BOOL CUsersDlgGeneral::SaveUser(t_user & user) { user.nEnabled = m_nEnabled; if (!m_bNeedpass) user.password = _T(""); else if (m_cPass.GetModify() && m_Pass != _T("")) { user.generateSalt(); auto saltedPassword = ConvToNetwork(m_Pass + user.salt); CAsyncSslSocketLayer ssl(0); user.password = ConvFromNetwork(ssl.SHA512(reinterpret_cast<unsigned char const*>(saltedPassword.c_str()), saltedPassword.size()).c_str()); if (user.password.IsEmpty()) { // Something went very wrong, disable user. user.nEnabled = false; } } user.nBypassUserLimit = m_nMaxUsersBypass; user.nUserLimit = _ttoi(m_MaxConnCount); user.nIpLimit = _ttoi(m_IpLimit); if (m_cGroup.GetCurSel()<=0) user.group = _T(""); else m_cGroup.GetLBText(m_cGroup.GetCurSel(), user.group); user.comment = m_Comments; user.forceSsl = m_nForceSsl; return TRUE; }
//***************************************************************************** // //! Main //! //! \param none //! //! \return None //! //***************************************************************************** void main() { long lRetVal = -1; // // Initialize board configuration // BoardInit(); PinMuxConfig(); #ifndef NOTERM InitTerm(); #endif lRetVal = ssl(); if(lRetVal < 0) { ERR_PRINT(lRetVal); } // // power off network processor // sl_Stop(SL_STOP_TIMEOUT); LOOP_FOREVER(); }
void SSLContextTest::verifySSLCipherList(const vector<string>& ciphers) { int i = 0; ssl::SSLUniquePtr ssl(ctx.createSSL()); for (auto& cipher : ciphers) { ASSERT_STREQ(cipher.c_str(), SSL_get_cipher_list(ssl.get(), i++)); } ASSERT_EQ(nullptr, SSL_get_cipher_list(ssl.get(), i)); }
bool httpclient::open(const lyramilk::data::string& rawurl) { int port = -1; lyramilk::data::string scheme; { std::size_t scheme_sep = rawurl.find(":"); if(scheme_sep != rawurl.npos && rawurl.size() > scheme_sep+2 && rawurl.compare(scheme_sep,3,"://") == 0){ scheme = rawurl.substr(0,scheme_sep); std::size_t host_sep = rawurl.find("/",scheme_sep+3); host = rawurl.substr(scheme_sep+3,host_sep - scheme_sep - 3); std::size_t port_sep = host.find_last_of(":"); if(port_sep != host.npos){ char *tmp; port = strtoll(host.c_str() + port_sep + 1,&tmp,10); host = host.substr(0,port_sep); } url = rawurl.substr(host_sep); } } if(scheme == "https"){ if(port == -1) port = 443; }else if(scheme == "http"){ if(port == -1) port = 80; }else{ return false; } if(scheme == "https"){ init_ssl(); ssl(true); } COUT << "raw=" << rawurl << ",scheme=" << scheme << ",host=" << host << ",port=" << port << ",url=" << url << "," << std::endl; return lyramilk::netio::client::open(host.c_str(),(lyramilk::data::uint16)port); }
bool AccessCert::download( bool noCard ) { if( noCard ) { QDesktopServices::openUrl( QUrl( tr("http://www.id.ee/kehtivuskinnitus") ) ); return false; } QMessageBox d( QMessageBox::Information, tr("Server access certificate"), tr("Hereby I agree to terms and conditions of validity confirmation service and " "will use the service in extent of 10 signatures per month. If you going to " "exceed the limit of 10 signatures per month or/and will use the service for " "commercial purposes, please refer to IT support of your company. Additional " "information is available from <a href=\"%1\">%1</a> or phone 1777") .arg( tr("http://www.id.ee/kehtivuskinnitus") ), QMessageBox::Help, m_parent ); d.addButton( tr("Agree"), QMessageBox::AcceptRole ); if( QLabel *label = d.findChild<QLabel*>() ) label->setOpenExternalLinks( true ); if( d.exec() == QMessageBox::Help ) { QDesktopServices::openUrl( QUrl( tr("http://www.id.ee/kehtivuskinnitus") ) ); return false; } QSigner *s = qApp->signer(); QPKCS11 *p = s->handle(); s->lock(); TokenData token; bool retry = false; do { retry = false; token = p->selectSlot( s->token().card(), SslCertificate::DataEncipherment ); QPKCS11::PinStatus status = p->login( token ); switch( status ) { case QPKCS11::PinOK: break; case QPKCS11::PinCanceled: s->unlock(); return false; case QPKCS11::PinIncorrect: showWarning( QPKCS11::errorString( status ) ); retry = true; break; default: showWarning( tr("Error downloading server access certificate!") + "\n" + QPKCS11::errorString( status ) ); s->unlock(); return false; } } while( retry ); QScopedPointer<SSLConnect> ssl( new SSLConnect ); ssl->setToken( token.cert(), p->key() ); QByteArray result = ssl->getUrl( SSLConnect::AccessCert ); if( !ssl->errorString().isEmpty() ) { showWarning( tr("Error downloading server access certificate!") + "\n" + ssl->errorString() ); return false; } s->unlock(); if( result.isEmpty() ) { showWarning( tr("Empty result!") ); return false; } QString status, cert, pass, message; QXmlStreamReader xml( result ); while( xml.readNext() != QXmlStreamReader::Invalid ) { if( !xml.isStartElement() ) continue; if( xml.name() == "StatusCode" ) status = xml.readElementText(); else if( xml.name() == "MessageToDisplay" ) message = xml.readElementText(); else if( xml.name() == "TokenData" ) cert = xml.readElementText(); else if( xml.name() == "TokenPassword" ) pass = xml.readElementText(); } if( status.isEmpty() ) { showWarning( tr("Error parsing server access certificate result!") ); return false; } switch( status.toInt() ) { case 1: //need to order cert manually from SK web QDesktopServices::openUrl( QUrl( tr("http://www.id.ee/kehtivuskinnitus") ) ); return false; case 2: //got error, show message from MessageToDisplay element showWarning( tr("Error downloading server access certificate!\n%1").arg( message ) ); return false; default: break; //ok } if ( cert.isEmpty() ) { showWarning( tr("Error reading server access certificate - empty content!") ); return false; } QString path = QDesktopServices::storageLocation( QDesktopServices::DataLocation ); if ( !QDir( path ).exists() ) QDir().mkpath( path ); QFile f( QString( "%1/%2.p12" ).arg( path, SslCertificate( qApp->signer()->token().cert() ).subjectInfo( "serialNumber" ) ) ); if ( !f.open( QIODevice::WriteOnly|QIODevice::Truncate ) ) { showWarning( tr("Failed to save server access certificate file to %1!\n%2") .arg( f.fileName() ) .arg( f.errorString() ) ); return false; } f.write( QByteArray::fromBase64( cert.toLatin1() ) ); Application::setConfValue( Application::PKCS12Cert, m_cert = QDir::toNativeSeparators( f.fileName() ) ); Application::setConfValue( Application::PKCS12Pass, m_pass = pass ); return true; }
int main(int argc, char* argv[]) { try { log_init(); cxxtools::Arg<std::string> ip(argc, argv, 'i'); cxxtools::Arg<unsigned short> port(argc, argv, 'p', 1234); cxxtools::Arg<unsigned> bufsize(argc, argv, 'b', 8192); cxxtools::Arg<bool> listen(argc, argv, 'l'); cxxtools::Arg<bool> read_reply(argc, argv, 'r'); cxxtools::Arg<bool> ssl(argc, argv, 's'); cxxtools::Arg<std::string> cert(argc, argv, "--cert"); cxxtools::Arg<std::string> ca(argc, argv, "--CA"); if (listen) { // I'm a server // listen to a port cxxtools::net::TcpServer server(ip.getValue(), port); // accept a connetion cxxtools::net::TcpStream worker(server, bufsize); if (ssl) { if (cert.isSet()) worker.loadSslCertificateFile(cert); if (ca.isSet()) worker.setSslVerify(2, ca); worker.sslAccept(); } // copy to stdout std::cout << worker.rdbuf(); } else { // I'm a client // connect to server cxxtools::net::TcpStream peer(ip, port, bufsize); if (ssl) { if (cert.isSet()) peer.loadSslCertificateFile(cert); peer.sslConnect(); } if (argc > 1) { for (int a = 1; a < argc; ++a) { std::ifstream in(argv[a]); peer << in.rdbuf() << std::flush; } } else { // copy stdin to server peer << std::cin.rdbuf() << std::flush; } if (read_reply) // copy answer to stdout std::cout << peer.rdbuf() << std::flush; } } catch (const std::exception& e) { std::cerr << e.what() << std::endl; } }
