]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - scripts/tls_test.c
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 #include <sys/types.h>
19 #include <sys/socket.h>
25 #include <utils/debug.h>
26 #include <tls_socket.h>
27 #include <networking/host.h>
28 #include <credentials/sets/mem_cred.h>
31 * Print usage information
33 static void usage(FILE *out
, char *cmd
)
35 fprintf(out
, "usage:\n");
36 fprintf(out
, " %s --connect <address> --port <port> [--key <key] [--cert <file>]+ [--times <n>]\n", cmd
);
37 fprintf(out
, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd
);
41 * Check, as client, if we have a client certificate with private key
43 static identification_t
*find_client_id()
45 identification_t
*client
= NULL
, *keyid
;
46 enumerator_t
*enumerator
;
49 private_key_t
*privkey
;
52 enumerator
= lib
->credmgr
->create_cert_enumerator(lib
->credmgr
,
53 CERT_X509
, KEY_ANY
, NULL
, FALSE
);
54 while (enumerator
->enumerate(enumerator
, &cert
))
56 pubkey
= cert
->get_public_key(cert
);
59 if (pubkey
->get_fingerprint(pubkey
, KEYID_PUBKEY_SHA1
, &chunk
))
61 keyid
= identification_create_from_encoding(ID_KEY_ID
, chunk
);
62 privkey
= lib
->credmgr
->get_private(lib
->credmgr
,
63 pubkey
->get_type(pubkey
), keyid
, NULL
);
64 keyid
->destroy(keyid
);
67 client
= cert
->get_subject(cert
);
68 client
= client
->clone(client
);
69 privkey
->destroy(privkey
);
72 pubkey
->destroy(pubkey
);
79 enumerator
->destroy(enumerator
);
87 static int run_client(host_t
*host
, identification_t
*server
,
88 identification_t
*client
, int times
, tls_cache_t
*cache
)
93 while (times
== -1 || times
-- > 0)
95 fd
= socket(AF_INET
, SOCK_STREAM
, 0);
98 DBG1(DBG_TLS
, "opening socket failed: %s", strerror(errno
));
101 if (connect(fd
, host
->get_sockaddr(host
),
102 *host
->get_sockaddr_len(host
)) == -1)
104 DBG1(DBG_TLS
, "connecting to %#H failed: %s", host
, strerror(errno
));
108 tls
= tls_socket_create(FALSE
, server
, client
, fd
, cache
, TLS_1_2
, TRUE
);
114 res
= tls
->splice(tls
, 0, 1) ? 0 : 1;
128 static int serve(host_t
*host
, identification_t
*server
,
129 int times
, tls_cache_t
*cache
)
134 fd
= socket(AF_INET
, SOCK_STREAM
, 0);
137 DBG1(DBG_TLS
, "opening socket failed: %s", strerror(errno
));
140 if (bind(fd
, host
->get_sockaddr(host
),
141 *host
->get_sockaddr_len(host
)) == -1)
143 DBG1(DBG_TLS
, "binding to %#H failed: %s", host
, strerror(errno
));
147 if (listen(fd
, 1) == -1)
149 DBG1(DBG_TLS
, "listen to %#H failed: %m", host
, strerror(errno
));
154 while (times
== -1 || times
-- > 0)
156 cfd
= accept(fd
, host
->get_sockaddr(host
), host
->get_sockaddr_len(host
));
159 DBG1(DBG_TLS
, "accept failed: %s", strerror(errno
));
163 DBG1(DBG_TLS
, "%#H connected", host
);
165 tls
= tls_socket_create(TRUE
, server
, NULL
, cfd
, cache
, TLS_1_2
, TRUE
);
171 tls
->splice(tls
, 0, 1);
172 DBG1(DBG_TLS
, "%#H disconnected", host
);
181 * In-Memory credential set
183 static mem_cred_t
*creds
;
186 * Load certificate from file
188 static bool load_certificate(char *filename
)
192 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
193 BUILD_FROM_FILE
, filename
, BUILD_END
);
196 DBG1(DBG_TLS
, "loading certificate from '%s' failed", filename
);
199 creds
->add_cert(creds
, TRUE
, cert
);
204 * Load private key from file
206 static bool load_key(char *filename
)
210 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, KEY_RSA
,
211 BUILD_FROM_FILE
, filename
, BUILD_END
);
214 DBG1(DBG_TLS
, "loading key from '%s' failed", filename
);
217 creds
->add_key(creds
, key
);
224 static level_t tls_level
= 1;
226 static void dbg_tls(debug_t group
, level_t level
, char *fmt
, ...)
228 if ((group
== DBG_TLS
&& level
<= tls_level
) || level
<= 1)
233 vfprintf(stderr
, fmt
, args
);
234 fprintf(stderr
, "\n");
242 static void cleanup()
244 lib
->credmgr
->remove_set(lib
->credmgr
, &creds
->set
);
245 creds
->destroy(creds
);
254 library_init(NULL
, "tls_test");
258 lib
->plugins
->load(lib
->plugins
, PLUGINS
);
260 creds
= mem_cred_create();
261 lib
->credmgr
->add_set(lib
->credmgr
, &creds
->set
);
266 int main(int argc
, char *argv
[])
268 char *address
= NULL
;
270 int port
= 0, times
= -1, res
;
271 identification_t
*server
, *client
;
279 struct option long_opts
[] = {
280 {"help", no_argument
, NULL
, 'h' },
281 {"connect", required_argument
, NULL
, 'c' },
282 {"listen", required_argument
, NULL
, 'l' },
283 {"port", required_argument
, NULL
, 'p' },
284 {"cert", required_argument
, NULL
, 'x' },
285 {"key", required_argument
, NULL
, 'k' },
286 {"times", required_argument
, NULL
, 't' },
287 {"debug", required_argument
, NULL
, 'd' },
290 switch (getopt_long(argc
, argv
, "", long_opts
, NULL
))
295 usage(stdout
, argv
[0]);
298 if (!load_certificate(optarg
))
304 if (!load_key(optarg
))
315 usage(stderr
, argv
[0]);
324 times
= atoi(optarg
);
327 tls_level
= atoi(optarg
);
330 usage(stderr
, argv
[0]);
335 if (!port
|| !address
)
337 usage(stderr
, argv
[0]);
340 host
= host_create_from_dns(address
, 0, port
);
343 DBG1(DBG_TLS
, "resolving hostname %s failed", address
);
346 server
= identification_create_from_string(address
);
347 cache
= tls_cache_create(100, 30);
350 res
= serve(host
, server
, times
, cache
);
354 client
= find_client_id();
355 res
= run_client(host
, server
, client
, times
, cache
);
358 cache
->destroy(cache
);
360 server
->destroy(server
);