int
Thread_setup(void)
{
#ifdef _USE_OPENSSL
int i;
mutex_buf = (MUTEX_TYPE *)malloc(sizeof(MUTEX_TYPE) * CRYPTO_num_locks());
if(!mutex_buf)
return 0;
for ( i = 0 ; i < CRYPTO_num_locks() ; i++)
MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
/*
** Dynamic locking routine registration
**/
#ifdef _DYNAMIC_LOCKING_MECHANISM_
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
#endif
return 1;
#else
return -1;
#endif
}
EHSConnection::EHSConnection ( NetworkAbstraction * ipoNetworkAbstraction,
EHSServer * ipoEHSServer ) :
m_nDoneReading ( 0 ),
m_nDisconnected ( 0 ),
m_nRequests ( 0 ),
m_nResponses ( 0 ),
m_poNetworkAbstraction ( ipoNetworkAbstraction ),
m_poCurrentHttpRequest ( NULL ),
m_poEHSServer ( ipoEHSServer ),
m_iStopASAP ( 0 )
{
m_UnusedSyncId = 0;
UpdateLastActivity ( );
// initialize mutex for this object
MUTEX_SETUP ( m_oConnectionMutex );
// get the address and port of the new connection
m_sAddress = ipoNetworkAbstraction->GetAddress ( );
m_nPort = ipoNetworkAbstraction->GetPort ( );
// make sure the buffer is clear
m_sBuffer = "";
#ifdef EHS_MEMORY
fprintf ( stderr, "[EHS_MEMORY] Allocated: EHSConnection\n" );
#endif
}
static struct CRYPTO_dynlock_value *dyn_create_function(const char *file, int line)
{ struct CRYPTO_dynlock_value *value;
value = (struct CRYPTO_dynlock_value*)malloc(sizeof(struct CRYPTO_dynlock_value));
if (value)
MUTEX_SETUP(value->mutex);
return value;
}
static list_t *
_newList (void) {
list_t *list = (list_t *) calloc (1, sizeof (list_t));
if (list) {
MUTEX_SETUP (list->lock);
}
return list;
}
static void setupMutex(void)
{
mutex_buf = (MUTEX_TYPE*) malloc(sizeof(MUTEX_TYPE));
if(!mutex_buf)
throw SecurityException(MEMORY_ALLOC_FAILED, NULL);
MUTEX_SETUP(*mutex_buf);
}
static struct CRYPTO_dynlock_value *dyn_create_function(const char *file, int line)
{
if (!file || !line)
pmesg_safe(&global_flag, LOG_ERROR, __FILE__, __LINE__, "");
struct CRYPTO_dynlock_value *value;
value = (struct CRYPTO_dynlock_value *) malloc(sizeof(struct CRYPTO_dynlock_value));
if (value)
MUTEX_SETUP(value->mutex);
return value;
}
int thread_setup(void) {
int i;
mutex_buf =
(pthread_mutex_t *)palloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
if (!mutex_buf) return 0;
for (i = 0; i < CRYPTO_num_locks(); i++) MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
return 1;
}
struct CRYPTO_dynlock_value *
CRYPTO_dynlock_value(const char *file,int line) {
struct CRYPTO_dynlock_value *value;
value = (CRYPTO_dynlock_value *)malloc(sizeof(struct CRYPTO_dynlock_value));
if(!value)
return NULL;
MUTEX_SETUP(value -> mutex);
return value;
}
void thread_setup ()
{
#ifndef HAVE_CLIENT
mutex_buf = malloc (CRYPTO_num_locks () * sizeof(MUTEX_TYPE));
if (!mutex_buf) return;
int i;
for (i = 0; i < CRYPTO_num_locks (); i++)
MUTEX_SETUP (mutex_buf[i]);
CRYPTO_set_id_callback (id_function);
CRYPTO_set_locking_callback (locking_function);
#endif
}
int CRYPTO_thread_setup()
{ int i;
mutex_buf = (MUTEX_TYPE*)malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
if (!mutex_buf)
return SOAP_EOM;
for (i = 0; i < CRYPTO_num_locks(); i++)
MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
return SOAP_OK;
}
static int ssl_thread_setup(void)
{
int i;
hlog(LOG_DEBUG, "Creating OpenSSL mutexes (%d)...", CRYPTO_num_locks());
mutex_buf = hmalloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
