_mode_default ();
    
    zstr_free (&filename);
    return rc;
}

Example #2

File: zcert.c Project: drmplanet/kdlenv

int
zcert_save (zcert_t *self, const char *filename)
{
    assert (self);
    assert (filename);

    //  Save public certificate using specified filename
    zcert_save_public (self, filename);

    //  Now save secret certificate using filename with "_secret" suffix
    char filename_secret [256];
    snprintf (filename_secret, 256, "%s_secret", filename);
    int rc = zcert_save_secret (self, filename_secret);
    return rc;
}

Example #3

File: zauth.c Project: chsticksel/ocamlczmq

void
zauth_test (bool verbose)
{
    printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)
    if (verbose)
        printf ("\n");

    //  @selftest
    //  Create temporary directory for test files
#   define TESTDIR ".test_zauth"
    zsys_dir_create (TESTDIR);

    //  Check there's no authentication
    zsock_t *server = zsock_new (ZMQ_PUSH);
    assert (server);
    zsock_t *client = zsock_new (ZMQ_PULL);
    assert (client);
    bool success = s_can_connect (&server, &client);
    assert (success);

    //  Install the authenticator
    zactor_t *auth = zactor_new (zauth, NULL);
    assert (auth);
    if (verbose) {
        zstr_sendx (auth, "VERBOSE", NULL);
        zsock_wait (auth);
    }
    //  Check there's no authentication on a default NULL server
    success = s_can_connect (&server, &client);
    assert (success);

    //  When we set a domain on the server, we switch on authentication
    //  for NULL sockets, but with no policies, the client connection
    //  will be allowed.
    zsock_set_zap_domain (server, "global");
    success = s_can_connect (&server, &client);
    assert (success);

    //  Blacklist 127.0.0.1, connection should fail
    zsock_set_zap_domain (server, "global");
    zstr_sendx (auth, "DENY", "127.0.0.1", NULL);
    zsock_wait (auth);
    success = s_can_connect (&server, &client);
    assert (!success);

    //  Whitelist our address, which overrides the blacklist
    zsock_set_zap_domain (server, "global");
    zstr_sendx (auth, "ALLOW", "127.0.0.1", NULL);
    zsock_wait (auth);
    success = s_can_connect (&server, &client);
    assert (success);

    //  Try PLAIN authentication
    zsock_set_plain_server (server, 1);
    zsock_set_plain_username (client, "admin");
    zsock_set_plain_password (client, "Password");
    success = s_can_connect (&server, &client);
    assert (!success);

    FILE *password = fopen (TESTDIR "/password-file", "w");
    assert (password);
    fprintf (password, "admin=Password\n");
    fclose (password);
    zsock_set_plain_server (server, 1);
    zsock_set_plain_username (client, "admin");
    zsock_set_plain_password (client, "Password");
    zstr_sendx (auth, "PLAIN", TESTDIR "/password-file", NULL);
    zsock_wait (auth);
    success = s_can_connect (&server, &client);
    assert (success);

    zsock_set_plain_server (server, 1);
    zsock_set_plain_username (client, "admin");
    zsock_set_plain_password (client, "Bogus");
    success = s_can_connect (&server, &client);
    assert (!success);

    if (zsys_has_curve ()) {
        //  Try CURVE authentication
        //  We'll create two new certificates and save the client public
        //  certificate on disk; in a real case we'd transfer this securely
        //  from the client machine to the server machine.
        zcert_t *server_cert = zcert_new ();
        assert (server_cert);
        zcert_t *client_cert = zcert_new ();
        assert (client_cert);
        char *server_key = zcert_public_txt (server_cert);

        //  Test without setting-up any authentication
        zcert_apply (server_cert, server);
        zcert_apply (client_cert, client);
        zsock_set_curve_server (server, 1);
        zsock_set_curve_serverkey (client, server_key);
        success = s_can_connect (&server, &client);
        assert (!success);

        //  Test CURVE_ALLOW_ANY
        zcert_apply (server_cert, server);
        zcert_apply (client_cert, client);
        zsock_set_curve_server (server, 1);
        zsock_set_curve_serverkey (client, server_key);
        zstr_sendx (auth, "CURVE", CURVE_ALLOW_ANY, NULL);
        zsock_wait (auth);
        success = s_can_connect (&server, &client);
        assert (success);