signed int main(signed int ac, char** av) { SSL_CTX* ctx(nullptr); SSL_METHOD* meth(nullptr); SSL* ssl(nullptr); signed long sflags(0); signed int sockfd(-1); signed int retval(-1); std::string host(""); std::string port(""); std::string key(""); std::string cert(""); std::string store(""); std::string root(""); ::SSL_library_init(); ::OpenSSL_add_all_algorithms(); ::SSL_load_error_strings(); sflags = ( SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION ); if (7 != ac) { std::cerr << "Usage: " << av[0] << " <host> <port> <certificate> <key> <root certificate> <certificate store>" << std::endl; return EXIT_FAILURE; } host = av[1]; port = av[2]; cert = av[3]; key = av[4]; root = av[5]; store = av[6]; meth = const_cast< SSL_METHOD* >(::TLSv1_2_client_method()); ctx = ::SSL_CTX_new(meth); if (nullptr == meth) { ::ERR_print_errors_fp(stderr); return EXIT_FAILURE; } ::SSL_CTX_set_options(ctx, sflags); if (0 >= ::SSL_CTX_use_certificate_file(ctx, cert.c_str(), SSL_FILETYPE_PEM)) { ::ERR_print_errors_fp(stderr); return EXIT_FAILURE; } if (0 >= ::SSL_CTX_use_PrivateKey_file(ctx, key.c_str(), SSL_FILETYPE_PEM)) { ::ERR_print_errors_fp(stderr); return EXIT_FAILURE; } if (! ::SSL_CTX_check_private_key(ctx)) { std::cerr << "Private key does not match certificate" << std::endl; return EXIT_FAILURE; } if (! ::SSL_CTX_load_verify_locations(ctx, root.c_str(), store.c_str())) { std::cerr << "Load certificate store location failure" << std::endl; return EXIT_FAILURE; } ::SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr); //&verify_cb); ::SSL_CTX_set_verify_depth(ctx, 5); std::cout << "Connecting to: " << host << ":" << port << std::endl; sockfd = open_connection(host, port); if (0 > sockfd) return EXIT_FAILURE; ssl = SSL_new(ctx); ::SSL_set_fd(ssl, sockfd); do { retval = ::ERR_get_error(); if (0 != retval) std::cerr << "SSL ERR: " << ::ERR_reason_error_string(retval) << std::endl; } while (0 != retval); retval = ::SSL_connect(ssl); if (1 != retval) { std::cerr << "Error in SSL_connect()" << std::endl; ::ERR_print_errors_fp(stderr); } else { X509* ccert(::SSL_get_peer_certificate(ssl)); char* line(nullptr); char buf[4096] = {0}; signed int len(-1); struct in_addr ia; struct in6_addr i6a; std::vector< ip_addr_t > avec; std::vector< port_t > pvec; //message_t msg(OP_SCAN_STATUS, 0x4141414141414141); if (0 >= ::inet_pton(AF_INET, "127.0.0.0", &ia)) { std::cerr << "inet_pton() error: " << ::strerror(errno) << std::endl; return EXIT_FAILURE; } avec.push_back(ip_addr_t(ia, 24)); if (0 >= ::inet_pton(AF_INET, "192.0.0.0", &ia)) { std::cerr << "inet_pton() error: " << ::strerror(errno) << std::endl; return EXIT_FAILURE; } avec.push_back(ip_addr_t(ia, 8)); if (0 >= ::inet_pton(AF_INET6, "fe80:20c:29ff:feee:4b72::1", &i6a)) { std::cerr << "inet_pton() error: " << ::strerror(errno) << std::endl; return EXIT_FAILURE; } avec.push_back(ip_addr_t(i6a, 120)); if (0 >= ::inet_pton(AF_INET, "10.0.0.1", &ia)) { std::cerr << "inet_pton() error: " << ::strerror(errno) << std::endl; return EXIT_FAILURE; } avec.push_back(ip_addr_t(ia)); if (0 >= ::inet_pton(AF_INET6, "::1", &i6a)) { std::cerr << "inet_pton() error: " << ::strerror(errno) << std::endl; return EXIT_FAILURE; } avec.push_back(ip_addr_t(i6a)); pvec.push_back(port_t(PORT_PROTO_TCP, 80)); pvec.push_back(port_t(PORT_PROTO_TCP, 443)); pvec.push_back(port_t(PORT_PROTO_TCP, 143)); pvec.push_back(port_t(PORT_PROTO_TCP, 22)); pvec.push_back(port_t(PORT_PROTO_TCP, 139)); pvec.push_back(port_t(PORT_PROTO_TCP, 31336)); pvec.push_back(port_t(PORT_PROTO_TCP, 15)); message_t msg(avec, pvec); if (X509_V_OK != ::SSL_get_verify_result(ssl)) std::cout << "Certificate validation failed" << std::endl; else std::cout << "Certificate successfully validated" << std::endl; std::cout << "Connected with " << ::SSL_get_cipher(ssl) << " encryption." << std::endl; if (nullptr == ccert) { std::cerr << "ccert is nullptr" << std::endl; return EXIT_FAILURE; } line = ::X509_NAME_oneline(::X509_get_subject_name(ccert), 0, 0); std::cout << "Subject: " << line << std::endl; ::free(line); line = ::X509_NAME_oneline(::X509_get_issuer_name(ccert), 0, 0); std::cout << "Issuer: " << line << std::endl; ::free(line); std::cout << "Version: " << ::X509_get_version(ccert) << std::endl; ::X509_free(ccert); len = ::SSL_read(ssl, buf, sizeof(buf)); if (0 < len && 4096 > len) { buf[len] = 0; std::cout << "buf: " << buf << std::endl; } std::vector< uint8_t > d(msg.data()); ::SSL_write(ssl, d.data(), d.size()); } ::close(sockfd); ::SSL_CTX_free(ctx); return EXIT_SUCCESS; }