for (i = 0; i < CRYPTO_num_locks(); i++)
MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(ssl_thread_id_function);
CRYPTO_set_locking_callback(ssl_thread_locking_function);
return 0;
}
int thread_openssl_setup(void)
{
int i;
mutex_arr = (MUTEX_TYPE *) malloc(CRYPTO_num_locks( ) * sizeof(MUTEX_TYPE));
if (!mutex_arr)
return -1;
for (i = 0; i < CRYPTO_num_locks( ); i++)
MUTEX_SETUP(mutex_arr[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
return 0;
}
int CRYPTO_thread_setup()
{
int i;
//mutex_buf = (MUTEX_TYPE*)malloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
mutex_buf = (MUTEX_TYPE*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
if (!mutex_buf)
return -1;
for (i = 0; i < CRYPTO_num_locks(); i++)
MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
//CRYPTO_set_dynlock_create_callback(dyn_create_function);
//CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
//CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
return 0;
}
int THREAD_setup(void) {
int i;
mutex_buf = (MUTEX_TYPE *) malloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
if(!mutex_buf) {
return 0;
}
for(i = 0; i < CRYPTO_num_locks(); i++) {
MUTEX_SETUP(mutex_buf[i]);
}
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
return 1;
}
int ezs_THREAD_setup(void)
{
int i;
mutex_buf = (MUTEX_T *)malloc(CRYPTO_num_locks() * sizeof(MUTEX_T));
if (!mutex_buf) return 0;
/* this should not be necessary */
memset(mutex_buf, '\0', CRYPTO_num_locks()*sizeof(MUTEX_T));
for (i = 0; i < CRYPTO_num_locks( ); i++) MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
/* The following three CRYPTO_... functions are the OpenSSL functions
for registering the callbacks we implemented above */
CRYPTO_set_dynlock_create_callback(dyn_create_function);
CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
return 1;
}
EHSServer::EHSServer ( EHS * ipoTopLevelEHS ///< pointer to top-level EHS for request routing
) :
m_nServerRunningStatus ( SERVERRUNNING_NOTRUNNING ),
m_poTopLevelEHS ( ipoTopLevelEHS ),
m_nRequestsPending ( 0 ),
m_nIdleTimeout ( 15 )
{
// you HAVE to specify a top-level EHS object
// compare against NULL for 64-bit systems
assert ( m_poTopLevelEHS != NULL );
MUTEX_SETUP ( m_oMutex );
pthread_cond_init ( & m_oDoneAccepting, NULL );
m_nAccepting = 0;
m_iActiveThreadCount = 0;
// grab out the parameters for less typing later on
EHSServerParameters & roEHSServerParameters =
ipoTopLevelEHS->m_oEHSServerParameters;
// whether to run with https support
int nHttps = roEHSServerParameters [ "https" ];
#ifdef EHS_MEMORY
fprintf ( stderr, "[EHS_MEMORY] Allocated: EHSServer\n" );
#endif
if ( nHttps ) {
EHS_TRACE ( "EHSServer running in HTTPS mode\n");
} else {
EHS_TRACE ( "EHSServer running in plain-text mode (no HTTPS)\n");
}
// are we using secure sockets?
if ( !nHttps ) {
m_poNetworkAbstraction = new Socket ( );
} else {
#ifdef COMPILE_WITH_SSL
EHS_TRACE ( "Trying to create secure socket with certificate='%s' and passphrase='%s'\n",
(const char*)roEHSServerParameters [ "certificate" ],
(const char*)roEHSServerParameters [ "passphrase" ] );
SecureSocket * poSecureSocket =
new SecureSocket ( roEHSServerParameters [ "certificate" ],
roEHSServerParameters [ "passphrase" ] );
// HIGHLY EXPERIMENTAL
// scary shit
EHS_TRACE ( "Thinking about loading callback - '%s'\n",
roEHSServerParameters [ "passphrasecallback" ].
