int irda_socket_connect_lsap(irda_t s, unsigned int address, unsigned int lsap, int * timeout)
{
#if defined(_WIN32) || defined(WIN32)
SOCKADDR_IRDA peer;
#else
struct sockaddr_irda peer;
#endif
CHECK_IRDA_HANDLE(s)
#if defined(_WIN32) || defined(WIN32)
peer.irdaAddressFamily = AF_IRDA;
peer.irdaDeviceID[0] = (address >> 24) & 0xFF;
peer.irdaDeviceID[1] = (address >> 16) & 0xFF;
peer.irdaDeviceID[2] = (address >> 8) & 0xFF;
peer.irdaDeviceID[3] = (address ) & 0xFF;
_snprintf(peer.irdaServiceName, 25, "LSAP-SEL%u", lsap);
#else
peer.sir_family = AF_IRDA;
peer.sir_addr = address;
peer.sir_lsap_sel = lsap;
memset(peer.sir_name, 0x00, 25);
#endif
return internal_connect(s, (struct sockaddr *) &peer, sizeof(peer), timeout);
}
int irda_socket_connect_name(irda_t s, unsigned int address, const char * name, int * timeout)
{
#if defined(_WIN32) || defined(WIN32)
SOCKADDR_IRDA peer;
#else
struct sockaddr_irda peer;
#endif
CHECK_IRDA_HANDLE(s)
#if defined(_WIN32) || defined(WIN32)
peer.irdaAddressFamily = AF_IRDA;
peer.irdaDeviceID[0] = (address >> 24) & 0xFF;
peer.irdaDeviceID[1] = (address >> 16) & 0xFF;
peer.irdaDeviceID[2] = (address >> 8) & 0xFF;
peer.irdaDeviceID[3] = (address ) & 0xFF;
if (name)
strncpy(peer.irdaServiceName, name, 25);
else
memset(peer.irdaServiceName, 0x00, 25);
#else
peer.sir_family = AF_IRDA;
peer.sir_addr = address;
if (name)
strncpy(peer.sir_name, name, 25);
else
memset(peer.sir_name, 0x00, 25);
#endif
return internal_connect(s, (struct sockaddr *) &peer, sizeof(peer), timeout);
}
} END_TEST
/**
* Test the get status command.
*/
START_TEST (test_get_status) {
OPGP_ERROR_STATUS status;
GP211_APPLICATION_DATA appData[10];
GP211_EXECUTABLE_MODULES_DATA modulesData[10];
BYTE appAID[7] = {0xa0,0,0,0,4,0x10,0x10};
BYTE loadFileAID[7] = {0xa0,0,0,0,3,0x53,0x50};
BYTE domainAID[8] = {0xa0,00,00,00,03,00,00,00};
DWORD dataLength = 10;
status = internal_connect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not connect: %s", status.errorMessage);
}
status = internal_mutual_authentication();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not do mutual authentication: %s", status.errorMessage);
}
status = GP211_get_status(cardContext, cardInfo, &securityInfo211, GP211_STATUS_APPLICATIONS, appData, modulesData, &dataLength);
if (OPGP_ERROR_CHECK(status)) {
fail("Could not get status from applications: %s", status.errorMessage);
}
fail_unless(dataLength == 4, "Incorrect application status length");
fail_unless(appData[0].lifeCycleState == 7, "Incorrect application status life cycle state");
fail_unless(appData[0].privileges == 2, "Incorrect application status privileges");
fail_unless(memcmp(appData[0].AID, appAID, sizeof(appAID))==0, "Incorrect application status AID");
dataLength = 10;
status = GP211_get_status(cardContext, cardInfo, &securityInfo211, GP211_STATUS_LOAD_FILES, appData, modulesData, &dataLength);
if (OPGP_ERROR_CHECK(status)) {
fail("Could not get status from applications: %s", status.errorMessage);
}
fail_unless(dataLength == 5, "Incorrect load file status");
fail_unless(appData[0].lifeCycleState == 1, "Incorrect load file status");
fail_unless(appData[0].privileges == 0, "Incorrect load file status");
fail_unless(memcmp(appData[0].AID, loadFileAID, sizeof(loadFileAID))==0, "Incorrect load file status");
dataLength = 10;
status = GP211_get_status(cardContext, cardInfo, &securityInfo211, GP211_STATUS_ISSUER_SECURITY_DOMAIN, appData, modulesData, &dataLength);
if (OPGP_ERROR_CHECK(status)) {
fail("Could not get status from applications: %s", status.errorMessage);
}
fail_unless(dataLength == 1, "Incorrect issuer security status");
