void TLSClient_Impl::handshake_certificate_received(const void *data, int size) { if (conversation_state != cl_tls_state_receive_certificate) throw Exception("TLS Expected certificate"); uint8_t buffer[3]; copy_data(buffer, 3, data, size); unsigned int certificate_list_size = buffer[0] << 16 | buffer[1] << 8 | buffer[2]; if ( (size < certificate_list_size) || (certificate_list_size == 0) ) throw Exception("Invalid certification size"); while(certificate_list_size > 0) { if (certificate_list_size < 3) throw Exception("Invalid record length"); copy_data(buffer, 3, data, size); certificate_list_size -= 3; unsigned int certificate_size = buffer[0] << 16 | buffer[1] << 8 | buffer[2]; if ( (certificate_list_size < certificate_size) || (certificate_size == 0) ) throw Exception("Invalid certification size"); std::vector<unsigned char> cert_buffer; cert_buffer.resize(certificate_size); copy_data(&cert_buffer[0], certificate_size, data, size); inspect_certificate(cert_buffer); certificate_list_size -= certificate_size; } conversation_state = cl_tls_state_receive_server_hello_done; }
int main(int argc, const char **argv) { int i, rv; pkcs11_handle_t *ph; struct configuration_st *configuration; unsigned int slot_num = 0; cert_object_t **certs; int cert_count; /* first of all check whether debugging should be enabled */ for (i = 0; i < argc; i++) if (strcmp("debug", argv[i]) == 0) { set_debug_level(1); } /* call configure routines */ configuration = pk_configure(argc - 1, argv + 1); if (!configuration ) { ERR("Error setting configuration parameters"); return 1; } if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) { ERR("Error setting configuration parameters"); return 1; } /* init openssl */ rv = crypto_init(&configuration->policy); if (rv != 0) { DBG1("crypto_init() failed: %s", get_error()); return 1; } /* load pkcs #11 module */ DBG("loading pkcs #11 module..."); rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); if (rv != 0) { ERR2("load_pkcs11_module(%s) failed: %s", configuration->pkcs11_modulepath, get_error()); return 1; } /* initialise pkcs #11 module */ DBG("initialising pkcs #11 module..."); rv = init_pkcs11_module(ph,configuration->support_threads); if (rv != 0) { release_pkcs11_module(ph); DBG1("init_pkcs11_module() failed: %s", get_error()); return 1; } /* open pkcs #11 session */ if (configuration->slot_description != NULL) { rv = find_slot_by_slotlabel(ph, configuration->slot_description, &slot_num); } else { rv = find_slot_by_number(ph, configuration->slot_num, &slot_num); } if (rv != 0) { release_pkcs11_module(ph); DBG("no token available"); return 1; } rv = open_pkcs11_session(ph, slot_num); if (rv != 0) { release_pkcs11_module(ph); ERR1("open_pkcs11_session() failed: %s", get_error()); return 1; } /* not really needed, but.... */ rv = pkcs11_pass_login(ph,configuration->nullok); if (rv != 0) { ERR1("pkcs11_pass_login() failed: %s", get_error()); return 2; } /* get certificate list (cert space is owned by ph) */ certs = get_certificate_list(ph, &cert_count); if (certs == NULL) { close_pkcs11_session(ph); release_pkcs11_module(ph); ERR1("get_certificates() failed: %s", get_error()); return 3; } /* load mapper modules */ load_mappers(configuration->ctx); /* find valid certificates and look for contents */ DBG1("Found '%d' certificate(s)", cert_count); for (i = 0; i < cert_count; i++) { X509 *x509 = get_X509_certificate(certs[i]); if (x509 != NULL) { DBG1("verifying the certificate #%d", i + 1); /* verify certificate (date, signature, CRL, ...) */ rv = verify_certificate(x509, &configuration->policy); if (rv < 0) { close_pkcs11_session(ph); release_pkcs11_module(ph); unload_mappers(); ERR1("verify_certificate() failed: %s", get_error()); return 1; } else if (rv != 1) { ERR1("verify_certificate() failed: %s", get_error()); continue; } DBG1("Inspecting certificate #%d",i+1); inspect_certificate(x509); } } /* unload mappers */ unload_mappers(); /* close pkcs #11 session */ rv = close_pkcs11_session(ph); if (rv != 0) { release_pkcs11_module(ph); ERR1("close_pkcs11_session() failed: %s", get_error()); return 1; } /* release pkcs #11 module */ DBG("releasing pkcs #11 module..."); release_pkcs11_module(ph); DBG("Process completed"); return 0; }