        //  Test full client authentication using certificates
        zcert_apply (server_cert, server);
        zcert_apply (client_cert, client);
        zsock_set_curve_server (server, 1);
        zsock_set_curve_serverkey (client, server_key);
        zcert_save_public (client_cert, TESTDIR "/mycert.txt");
        zstr_sendx (auth, "CURVE", TESTDIR, NULL);
        zsock_wait (auth);
        success = s_can_connect (&server, &client);
        assert (success);

        zcert_destroy (&server_cert);
        zcert_destroy (&client_cert);
    }
    //  Remove the authenticator and check a normal connection works
    zactor_destroy (&auth);
    success = s_can_connect (&server, &client);
    assert (success);

    zsock_destroy (&client);
    zsock_destroy (&server);

    //  Delete all test files
    zdir_t *dir = zdir_new (TESTDIR, NULL);
    assert (dir);
    zdir_remove (dir, true);
    zdir_destroy (&dir);
    //  @end
#endif
    printf ("OK\n");
}

Example #4

File: QmlZcert.cpp Project: minhoryang/czmq

///
//  Save public certificate only to file for persistent storage
int QmlZcert::savePublic (const QString &filename) {
    return zcert_save_public (self, filename.toUtf8().data());
};

Example #5

File: zauth.c Project: guruofquality/czmq

int
zauth_test (bool verbose)
{
    printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)

    //  @selftest
    //  Create temporary directory for test files
#   define TESTDIR ".test_zauth"
    zsys_dir_create (TESTDIR);
    
    //  Install the authenticator
    zctx_t *ctx = zctx_new ();
    zauth_t *auth = zauth_new (ctx);
    assert (auth);
    zauth_set_verbose (auth, verbose);
    
    //  A default NULL connection should always success, and not 
    //  go through our authentication infrastructure at all.
    void *server = zsocket_new (ctx, ZMQ_PUSH);
    void *client = zsocket_new (ctx, ZMQ_PULL);
    bool success = s_can_connect (ctx, &server, &client);
    assert (success);
    
    //  When we set a domain on the server, we switch on authentication
    //  for NULL sockets, but with no policies, the client connection 
    //  will be allowed.
    zsocket_set_zap_domain (server, "global");
    success = s_can_connect (ctx, &server, &client);
    assert (success);
    
    //  Blacklist 127.0.0.1, connection should fail
    zsocket_set_zap_domain (server, "global");
    zauth_deny (auth, "127.0.0.1");
    success = s_can_connect (ctx, &server, &client);
    assert (!success);

    //  Whitelist our address, which overrides the blacklist
    zsocket_set_zap_domain (server, "global");
    zauth_allow (auth, "127.0.0.1");
    success = s_can_connect (ctx, &server, &client);
    assert (success);

    //  Try PLAIN authentication
    zsocket_set_plain_server (server, 1);
    zsocket_set_plain_username (client, "admin");
    zsocket_set_plain_password (client, "Password");
    success = s_can_connect (ctx, &server, &client);
    assert (!success);
    
    FILE *password = fopen (TESTDIR "/password-file", "w");
    assert (password);
    fprintf (password, "admin=Password\n");
    fclose (password);
    zsocket_set_plain_server (server, 1);
    zsocket_set_plain_username (client, "admin");
    zsocket_set_plain_password (client, "Password");
    zauth_configure_plain (auth, "*", TESTDIR "/password-file");
    success = s_can_connect (ctx, &server, &client);
    assert (success);

    zsocket_set_plain_server (server, 1);
    zsocket_set_plain_username (client, "admin");
    zsocket_set_plain_password (client, "Bogus");
    success = s_can_connect (ctx, &server, &client);
    assert (!success);

#   if defined (HAVE_LIBSODIUM)
    //  Try CURVE authentication
    //  We'll create two new certificates and save the client public
    //  certificate on disk; in a real case we'd transfer this securely
    //  from the client machine to the server machine.
    zcert_t *server_cert = zcert_new ();
    zcert_t *client_cert = zcert_new ();
    char *server_key = zcert_public_txt (server_cert);
    
