void zcertstore_test (bool verbose) { printf (" * zcertstore: "); if (verbose) printf ("\n"); // @selftest // Create temporary directory for test files # define TESTDIR ".test_zcertstore" zsys_dir_create (TESTDIR); // Load certificate store from disk; it will be empty zcertstore_t *certstore = zcertstore_new (TESTDIR); assert (certstore); // Create a single new certificate and save to disk zcert_t *cert = zcert_new (); assert (cert); char *client_key = strdup (zcert_public_txt (cert)); assert (client_key); zcert_set_meta (cert, "name", "John Doe"); zcert_save (cert, TESTDIR "/mycert.txt"); zcert_destroy (&cert); // Check that certificate store refreshes as expected cert = zcertstore_lookup (certstore, client_key); assert (cert); assert (streq (zcert_meta (cert, "name"), "John Doe")); // Test custom loader test_loader_state *state = (test_loader_state *) zmalloc (sizeof (test_loader_state)); state->index = 0; zcertstore_set_loader (certstore, s_test_loader, s_test_destructor, (void *)state); #if (ZMQ_VERSION_MAJOR >= 4) cert = zcertstore_lookup (certstore, client_key); assert (cert == NULL); cert = zcertstore_lookup (certstore, "abcdefghijklmnopqrstuvwxyzabcdefghijklmn"); assert (cert); #endif free (client_key); if (verbose) zcertstore_print (certstore); zcertstore_destroy (&certstore); // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); assert (dir); zdir_remove (dir, true); zdir_destroy (&dir); #if defined (__WINDOWS__) zsys_shutdown(); #endif // @end printf ("OK\n"); }
JNIEXPORT jlong JNICALL Java_org_zeromq_czmq_Zcertstore__1_1new (JNIEnv *env, jclass c, jstring location) { char *location_ = (char *) (*env)->GetStringUTFChars (env, location, NULL); // Disable CZMQ signal handling; allow Java to deal with it zsys_handler_set (NULL); jlong new_ = (jlong) (intptr_t) zcertstore_new (location_); (*env)->ReleaseStringUTFChars (env, location, location_); return new_; }
void zcertstore_test (bool verbose) { printf (" * zcertstore: "); if (verbose) printf ("\n"); // @selftest // Create temporary directory for test files # define TESTDIR ".test_zcertstore" zsys_dir_create (TESTDIR); // Load certificate store from disk; it will be empty zcertstore_t *certstore = zcertstore_new (TESTDIR); assert (certstore); // Create a single new certificate and save to disk zcert_t *cert = zcert_new (); assert (cert); char *client_key = strdup (zcert_public_txt (cert)); assert (client_key); zcert_set_meta (cert, "name", "John Doe"); zcert_save (cert, TESTDIR "/mycert.txt"); zcert_destroy (&cert); // Check that certificate store refreshes as expected cert = zcertstore_lookup (certstore, client_key); assert (cert); assert (streq (zcert_meta (cert, "name"), "John Doe")); free (client_key); if (verbose) zcertstore_print (certstore); zcertstore_destroy (&certstore); // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); assert (dir); zdir_remove (dir, true); zdir_destroy (&dir); // @end printf ("OK\n"); }
static int s_self_handle_pipe (self_t *self) { // Get the whole message off the pipe in one go zmsg_t *request = zmsg_recv (self->pipe); if (!request) return -1; // Interrupted char *command = zmsg_popstr (request); if (self->verbose) zsys_info ("zauth: API command=%s", command); if (streq (command, "ALLOW")) { char *address = zmsg_popstr (request); while (address) { if (self->verbose) zsys_info ("zauth: - whitelisting ipaddress=%s", address); zhashx_insert (self->whitelist, address, "OK"); zstr_free (&address); address = zmsg_popstr (request); } zsock_signal (self->pipe, 0); } else if (streq (command, "DENY")) { char *address = zmsg_popstr (request); while (address) { if (self->verbose) zsys_info ("zauth: - blacklisting ipaddress=%s", address); zhashx_insert (self->blacklist, address, "OK"); zstr_free (&address); address = zmsg_popstr (request); } zsock_signal (self->pipe, 0); } else if (streq (command, "PLAIN")) { // Get password file and load into zhash table // If the file doesn't exist we'll get an empty table char *filename = zmsg_popstr (request); zhashx_destroy (&self->passwords); self->passwords = zhashx_new (); if (zhashx_load (self->passwords, filename) && self->verbose) zsys_info ("zauth: could not load file=%s", filename); zstr_free (&filename); zsock_signal (self->pipe, 0); } else if (streq (command, "CURVE")) { // If location is CURVE_ALLOW_ANY, allow all clients. Otherwise // treat location as a directory that holds the certificates. char *location = zmsg_popstr (request); if (streq (location, CURVE_ALLOW_ANY)) self->allow_any = true; else { zcertstore_destroy (&self->certstore); // FIXME: what if this fails? self->certstore = zcertstore_new (location); self->allow_any = false; } zstr_free (&location); zsock_signal (self->pipe, 0); } else if (streq (command, "GSSAPI")) // GSSAPI authentication is not yet implemented here zsock_signal (self->pipe, 0); else if (streq (command, "VERBOSE")) { self->verbose = true; zsock_signal (self->pipe, 0); } else if (streq (command, "$TERM")) self->terminated = true; else { zsys_error ("zauth: - invalid command: %s", command); assert (false); } zstr_free (&command); zmsg_destroy (&request); return 0; }