fail_unless(appData[0].lifeCycleState == 1, "Incorrect issuer security status");
fail_unless(appData[0].privileges == 0x9e, "Incorrect issuer security status");
fail_unless(memcmp(appData[0].AID, domainAID, sizeof(domainAID)) == 0, "Incorrect issuer security status");
status = internal_disconnect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not disconnect: %s", status.errorMessage);
}
} END_TEST
void Session::on_event(const SessionEvent& event) {
switch (event.type) {
case SessionEvent::CONNECT: {
int port = config_.port();
const Config::ContactPointList& contact_points = config_.contact_points();
for (Config::ContactPointList::const_iterator it = contact_points.begin(),
end = contact_points.end();
it != end; ++it) {
const std::string& seed = *it;
Address address;
if (Address::from_string(seed, port, &address)) {
add_host(address);
} else {
pending_resolve_count_++;
Resolver::resolve(loop(), seed, port, this, on_resolve);
}
}
if (pending_resolve_count_ == 0) {
internal_connect();
}
break;
}
case SessionEvent::NOTIFY_READY:
if (pending_pool_count_ > 0) {
if (--pending_pool_count_ == 0) {
LOG_DEBUG("Session is connected");
notify_connected();
}
LOG_DEBUG("Session pending pool count %d", pending_pool_count_);
}
break;
case SessionEvent::NOTIFY_WORKER_CLOSED:
if (--pending_workers_count_ == 0) {
LOG_DEBUG("Session is disconnected");
control_connection_.close();
close_handles();
}
break;
case SessionEvent::NOTIFY_UP:
control_connection_.on_up(event.address);
break;
case SessionEvent::NOTIFY_DOWN:
control_connection_.on_down(event.address);
break;
default:
assert(false);
break;
}
}
void Connection::onResolve(const boost::system::error_code& error, asio::ip::basic_resolver<asio::ip::tcp>::iterator endpointIterator)
{
m_readTimer.cancel();
if(error == asio::error::operation_aborted)
return;
if(!error)
internal_connect(endpointIterator);
else
handleError(error);
}
}END_TEST
START_TEST (test_delete) {
OPGP_ERROR_STATUS status;
status = internal_connect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not connect: %s", status.errorMessage);
}
status = internal_mutual_authentication();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not do mutual authentication: %s", status.errorMessage);
}
status = internal_delete();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not delete applets: %s", status.errorMessage);
}
status = internal_disconnect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not disconnect: %s", status.errorMessage);
}
} END_TEST
}END_TEST
/**
* Tests the key derivation according to gemXpresso scheme.
*/
START_TEST (test_OPGP_VISA2_derive_keys)
{
OPGP_ERROR_STATUS status;
status = internal_connect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not connect: %s", status.errorMessage);
}
BYTE motherKey[] = { 0x4D, 0xA5, 0xFC, 0x18, 0xA4, 0x6F, 0x8A, 0x02,
0x05, 0xC7, 0x7C, 0x37, 0x3B, 0x58, 0x2A, 0x1F };
BYTE S_ENC[16], S_MAC[16], DEK[16];
int i;
status = OPGP_VISA2_derive_keys(cardContext, cardInfo,
(PBYTE) GP211_CARD_MANAGER_AID_ALT1,
sizeof(GP211_CARD_MANAGER_AID_ALT1), motherKey, S_ENC, S_MAC,
DEK);
if (OPGP_ERROR_CHECK(status)) {
fail("Derivation of keys failed: %s", status.errorMessage);
}
for (i = 0; i < 16; i++) {
printf("%02X", S_ENC[i]);
}
printf("\n");
for (i = 0; i < 16; i++) {
printf("%02X", S_MAC[i]);
}
printf("\n");
for (i = 0; i < 16; i++) {
printf("%02X", DEK[i]);
}
printf("\n");
status = internal_disconnect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not disconnect: %s", status.errorMessage);
}
}END_TEST
}END_TEST
/**
* Tests the mutual authentication.