GetCharString ( ) );
if ( roEHSServerParameters [ "passphrasecallback" ] != "" &&
dlsym ( RTLD_DEFAULT,
roEHSServerParameters [ "passphrasecallback" ] ) ==
NULL ) {
EHS_TRACE ( "Couldn't load symbol for '%s' -- make sure you extern \"C\" the function\n",
roEHSServerParameters [ "passphrasecallback" ].
GetCharString ( ) );
}
EHS_TRACE ( "done thinking about loading callback\n" );
poSecureSocket->SetPassphraseCallback ( (int ( * ) ( char *, int, int, void * ))
dlsym ( RTLD_DEFAULT,
roEHSServerParameters [ "passphrasecallback" ] ) );
// END EXPERIMENTAL
m_poNetworkAbstraction = poSecureSocket;
#else // COMPILE_WITH_SSL
fprintf ( stderr, "EHS not compiled with SSL support. Cannot create HTTPS server. Aborting\n" );
exit ( 1 );
#endif // COMPILE_WITH_SSL
}
// initialize the socket
assert ( m_poNetworkAbstraction != NULL );
int nResult = m_poNetworkAbstraction->Init ( roEHSServerParameters [ "bindip" ], roEHSServerParameters [ "port" ] ); // initialize socket stuff
if ( nResult != NetworkAbstraction::INITSOCKET_SUCCESS ) {
EHS_TRACE ( "Error: Failed to initialize sockets\n" );
return;
}
if ( roEHSServerParameters [ "mode" ] == "threadpool" ) {
// need to set this here because the thread will check this to make
// sure it's supposed to keep running
m_nServerRunningStatus = SERVERRUNNING_THREADPOOL;
// create a pthread
int nResult = -1;
EHS_TRACE ( "Starting %d threads\n", roEHSServerParameters [ "threadcount" ].GetInt ( ) );
int nThreadsToStart = roEHSServerParameters [ "threadcount" ].GetInt ( );
if ( nThreadsToStart == 0 ) {
nThreadsToStart = 1;
}
for ( int i = 0; i < nThreadsToStart; i++ ) {
EHS_TRACE ( "creating thread with %x, NULL, %x, %x\n",
&m_nAcceptThreadId,
EHSServer::PthreadHandleData_ThreadedStub,
(void *) this );
// create new thread and detach so we don't have to join on it
nResult =
pthread_create ( &m_nAcceptThreadId,
NULL,
EHSServer::PthreadHandleData_ThreadedStub,
(void *) this );
pthread_detach ( m_nAcceptThreadId );
}
if ( nResult != 0 ) {
m_nServerRunningStatus = SERVERRUNNING_NOTRUNNING;
}
} else if ( roEHSServerParameters [ "mode" ] == "onethreadperrequest" ) {
m_nServerRunningStatus = SERVERRUNNING_ONETHREADPERREQUEST;
// spawn off one thread just to deal with basic stuff
nResult = pthread_create ( &m_nAcceptThreadId,
NULL,
EHSServer::PthreadHandleData_ThreadedStub,
(void *) this );
pthread_detach ( m_nAcceptThreadId );
// check to make sure the thread was created properly
if ( nResult != 0 ) {
m_nServerRunningStatus = SERVERRUNNING_NOTRUNNING;
}
} else if ( roEHSServerParameters [ "mode" ] == "singlethreaded" ) {
// we're single threaded
m_nServerRunningStatus = SERVERRUNNING_SINGLETHREADED;
} else {
EHS_TRACE ( "INVALID 'mode' SPECIFIED.\ntMust be 'singlethreaded', 'threadpool', or 'onethreadperrequest'\n" );
assert ( 0 );
}
if ( m_nServerRunningStatus == SERVERRUNNING_THREADPOOL ) {
EHS_TRACE ( "Info: EHS Server running in dedicated thread mode with '%s' threads\n",
roEHSServerParameters [ "threadcount" ] == "" ?
roEHSServerParameters [ "threadcount" ].GetCharString ( ) : "1" );
} else if ( m_nServerRunningStatus == SERVERRUNNING_ONETHREADPERREQUEST ) {
EHS_TRACE ( "Info: EHS Server running with one thread per request\n" );
} else if ( m_nServerRunningStatus == SERVERRUNNING_SINGLETHREADED ) {
EHS_TRACE ( "Info: EHS Server running in non-dedicated thread mode\n" );
} else {
EHS_TRACE ( "Error: EHS Server not running. Server initialization failed\n" );
}
return;
}
/* The main() function for setting up and running the tests.