static int s_agent_handle_pipe (agent_t *self) { // Get the whole message off the pipe in one go zmsg_t *request = zmsg_recv (self->pipe); char *command = zmsg_popstr (request); if (!command) return -1; // Interrupted if (streq (command, "ALLOW")) { char *address = zmsg_popstr (request); zhash_insert (self->whitelist, address, "OK"); zstr_free (&address); zstr_send (self->pipe, "OK"); } else if (streq (command, "DENY")) { char *address = zmsg_popstr (request); zhash_insert (self->blacklist, address, "OK"); zstr_free (&address); zstr_send (self->pipe, "OK"); } else if (streq (command, "PLAIN")) { // For now we don't do anything with domains char *domain = zmsg_popstr (request); zstr_free (&domain); // Get password file and load into zhash table // If the file doesn't exist we'll get an empty table char *filename = zmsg_popstr (request); zhash_destroy (&self->passwords); self->passwords = zhash_new (); zhash_load (self->passwords, filename); zstr_free (&filename); zstr_send (self->pipe, "OK"); } else if (streq (command, "CURVE")) { // For now we don't do anything with domains char *domain = zmsg_popstr (request); zstr_free (&domain); // If location is CURVE_ALLOW_ANY, allow all clients. Otherwise // treat location as a directory that holds the certificates. char *location = zmsg_popstr (request); if (streq (location, CURVE_ALLOW_ANY)) self->allow_any = true; else { zcertstore_destroy (&self->certstore); self->certstore = zcertstore_new (location); self->allow_any = false; } zstr_free (&location); zstr_send (self->pipe, "OK"); } else if (streq (command, "VERBOSE")) { char *verbose = zmsg_popstr (request); self->verbose = *verbose == '1'; zstr_free (&verbose); zstr_send (self->pipe, "OK"); } else if (streq (command, "TERMINATE")) { self->terminated = true; zstr_send (self->pipe, "OK"); } else { printf ("E: invalid command from API: %s\n", command); assert (false); } zstr_free (&command); zmsg_destroy (&request); return 0; }
void zcertstore_test (bool verbose) { printf (" * zcertstore: "); if (verbose) printf ("\n"); // @selftest const char *SELFTEST_DIR_RW = "src/selftest-rw"; const char *testbasedir = ".test_zcertstore"; const char *testfile = "mycert.txt"; char *basedirpath = NULL; // subdir in a test, under SELFTEST_DIR_RW char *filepath = NULL; // pathname to testfile in a test, in dirpath basedirpath = zsys_sprintf ("%s/%s", SELFTEST_DIR_RW, testbasedir); assert (basedirpath); filepath = zsys_sprintf ("%s/%s", basedirpath, testfile); assert (filepath); // Make sure old aborted tests do not hinder us zdir_t *dir = zdir_new (basedirpath, NULL); if (dir) { zdir_remove (dir, true); zdir_destroy (&dir); } zsys_file_delete (filepath); zsys_dir_delete (basedirpath); // Create temporary directory for test files zsys_dir_create (basedirpath); // Load certificate store from disk; it will be empty zcertstore_t *certstore = zcertstore_new (basedirpath); assert (certstore); // Create a single new certificate and save to disk zcert_t *cert = zcert_new (); assert (cert); char *client_key = strdup (zcert_public_txt (cert)); assert (client_key); zcert_set_meta (cert, "name", "John Doe"); zcert_save (cert, filepath); zcert_destroy (&cert); // Check that certificate store refreshes as expected cert = zcertstore_lookup (certstore, client_key); assert (cert); assert (streq (zcert_meta (cert, "name"), "John Doe")); #ifdef CZMQ_BUILD_DRAFT_API // DRAFT-API: Security // Iterate through certs zlistx_t *certs = zcertstore_certs(certstore); cert = (zcert_t *) zlistx_first(certs); int cert_count = 0; while (cert) { assert (streq (zcert_meta (cert, "name"), "John Doe")); cert = (zcert_t *) zlistx_next(certs); cert_count++; } assert(cert_count==1); zlistx_destroy(&certs); #endif // Test custom loader test_loader_state *state = (test_loader_state *) zmalloc (sizeof (test_loader_state)); state->index = 0; zcertstore_set_loader (certstore, s_test_loader, s_test_destructor, (void *)state); #if (ZMQ_VERSION_MAJOR >= 4) cert = zcertstore_lookup (certstore, client_key); assert (cert == NULL); cert = zcertstore_lookup (certstore, "abcdefghijklmnopqrstuvwxyzabcdefghijklmn"); assert (cert); #endif freen (client_key); if (verbose) zcertstore_print (certstore); zcertstore_destroy (&certstore); // Delete all test files dir = zdir_new (basedirpath, NULL); assert (dir); zdir_remove (dir, true); zdir_destroy (&dir); zstr_free (&basedirpath); zstr_free (&filepath); #if defined (__WINDOWS__) zsys_shutdown(); #endif // @end printf ("OK\n"); }
/// // Create a new certificate store from a disk directory, loading and // indexing all certificates in that location. The directory itself may be // absent, and created later, or modified at any time. The certificate store // is automatically refreshed on any zcertstore_lookup() call. If the // location is specified as NULL, creates a pure-memory store, which you // can work with by inserting certificates at runtime. QmlZcertstore *QmlZcertstoreAttached::construct (const QString &location) { QmlZcertstore *qmlSelf = new QmlZcertstore (); qmlSelf->self = zcertstore_new (location.toUtf8().data()); return qmlSelf; };
/// // Create a new certificate store from a disk directory, loading and // indexing all certificates in that location. The directory itself may be // absent, and created later, or modified at any time. The certificate store // is automatically refreshed on any zcertstore_lookup() call. If the // location is specified as NULL, creates a pure-memory store, which you // can work with by inserting certificates at runtime. QZcertstore::QZcertstore (const QString &location, QObject *qObjParent) : QObject (qObjParent) { this->self = zcertstore_new (location.toUtf8().data()); }