    //  Test without setting-up any authentication
    zcert_apply (server_cert, server);
    zcert_apply (client_cert, client);
    zsocket_set_curve_server (server, 1);
    zsocket_set_curve_serverkey (client, server_key);
    success = s_can_connect (ctx, &server, &client);
    assert (!success);

    //  Test CURVE_ALLOW_ANY
    zcert_apply (server_cert, server);
    zcert_apply (client_cert, client);
    zsocket_set_curve_server (server, 1);
    zsocket_set_curve_serverkey (client, server_key);
    zauth_configure_curve (auth, "*", CURVE_ALLOW_ANY);
    success = s_can_connect (ctx, &server, &client);
    assert (success);

    //  Test full client authentication using certificates
    zcert_apply (server_cert, server);
    zcert_apply (client_cert, client);
    zsocket_set_curve_server (server, 1);
    zsocket_set_curve_serverkey (client, server_key);
    zcert_save_public (client_cert, TESTDIR "/mycert.txt");
    zauth_configure_curve (auth, "*", TESTDIR);
    success = s_can_connect (ctx, &server, &client);
    assert (success);
    
    zcert_destroy (&server_cert);
    zcert_destroy (&client_cert);
#   endif

    //  Remove the authenticator and check a normal connection works
    zauth_destroy (&auth);
    success = s_can_connect (ctx, &server, &client);
    assert (success);

    zctx_destroy (&ctx);
    
    //  Delete all test files
    zdir_t *dir = zdir_new (TESTDIR, NULL);
    zdir_remove (dir, true);
    zdir_destroy (&dir);
    //  @end
#endif    

    printf ("OK\n");
    return 0;
}

Example #6

File: ZeroMQEngine.cpp Project: GridProtectionAlliance/ARMORE

void ZeroMQEngine::Initialize(const string endPoint, const string instanceName, const string instanceID)
{
    zcert_t* localCertificate = nullptr;

    // Handle common security initialization for server and client instances
    if (SecurityEnabled())
    {
        if (!zsys_has_curve())
            throw runtime_error("Failed to locate needed curve security libraries, cannot initialize ZeroMQ security");
        
        string localCertDirectory = CURVECERTLOCALDIR "/";
        string publicCertFileName;
        string privateCertFileName;
        
        // Make sure certificate store directories exist
        if (zsys_dir_create(CURVECERTLOCALDIR) != 0)
            throw runtime_error("Failed to create local curve security store, cannot initialize ZeroMQ security");

        if (zsys_dir_create(CURVECERTREMOTEDIR) != 0)
            throw runtime_error("Failed to create remote curve security store, cannot initialize ZeroMQ security");
        
        // Derive certificate file names based on engine mode
        if (ServerMode())
        {
            publicCertFileName = localCertDirectory + SVRPUBCERTFILENAME;
            privateCertFileName = localCertDirectory + SVRPVTCERTFILENAME;
        }
        else
        {
            publicCertFileName = localCertDirectory + instanceName + PUBCERTFILENAMEEXT;
            privateCertFileName = localCertDirectory + instanceName + PVTCERTFILENAMEEXT;
        }
        
        // See if private certificate already exists
        if (zsys_file_exists(privateCertFileName.c_str()))
        {
            // Load existing local certificate
            localCertificate = zcert_load(privateCertFileName.c_str());
            
            if (localCertificate == nullptr)
                throw runtime_error("Failed to load local curve certificate, cannot initialize ZeroMQ security");
        }
        else
        {
            // Create a new full certificate (public + private)
            localCertificate = zcert_new();
            
            if (localCertificate == nullptr)
                throw runtime_error("Failed to create local curve certificate, cannot initialize ZeroMQ security");

            zcert_set_meta(localCertificate, "name", instanceName.c_str());
            zcert_set_meta(localCertificate, "id", instanceID.c_str());
            zcert_set_meta(localCertificate, "type", ServerMode() ? "server" : "client");
            
            // Persist certificates for future runs
            if (zcert_save_public(localCertificate, publicCertFileName.c_str()) != 0)
                throw runtime_error("Failed to save local curve public certificate, cannot initialize ZeroMQ security");
            
            if (zcert_save_secret(localCertificate, privateCertFileName.c_str()) != 0)
                throw runtime_error("Failed to save local curve private certificate, cannot initialize ZeroMQ security");
        }        
    }
    