bool AccessCert::download( bool noCard ) { if( noCard ) { QDesktopServices::openUrl( QUrl( "http://www.sk.ee/toend/" ) ); return false; } QMessageBox d( QMessageBox::Information, tr("Server access certificate"), tr("Hereby I agree to terms and conditions of validity confirmation service and " "will use the service in extent of 10 signatures per month. If you going to " "exceed the limit of 10 signatures per month or/and will use the service for " "commercial purposes, please refer to IT support of your company. Additional " "information is available from <a href=\"http://www.sk.ee/kehtivuskinnitus\">" "http://www.sk.ee/kehtivuskinnitus</a> or phone 1777"), QMessageBox::Help, m_parent ); d.addButton( tr("Agree"), QMessageBox::AcceptRole ); if( QLabel *label = d.findChild<QLabel*>() ) label->setOpenExternalLinks( true ); if( d.exec() == QMessageBox::Help ) { QDesktopServices::openUrl( QUrl( "http://www.sk.ee/kehtivuskinnitus" ) ); return false; } qApp->signer()->lock(); QScopedPointer<SSLConnect> ssl( new SSLConnect() ); ssl->setPKCS11( Application::confValue( Application::PKCS11Module ), false ); ssl->setCard( qApp->signer()->token().card() ); bool retry = false; do { retry = false; if( ssl->flags() & TokenData::PinLocked ) { showWarning( tr("Error downloading server access certificate!\nPIN1 is blocked" ) ); qApp->signer()->unlock(); return false; } ssl->waitForFinished( SSLConnect::AccessCert ); switch( ssl->error() ) { case SSLConnect::PinCanceledError: qApp->signer()->unlock(); return false; case SSLConnect::PinInvalidError: showWarning( ssl->errorString() ); retry = true; break; default: if( !ssl->errorString().isEmpty() ) { showWarning( tr("Error downloading server access certificate!\n%1").arg( ssl->errorString() ) ); qApp->signer()->unlock(); return false; } break; } } while( retry ); QByteArray result = ssl->result(); qApp->signer()->unlock(); if( result.isEmpty() ) { showWarning( tr("Empty result!") ); return false; } QDomDocument domDoc; if( !domDoc.setContent( QString::fromUtf8( result ) ) ) { showWarning( tr("Error parsing server access certificate result!") ); return false; } QDomElement e = domDoc.documentElement(); QDomNodeList status = e.elementsByTagName( "StatusCode" ); if( status.isEmpty() ) { showWarning( tr("Error parsing server access certificate result!") ); return false; } switch( status.item(0).toElement().text().toInt() ) { case 1: //need to order cert manually from SK web QDesktopServices::openUrl( QUrl( "http://www.sk.ee/toend/" ) ); return false; case 2: //got error, show message from MessageToDisplay element showWarning( tr("Error downloading server access certificate!\n%1") .arg( e.elementsByTagName( "MessageToDisplay" ).item(0).toElement().text() ) ); return false; default: break; //ok } QString cert = e.elementsByTagName( "TokenData" ).item(0).toElement().text(); if ( cert.isEmpty() ) { showWarning( tr("Error reading server access certificate - empty content!") ); return false; } QString path = QDesktopServices::storageLocation( QDesktopServices::DataLocation ); if ( !QDir( path ).exists() ) QDir().mkpath( path ); QFile f( QString( "%1/%2.p12" ).arg( path, SslCertificate( qApp->signer()->token().cert() ).subjectInfo( "serialNumber" ) ) ); if ( !f.open( QIODevice::WriteOnly|QIODevice::Truncate ) ) { showWarning( tr("Failed to save server access certificate file to %1!\n%2") .arg( f.fileName() ) .arg( f.errorString() ) ); return false; } f.write( QByteArray::fromBase64( cert.toLatin1() ) ); Application::setConfValue( Application::PKCS12Cert, m_cert = f.fileName() ); Application::setConfValue( Application::PKCS12Pass, m_pass = e.elementsByTagName( "TokenPassword" ).item(0).toElement().text() ); return true; }