*/
START_TEST (test_mutual_authentication)
{
OPGP_ERROR_STATUS status;
status = internal_connect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not connect: %s", status.errorMessage);
}
status = internal_mutual_authentication();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not do mutual authentication: %s", status.errorMessage);
}
status = internal_disconnect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not disconnect: %s", status.errorMessage);
}
_tprintf(_T("Mutual authentication succeeded\n"));
}END_TEST
} END_TEST
START_TEST (test_put_3des_key) {
OPGP_ERROR_STATUS status;
BYTE key[16] = {0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5};
status = internal_connect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not connect: %s", status.errorMessage);
}
status = internal_mutual_authentication();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not do mutual authentication: %s", status.errorMessage);
}
status = GP211_put_3des_key(cardContext, cardInfo, &securityInfo211, 0, 1, 5, key);
if (OPGP_ERROR_CHECK(status)) {
fail("Could not put key: %s", status.errorMessage);
}
status = internal_disconnect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not disconnect: %s", status.errorMessage);
}
} END_TEST
void Session::on_event(const SessionEvent& event) {
switch (event.type) {
case SessionEvent::CONNECT: {
int port = config_.port();
const ContactPointList& contact_points = config_.contact_points();
for (ContactPointList::const_iterator it = contact_points.begin(),
end = contact_points.end();
it != end; ++it) {
const std::string& seed = *it;
Address address;
if (Address::from_string(seed, port, &address)) {
add_host(address);
} else {
pending_resolve_count_++;
Resolver::resolve(loop(), seed, port, this, on_resolve);
}
}
if (pending_resolve_count_ == 0) {
internal_connect();
}
break;
}
case SessionEvent::NOTIFY_READY:
if (pending_pool_count_ > 0) {
if (--pending_pool_count_ == 0) {
LOG_DEBUG("Session is connected");
notify_connected();
}
LOG_DEBUG("Session pending pool count %d", pending_pool_count_);
}
break;
case SessionEvent::NOTIFY_KEYSPACE_ERROR: {
// Currently, this is only called when the keyspace does not exist
// and not for any other keyspace related errors.
const CopyOnWritePtr<std::string> keyspace(keyspace_);
notify_connect_error(CASS_ERROR_LIB_UNABLE_TO_SET_KEYSPACE,
"Keyspace '" + *keyspace + "' does not exist");
break;
}
case SessionEvent::NOTIFY_WORKER_CLOSED:
if (--pending_workers_count_ == 0) {
LOG_DEBUG("Session is disconnected");
control_connection_.close();
close_handles();
}
break;
case SessionEvent::NOTIFY_UP:
control_connection_.on_up(event.address);
break;
case SessionEvent::NOTIFY_DOWN:
control_connection_.on_down(event.address);
break;
default:
assert(false);
break;
}
}
/*
* Open a new connection to a server. Returns true on success, false on
* failure. On failure, sets the error message appropriately.
*/
bool
internal_open(struct remctl *r, const char *host, unsigned short port,
const char *principal)
{
int status, flags;
bool port_fallback = false;
socket_type fd = INVALID_SOCKET;
gss_buffer_desc send_tok, recv_tok, *token_ptr;
gss_buffer_desc empty_token = { 0, (void *) "" };
gss_name_t name = GSS_C_NO_NAME;
gss_ctx_id_t gss_context = GSS_C_NO_CONTEXT;
OM_uint32 major, minor, init_minor, gss_flags;
static const OM_uint32 wanted_gss_flags
= (GSS_C_MUTUAL_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG
| GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG);
static const OM_uint32 req_gss_flags
= (GSS_C_MUTUAL_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG);
/*
* If port is 0, default to trying the standard port and then falling back
* on the old port.
*/
if (port == 0) {
port = REMCTL_PORT;
port_fallback = true;
}
/* Make the network connection. */
fd = internal_connect(r, host, port);
if (fd == INVALID_SOCKET && port_fallback)
fd = internal_connect(r, host, REMCTL_PORT_OLD);
if (fd == INVALID_SOCKET)
goto fail;
r->fd = fd;
/* Import the name. */
if (!internal_import_name(r, host, principal, &name))
goto fail;
/*
* Default to protocol version two, but if some other protocol is already
* set in the remctl struct, don't override. This facility is used only
* for testing currently.
*/
if (r->protocol == 0)
r->protocol = 2;
/* Send the initial negotiation token. */
status = token_send(fd, TOKEN_NOOP | TOKEN_CONTEXT_NEXT | TOKEN_PROTOCOL,
&empty_token, r->timeout);
if (status != TOKEN_OK) {
internal_token_error(r, "sending initial token", status, 0, 0);
goto fail;
}
/* Perform the context-establishment loop.
*
* On each pass through the loop, token_ptr points to the token to send to
* the server (or GSS_C_NO_BUFFER on the first pass). Every generated
* token is stored in send_tok which is then transmitted to the server;
* every received token is stored in recv_tok, which token_ptr is then set
* to, to be processed by the next call to gss_init_sec_context.
*
* GSS-API guarantees that send_tok's length will be non-zero if and only
* if the server is expecting another token from us, and that
* gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if and only if the
* server has another token to send us.
*
* We start with the assumption that we're going to do protocol v2, but if
* the server ever drops TOKEN_PROTOCOL from the response, we fall back to
* v1.
