void setup_https_test_server(serv_ctx_t **servctx_p,
apr_sockaddr_t *address,
test_server_message_t *message_list,
apr_size_t message_count,
test_server_action_t *action_list,
apr_size_t action_count,
apr_int32_t options,
const char *keyfile,
const char **certfiles,
const char *client_cn,
apr_pool_t *pool)
{
serv_ctx_t *servctx;
setup_test_server(servctx_p, address, message_list,
message_count, action_list, action_count,
options, pool);
servctx = *servctx_p;
apr_pool_cleanup_register(pool, servctx,
cleanup_https_server,
apr_pool_cleanup_null);
servctx->handshake = ssl_handshake;
servctx->reset = ssl_reset;
/* Override with SSL encrypt/decrypt functions */
servctx->read = ssl_socket_read;
servctx->send = ssl_socket_write;
init_ssl_context(servctx, keyfile, certfiles, client_cn);
}
int main(int argc, char **argv){
struct soap mySoap;
char *rpDoc;
char *passPtr;
const int MAX_LEN = 1024;
char input[MAX_LEN];
char username[MAX_LEN];
signal(SIGPIPE, sigpipe_handle);
if(argc != 2){
printf("Usage:\n getResourcePropertyDoc <EPR of SWS>\n");
return 1;
}
snprintf(username, MAX_LEN, "%s", getenv("USER"));
soap_init(&mySoap);
/* If address of SWS begins with 'https' then initialize SSL context */
if( (strstr(argv[1], "https") == argv[1]) ){
/* - don't bother with mutually-authenticated SSL
if( !(passPtr = getpass("Enter passphrase for key: ")) ){
printf("Failed to get passphrase from command line\n");
return 1;
}
strncpy(input, passPtr, MAX_LEN);
*/
init_ssl_context(&mySoap,
REG_TRUE,
NULL,/* user's cert. & key file */
NULL,/* Password to read key file */
"/etc/grid-security/certificates");
}
if( !(passPtr = getpass("Enter SWS password: "******"Failed to get SWS password from command line\n");
return 1;
}
get_resource_property_doc(&mySoap,
argv[1],
username,
passPtr,
&rpDoc);
fprintf(stdout, "\n\n%s\n\n", rpDoc);
/* Explicitly wipe the passphrase from memory */
memset((void *)(input), '\0', MAX_LEN);
soap_end(&mySoap);
soap_done(&mySoap);
return 0;
}
int main(int argc, char **argv){
char passphrase[256];
char username[256];
char EPR[256];
char msg[1024];
struct soap mySoap;
if(argc != 4){
printf("Usage:\n addUser <address of SWS> <passphrase> <username to add>\n");
return 1;
}
soap_init(&mySoap);
strncpy(EPR, argv[1], 256);
strncpy(passphrase, argv[2], 256);
strncpy(username, argv[3], 256);
snprintf(msg, 1024, "<user>%s</user>", username);
/* If address of SWS begins with 'https' then initialize SSL context */
if( (strstr(EPR, "https") == EPR) ){
init_ssl_context(&mySoap,
REG_TRUE, /* Authenticate SWS */
NULL,/* user's cert. & key file */
NULL,/* Password to read key file */
"/etc/grid-security/certificates");
}
set_resource_property(&mySoap, EPR, getenv("USER"),
passphrase, msg);
soap_end(&mySoap);
soap_done(&mySoap);
return 0;
}
/*
* Initialize SSL sub module
*
* Arguments: None
* Returns: None
*/
void
initSSL(void)
{
static void *ssl_API[ssl_API_pointers];
PyObject *ssl_api_object;
PyObject *module;
SSL_library_init();
ERR_load_SSL_strings();
import_crypto();
if ((module = Py_InitModule3("SSL", ssl_methods, ssl_doc)) == NULL) {
return;
}
/* Initialize the C API pointer array */
ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
if (ssl_api_object != NULL)
PyModule_AddObject(module, "_C_API", ssl_api_object);
/* Exceptions */
/*
* ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
* inserting OpenSSL.SSL.name into dict, derviving the exception from base.
*/
#define ADD_EXCEPTION(_name, _base) \
do { \
ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
if (ssl_##_name == NULL) \
goto error; \
if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
goto error; \
} while (0)
ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
if (ssl_Error == NULL)
goto error;
if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
goto error;
ADD_EXCEPTION(ZeroReturnError, ssl_Error);
ADD_EXCEPTION(WantReadError, ssl_Error);
ADD_EXCEPTION(WantWriteError, ssl_Error);
ADD_EXCEPTION(WantX509LookupError, ssl_Error);
ADD_EXCEPTION(SysCallError, ssl_Error);
#undef ADD_EXCEPTION
/* Method constants */
PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
/* Verify constants */
PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
SSL_VERIFY_CLIENT_ONCE);
/* File type constants */
PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
/* SSL option constants */
PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
/* More SSL option constants */
PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
/* DTLS related options. The first two of these were introduced in
* 2005, the third in 2007. To accomodate systems which are still using
* older versions, make them optional. */
#ifdef SSL_OP_NO_QUERY_MTU
PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU);
#endif
#ifdef SSL_OP_COOKIE_EXCHANGE
PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE);
#endif
#ifdef SSL_OP_NO_TICKET
PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET);
#endif
/* For SSL_set_shutdown */
PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
if (!init_ssl_context(module))
goto error;
if (!init_ssl_connection(module))
goto error;
#ifdef WITH_THREAD
/*
* Initialize this module's threading support structures.
*/
_pyOpenSSL_tstate_key = PyThread_create_key();
#endif
error:
;
}
bool SSLConnection :: start() {
if( connected ) {
return true;
}
if( host.size() < 1 || service.size() < 1 ) {
return false;
}
int n, new_fd;
char buffer[128];
struct addrinfo hints, *result, *result_saved;
size_t buffer_size = sizeof( buffer );
fd = -1;
memset( &hints, 0, sizeof( struct addrinfo ) );
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
n = getaddrinfo( host.c_str(), service.c_str(), &hints, &result );
if( n != 0 ) {
// error handling here
//std::cerr << "ERROR: " << gai_strerror( n ) << std::endl;
throw std::string( gai_strerror( n ) );
return false;
}
ctx = init_ssl_context();
ssl = SSL_new( ctx );
result_saved = result;
while( result != NULL ) {
new_fd = socket( result->ai_family, result->ai_socktype, result->ai_protocol );
if( new_fd < 0 ) {
continue;
}
n = connect( new_fd, result->ai_addr, result->ai_addrlen );
if( n == 0 ) {
fd = new_fd;
break;
}
result = result->ai_next;
}
if( fd < 0 ) {
// error handling
//std::cerr << "ERROR: " << gai_strerror( fd ) << std::endl;
throw std::string( gai_strerror( fd ) );
return false;
}
else {
struct sockaddr_in *sin = (struct sockaddr_in *)result->ai_addr;
inet_ntop( result->ai_family, &( sin->sin_addr ), buffer, buffer_size );
address = std::string( buffer );
}
freeaddrinfo( result_saved );
SSL_set_fd( ssl, fd );
if( SSL_connect( ssl ) == -1 ) {
throw std::string( "SSL Failed!" );
}
connected = true;
return true;
}