* Returns a CUE_SUCCESS on successful running, another
* CUnit error code on failure.
*/
int main(int argc, char *argv[]) {
int xml = 0;
int con = 0;
CU_pFailureRecord fr;
int i;
if (argc >= 2 && !strcmp(argv[1], "-xml")) {
xml = 1;
} else if (argc >= 2 && !strcmp(argv[1], "-con")) {
con = 1;
}
#ifdef HAVE_CUNIT
int rv;
#ifndef WIN32
struct sigaction sig_act;
/*
* Indicate that the broken pipe signal during writes should be
* ignored
*/
memset(&sig_act, 0, sizeof(struct sigaction));
sig_act.sa_handler = SIG_IGN;
sigemptyset(&sig_act.sa_mask);
if (sigaction(SIGPIPE, &sig_act, NULL) == -1) {
printf("\nCannot set ignore action for SIGPIPE\n");
}
#endif
est_apps_startup();
/*
* Install thread locking mechanism for OpenSSL
*/
mutex_buf = malloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
if (!mutex_buf) {
printf("Cannot allocate mutexes");
exit(1);
}
for (i = 0; i < CRYPTO_num_locks(); i++)
MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
/* initialize the CUnit test registry */
if (CUE_SUCCESS != CU_initialize_registry()) {
return CU_get_error();
}
#ifdef ENABLE_ALL_SUITES
rv = us748_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US748 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us893_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US893 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us894_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US894 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us895_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US895 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us896_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US896 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us897_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US897 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us898_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US898 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us899_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US899 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us900_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US900 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us901_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US901 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us902_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US902 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us903_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US903 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1005_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1005 (%d)", rv);
exit(1);
}
#endif
#if (DISABLE_SUITE != 0)
rv = us1060_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1060 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1060c_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1060c (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1159_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1159 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1190_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1190 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1864_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1864 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1883_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1883 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us1884_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US1884 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us2174_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US2174 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us3496_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US3496 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us3512_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US3512 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us3612_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US3612 (%d)", rv);
exit(1);
}
#endif
#ifdef ENABLE_ALL_SUITES
rv = us4020_add_suite();
if (rv != CUE_SUCCESS) {
printf("\nFailed to add test suite for US4020 (%d)", rv);
exit(1);
}
#endif
if (xml) {
/* Run all test using automated interface, which
* generates XML output */
CU_list_tests_to_file();
CU_automated_run_tests();
}
else if (con) {
CU_console_run_tests();
}
else {
/* Run all tests using the CUnit Basic interface,
* which generates text output */
CU_basic_set_mode(CU_BRM_VERBOSE);
CU_basic_run_tests();
fr = CU_get_failure_list();
if (fr) {
printf("\n\nHere is a summary of the failed test cases:\n");
CU_basic_show_failures(fr);
}
}
/*
* Tear down the mutexes used by OpenSSL
*/
if (!mutex_buf)
return 0;
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for (i = 0; i < CRYPTO_num_locks(); i++)
MUTEX_CLEANUP(mutex_buf[i]);
free(mutex_buf);
mutex_buf = NULL;
CU_cleanup_registry();
est_apps_shutdown();
return CU_get_error();
#else
printf("\nlibcunit not installed, unit test are not enabled\n");
#endif
}
/*
* This is the main entry point into the example EST server.
* This routine parses the command line options, reads in the
* cert chains, creates an EST context, initializes the HTTP
* layer (mongoose), and starts a simple TCP server to accept
* incoming EST requests.
