#define _XOPEN_SOURCE 600
#include <stdlib.h>
#include <stdio.h>
#include <locale.h>
#include <time.h>
#include <string.h>
#include <isds.h>
#include "common.h"
#define TLS_PREFIX SRCDIR "/server/tls/"
#define NSS_DIR TLS_PREFIX "client_nss"
void usage(const char *command) {
const char *name = NULL;
if (command) {
name = strrchr(command, '/');
if (name) name++;
}
if (!name) name = command;
fprintf(stderr, "Usage: %s {openssl|nss} {sw|hw}\n", name);
exit(EXIT_FAILURE);
}
int main(int argc, char **argv) {
struct isds_ctx *ctx = NULL;
isds_error err;
struct isds_pki_credentials *pki_credentials = NULL;
_Bool use_nss = 0;
/* Software: OpenSSL, GnuTLS */
struct isds_pki_credentials pki_software_ossl = {
.engine = NULL,
.passphrase = NULL,
.key_format = PKI_FORMAT_PEM,
.key = TLS_PREFIX "client.key",
.certificate_format = PKI_FORMAT_PEM,
.certificate = TLS_PREFIX "client.cert"
};
/* Software: NSS */
struct isds_pki_credentials pki_software_nss = {
.engine = NULL,
.passphrase = NULL,
.key_format = PKI_FORMAT_PEM,
.key = NULL,
.certificate_format = PKI_FORMAT_PEM,
.certificate = "The Client Material"
};
/* Hardware engine: OpenSSL */
struct isds_pki_credentials pki_hardware_ossl = {
.engine = "pkcs11",
.passphrase = NULL,
.key_format = PKI_FORMAT_ENG,
.key = "id_45",
.certificate_format = PKI_FORMAT_ENG,
.certificate = NULL
};
/* Hardware engine: NSS */
struct isds_pki_credentials pki_hardware_nss = {
.engine = NULL,
.passphrase = NULL,
.key_format = PKI_FORMAT_PEM,
.key = NULL,
.certificate_format = PKI_FORMAT_PEM,
.certificate = "OpenSC Card (Bob Tester):Certificate"
};
setlocale(LC_ALL, "");
/* Parse arguments */
if (argc != 3 || !argv[1] || !argv[2]) usage(argv[0]);
if (!strcmp(argv[1], "openssl")) {
use_nss = 0;
if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_ossl;
else if (!strcmp(argv[2], "hw")) pki_credentials = &pki_hardware_ossl;
else usage(argv[0]);
} else if (!strcmp(argv[1], "nss")) {
use_nss = 1;
if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_nss;
else if (!strcmp(argv[2], "hw")) pki_credentials = &pki_hardware_nss;
else usage(argv[0]);
} else
usage(argv[0]);
/* ISDS stuff */
err = isds_init();
if (err) {
printf("isds_init() failed: %s\n", isds_strerror(err));
exit(EXIT_FAILURE);
}
isds_set_logging(ILF_ALL, ILL_ALL);
ctx = isds_ctx_create();
if (!ctx) {
printf("isds_ctx_create() failed");
}
err = isds_set_timeout(ctx, 10000);
if (err) {
printf("isds_set_timeout() failed: %s\n", isds_strerror(err));
}
/* err = isds_set_opt(ctx, IOPT_TLS_VERIFY_SERVER, 0);
if (err) {
printf("isds_set_opt(IOPT_TLS_VERIFY_SERVER) failed: %s\n",
isds_strerror(err));
}*/
if (use_nss) {
if (setenv("SSL_DIR", NSS_DIR, 0)) {
printf("setenv(\"SSL_DIR\", \"%s\") failed\n", NSS_DIR);
}
} else {
err = isds_set_opt(ctx, IOPT_TLS_CA_FILE, TLS_PREFIX "ca.cert");
if (err) {
printf("isds_set_opt(IOPT_TLS_CA_FILE) failed: %s\n",
isds_strerror(err));
}
}
err = isds_login(ctx, "https://localhost:1443/", username, password,
pki_credentials);
if (err) {
printf("isds_login() failed: %s: %s\n", isds_strerror(err),
isds_long_message(ctx));
} else {
printf("Logged in :)\n");
}
err = isds_logout(ctx);
if (err) {
printf("isds_logout() failed: %s\n", isds_strerror(err));
}
err = isds_ctx_free(&ctx);
if (err) {
printf("isds_ctx_free() failed: %s\n", isds_strerror(err));
}
err = isds_cleanup();
if (err) {
printf("isds_cleanup() failed: %s\n", isds_strerror(err));
}
exit (EXIT_SUCCESS);
}