    // Create new ZeroMQ engine instance
    if (ServerMode())
        m_instance = new ZeroMQServer(m_bufferReceivedCallback, SecurityEnabled(), InactiveClientTimeout(), VerboseOutput(), ConnectionID(), localCertificate);
    else
        m_instance = new ZeroMQClient(m_bufferReceivedCallback, SecurityEnabled(), InactiveClientTimeout(), VerboseOutput(), ConnectionID(), localCertificate);

    m_instance->Initialize(endPoint, instanceName, instanceID);

    log_info("\nEstablished ZeroMQ socket [%s]\n", ConnectionID().ToString().c_str());
}

Example #7

File: zauth.c Project: AndreasBomholtz/czmq

int
zauth_test (bool verbose)
{
    printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)

    //  @selftest
    //  Create temporary directory for test files
#   define TESTDIR ".test_zauth"
    zsys_dir_create (TESTDIR);
    
    //  Install the authenticator
    zctx_t *ctx = zctx_new ();
    zauth_t *auth = zauth_new (ctx);
    assert (auth);
    zauth_set_verbose (auth, verbose);
    
    //  A default NULL connection should always success, and not go through
    //  our authentication infrastructure at all.
    void *server = zsocket_new (ctx, ZMQ_PUSH);
    void *client = zsocket_new (ctx, ZMQ_PULL);
    bool success = s_can_connect (server, client);
    assert (success);
    
    //  When we set a domain on the server, we switch on authentication 
    //  for NULL sockets, but with no policies, the client connection will 
    //  be allowed.
    //
    //  TODO: libzmq should accept new security options after unbind/bind
    //  but for now we have to create a new server socket each time.
    server = zsocket_new (ctx, ZMQ_PUSH);
    zsocket_set_zap_domain (server, "global");
    success = s_can_connect (server, client);
    assert (success);
        
    //  Blacklist 127.0.0.1, connection should fail
    zauth_deny (auth, "127.0.0.1");
    success = s_can_connect (server, client);
    assert (!success);
    
    //  Whitelist our address, which overrides the blacklist
    zauth_allow (auth, "127.0.0.1");
    success = s_can_connect (server, client);
    assert (success);

    //  Try PLAIN authentication
    FILE *password = fopen (TESTDIR "/password-file", "w");
    assert (password);
    fprintf (password, "admin=Password\n");
    fclose (password);
    
    zsocket_set_plain_server (server, 1);
    zsocket_set_plain_username (client, "admin");
    zsocket_set_plain_password (client, "Password");
    success = s_can_connect (server, client);
    assert (!success);

    zauth_configure_plain (auth, "*", TESTDIR "/password-file");
    success = s_can_connect (server, client);
    assert (success);

    zsocket_set_plain_password (client, "Bogus");
    success = s_can_connect (server, client);
    assert (!success);

#   if defined (HAVE_LIBSODIUM)
    //  Try CURVE authentication
    //  We'll create two new certificates and save the client public 
    //  certificate on disk; in a real case we'd transfer this securely
    //  from the client machine to the server machine.
    zcert_t *server_cert = zcert_new ();
    zcert_apply (server_cert, server);
    zsocket_set_curve_server (server, 1);

    zcert_t *client_cert = zcert_new ();
    zcert_apply (client_cert, client);
    char *server_key = zcert_public_txt (server_cert);
    zsocket_set_curve_serverkey (client, server_key);

    //  We've not set-up any authentication, connection will fail
    success = s_can_connect (server, client);
    assert (!success);

    //  PH: 2013/09/18
    //  There's an issue with libzmq where it sometimes fails to 
    //  connect even if the ZAP handler allows it. It's timing
    //  dependent, so this is a voodoo hack. To be removed, I've
    //  no idea this even applies to all boxes.
    sleep (1);

    //  Test CURVE_ALLOW_ANY
    zauth_configure_curve (auth, "*", CURVE_ALLOW_ANY);
    success = s_can_connect (server, client);
    assert (success);
    
