#include "database.h"
#include "record.h"
#include "opensslBIO.h"
+#include "remoteSigner.h"
#include "simpleOpensslSigner.h"
+#include "sslUtil.h"
#include "slipBio.h"
-int gencb( int a, int b, BN_GENCB* g ) {
- ( void ) a;
- ( void ) b;
- ( void ) g;
-
- std::cout << ( a == 0 ? "." : "+" ) << std::flush;
-
- return 1;
-}
-
-int vfy( int prevfy, X509_STORE_CTX* ct ) {
- ( void ) ct;
- return prevfy;
-}
-
-static std::shared_ptr<DH> dh_param;
-
-std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
- std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>( SSL_CTX_new( TLSv1_2_method() ), SSL_CTX_free );
-
- if( !SSL_CTX_set_cipher_list( ctx.get(), "HIGH:+CAMELLIA256:!eNull:!aNULL:!ADH:!MD5:-RSA+AES+SHA1:!RC4:!DES:!3DES:!SEED:!EXP:!AES128:!CAMELLIA128" ) ) {
- throw "Cannot set cipher list. Your source is broken.";
- }
-
- SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_NONE, vfy );
- SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM );
- SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM );
- std::shared_ptr<STACK_OF( X509_NAME )> cert_names(
- SSL_load_client_CA_file( "testdata/server.crt" ),
- []( STACK_OF( X509_NAME ) *st ) {
- std::cout << "freeing" << std::endl;
- sk_X509_NAME_free( st );
- } );
-
- if( cert_names ) {
- SSL_CTX_set_client_CA_list( ctx.get(), cert_names.get() );
- }
-
- if( server ) {
- if( !dh_param ) {
- FILE* paramfile = fopen( "dh_param.pem", "r" );
-
- if( paramfile ) {
- dh_param = std::shared_ptr<DH>( PEM_read_DHparams( paramfile, NULL, NULL, NULL ), DH_free );
- fclose( paramfile );
- } else {
- dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
- std::cout << "Generating DH params" << std::endl;
- BN_GENCB cb;
- cb.ver = 2;
- cb.arg = 0;
- cb.cb.cb_2 = gencb;
-
- if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
- throw "DH generation failed";
- }
-
- std::cout << std::endl;
- paramfile = fopen( "dh_param.pem", "w" );
-
- if( paramfile ) {
- PEM_write_DHparams( paramfile, dh_param.get() );
- fclose( paramfile );
- }
- }
- }
-
- if( !SSL_CTX_set_tmp_dh( ctx.get(), dh_param.get() ) ) {
- throw "Cannot set tmp dh.";
- }
- }
-
- return ctx;
-}
+extern std::vector<Profile> profiles;
class RecordHandlerSession {
public:
this->signer = signer;
ssl = SSL_new( ctx.get() );
- std::shared_ptr<BIO> bio( BIO_new( BIO_f_ssl() ), [output]( BIO * p ) {
- BIO_free( p );
- } );
+ std::shared_ptr<BIO> bio(
+ BIO_new( BIO_f_ssl() ),
+ [output]( BIO * p ) {
+ BIO_free( p );
+ } );
SSL_set_accept_state( ssl );
SSL_set_bio( ssl, output.get(), output.get() );
BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE );
ctx = generateSSLContext( true );
- SSL_CTX_use_certificate_file( ctx.get(), "testdata/server.crt", SSL_FILETYPE_PEM );
- SSL_CTX_use_PrivateKey_file( ctx.get(), "testdata/server.key", SSL_FILETYPE_PEM );
-
this->bio = bio;
}
currentSession->work();
}
-void setupSerial( FILE* f ) {
- struct termios attr;
-
- if( tcgetattr( fileno( f ), &attr ) ) {
- throw "failed to get attrs";
- }
-
- attr.c_iflag &= ~( IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON );
- attr.c_oflag &= ~OPOST;
- attr.c_lflag &= ~( ECHO | ECHONL | ICANON | ISIG | IEXTEN );
- attr.c_cflag &= ~( CSIZE | PARENB );
- attr.c_cflag |= CS8;
-
- if( tcsetattr( fileno( f ), TCSANOW, &attr ) ) {
- throw "failed to get attrs";
- }
-}
-
int handlermain( int argc, const char* argv[] ) {
( void ) argc;
( void ) argv;
//---
- SSL_library_init();
+ std::shared_ptr<int> ssl_lib = ssl_lib_ref;
if( argc >= 2 ) {
- FILE* f = fopen( "/dev/ttyUSB0", "r+" );
-
- if( !f ) {
- std::cout << "Opening /dev/ttyUSB0 bio failed" << std::endl;
- return -1;
- }
-
- setupSerial( f );
-
- std::shared_ptr<BIO> b( BIO_new_fd( fileno( f ), 0 ), BIO_free );
+ std::shared_ptr<BIO> b = openSerial( "/dev/ttyUSB0" );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
- std::cout << "Initing tlsv1_2" << std::endl;
- std::shared_ptr<SSL_CTX> ctx = generateSSLContext( false );
- std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, ctx ) );
+ std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
+
std::shared_ptr<TBSCertificate> cert( new TBSCertificate() );
cert->csr_type = "csr";
cert->csr_content = data;
cert->md = "sha256";
cert->profile = "1";
+ std::shared_ptr<AVA> ava( new AVA() );
+ ava->name = "CN";
+ ava->value = "Dummy user certificates";
+ cert->AVAs.push_back( ava );
+ std::shared_ptr<SAN> san( new SAN() );
+ san->type = "DNS";
+ san->content = "n42.example.com";
+ cert->SANs.push_back( san );
auto res = sign->sign( cert );
- std::cout << "sent things" << std::endl;
-
+ std::cout << "log: " << res->log << std::endl;
+ std::cout << "cert things: " << res->certificate << std::endl;
return 0;
}
- FILE* f = fopen( "/dev/ttyS0", "r+" );
-
- if( !f ) {
- std::cout << "Opening /dev/ttyS0 bio failed" << std::endl;
- return -1;
- }
-
- setupSerial( f );
-
- std::shared_ptr<BIO> conn( BIO_new_fd( fileno( f ), 0 ), BIO_free );
+ std::shared_ptr<BIO> conn = openSerial( "/dev/ttyS0" );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( conn ) ) );
try {
- DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr<Signer>( new SimpleOpensslSigner() ), slip1 );
+ DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr<Signer>( new SimpleOpensslSigner( profiles[0] ) ), slip1 );
while( true ) {
dh->handle();