client/certauth.c

   1 #define _XOPEN_SOURCE 600
   2 #include <stdlib.h>
   3 #include <stdio.h>
   4 #include <locale.h>
   5 #include <time.h>
   6 #include <string.h>
   7 #include <isds.h>
   8 #include "common.h"
   9
  10 #define TLS_PREFIX "../server/tls/"
  11 #define NSS_DIR TLS_PREFIX "client_nss"
  12
  13 void usage(const char *command) {
  14     const char *name = NULL;
  15     if (command) {
  16         name = strrchr(command, '/');
  17         if (name) name++;
  18     }
  19     if (!name) name = command;
  20
  21     fprintf(stderr, "Usage: %s {openssl|nss} {sw|hw}\n", name);
  22     exit(EXIT_FAILURE);
  23 }
  24
  25 int main(int argc, char **argv) {
  26     struct isds_ctx *ctx = NULL;
  27     isds_error err;
  28     struct isds_pki_credentials *pki_credentials = NULL;
  29     _Bool use_nss = 0;
  30
  31     /* Software: OpenSSL, GnuTLS */
  32     struct isds_pki_credentials pki_software_ossl = {
  33         .engine = NULL,
  34         .passphrase = NULL,
  35         .key_format = PKI_FORMAT_PEM,
  36         .key = TLS_PREFIX "client.key",
  37         .certificate_format = PKI_FORMAT_PEM,
  38         .certificate = TLS_PREFIX "client.cert"
  39     };
  40
  41     /* Software: NSS */
  42     struct isds_pki_credentials pki_software_nss = {
  43         .engine = NULL,
  44         .passphrase = NULL,
  45         .key_format = PKI_FORMAT_PEM,
  46         .key = NULL,
  47         .certificate_format = PKI_FORMAT_PEM,
  48         .certificate = "The Client Material"
  49     };
  50
  51     /* Hardware engine: OpenSSL */
  52     struct isds_pki_credentials pki_hardware_ossl = {
  53         .engine = "pkcs11",
  54         .passphrase = NULL,
  55         .key_format = PKI_FORMAT_ENG,
  56         .key = "id_45",
  57         .certificate_format = PKI_FORMAT_ENG,
  58         .certificate = NULL
  59     };
  60
  61     /* Hardware engine: NSS */
  62     struct isds_pki_credentials pki_hardware_nss = {
  63         .engine = NULL,
  64         .passphrase = NULL,
  65         .key_format = PKI_FORMAT_PEM,
  66         .key = NULL,
  67         .certificate_format = PKI_FORMAT_PEM,
  68         .certificate = "OpenSC Card (Bob Tester):Certificate"
  69     };
  70
  71     setlocale(LC_ALL, "");
  72
  73     /* Parse arguments */
  74     if (argc != 3 || !argv[1] || !argv[2]) usage(argv[0]);
  75     if (!strcmp(argv[1], "openssl")) {
  76         use_nss = 0;
  77         if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_ossl;
  78         else if (!strcmp(argv[2], "hw")) pki_credentials = &pki_hardware_ossl;
  79         else usage(argv[0]);
  80     } else if (!strcmp(argv[1], "nss")) {
  81         use_nss = 1;
  82         if (!strcmp(argv[2], "sw")) pki_credentials = &pki_software_nss;
  83         else if (!strcmp(argv[2], "hw")) pki_credentials = &pki_hardware_nss;
  84         else usage(argv[0]);
  85     } else
  86         usage(argv[0]);
  87
  88     /* ISDS stuff */
  89     err = isds_init();
  90     if (err) {
  91         printf("isds_init() failed: %s\n", isds_strerror(err));
  92         exit(EXIT_FAILURE);
  93     }
  94
  95     isds_set_logging(ILF_ALL, ILL_ALL);
  96
  97     ctx = isds_ctx_create();
  98     if (!ctx) {
  99         printf("isds_ctx_create() failed");
 100     }
 101
 102     err = isds_set_timeout(ctx, 10000);
 103     if (err) {
 104         printf("isds_set_timeout() failed: %s\n", isds_strerror(err));
 105     }
 106
 107     /* err = isds_set_tls(ctx, ITLS_VERIFY_SERVER, 0);
 108     if (err) {
 109         printf("isds_set_tls(ITLS_VERIFY_SERVER) failed: %s\n",
 110                 isds_strerror(err));
 111     }*/
 112
 113
 114     if (use_nss) {
 115         if (setenv("SSL_DIR", NSS_DIR, 0)) {
 116             printf("setenv(\"SSL_DIR\", \"%s\") failed\n", NSS_DIR);
 117         }
 118     } else {
 119         err = isds_set_tls(ctx, ITLS_CA_FILE, "../server/tls/ca.cert");
 120         if (err) {
 121             printf("isds_set_tls(ITLS_CA_FILE) failed: %s\n",
 122                     isds_strerror(err));
 123         }
 124     }
 125
 126     err = isds_login(ctx, "https://localhost:1443/", username, password,
 127             pki_credentials);
 128     if (err) {
 129         printf("isds_login() failed: %s: %s\n", isds_strerror(err),
 130                 isds_long_message(ctx));
 131     } else {
 132         printf("Logged in :)\n");
 133     }
 134
 135
 136     err = isds_logout(ctx);
 137     if (err) {
 138         printf("isds_logout() failed: %s\n", isds_strerror(err));
 139     }
 140
 141
 142     err = isds_ctx_free(&ctx);
 143     if (err) {
 144         printf("isds_ctx_free() failed: %s\n", isds_strerror(err));
 145     }
 146
 147
 148     err = isds_cleanup();
 149     if (err) {
 150         printf("isds_cleanup() failed: %s\n", isds_strerror(err));
 151     }
 152
 153     exit (EXIT_SUCCESS);
 154 }