void zcert_test (bool verbose) { printf (" * zcert: "); #if (ZMQ_VERSION_MAJOR == 4) // @selftest // Create temporary directory for test files # define TESTDIR ".test_zcert" zsys_dir_create (TESTDIR); // Create a simple certificate with metadata zcert_t *cert = zcert_new (); # if defined (HAVE_LIBSODIUM) zcert_set_meta (cert, "email", "*****@*****.**"); zcert_set_meta (cert, "name", "Pieter Hintjens"); zcert_set_meta (cert, "organization", "iMatix Corporation"); zcert_set_meta (cert, "version", "%d", 1); assert (streq (zcert_meta (cert, "email"), "*****@*****.**")); zlist_t *keys = zcert_meta_keys (cert); assert (zlist_size (keys) == 4); zlist_destroy (&keys); // Check the dup and eq methods zcert_t *shadow = zcert_dup (cert); assert (zcert_eq (cert, shadow)); zcert_destroy (&shadow); // Check we can save and load certificate zcert_save (cert, TESTDIR "/mycert.txt"); assert (zsys_file_exists (TESTDIR "/mycert.txt")); assert (zsys_file_exists (TESTDIR "/mycert.txt_secret")); // Load certificate, will in fact load secret one shadow = zcert_load (TESTDIR "/mycert.txt"); assert (shadow); assert (zcert_eq (cert, shadow)); zcert_destroy (&shadow); // Delete secret certificate, load public one int rc = zsys_file_delete (TESTDIR "/mycert.txt_secret"); assert (rc == 0); shadow = zcert_load (TESTDIR "/mycert.txt"); // 32-byte null key encodes as 40 '0' characters assert (streq (zcert_secret_txt (shadow), "0000000000000000000000000000000000000000")); zcert_destroy (&shadow); zcert_destroy (&cert); # else // Libsodium isn't installed; should have returned NULL assert (cert == NULL); # endif // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); zdir_remove (dir, true); zdir_destroy (&dir); // @end #endif printf ("OK\n"); }
int main (int argc, char *argv []) { int argn = 1; char *filename = "mycert.txt"; if (argn < argc) filename = argv [argn++]; zsys_info ("Creating new CURVE certificate in %s", filename); zcert_t *cert = zcert_new (); if (s_get_meta (cert, "Enter your full name:", "name") || s_get_meta (cert, "Enter your email address:", "email") || s_get_meta (cert, "Enter your organization:", "organization")) return -1; char *timestr = zclock_timestr (); zcert_set_meta (cert, "created-by", "CZMQ zmakecert"); zcert_set_meta (cert, "date-created", "%s", timestr); free (timestr); zcert_dump (cert); zcert_save (cert, filename); zsys_info ("CURVE certificate created in %s and %s_secret", filename, filename); zcert_destroy (&cert); return 0; }
void zcertstore_test (bool verbose) { printf (" * zcertstore: "); if (verbose) printf ("\n"); // @selftest // Create temporary directory for test files # define TESTDIR ".test_zcertstore" zsys_dir_create (TESTDIR); // Load certificate store from disk; it will be empty zcertstore_t *certstore = zcertstore_new (TESTDIR); assert (certstore); // Create a single new certificate and save to disk zcert_t *cert = zcert_new (); assert (cert); char *client_key = strdup (zcert_public_txt (cert)); assert (client_key); zcert_set_meta (cert, "name", "John Doe"); zcert_save (cert, TESTDIR "/mycert.txt"); zcert_destroy (&cert); // Check that certificate store refreshes as expected cert = zcertstore_lookup (certstore, client_key); assert (cert); assert (streq (zcert_meta (cert, "name"), "John Doe")); // Test custom loader test_loader_state *state = (test_loader_state *) zmalloc (sizeof (test_loader_state)); state->index = 0; zcertstore_set_loader (certstore, s_test_loader, s_test_destructor, (void *)state); #if (ZMQ_VERSION_MAJOR >= 4) cert = zcertstore_lookup (certstore, client_key); assert (cert == NULL); cert = zcertstore_lookup (certstore, "abcdefghijklmnopqrstuvwxyzabcdefghijklmn"); assert (cert); #endif free (client_key); if (verbose) zcertstore_print (certstore); zcertstore_destroy (&certstore); // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); assert (dir); zdir_remove (dir, true); zdir_destroy (&dir); #if defined (__WINDOWS__) zsys_shutdown(); #endif // @end printf ("OK\n"); }
void zcertstore_test (bool verbose) { printf (" * zcertstore: "); if (verbose) printf ("\n"); // @selftest // Create temporary directory for test files # define TESTDIR ".test_zcertstore" zsys_dir_create (TESTDIR); // Load certificate store from disk; it will be empty zcertstore_t *certstore = zcertstore_new (TESTDIR); assert (certstore); // Create a single new certificate and save to disk zcert_t *cert = zcert_new (); assert (cert); char *client_key = strdup (zcert_public_txt (cert)); assert (client_key); zcert_set_meta (cert, "name", "John Doe"); zcert_save (cert, TESTDIR "/mycert.txt"); zcert_destroy (&cert); // Check that certificate store refreshes as expected cert = zcertstore_lookup (certstore, client_key); assert (cert); assert (streq (zcert_meta (cert, "name"), "John Doe")); free (client_key); if (verbose) zcertstore_print (certstore); zcertstore_destroy (&certstore); // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); assert (dir); zdir_remove (dir, true); zdir_destroy (&dir); // @end printf ("OK\n"); }
int main (void) { puts ("Creating new CURVE certificate"); zcert_t *cert = zcert_new (); if (s_get_meta (cert, "Enter your full name:", "name") || s_get_meta (cert, "Enter your email address:", "email") || s_get_meta (cert, "Enter your organization:", "organization")) return -1; char *timestr = zclock_timestr (); zcert_set_meta (cert, "created-by", "CZMQ makecert"); zcert_set_meta (cert, "date-created", timestr); free (timestr); zcert_dump (cert); zcert_save (cert, "mycert.txt"); puts ("I: CURVE certificate created in mycert.txt and mycert.txt_secret"); zcert_destroy (&cert); return 0; }
int main(int argc, char **argv) { char *a = argv[1]; // name of cert char sa[500]; // name of serv_cert char ca[500]; // name of client_cert uint8_t serv_priv[32]; uint8_t serv_pub[32]; uint8_t cli_priv[32]; uint8_t cli_pub[32]; zcert_t *serv_cert = zcert_new(); zcert_t *cli_cert = zcert_new(); uint8_t *serv_privp = zcert_secret_key(serv_cert); uint8_t *serv_pubp = zcert_public_key(serv_cert); uint8_t *cli_privp = zcert_secret_key(cli_cert); uint8_t *cli_pubp = zcert_public_key(cli_cert); memmove(serv_priv, serv_privp, sizeof(serv_priv)); memmove(serv_pub, serv_pubp, sizeof(serv_pub)); memmove(cli_priv, cli_privp, sizeof(cli_priv)); memmove(cli_pub, cli_pubp, sizeof(cli_pub)); char *serv_cprivp = zcert_secret_txt(serv_cert); char *serv_cpubp = zcert_public_txt(serv_cert); char *cli_cprivp = zcert_secret_txt(cli_cert); char *cli_cpubp = zcert_public_txt(cli_cert); char servhnam[1000]; char clihnam[1000]; sprintf(servhnam, "servcert_%s.h", a); sprintf(clihnam, "clicert_%s.h", a); FILE *serv = fopen(servhnam, "w"); FILE *cli = fopen(clihnam, "w"); fprintf(serv, "char *%s_server_private_txt = \"%s\";\n", a, serv_cprivp); fprintf(serv, "char *%s_server_public_txt = \"%s\";\n\n\n", a, serv_cpubp); fprintf(cli, "char *%s_cli_private_txt = \"%s\";\n", a, cli_cprivp); fprintf(cli, "char *%s_cli_public_txt = \"%s\";\n\n\n", a, cli_cpubp); sprintf(sa, "server_%s", a); sprintf(ca, "client_%s", a); zcert_save(serv_cert, sa); zcert_save(cli_cert, ca); // we don't need the secret keys on disk; just a security hazard unlink("server_banshare_secret"); unlink("client_banshare_secret"); fprintf (serv, "uint8_t %s_server_private[32] = {0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx };\n", a, serv_priv[0], serv_priv[1], serv_priv[2], serv_priv[3], serv_priv[4], serv_priv[5], serv_priv[6], serv_priv[7], serv_priv[8], serv_priv[9], serv_priv[10], serv_priv[11], serv_priv[12], serv_priv[13], serv_priv[14], serv_priv[15], serv_priv[16], serv_priv[17], serv_priv[18], serv_priv[19], serv_priv[20], serv_priv[21], serv_priv[22], serv_priv[23], serv_priv[24], serv_priv[25], serv_priv[26], serv_priv[27], serv_priv[28], serv_priv[29], serv_priv[30], serv_priv[31]); fprintf (serv, "uint8_t %s_server_public[32] = {0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx };\n", a, serv_pub[0], serv_pub[1], serv_pub[2], serv_pub[3], serv_pub[4], serv_pub[5], serv_pub[6], serv_pub[7], serv_pub[8], serv_pub[9], serv_pub[10], serv_pub[11], serv_pub[12], serv_pub[13], serv_pub[14], serv_pub[15], serv_pub[16], serv_pub[17], serv_pub[18], serv_pub[19], serv_pub[20], serv_pub[21], serv_pub[22], serv_pub[23], serv_pub[24], serv_pub[25], serv_pub[26], serv_pub[27], serv_pub[28], serv_pub[29], serv_pub[30], serv_pub[31]); fprintf (cli, "uint8_t %s_client_private[32] = {0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx };\n", a, cli_priv[0], cli_priv[1], cli_priv[2], cli_priv[3], cli_priv[4], cli_priv[5], cli_priv[6], cli_priv[7], cli_priv[8], cli_priv[9], cli_priv[10], cli_priv[11], cli_priv[12], cli_priv[13], cli_priv[14], cli_priv[15], cli_priv[16], cli_priv[17], cli_priv[18], cli_priv[19], cli_priv[20], cli_priv[21], cli_priv[22], cli_priv[23], cli_priv[24], cli_priv[25], cli_priv[26], cli_priv[27], cli_priv[28], cli_priv[29], cli_priv[30], cli_priv[31]); fprintf (cli, "uint8_t %s_client_public[32] = {0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,\n 0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx,0x%hhx };\n", a, cli_pub[0], cli_pub[1], cli_pub[2], cli_pub[3], cli_pub[4], cli_pub[5], cli_pub[6], cli_pub[7], cli_pub[8], cli_pub[9], cli_pub[10], cli_pub[11], cli_pub[12], cli_pub[13], cli_pub[14], cli_pub[15], cli_pub[16], cli_pub[17], cli_pub[18], cli_pub[19], cli_pub[20], cli_pub[21], cli_pub[22], cli_pub[23], cli_pub[24], cli_pub[25], cli_pub[26], cli_pub[27], cli_pub[28], cli_pub[29], cli_pub[30], cli_pub[31]); fclose(serv); fclose(cli); exit(0); }
/// // Save full certificate (public + secret) to file for persistent storage // This creates one public file and one secret file (filename + "_secret"). int QmlZcert::save (const QString &filename) { return zcert_save (self, filename.toUtf8().data()); };
void curve_server_test (bool verbose) { printf (" * curve_server: "); // @selftest // Create temporary directory for test files srand (time (NULL)); zsys_dir_create (TESTDIR); zcert_t *server_cert = zcert_new (); zcert_save (server_cert, TESTDIR "/server.cert"); // Install the authenticator zctx_t *ctx = zctx_new (); zauth_t *auth = zauth_new (ctx); assert (auth); zauth_set_verbose (auth, verbose); zauth_configure_curve (auth, "*", TESTDIR); // We'll run a set of clients as background tasks, and the // server in this foreground thread. Don't pass verbose to // the clients as the results are