static void PrintSessionInfo(NPT_TlsSession& session) { NPT_Result result; NPT_DataBuffer session_id; result = session.GetSessionId(session_id); CHECK(result == NPT_SUCCESS); CHECK(session_id.GetDataSize() > 0); printf("[5] Session ID: "); printf("%s", NPT_HexString(session_id.GetData(), session_id.GetDataSize()).GetChars()); printf("\n"); NPT_TlsCertificateInfo cert_info; result = session.GetPeerCertificateInfo(cert_info); CHECK(result == NPT_SUCCESS); PrintCertificateInfo(cert_info); printf("[7] Cipher Type = %d (%s)\n", session.GetCipherSuiteId(), GetCipherSuiteName(session.GetCipherSuiteId())); for (NPT_List<NPT_String>::Iterator i=cert_info.alternate_names.GetFirstItem(); i; ++i) { NPT_String& name = *i; printf("[8] Alternate Name = %s\n", name.GetChars()); } }
void ReportSignatures(const CSISController& aController, bool aExtractCerts = false) { int signatureCount = aController.SignatureCount(); if(0 == signatureCount) { std::cout << "No primary signatures." << std::endl; return; } std::string directoryPath = "Chain"; if(aExtractCerts) { DeletePEMFiles(directoryPath); CreateDirectoryA(directoryPath.c_str(),NULL); } std::cout << std::endl << "Primary:" << std::endl; for(int i = 0; i < signatureCount; ++i) { CSignatureCertChainData& sigdata = const_cast<CSignatureCertChainData&>(aController.SignatureCertChain(i)); CSisSignatureCertificateChain certChain(sigdata); const std::vector<CCertificateInfo*>& certList = certChain.CertChain(); for(int j = 0; j < certList.size(); ++j) { if(aExtractCerts) { PrintCertificateDetails(certList[j]); } else { PrintCertificateInfo(certList[j]); std::cout << std::endl; } } if(aExtractCerts) { char intChain[2]; itoa(i+1,intChain,10); std::string certFullPath = directoryPath + "/cert"; certFullPath = certFullPath + intChain; certFullPath = certFullPath + ".pem"; certChain.ExtractCertificateChain(certFullPath); } } }
void TlsTestServer::Run() { printf("@@@ starting TLS server\n"); NPT_TcpServerSocket socket; NPT_SocketAddress address(NPT_IpAddress::Any, 0); NPT_Result result = socket.Bind(address); if (NPT_FAILED(result)) { fprintf(stderr, "@@@ Bind failed (%d)\n", result); return; } result = socket.GetInfo(m_SocketInfo); if (NPT_FAILED(result)) { fprintf(stderr, "@@@ GetInfo failed (%d)\n", result); return; } m_Ready.SetValue(1); printf("@@@ Waiting for connection\n"); NPT_Socket* client = NULL; socket.WaitForNewClient(client); printf("@@@ Client connected\n"); NPT_TlsContextReference tls_context; if (m_Mode == 0) { tls_context = new NPT_TlsContext(); } else if (m_Mode == 1) { /* require client authentication */ tls_context = new NPT_TlsContext(NPT_TLS_CONTEXT_OPTION_REQUIRE_CLIENT_CERTIFICATE | NPT_TLS_CONTEXT_OPTION_VERIFY_LATER); } /* self-signed cert */ result = tls_context->LoadKey(NPT_TLS_KEY_FORMAT_PKCS8, TestClient_p8_1, TestClient_p8_1_len, "neptune"); CHECK(result == NPT_SUCCESS); result = tls_context->SelfSignCertificate("MyServerCommonName", "MyServerOrganization", "MyServerOrganizationalName"); NPT_InputStreamReference socket_input; NPT_OutputStreamReference socket_output; client->GetInputStream(socket_input); client->GetOutputStream(socket_output); NPT_TlsServerSession session(tls_context, socket_input, socket_output); delete client; result = session.Handshake(); if (m_Mode == 1) { /* expect a self-signed client cert */ result = session.VerifyPeerCertificate(); printf("@@@ Certificate Verification Result = %d (%s)\n", result, NPT_ResultText(result)); if (result != NPT_ERROR_TLS_CERTIFICATE_SELF_SIGNED) { printf("!ERROR, cert verification expected %d, got %d\n", NPT_ERROR_TLS_CERTIFICATE_SELF_SIGNED, result); return; } NPT_TlsCertificateInfo cert_info; result = session.GetPeerCertificateInfo(cert_info); CHECK(result == NPT_SUCCESS); PrintCertificateInfo(cert_info); } else { if (NPT_FAILED(result)) { fprintf(stderr, "@@@ Handshake failed (%d : %s)\n", result, NPT_ResultText(result)); return; } } NPT_OutputStreamReference tls_output; session.GetOutputStream(tls_output); tls_output->WriteString("Hello, Client\n"); printf("@@@ TLS server done\n"); //NPT_System::Sleep(1.0); }