*/
token_ptr = GSS_C_NO_BUFFER;
do {
major = gss_init_sec_context(&init_minor, GSS_C_NO_CREDENTIAL,
&gss_context, name, (const gss_OID) GSS_KRB5_MECHANISM,
wanted_gss_flags, 0, NULL, token_ptr, NULL, &send_tok,
&gss_flags, NULL);
if (token_ptr != GSS_C_NO_BUFFER)
free(recv_tok.value);
/* If we have anything more to say, send it. */
if (send_tok.length != 0) {
flags = TOKEN_CONTEXT;
if (r->protocol > 1)
flags |= TOKEN_PROTOCOL;
status = token_send(fd, flags, &send_tok, r->timeout);
if (status != TOKEN_OK) {
internal_token_error(r, "sending token", status, major, minor);
gss_release_buffer(&minor, &send_tok);
goto fail;
}
}
gss_release_buffer(&minor, &send_tok);
/* On error, report the error and abort. */
if (major != GSS_S_COMPLETE && major != GSS_S_CONTINUE_NEEDED) {
internal_gssapi_error(r, "initializing context", major,
init_minor);
goto fail;
}
/* If we're still expecting more, retrieve it. */
if (major == GSS_S_CONTINUE_NEEDED) {
status = token_recv(fd, &flags, &recv_tok, TOKEN_MAX_LENGTH,
r->timeout);
if (status != TOKEN_OK) {
internal_token_error(r, "receiving token", status, major,
minor);
goto fail;
}
if (r->protocol > 1 && (flags & TOKEN_PROTOCOL) != TOKEN_PROTOCOL)
r->protocol = 1;
token_ptr = &recv_tok;
}
} while (major == GSS_S_CONTINUE_NEEDED);
/*
* If the flags we get back from the server are bad and we're doing
* protocol v2, report an error and abort. This must be done after
* establishing the context, since Heimdal doesn't report all flags until
* context negotiation is complete.
*/
if (r->protocol > 1 && (gss_flags & req_gss_flags) != req_gss_flags) {
internal_set_error(r, "server did not negotiate acceptable GSS-API"
" flags");
goto fail;
}
/* Success. Set the context in the struct remctl object. */
r->context = gss_context;
r->ready = 0;
gss_release_name(&minor, &name);
return true;
fail:
if (fd != INVALID_SOCKET)
socket_close(fd);
r->fd = INVALID_SOCKET;
if (name != GSS_C_NO_NAME)
gss_release_name(&minor, &name);
if (gss_context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&minor, &gss_context, GSS_C_NO_BUFFER);
return false;
}
}END_TEST
/**
* Tests the install commands.
*/
START_TEST (test_install)
{
OPGP_LOAD_FILE_PARAMETERS loadFileParams;
DWORD receiptDataAvailable = 0;
DWORD receiptDataLen = 0;
char installParam[1];
installParam[0] = 0;
OPGP_ERROR_STATUS status;
GP211_RECEIPT_DATA receipt;
status = internal_connect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not connect: %s", status.errorMessage);
}
status = internal_mutual_authentication();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not do mutual authentication: %s", status.errorMessage);
}
internal_delete();
status = OPGP_read_executable_load_file_parameters(TEST_LOAD_FILE,
&loadFileParams);
if (OPGP_ERROR_CHECK(status)) {
fail("OPGP_read_executable_load_file_parameters() failed: ", status.errorMessage);
}
status = GP211_install_for_load(cardContext, cardInfo,
&securityInfo211, loadFileParams.loadFileAID.AID,
loadFileParams.loadFileAID.AIDLength,
(PBYTE) GP211_CARD_MANAGER_AID_ALT1, sizeof(GP211_CARD_MANAGER_AID_ALT1),
NULL, NULL, loadFileParams.loadFileSize, 0, 2000);
if (OPGP_ERROR_CHECK(status)) {
fail("GP211_install_for_load() failed: ", status.errorMessage);
}
status = GP211_load(cardContext, cardInfo, &securityInfo211, NULL, 0,
TEST_LOAD_FILE, NULL, &receiptDataLen, NULL);
if (OPGP_ERROR_CHECK(status)) {
fail("GP211_load() failed: ", status.errorMessage);
}
status = GP211_install_for_install_and_make_selectable(cardContext,
cardInfo, &securityInfo211, loadFileParams.loadFileAID.AID,
loadFileParams.loadFileAID.AIDLength,
loadFileParams.appletAIDs[0].AID,
loadFileParams.appletAIDs[0].AIDLength,
loadFileParams.appletAIDs[0].AID,
loadFileParams.appletAIDs[0].AIDLength, 0, 500, 1000, NULL, 0,
NULL, &receipt, &receiptDataAvailable);
if (OPGP_ERROR_CHECK(status)) {
fail("GP211_install_for_install_and_make_selectable() failed: ", status.errorMessage);
}
status = internal_disconnect();
if (OPGP_ERROR_CHECK(status)) {
fail("Could not disconnect: %s", status.errorMessage);
}
}END_TEST
