diff options
Diffstat (limited to 'security/nss/cmd/SSLsample/client.c')
-rw-r--r-- | security/nss/cmd/SSLsample/client.c | 451 |
1 files changed, 451 insertions, 0 deletions
diff --git a/security/nss/cmd/SSLsample/client.c b/security/nss/cmd/SSLsample/client.c new file mode 100644 index 000000000..0953faeae --- /dev/null +++ b/security/nss/cmd/SSLsample/client.c @@ -0,0 +1,451 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/**************************************************************************** + * SSL client program that sets up a connection to SSL server, transmits * + * some data and then reads the reply * + ****************************************************************************/ + +#include <stdio.h> +#include <string.h> + +#if defined(XP_UNIX) +#include <unistd.h> +#endif + +#include "prerror.h" + +#include "pk11func.h" +#include "secitem.h" + + +#include <stdlib.h> +#include <errno.h> +#include <fcntl.h> +#include <stdarg.h> + +#include "nspr.h" +#include "plgetopt.h" +#include "prio.h" +#include "prnetdb.h" +#include "nss.h" + +#include "sslsample.h" + +#define RD_BUF_SIZE (60 * 1024) + +extern int ssl2CipherSuites[]; +extern int ssl3CipherSuites[]; + +GlobalThreadMgr threadMGR; +char *certNickname = NULL; +char *hostName = NULL; +char *password = NULL; +unsigned short port = 0; + +static void +Usage(const char *progName) +{ + fprintf(stderr, + "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n" + " [-w dbpasswd] [-C cipher(s)] hostname\n", + progName); + exit(1); +} + +PRFileDesc * +setupSSLSocket(PRNetAddr *addr) +{ + PRFileDesc *tcpSocket; + PRFileDesc *sslSocket; + PRSocketOptionData socketOption; + PRStatus prStatus; + SECStatus secStatus; + +#if 0 +retry: +#endif + + tcpSocket = PR_NewTCPSocket(); + if (tcpSocket == NULL) { + errWarn("PR_NewTCPSocket"); + } + + /* Make the socket blocking. */ + socketOption.option = PR_SockOpt_Nonblocking; + socketOption.value.non_blocking = PR_FALSE; + + prStatus = PR_SetSocketOption(tcpSocket, &socketOption); + if (prStatus != PR_SUCCESS) { + errWarn("PR_SetSocketOption"); + goto loser; + } + +#if 0 + /* Verify that a connection can be made to the socket. */ + prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT); + if (prStatus != PR_SUCCESS) { + PRErrorCode err = PR_GetError(); + if (err == PR_CONNECT_REFUSED_ERROR) { + PR_Close(tcpSocket); + PR_Sleep(PR_MillisecondsToInterval(10)); + fprintf(stderr, "Connection to port refused, retrying.\n"); + goto retry; + } + errWarn("PR_Connect"); + goto loser; + } +#endif + + /* Import the socket into the SSL layer. */ + sslSocket = SSL_ImportFD(NULL, tcpSocket); + if (!sslSocket) { + errWarn("SSL_ImportFD"); + goto loser; + } + + /* Set configuration options. */ + secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); + if (secStatus != SECSuccess) { + errWarn("SSL_OptionSet:SSL_SECURITY"); + goto loser; + } + + secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); + if (secStatus != SECSuccess) { + errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT"); + goto loser; + } + + /* Set SSL callback routines. */ + secStatus = SSL_GetClientAuthDataHook(sslSocket, + (SSLGetClientAuthData)myGetClientAuthData, + (void *)certNickname); + if (secStatus != SECSuccess) { + errWarn("SSL_GetClientAuthDataHook"); + goto loser; + } + + secStatus = SSL_AuthCertificateHook(sslSocket, + (SSLAuthCertificate)myAuthCertificate, + (void *)CERT_GetDefaultCertDB()); + if (secStatus != SECSuccess) { + errWarn("SSL_AuthCertificateHook"); + goto loser; + } + + secStatus = SSL_BadCertHook(sslSocket, + (SSLBadCertHandler)myBadCertHandler, NULL); + if (secStatus != SECSuccess) { + errWarn("SSL_BadCertHook"); + goto loser; + } + + secStatus = SSL_HandshakeCallback(sslSocket, + (SSLHandshakeCallback)myHandshakeCallback, + NULL); + if (secStatus != SECSuccess) { + errWarn("SSL_HandshakeCallback"); + goto loser; + } + + return sslSocket; + +loser: + + PR_Close(tcpSocket); + return NULL; +} + + +const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" }; + +SECStatus +handle_connection(PRFileDesc *sslSocket, int connection) +{ + int countRead = 0; + PRInt32 numBytes; + char *readBuffer; + + readBuffer = PORT_Alloc(RD_BUF_SIZE); + if (!readBuffer) { + exitErr("PORT_Alloc"); + } + + /* compose the http request here. */ + + numBytes = PR_Write(sslSocket, requestString, strlen(requestString)); + if (numBytes <= 0) { + errWarn("PR_Write"); + PR_Free(readBuffer); + readBuffer = NULL; + return SECFailure; + } + + /* read until EOF */ + while (PR_TRUE) { + numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE); + if (numBytes == 0) { + break; /* EOF */ + } + if (numBytes < 0) { + errWarn("PR_Read"); + break; + } + countRead += numBytes; + fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n", + connection, numBytes, countRead ); + readBuffer[numBytes] = '\0'; + fprintf(stderr, "************\n%s\n************\n", readBuffer); + } + + printSecurityInfo(sslSocket); + + PR_Free(readBuffer); + readBuffer = NULL; + + /* Caller closes the socket. */ + + fprintf(stderr, + "***** Connection %d read %d bytes total.