*/
int main (int argc, char **argv)
{
char c;
int i;
X509 *x;
EVP_PKEY * priv_key;
BIO *certin;
DH *dh;
EST_ERROR rv;
int sleep_delay = 0;
int retry_period = 300;
char vfile[255];
int option_index = 0;
pem_password_cb *priv_key_cb = NULL;
static struct option long_options[] = {
{"srp", 1, NULL, 0},
{"enforce-csr", 0, NULL, 0},
{"token", 1, 0, 0},
{"keypass", 1, 0, 0},
{"keypass_stdin", 1, 0, 0 },
{"keypass_arg", 1, 0, 0 },
{NULL, 0, NULL, 0}
};
#ifdef WIN32
InitializeCriticalSection(&enrollment_critical_section);
#endif
/* Show usage if -h or --help options are specified */
if ((argc == 1)
|| (argc == 2
&& (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")))) {
show_usage_and_exit();
}
while ((c = getopt_long(argc, argv, "?fhbwnovr:c:k:m:p:d:lt6", long_options,
&option_index)) != -1) {
switch (c) {
case 0:
#if 0
printf("option %s", long_options[option_index].name);
if (optarg) {
printf(" with arg %s", optarg);
}
printf("\n");
#endif
if (!strncmp(long_options[option_index].name, "srp",
strlen("srp"))) {
srp = 1;
strncpy(vfile, optarg, 255);
}
if (!strncmp(long_options[option_index].name, "enforce-csr",
strlen("enforce-csr"))) {
enforce_csr = 1;
}
if (!strncmp(long_options[option_index].name, "token",
strlen("token"))) {
http_token_auth = 1;
memset(valid_token_value, 0, MAX_AUTH_TOKEN_LEN + 1);
strncpy(&(valid_token_value[0]), optarg, MAX_AUTH_TOKEN_LEN);
}
if (!strncmp(long_options[option_index].name,"keypass_stdin", strlen("keypass_stdin"))) {
priv_key_cb = PEM_def_callback;
}
if (!strncmp(long_options[option_index].name,"keypass_arg", strlen("keypass_arg"))) {
strncpy(priv_key_pwd, optarg, MAX_PWD_LEN);
priv_key_cb = string_password_cb;
}
break;
case 'm':
manual_enroll = 1;
retry_period = atoi(optarg);
break;
case 'h':
http_digest_auth = 1;
break;
case 'b':
http_basic_auth = 1;
break;
case 'w':
write_csr = 1;
break;
case 'n':
http_auth_disable = 1;
break;
case 'o':
disable_forced_http_auth = 1;
break;
case 'v':
verbose = 1;
break;
case 'l':
crl = 1;
break;
case 't':
pop = 1;
break;
case '6':
v6 = 1;
break;
#ifndef DISABLE_PTHREADS
case 'd':
sleep_delay = atoi(optarg);
break;
#endif
case 'p':
tcp_port = atoi(optarg);
break;
case 'c':
strncpy(certfile, optarg, EST_MAX_FILE_LEN);
break;
case 'k':
strncpy(keyfile, optarg, EST_MAX_FILE_LEN);
break;
case 'r':
if (strnlen(optarg, MAX_REALM_LEN+1) > MAX_REALM_LEN) {
printf("\nRealm value is too large. Max is 32 characters\n");
exit(1);
}
strncpy(realm, optarg, MAX_REALM_LEN);
break;
case 'f':
/* turn FIPS on if user requested it
* and exit if failure.