    //  Test full client authentication using certificates
    zcert_save_public (client_cert, TESTDIR "/mycert.txt");
    zauth_configure_curve (auth, "*", TESTDIR);
    success = s_can_connect (server, client);
    assert (success);
    zcert_destroy (&server_cert);
    zcert_destroy (&client_cert);
#   endif

    //  Remove the authenticator and check a normal connection works
    zauth_destroy (&auth);
    success = s_can_connect (server, client);
    assert (success);

    zctx_destroy (&ctx);
    
    //  Delete all test files
    zdir_t *dir = zdir_new (TESTDIR, NULL);
    zdir_remove (dir, true);
    zdir_destroy (&dir);
    //  @end
#endif    

    printf ("OK\n");
    return 0;
}

Example #8

File: curve_server.c Project: GA-zz/libcurve

static void *
client_task (void *args)
{
    bool verbose = *((bool *) args);
    
    char filename [256];
    snprintf (filename, 255, TESTDIR "/client-%07d.cert", randof (10000000));
    zcert_t *client_cert = zcert_new ();
    zcert_save_public (client_cert, filename);
    curve_client_t *client = curve_client_new (&client_cert);
    curve_client_set_verbose (client, verbose);

    zcert_t *server_cert = zcert_load (TESTDIR "/server.cert");
    assert (server_cert);
    curve_client_connect (client, "tcp://127.0.0.1:9006", zcert_public_key (server_cert));
    zcert_destroy (&server_cert);

    curve_client_sendstr (client, "Hello, World");
    char *reply = curve_client_recvstr (client);
    assert (streq (reply, "Hello, World"));
    free (reply);

    //  Try a multipart message
    zmsg_t *msg = zmsg_new ();
    zmsg_addstr (msg, "Hello, World");
    zmsg_addstr (msg, "Second frame");
    curve_client_send (client, &msg);
    msg = curve_client_recv (client);
    assert (zmsg_size (msg) == 2);
    zmsg_destroy (&msg);

    //  Now send messages of increasing size, check they work
    int count;
    int size = 0;
    for (count = 0; count < 18; count++) {
        zframe_t *data = zframe_new (NULL, size);
        int byte_nbr;
        //  Set data to sequence 0...255 repeated
        for (byte_nbr = 0; byte_nbr < size; byte_nbr++)
            zframe_data (data)[byte_nbr] = (byte) byte_nbr;
        msg = zmsg_new ();
        zmsg_prepend (msg, &data);
        curve_client_send (client, &msg);

        msg = curve_client_recv (client);
        data = zmsg_pop (msg);
        assert (data);
        assert (zframe_size (data) == size);
        for (byte_nbr = 0; byte_nbr < size; byte_nbr++) {
            assert (zframe_data (data)[byte_nbr] == (byte) byte_nbr);
        }
        zframe_destroy (&data);
        zmsg_destroy (&msg);
        size = size * 2 + 1;
    }
    //  Signal end of test
    curve_client_sendstr (client, "END");
    reply = curve_client_recvstr (client);
    free (reply);

    curve_client_destroy (&client);
    return NULL;
}

Example #9

File: curve_client.c Project: zeromq/libcurve

void
curve_client_test (bool verbose)
{
    printf (" * curve_client: ");
    //  @selftest
    //  Create temporary directory for test files
    zsys_dir_create (TESTDIR);
    
    //  We'll create two new certificates and save the client public 
    //  certificate on disk; in a real case we'd transfer this securely
    //  from the client machine to the server machine.
    zcert_t *server_cert = zcert_new ();
    zcert_save (server_cert, TESTDIR "/server.cert");

    //  We'll run the server as a background task, and the
    //  client in this foreground thread.
    zthread_new (server_task, &verbose);

    zcert_t *client_cert = zcert_new ();
    zcert_save_public (client_cert, TESTDIR "/client.cert");

    curve_client_t *client = curve_client_new (&client_cert);
    curve_client_set_metadata (client, "Client", "CURVEZMQ/curve_client");
    curve_client_set_metadata (client, "Identity", "E475DA11");
    curve_client_set_verbose (client, verbose);
    curve_client_connect (client, "tcp://127.0.0.1:9005", (byte *)zcert_public_key (server_cert));

    curve_client_sendstr (client, "Hello, World");
    char *reply = curve_client_recvstr (client);
    assert (streq (reply, "Hello, World"));
    free (reply);