unreadable. int live_clients; for (live_clients = 0; live_clients < 5; live_clients++) zthread_new (client_task, &verbose); curve_server_t *server = curve_server_new (ctx, &server_cert); curve_server_set_verbose (server, verbose); curve_server_bind (server, "tcp://127.0.0.1:9006"); while (live_clients > 0) { zmsg_t *msg = curve_server_recv (server); if (memcmp (zframe_data (zmsg_last (msg)), "END", 3) == 0) live_clients--; curve_server_send (server, &msg); } // Try an invalid client/server combination byte bad_server_key [32] = { 0 }; zcert_t *unknown = zcert_new (); curve_client_t *client = curve_client_new (&unknown); curve_client_set_verbose (client, true); curve_client_connect (client, "tcp://127.0.0.1:9006", bad_server_key); curve_client_sendstr (client, "Hello, World"); // Expect no reply after 250msec zmq_pollitem_t pollitems [] = { { curve_client_handle (client), 0, ZMQ_POLLIN, 0 } }; assert (zmq_poll (pollitems, 1, 250) == 0); curve_client_destroy (&client); // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); zdir_remove (dir, true); zdir_destroy (&dir); curve_server_destroy (&server); zauth_destroy (&auth); zctx_destroy (&ctx); // @end // Ensure client threads have exited before we do zclock_sleep (100); printf ("OK\n"); }
void curve_client_test (bool verbose) { printf (" * curve_client: "); // @selftest // Create temporary directory for test files zsys_dir_create (TESTDIR); // We'll create two new certificates and save the client public // certificate on disk; in a real case we'd transfer this securely // from the client machine to the server machine. zcert_t *server_cert = zcert_new (); zcert_save (server_cert, TESTDIR "/server.cert"); // We'll run the server as a background task, and the // client in this foreground thread. zthread_new (server_task, &verbose); zcert_t *client_cert = zcert_new (); zcert_save_public (client_cert, TESTDIR "/client.cert"); curve_client_t *client = curve_client_new (&client_cert); curve_client_set_metadata (client, "Client", "CURVEZMQ/curve_client"); curve_client_set_metadata (client, "Identity", "E475DA11"); curve_client_set_verbose (client, verbose); curve_client_connect (client, "tcp://127.0.0.1:9005", (byte *)zcert_public_key (server_cert)); curve_client_sendstr (client, "Hello, World"); char *reply = curve_client_recvstr (client); assert (streq (reply, "Hello, World")); free (reply); // Try a multipart message zmsg_t *msg = zmsg_new (); zmsg_addstr (msg, "Hello, World"); zmsg_addstr (msg, "Second frame"); curve_client_send (client, &msg); msg = curve_client_recv (client); assert (zmsg_size (msg) == 2); zmsg_destroy (&msg); // Now send messages of increasing size, check they work int count; int size = 0; for (count = 0; count < 18; count++) { if (verbose) printf ("Testing message of size=%d...\n", size); zframe_t *data = zframe_new (NULL, size); int byte_nbr; // Set data to sequence 0...255 repeated for (byte_nbr = 0; byte_nbr < size; byte_nbr++) zframe_data (data)[byte_nbr] = (byte) byte_nbr; msg = zmsg_new (); zmsg_prepend (msg, &data); curve_client_send (client, &msg); msg = curve_client_recv (client); data = zmsg_pop (msg); assert (data); assert (zframe_size (data) == size); for (byte_nbr = 0; byte_nbr < size; byte_nbr++) { assert (zframe_data (data)[byte_nbr] == (byte) byte_nbr); } zframe_destroy (&data); zmsg_destroy (&msg); size = size * 2 + 1; } // Signal end of test curve_client_sendstr (client, "END"); reply = curve_client_recvstr (client); free (reply); zcert_destroy (&server_cert); zcert_destroy (&client_cert); curve_client_destroy (&client); // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); zdir_remove (dir, true); zdir_destroy (&dir); // @end // Ensure server thread has exited before we do zclock_sleep (100); printf ("OK\n"); }