*/
set_fips_return = FIPS_mode_set(1);
if (set_fips_return != 1) {
set_fips_error = ERR_get_error();
printf("\nERROR WHILE SETTING FIPS MODE ON exiting ....\n");
exit(1);
} else {
printf("\nRunning EST Sample Server with FIPS MODE = ON !\n");
}
;
break;
default:
show_usage_and_exit();
break;
}
}
argc -= optind;
argv += optind;
if (verbose) {
print_version(stdout);
}
if (getenv("EST_CSR_ATTR")) {
printf("\nUsing CSR Attributes: %s", getenv("EST_CSR_ATTR"));
}
if (!getenv("EST_CACERTS_RESP")) {
printf("\nEST_CACERTS_RESP file not set, set this env variable to resolve");
exit(1);
}
if (!getenv("EST_TRUSTED_CERTS")) {
printf("\nEST_TRUSTED_CERTS file not set, set this env variable to resolve");
exit(1);
}
/*
* Read in the CA certificates
*/
cacerts_len = read_binary_file(getenv("EST_CACERTS_RESP"), &cacerts_raw);
if (cacerts_len <= 0) {
printf("\nEST_CACERTS_RESP file could not be read\n");
exit(1);
}
/*
* Read in the trusted CA certificates for the local TLS context
*/
if (getenv("EST_TRUSTED_CERTS")) {
trustcerts_len = read_binary_file(getenv("EST_TRUSTED_CERTS"),
&trustcerts);
if (trustcerts_len <= 0) {
printf("\nEST_TRUSTED_CERTS file could not be read\n");
exit(1);
}
}
est_apps_startup();
/*
* Read in the local server certificate
*/
certin = BIO_new(BIO_s_file_internal());
if (BIO_read_filename(certin, certfile) <= 0) {
printf("\nUnable to read server certificate file %s\n", certfile);
exit(1);
}
/*
* This reads the file, which is expected to be PEM encoded. If you're using
* DER encoded certs, you would invoke d2i_X509_bio() instead.
*/
x = PEM_read_bio_X509(certin, NULL, NULL, NULL);
if (x == NULL) {
printf("\nError while reading PEM encoded server certificate file %s\n",
certfile);
exit(1);
}
BIO_free(certin);
/*
* Read in the server's private key
*/
priv_key = read_private_key(keyfile, priv_key_cb);
if (priv_key == NULL) {
printf("\nError while reading PEM encoded server private key file %s\n",
keyfile);
ERR_print_errors_fp(stderr);
exit(1);
}
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!bio_err) {
printf("\nBIO not working\n");
exit(1);
}
if (verbose) {
est_init_logger(EST_LOG_LVL_INFO, NULL);
est_enable_backtrace(1);
} else {
est_init_logger(EST_LOG_LVL_ERR, NULL);
}
ectx = est_server_init(trustcerts, trustcerts_len, cacerts_raw, cacerts_len,
EST_CERT_FORMAT_PEM, realm, x, priv_key);
if (!ectx) {
printf("\nUnable to initialize EST context. Aborting!!!\n");
exit(1);
}
est_set_ex_data(ectx, &test_app_data);
if (enforce_csr) {
est_server_enforce_csrattr(ectx);
}
/*
* Change the retry-after period. This is not
* necessary, it's only shown here as an example.
*/
if (verbose)
printf("\nRetry period being set to: %d \n", retry_period);
est_server_set_retry_period(ectx, retry_period);
if (crl) {
est_enable_crl(ectx);
}
if (!pop) {
if (verbose)
printf("\nDisabling PoP check");
est_server_disable_pop(ectx);
}
if (srp) {
srp_db = SRP_VBASE_new(NULL);
if (!srp_db) {
printf("\nUnable allocate SRP verifier database. Aborting!!!\n");
exit(1);
}
if (SRP_VBASE_init(srp_db, vfile) != SRP_NO_ERROR) {
printf("\nUnable initialize SRP verifier database. Aborting!!!\n");
exit(1);
}
if (est_server_enable_srp(ectx, &process_ssl_srp_auth)) {
printf("\nUnable to enable SRP. Aborting!!!\n");
exit(1);
}
}
if (est_set_ca_enroll_cb(ectx, &process_pkcs10_enrollment)) {
printf(
"\nUnable to set EST pkcs10 enrollment callback. Aborting!!!\n");
exit(1);
}
/*
* We use the same handler for re-enrollment. Our little toy
* CA doesn't do anything special for re-enrollment. A real
* CA would need to implement the requirements in section
* 4.2 of the EST draft.
