client/certauth.c

   1 #define _XOPEN_SOURCE 600
   2 #include <stdlib.h>
   3 #include <stdio.h>
   4 #include <locale.h>
   5 #include <time.h>
   6 #include <string.h>
   7 #include <isds.h>
   8 #include "common.h"
   9
  10 #define TLS_PREFIX SRCDIR "/server/tls/"
  11 #define NSS_DIR TLS_PREFIX "client_nss"
  12
  13 void usage(const char *command) {
  14     const char *name = NULL;
  15     if (command) {
  16         name = strrchr(command, '/');
  17         if (name) name++;
  18     }
  19     if (!name) name = command;
  20
  21     fprintf(stderr, "Usage: %s {openssl|nss} {sw|hw ID}\n"
  22             "\tID\tIdentifier of cryptographic material in hardware engine\n",
  23             name);
  24     exit(EXIT_FAILURE);
  25 }
  26
  27 int main(int argc, char **argv) {
  28     struct isds_ctx *ctx = NULL;
  29     isds_error err;
  30     struct isds_pki_credentials *pki_credentials = NULL;
  31     _Bool use_nss = 0;
  32
  33     /* Software: OpenSSL, GnuTLS */
  34     struct isds_pki_credentials pki_software_ossl = {
  35         .engine = NULL,
  36         .passphrase = NULL,
  37         .key_format = PKI_FORMAT_PEM,
  38         .key = TLS_PREFIX "client.key",
  39         .certificate_format = PKI_FORMAT_PEM,
  40         .certificate = TLS_PREFIX "client.cert"
  41     };
  42
  43     /* Software: NSS */
  44     struct isds_pki_credentials pki_software_nss = {
  45         .engine = NULL,
  46         .passphrase = NULL,
  47         .key_format = PKI_FORMAT_PEM,
  48         .key = NULL,
  49         .certificate_format = PKI_FORMAT_PEM,
  50         .certificate = "The Client Material"
  51     };
  52
  53     /* Hardware engine: OpenSSL */
  54     struct isds_pki_credentials pki_hardware_ossl = {
  55         .engine = "pkcs11",
  56         .passphrase = NULL,
  57         .key_format = PKI_FORMAT_ENG,
  58         .key = "id_45",
  59         .certificate_format = PKI_FORMAT_ENG,
  60         .certificate = NULL
  61     };
  62
  63     /* Hardware engine: NSS */
  64     struct isds_pki_credentials pki_hardware_nss = {
  65         .engine = NULL,
  66         .passphrase = NULL,
  67         .key_format = PKI_FORMAT_PEM,
  68         .key = NULL,
  69         .certificate_format = PKI_FORMAT_PEM,
  70         .certificate = "OpenSC Card (Bob Tester):Certificate"
  71     };
  72
  73     setlocale(LC_ALL, "");
  74
  75     /* Parse arguments */
  76     if (argc < 3 || !argv[1] || !argv[2]) usage(argv[0]);
  77     if (!strcmp(argv[1], "openssl")) {
  78         use_nss = 0;
  79         if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_ossl;
  80         else if (!strcmp(argv[2], "hw")) {
  81             pki_credentials = &pki_hardware_ossl;
  82             if (argc < 4 || !argv[3]) usage(argv[0]);
  83             pki_credentials->key = argv[3];
  84         } else usage(argv[0]);
  85     } else if (!strcmp(argv[1], "nss")) {
  86         use_nss = 1;
  87         if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_nss;
  88         else if (!strcmp(argv[2], "hw")) {
  89             pki_credentials = &pki_hardware_nss;
  90             if (argc < 4 || !argv[3]) usage(argv[0]);
  91             pki_credentials->certificate = argv[3];
  92         } else usage(argv[0]);
  93     } else
  94         usage(argv[0]);
  95
  96     /* ISDS stuff */
  97     err = isds_init();
  98     if (err) {
  99         printf("isds_init() failed: %s\n", isds_strerror(err));
 100         exit(EXIT_FAILURE);
 101     }
 102
 103     isds_set_logging(ILF_ALL, ILL_ALL);
 104
 105     ctx = isds_ctx_create();
 106     if (!ctx) {
 107         printf("isds_ctx_create() failed");
 108     }
 109
 110     err = isds_set_timeout(ctx, 10000);
 111     if (err) {
 112         printf("isds_set_timeout() failed: %s\n", isds_strerror(err));
 113     }
 114
 115     /* err = isds_set_opt(ctx, IOPT_TLS_VERIFY_SERVER, 0);
 116     if (err) {
 117         printf("isds_set_opt(IOPT_TLS_VERIFY_SERVER) failed: %s\n",
 118                 isds_strerror(err));
 119     }*/
 120
 121
 122     if (use_nss) {
 123         if (setenv("SSL_DIR", NSS_DIR, 0)) {
 124             printf("setenv(\"SSL_DIR\", \"%s\") failed\n", NSS_DIR);
 125         }
 126     } else {
 127         err = isds_set_opt(ctx, IOPT_TLS_CA_FILE, TLS_PREFIX "ca.cert");
 128         if (err) {
 129             printf("isds_set_opt(IOPT_TLS_CA_FILE) failed: %s\n",
 130                     isds_strerror(err));
 131         }
 132     }
 133
 134     err = isds_login(ctx, "https://localhost:1443/", username(), password(),
 135             pki_credentials, NULL);
 136     if (err) {
 137         printf("isds_login() failed: %s: %s\n", isds_strerror(err),
 138                 isds_long_message(ctx));
 139     } else {
 140         printf("Logged in :)\n");
 141     }
 142
 143
 144     err = isds_logout(ctx);
 145     if (err) {
 146         printf("isds_logout() failed: %s\n", isds_strerror(err));
 147     }
 148
 149
 150     err = isds_ctx_free(&ctx);
 151     if (err) {
 152         printf("isds_ctx_free() failed: %s\n", isds_strerror(err));
 153     }
 154
 155
 156     err = isds_cleanup();
 157     if (err) {
 158         printf("isds_cleanup() failed: %s\n", isds_strerror(err));
 159     }
 160
 161     exit (EXIT_SUCCESS);
 162 }