static void
PrintSessionInfo(NPT_TlsSession& session)
{
NPT_Result result;
NPT_DataBuffer session_id;
result = session.GetSessionId(session_id);
CHECK(result == NPT_SUCCESS);
CHECK(session_id.GetDataSize() > 0);
printf("[5] Session ID: ");
printf("%s", NPT_HexString(session_id.GetData(), session_id.GetDataSize()).GetChars());
printf("\n");
NPT_TlsCertificateInfo cert_info;
result = session.GetPeerCertificateInfo(cert_info);
CHECK(result == NPT_SUCCESS);
PrintCertificateInfo(cert_info);
printf("[7] Cipher Type = %d (%s)\n", session.GetCipherSuiteId(), GetCipherSuiteName(session.GetCipherSuiteId()));
for (NPT_List<NPT_String>::Iterator i=cert_info.alternate_names.GetFirstItem();
i;
++i) {
NPT_String& name = *i;
printf("[8] Alternate Name = %s\n", name.GetChars());
}
}
void ReportSignatures(const CSISController& aController, bool aExtractCerts = false)
{
int signatureCount = aController.SignatureCount();
if(0 == signatureCount)
{
std::cout << "No primary signatures." << std::endl;
return;
}
std::string directoryPath = "Chain";
if(aExtractCerts)
{
DeletePEMFiles(directoryPath);
CreateDirectoryA(directoryPath.c_str(),NULL);
}
std::cout << std::endl << "Primary:" << std::endl;
for(int i = 0; i < signatureCount; ++i)
{
CSignatureCertChainData& sigdata = const_cast<CSignatureCertChainData&>(aController.SignatureCertChain(i));
CSisSignatureCertificateChain certChain(sigdata);
const std::vector<CCertificateInfo*>& certList = certChain.CertChain();
for(int j = 0; j < certList.size(); ++j)
{
if(aExtractCerts)
{
PrintCertificateDetails(certList[j]);
}
else
{
PrintCertificateInfo(certList[j]);
std::cout << std::endl;
}
}
if(aExtractCerts)
{
char intChain[2];
itoa(i+1,intChain,10);
std::string certFullPath = directoryPath + "/cert";
certFullPath = certFullPath + intChain;
certFullPath = certFullPath + ".pem";
certChain.ExtractCertificateChain(certFullPath);
}
}
}
void
TlsTestServer::Run()
{
printf("@@@ starting TLS server\n");
NPT_TcpServerSocket socket;
NPT_SocketAddress address(NPT_IpAddress::Any, 0);
NPT_Result result = socket.Bind(address);
if (NPT_FAILED(result)) {
fprintf(stderr, "@@@ Bind failed (%d)\n", result);
return;
}
result = socket.GetInfo(m_SocketInfo);
if (NPT_FAILED(result)) {
fprintf(stderr, "@@@ GetInfo failed (%d)\n", result);
return;
}
m_Ready.SetValue(1);
printf("@@@ Waiting for connection\n");
NPT_Socket* client = NULL;
socket.WaitForNewClient(client);
printf("@@@ Client connected\n");
NPT_TlsContextReference tls_context;
if (m_Mode == 0) {
tls_context = new NPT_TlsContext();
} else if (m_Mode == 1) {
/* require client authentication */
tls_context = new NPT_TlsContext(NPT_TLS_CONTEXT_OPTION_REQUIRE_CLIENT_CERTIFICATE | NPT_TLS_CONTEXT_OPTION_VERIFY_LATER);
}
/* self-signed cert */
result = tls_context->LoadKey(NPT_TLS_KEY_FORMAT_PKCS8, TestClient_p8_1, TestClient_p8_1_len, "neptune");
CHECK(result == NPT_SUCCESS);
result = tls_context->SelfSignCertificate("MyServerCommonName", "MyServerOrganization", "MyServerOrganizationalName");
NPT_InputStreamReference socket_input;
NPT_OutputStreamReference socket_output;
client->GetInputStream(socket_input);
client->GetOutputStream(socket_output);
NPT_TlsServerSession session(tls_context, socket_input, socket_output);
delete client;
result = session.Handshake();
if (m_Mode == 1) {
/* expect a self-signed client cert */
result = session.VerifyPeerCertificate();
printf("@@@ Certificate Verification Result = %d (%s)\n", result, NPT_ResultText(result));
if (result != NPT_ERROR_TLS_CERTIFICATE_SELF_SIGNED) {
printf("!ERROR, cert verification expected %d, got %d\n", NPT_ERROR_TLS_CERTIFICATE_SELF_SIGNED, result);
return;
}
NPT_TlsCertificateInfo cert_info;
result = session.GetPeerCertificateInfo(cert_info);
CHECK(result == NPT_SUCCESS);
PrintCertificateInfo(cert_info);
} else {
if (NPT_FAILED(result)) {
fprintf(stderr, "@@@ Handshake failed (%d : %s)\n", result, NPT_ResultText(result));
return;
}
}
NPT_OutputStreamReference tls_output;
session.GetOutputStream(tls_output);
tls_output->WriteString("Hello, Client\n");
printf("@@@ TLS server done\n");
//NPT_System::Sleep(1.0);
}