    //  Try a multipart message
    zmsg_t *msg = zmsg_new ();
    zmsg_addstr (msg, "Hello, World");
    zmsg_addstr (msg, "Second frame");
    curve_client_send (client, &msg);
    msg = curve_client_recv (client);
    assert (zmsg_size (msg) == 2);
    zmsg_destroy (&msg);

    //  Now send messages of increasing size, check they work
    int count;
    int size = 0;
    for (count = 0; count < 18; count++) {
        if (verbose)
            printf ("Testing message of size=%d...\n", size);

        zframe_t *data = zframe_new (NULL, size);
        int byte_nbr;
        //  Set data to sequence 0...255 repeated
        for (byte_nbr = 0; byte_nbr < size; byte_nbr++)
            zframe_data (data)[byte_nbr] = (byte) byte_nbr;
        msg = zmsg_new ();
        zmsg_prepend (msg, &data);
        curve_client_send (client, &msg);

        msg = curve_client_recv (client);
        data = zmsg_pop (msg);
        assert (data);
        assert (zframe_size (data) == size);
        for (byte_nbr = 0; byte_nbr < size; byte_nbr++) {
            assert (zframe_data (data)[byte_nbr] == (byte) byte_nbr);
        }
        zframe_destroy (&data);
        zmsg_destroy (&msg);
        size = size * 2 + 1;
    }
    //  Signal end of test
    curve_client_sendstr (client, "END");
    reply = curve_client_recvstr (client);
    free (reply);

    zcert_destroy (&server_cert);
    zcert_destroy (&client_cert);
    curve_client_destroy (&client);
    
    //  Delete all test files
    zdir_t *dir = zdir_new (TESTDIR, NULL);
    zdir_remove (dir, true);
    zdir_destroy (&dir);
    //  @end

    //  Ensure server thread has exited before we do
    zclock_sleep (100);
    printf ("OK\n");
}

Example #10

File: qzcert.cpp Project: diorcety/czmq

///
//  Save public certificate only to file for persistent storage
int QZcert::savePublic (const QString &filename)
{
    int rv = zcert_save_public (self, filename.toUtf8().data());
    return rv;
}

Example #11

File: zproxy.c Project: maxkozlovsky/czmq

// Authentication test procedure for zproxy sockets - matches zauth_test steps
static void
zproxy_test_authentication (int selected_sockets, bool verbose)
{
#   define TESTDIR ".test_zproxy"
#   define TESTPWDS TESTDIR "/password-file"
#   define TESTCERT TESTDIR "/mycert.txt"
#   define TESTFRONTEND (selected_sockets & FRONTEND_SOCKET)
#   define TESTBACKEND (selected_sockets & BACKEND_SOCKET)

    // Demarcate test boundaries
    zsys_info ("zproxy: TEST authentication type=%s%s%s", 
        TESTFRONTEND? "FRONTEND": "", 
        TESTFRONTEND && TESTBACKEND? "+": "", 
        TESTBACKEND? "BACKEND": "");

    //  Create temporary directory for test files
    zsys_dir_create (TESTDIR);

    // Clear out any test files from previous run
    if (zsys_file_exists (TESTPWDS))
        zsys_file_delete (TESTPWDS);
    if (zsys_file_exists (TESTCERT))
        zsys_file_delete (TESTCERT);

    zactor_t *proxy = NULL;
    zsock_t *faucet = NULL;
    zsock_t *sink = NULL;
    char *frontend = NULL;
    char *backend = NULL;

    //  Check there's no authentication
    s_create_test_sockets (&proxy, &faucet, &sink, verbose);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    bool success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (success);

    // Install the authenticator
    zactor_t *auth = zactor_new (zauth, NULL);
    assert (auth);
    if (verbose) {
        zstr_sendx (auth, "VERBOSE", NULL);
        zsock_wait (auth);
    }

    // Check there's no authentication on a default NULL server
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (success);

    // When we set a domain on the server, we switch on authentication
    // for NULL sockets, but with no policies, the client connection
    // will be allowed.
    s_send_proxy_command (proxy, "DOMAIN", selected_sockets, "global", NULL);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (success);