\n", + connection, countRead); + + return SECSuccess; /* success */ +} + +/* one copy of this function is launched in a separate thread for each +** connection to be made. +*/ +SECStatus +do_connects(void *a, int connection) +{ + PRNetAddr *addr = (PRNetAddr *)a; + PRFileDesc *sslSocket; + PRHostEnt hostEntry; + char buffer[PR_NETDB_BUF_SIZE]; + PRStatus prStatus; + PRIntn hostenum; + SECStatus secStatus; + + /* Set up SSL secure socket. */ + sslSocket = setupSSLSocket(addr); + if (sslSocket == NULL) { + errWarn("setupSSLSocket"); + return SECFailure; + } + + secStatus = SSL_SetPKCS11PinArg(sslSocket, password); + if (secStatus != SECSuccess) { + errWarn("SSL_SetPKCS11PinArg"); + return secStatus; + } + + secStatus = SSL_SetURL(sslSocket, hostName); + if (secStatus != SECSuccess) { + errWarn("SSL_SetURL"); + return secStatus; + } + + /* Prepare and setup network connection. */ + prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry); + if (prStatus != PR_SUCCESS) { + errWarn("PR_GetHostByName"); + return SECFailure; + } + + hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr); + if (hostenum == -1) { + errWarn("PR_EnumerateHostEnt"); + return SECFailure; + } + + prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT); + if (prStatus != PR_SUCCESS) { + errWarn("PR_Connect"); + return SECFailure; + } + + /* Established SSL connection, ready to send data. */ +#if 0 + secStatus = SSL_ForceHandshake(sslSocket); + if (secStatus != SECSuccess) { + errWarn("SSL_ForceHandshake"); + return secStatus; + } +#endif + + secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); + if (secStatus != SECSuccess) { + errWarn("SSL_ResetHandshake"); + prStatus = PR_Close(sslSocket); + if (prStatus != PR_SUCCESS) { + errWarn("PR_Close"); + } + return secStatus; + } + + secStatus = handle_connection(sslSocket, connection); + if (secStatus != SECSuccess) { + errWarn("handle_connection"); + return secStatus; + } + + PR_Close(sslSocket); + return SECSuccess; +} + +void +client_main(unsigned short port, + int connections, + const char * hostName) +{ + int i; + SECStatus secStatus; + PRStatus prStatus; + PRInt32 rv; + PRNetAddr addr; + PRHostEnt hostEntry; + char buffer[256]; + + /* Setup network connection. */ + prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry); + if (prStatus != PR_SUCCESS) { + exitErr("PR_GetHostByName"); + } + + rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr); + if (rv < 0) { + exitErr("PR_EnumerateHostEnt"); + } + + secStatus = launch_thread(&threadMGR, do_connects, &addr, 1); + if (secStatus != SECSuccess) { + exitErr("launch_thread"); + } + + if (connections > 1) { + /* wait for the first connection to terminate, then launch the rest. */ + reap_threads(&threadMGR); + /* Start up the connections */ + for (i = 2; i <= connections; ++i) { + secStatus = launch_thread(&threadMGR, do_connects, &addr, i); + if (secStatus != SECSuccess) { + errWarn("launch_thread"); + } + } + } + + reap_threads(&threadMGR); + destroy_thread_data(&threadMGR); +} + +int +main(int argc, char **argv) +{ + char * certDir = "."; + char * progName = NULL; + int connections = 1; + char * cipherString = NULL; + SECStatus secStatus; + PLOptState * optstate; + PLOptStatus status; + + /* Call the NSPR initialization routines */ + PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + + progName = PL_strdup(argv[0]); + + hostName = NULL; + optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:"); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch(optstate->option) { + case 'C' : cipherString = PL_strdup(optstate->value); break; + case 'c' : connections = PORT_Atoi(optstate->value); break; + case 'd' : certDir = PL_strdup(optstate->value); break; + case 'n' : certNickname = PL_strdup(optstate->value); break; + case 'p' : port = PORT_Atoi(optstate->value); break; + case 'w' : password = PL_strdup(optstate->value); break; + case '\0': hostName = PL_strdup(optstate->value); break; + default : Usage(progName); + } + } + + if (port == 0 || hostName == NULL) + Usage(progName); + + if (certDir == NULL) { + certDir = PR_smprintf("%s/.netscape", getenv("HOME")); + } + + /* Set our password function callback. */ + PK11_SetPasswordFunc(myPasswd); + + /* Initialize the NSS libraries. */ + secStatus = NSS_Init(certDir); + if (secStatus != SECSuccess) { + exitErr("NSS_Init"); + } + + /* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */ + NSS_SetDomesticPolicy(); + SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); + + /* all the SSL2 and SSL3 cipher suites are enabled by default. */ + if (cipherString) { + int ndx; + + /* disable all the ciphers, then enable the ones we want. */ + disableAllSSLCiphers(); + + while (0 != (ndx = *cipherString++)) { + int *cptr; + int cipher; + + if (! isalpha(ndx)) + Usage(progName); + cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; + for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) + /* do nothing */; + if (cipher) { + SSL_CipherPrefSetDefault(cipher, PR_TRUE); + } + } + } + + client_main(port, connections, hostName); + + NSS_Shutdown(); + PR_Cleanup(); + return 0; +} + |