/// // Save full certificate (public + secret) to file for persistent storage // This creates one public file and one secret file (filename + "_secret"). int QZcert::save (const QString &filename) { int rv = zcert_save (self, filename.toUtf8().data()); return rv; }
void zcertstore_test (bool verbose) { printf (" * zcertstore: "); if (verbose) printf ("\n"); // @selftest const char *SELFTEST_DIR_RW = "src/selftest-rw"; const char *testbasedir = ".test_zcertstore"; const char *testfile = "mycert.txt"; char *basedirpath = NULL; // subdir in a test, under SELFTEST_DIR_RW char *filepath = NULL; // pathname to testfile in a test, in dirpath basedirpath = zsys_sprintf ("%s/%s", SELFTEST_DIR_RW, testbasedir); assert (basedirpath); filepath = zsys_sprintf ("%s/%s", basedirpath, testfile); assert (filepath); // Make sure old aborted tests do not hinder us zdir_t *dir = zdir_new (basedirpath, NULL); if (dir) { zdir_remove (dir, true); zdir_destroy (&dir); } zsys_file_delete (filepath); zsys_dir_delete (basedirpath); // Create temporary directory for test files zsys_dir_create (basedirpath); // Load certificate store from disk; it will be empty zcertstore_t *certstore = zcertstore_new (basedirpath); assert (certstore); // Create a single new certificate and save to disk zcert_t *cert = zcert_new (); assert (cert); char *client_key = strdup (zcert_public_txt (cert)); assert (client_key); zcert_set_meta (cert, "name", "John Doe"); zcert_save (cert, filepath); zcert_destroy (&cert); // Check that certificate store refreshes as expected cert = zcertstore_lookup (certstore, client_key); assert (cert); assert (streq (zcert_meta (cert, "name"), "John Doe")); #ifdef CZMQ_BUILD_DRAFT_API // DRAFT-API: Security // Iterate through certs zlistx_t *certs = zcertstore_certs(certstore); cert = (zcert_t *) zlistx_first(certs); int cert_count = 0; while (cert) { assert (streq (zcert_meta (cert, "name"), "John Doe")); cert = (zcert_t *) zlistx_next(certs); cert_count++; } assert(cert_count==1); zlistx_destroy(&certs); #endif // Test custom loader test_loader_state *state = (test_loader_state *) zmalloc (sizeof (test_loader_state)); state->index = 0; zcertstore_set_loader (certstore, s_test_loader, s_test_destructor, (void *)state); #if (ZMQ_VERSION_MAJOR >= 4) cert = zcertstore_lookup (certstore, client_key); assert (cert == NULL); cert = zcertstore_lookup (certstore, "abcdefghijklmnopqrstuvwxyzabcdefghijklmn"); assert (cert); #endif freen (client_key); if (verbose) zcertstore_print (certstore); zcertstore_destroy (&certstore); // Delete all test files dir = zdir_new (basedirpath, NULL); assert (dir); zdir_remove (dir, true); zdir_destroy (&dir); zstr_free (&basedirpath); zstr_free (&filepath); #if defined (__WINDOWS__) zsys_shutdown(); #endif // @end printf ("OK\n"); }
void HHVM_METHOD(ZMQCert, save, const String& filename) { auto res = zcert_save(Native::data<ZMQCert>(this_)->zcert, filename.c_str()); if (res == -1) { throwExceptionClassFmt(s_ZMQCertExceptionClass, "Failed to save the certificate to {}", filename); } }
int certificate::save(const std::string& filename) { return zcert_save(self_, filename.c_str()); }