*/
if (est_set_ca_reenroll_cb(ectx, &process_pkcs10_enrollment)) {
printf(
"\nUnable to set EST pkcs10 enrollment callback. Aborting!!!\n");
exit(1);
}
if (est_set_csr_cb(ectx, &process_csrattrs_request)) {
printf("\nUnable to set EST CSR Attributes callback. Aborting!!!\n");
exit(1);
}
if (!http_auth_disable) {
if (est_set_http_auth_cb(ectx, &process_http_auth)) {
printf("\nUnable to set EST HTTP AUTH callback. Aborting!!!\n");
exit(1);
}
}
if (disable_forced_http_auth) {
if (verbose)
printf(
"\nDisabling HTTP authentication when TLS client auth succeeds\n");
if (est_set_http_auth_required(ectx, HTTP_AUTH_NOT_REQUIRED)) {
printf("\nUnable to disable required HTTP auth. Aborting!!!\n");
exit(1);
}
}
if (http_digest_auth) {
MD5_CTX c;
int len;
static unsigned char ha1_input_buf[32*3+2];
unsigned char md[17];
int i;
rv = est_server_set_auth_mode(ectx, AUTH_DIGEST);
if (rv != EST_ERR_NONE) {
printf(
"\nUnable to enable HTTP digest authentication. Aborting!!!\n");
exit(1);
}
/*
* Cache away the realm value and build the HA1
*/
strncpy(digest_user[1], realm, MAX_REALM_LEN);
len = sprintf((char *)ha1_input_buf, "%s:%s:%s", "estuser", realm, "estpwd");
MD5_Init(&c);
MD5_Update(&c, ha1_input_buf, len);
MD5_Final((unsigned char *)md, &c);
printf("\nDigest HA1 value = ");
memset(digest_user[2], 0, 32);
for(i = 0; i < 16; i++){
sprintf(&(digest_user[2][i*2]),"%.2x", (unsigned char) md[i]);
printf("%c%c", digest_user[2][i*2], digest_user[2][i*2+1]);
}
printf("\n");
}
if (http_basic_auth) {
rv = est_server_set_auth_mode(ectx, AUTH_BASIC);
if (rv != EST_ERR_NONE) {
printf(
"\nUnable to enable HTTP basic authentication. Aborting!!!\n");
exit(1);
}
}
if (http_token_auth) {
rv = est_server_set_auth_mode(ectx, AUTH_TOKEN);
if (rv != EST_ERR_NONE) {
printf(
"\nUnable to enable HTTP token authentication. Aborting!!!\n");
exit(1);
}
}
/*
* Set DH parameters for TLS
*/
dh = get_dh1024dsa();
if (dh) {
est_server_set_dh_parms(ectx, dh);
}
DH_free(dh);
/*
* Install thread locking mechanism for OpenSSL
*/
mutex_buf = malloc(CRYPTO_num_locks() * sizeof(MUTEX_TYPE));
if (!mutex_buf) {
printf("Cannot allocate mutexes");
exit(1);
}
for (i = 0; i < CRYPTO_num_locks(); i++)
MUTEX_SETUP(mutex_buf[i]);
CRYPTO_set_id_callback(id_function);
CRYPTO_set_locking_callback(locking_function);
printf("\nLaunching EST server...\n");
rv = est_server_start(ectx);
if (rv != EST_ERR_NONE) {
printf("\nFailed to init mg (rv=%d)\n", rv);
exit(1);
}
/*
* Start the simple server, which opens a TCP
* socket, waits for incoming connections, and
* invokes the EST handler for each connection.