    // Blacklist 127.0.0.1, connection should fail
    s_send_proxy_command (proxy, "DOMAIN", selected_sockets, "global", NULL);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    zstr_sendx (auth, "DENY", "127.0.0.1", NULL);
    zsock_wait (auth);
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (!success);

    // Whitelist our address, which overrides the blacklist
    s_send_proxy_command (proxy, "DOMAIN", selected_sockets, "global", NULL);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    zstr_sendx (auth, "ALLOW", "127.0.0.1", NULL);
    zsock_wait (auth);
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (success);

    // Try PLAIN authentication

    // Test negative case (no server-side passwords defined)
    s_send_proxy_command (proxy, "PLAIN", selected_sockets, NULL);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    s_configure_plain_auth (faucet, sink, selected_sockets, "admin", "Password");
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (!success);

    // Test positive case (server-side passwords defined)
    FILE *password = fopen (TESTPWDS, "w");
    assert (password);
    fprintf (password, "admin=Password\n");
    fclose (password);
    s_send_proxy_command (proxy, "PLAIN", selected_sockets, NULL);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    s_configure_plain_auth (faucet, sink, selected_sockets, "admin", "Password");
    zstr_sendx (auth, "PLAIN", TESTPWDS, NULL);
    zsock_wait (auth);
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (success);

    // Test negative case (bad client password)
    s_send_proxy_command (proxy, "PLAIN", selected_sockets, NULL);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    s_configure_plain_auth (faucet, sink, selected_sockets, "admin", "Bogus");
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (!success);

    if (zsys_has_curve ()) {
        // We'll create two new certificates and save the client public
        // certificate on disk
        zcert_t *server_cert = zcert_new ();
        assert (server_cert);
        zcert_t *client_cert = zcert_new ();
        assert (client_cert);
        char *public_key = zcert_public_txt (server_cert);
        char *secret_key = zcert_secret_txt (server_cert);

        // Try CURVE authentication

        // Test without setting-up any authentication
        s_send_proxy_command (proxy, "CURVE", selected_sockets, public_key, secret_key, NULL);
        s_bind_proxy_sockets (proxy, &frontend, &backend);
        s_configure_curve_auth (faucet, sink, selected_sockets, client_cert, public_key);
        success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
        assert (!success);

        // Test CURVE_ALLOW_ANY
        s_send_proxy_command (proxy, "CURVE", selected_sockets, public_key, secret_key, NULL);
        s_bind_proxy_sockets (proxy, &frontend, &backend);
        s_configure_curve_auth (faucet, sink, selected_sockets, client_cert, public_key);
        zstr_sendx (auth, "CURVE", CURVE_ALLOW_ANY, NULL);
        zsock_wait (auth);
        success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
        assert (success);

        // Test with client certificate file in authentication folder
        s_send_proxy_command (proxy, "CURVE", selected_sockets, public_key, secret_key, NULL);
        s_bind_proxy_sockets (proxy, &frontend, &backend);
        s_configure_curve_auth (faucet, sink, selected_sockets, client_cert, public_key);
        zcert_save_public (client_cert, TESTCERT);
        zstr_sendx (auth, "CURVE", TESTDIR, NULL);
        zsock_wait (auth);
        success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
        assert (success);

        zcert_destroy (&server_cert);
        zcert_destroy (&client_cert);
    }

    // Remove the authenticator and check a normal connection works
    zactor_destroy (&auth);
    s_bind_proxy_sockets (proxy, &frontend, &backend);
    success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
    assert (success);

    zsock_destroy (&faucet);
    zsock_destroy (&sink);
    zactor_destroy (&proxy);
    zstr_free (&frontend);
    zstr_free (&backend);
}

Example #12

File: ext_zmq.cpp Project: Orvid/php-zmq

void HHVM_METHOD(ZMQCert, savePublic, const String& filename) {
  auto res = zcert_save_public(Native::data<ZMQCert>(this_)->zcert, filename.c_str());
  if (res == -1) {
    throwExceptionClassFmt(s_ZMQCertExceptionClass, "Failed to save the public certificate to {}", filename);
  }
}

Example #13

File: certificate.cpp Project: Lucky7Studio/czmqpp

int certificate::save_public(const std::string& filename)
{
    return zcert_save_public(self_, filename.c_str());
}