*/
start_simple_server(ectx, tcp_port, sleep_delay, v6);
cleanup();
EVP_PKEY_free(priv_key);
X509_free(x);
return 0;
}
void *File_Process(void *arg)
{
pthread_detach(pthread_self());
// add by andy for more info
THREAD_INFO *tinfo = (THREAD_INFO *)arg;
//mqid = (int)arg;
mqid = tinfo->mqid;
struct threadpool *pool = tinfo->pool;
PRINTF(LEVEL_INFORM,"thread mqid = %d \n",mqid);
//fprintf(stderr,"--->test = %d \n",test);
//init thread share info
MUTEX_SETUP(share_info.lock);
share_info.dir1 = strdup(tinfo->dir1);
share_info.dir2 = strdup(tinfo->dir2);
share_info.app_name = strdup(tinfo->app_name);
share_info.move_file = tinfo->move_file;
share_info.m_addr = tinfo->m_addr;
share_info.m_sock = Socket(AF_INET,SOCK_DGRAM,0);
int fd;
FILE *fp;
struct msgbuf *buff = malloc(MAXMSG);
int n , ret;
mode_t fdmode = (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
int wlen;
long long pack_total;
long long pack_saved;
long long pack_move;
char *msg = NULL;
//char save_path[512] ={0};
//add by andy ,fix bug tcp_echo err ,2014-12-12
char save_path[1024] ={0};
/**UDP 数据包结构**/
char protocol;
long long file_size;
int file_name_length;
char *file_name;
int pack_length;
char *pack;
again:
pack_saved = 0;
pack_move = 1;
pack_total = 10;
//这句可能是多余的
memset(buff,0,MAXMSG);
while(1)
{
if((n = msgrcv(mqid,buff,MAXMSG,pack_move,IPC_NOWAIT)) < 0)
//if((n = msgrcv(mqid,buff,MAXMSG,pack_move,0)) < 0)
{
n = msgrcv(mqid,buff,MAXMSG,0,0);
if(n < 0)
{
//PRINTF(LEVEL_ERROR,"thread msgrcv error :%s\n",strerror(errno));
//WriteSysLog(LOG_PATH,log);
goto err_end;
continue;
}
pack_move = buff->mtype;
}
pack_move ++;
msg = buff->mtext;
if((pack_saved == 0)||(pack_move == 2))
{
if((pack_move == 2)&&(pack_saved !=0))
{
//PRINTF(LEVEL_ERROR,"A file is incomplete because client stop transmite by accident\n");
// write log
pack_saved = 0;
if(fp != NULL)
{
fclose(fp);
fp = NULL;
}
}
memcpy(&file_size,msg+10,8);
pack_total = file_size/1024;
if(file_size%1024 != 0)
pack_total+=1;
memcpy(&file_name_length,msg+18,4);
file_name = (char *)malloc(file_name_length+1);
memcpy(file_name,msg+22,file_name_length);
*(file_name+file_name_length) = '\0';
// usr dir install of true path ,andy,2015-03-07
//sprintf(save_path,RUN_PATH);
//strcat(save_path,file_name);
sprintf(save_path,"%s/%s/",tinfo->dir1,tinfo->app_name);
strcat(save_path,basename(file_name));
//memcpy(&pack_length,msg+22+file_name_length,4);
pack = msg +22 +file_name_length +4;
ret = CreateDir(save_path);
if(ret < 0)
{
;
}
fp = fopen(save_path,"w+");
if(fp == NULL)
{
PRINTF(LEVEL_ERROR,"Open %s error:%s",file_name,strerror(errno));
goto err_end;
}
}
memcpy(&pack_length,msg+22+file_name_length,4);
int n = fwrite(pack,sizeof(char),pack_length,fp);
if(n != pack_length)
{
PRINTF(LEVEL_ERROR,"Write %s error :%s\n",file_name,strerror(errno));
goto err_end;
}
pack_saved++; /**写文件成功,记录**/
//检查文件大小
if(pack_total == pack_saved )
{
//PRINTF(LEVEL_ERROR,"Last Pack Size :%d\n",pack_length);
fclose(fp);
fp = NULL;
threadpool_add_job(pool,Recv_Finish,save_path);
//tcp_echo(save_path,strlen(save_path),t_sockfd);
free(file_name);
goto again;
}
else if(pack_total == (pack_move -1))
{
//PRINTF(LEVEL_ERROR,"## lost package ## File %s is incomplete\n",file_name);
fclose(fp);
fp = NULL;
//remove(save_path);
//tcp_echo(save_path,strlen(save_path),t_sockfd);
free(file_name);
goto again;
}
}
err_end:
free(buff);
free(file_name);
exit(-1);
return NULL;
}
