1/* 2 * nisccSimpleClient.cpp - just do one SSL client session expecting 3 * errSSLPeerCertUnknown and ClientCertRejected 4 */ 5 6#include <Security/SecureTransport.h> 7#include <Security/Security.h> 8#include <Security/SecBasePriv.h> 9#include <clAppUtils/sslAppUtils.h> 10#include <clAppUtils/ioSock.h> 11#include <clAppUtils/sslThreading.h> 12#include <security_cdsa_utils/cuFileIo.h> 13#include <security_cdsa_utils/cuCdsaUtils.h> 14#include <security_cdsa_utils/cuPrintCert.h> 15#include <security_utilities/threading.h> 16#include <security_utilities/devrandom.h> 17 18#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h> 19#include <stdio.h> 20#include <stdlib.h> 21#include <unistd.h> 22#include <string.h> 23#include <time.h> 24#include <ctype.h> 25#include <sys/param.h> 26 27/* skip certs larger than this - ST can't fragment protocol msgs (yet) */ 28#define MAX_CERT_SIZE 16000 29 30static void usage(char **argv) 31{ 32 printf("Usage: %s hostname port keychain [q(uiet)]\n", argv[0]); 33 exit(1); 34} 35 36#define IGNORE_SIGPIPE 1 37#if IGNORE_SIGPIPE 38#include <signal.h> 39 40void sigpipe(int sig) 41{ 42} 43#endif /* IGNORE_SIGPIPE */ 44 45SslAppTestParams clientDefaults = 46{ 47 NULL, // hostName - user-provided 48 true, // skipHostNameCHeck 49 0, // port - user-provided 50 NULL, NULL, // RingBuffers 51 false, // noProtSpec 52 kTLSProtocol1, 53 NULL, // acceptedProts - not used in this test 54 NULL, // myCerts - user-provided 55 NULL, // password - same as myCerts 56 false, // idIsTrustedRoot 57 true, // disableCertVerify - SPECIAL FOR THIS TEST 58 NULL, // anchorFile - not needed - right? 59 false, // replaceAnchors 60 kAlwaysAuthenticate, 61 false, // resumeEnable 62 NULL, // ciphers 63 false, // nonBlocking 64 NULL, // dhParams 65 0, // dhParamsLen 66 errSSLPeerCertUnknown, // expectRtn 67 kTLSProtocol1, // expectVersion 68 kSSLClientCertRejected, 69 SSL_CIPHER_IGNORE, 70 false, // quiet - user-provided 71 false, // silent 72 false, // verbose 73 NULL, // lock 74 0, // clientDone 75 false, // serverAbort 76 /* returned */ 77 kSSLProtocolUnknown, 78 SSL_NULL_WITH_NULL_NULL, 79 kSSLClientCertNone, 80 noHardwareErr 81 82}; 83 84static void testStartBanner( 85 char *testName, 86 int argc, 87 char **argv) 88{ 89 printf("Starting %s; args: ", testName); 90 for(int i=1; i<argc; i++) { 91 printf("%s ", argv[i]); 92 } 93 printf("\n"); 94} 95 96/* this normally comes from libcsputils.a, which we don't link against */ 97 98extern "C" { 99char *cssmErrToStr(CSSM_RETURN err); 100} 101 102char *cssmErrToStr(CSSM_RETURN err) 103{ 104 string errStr = cssmErrorString(err); 105 return const_cast<char *>(errStr.c_str()); 106} 107 108 109int main(int argc, char **argv) 110{ 111 int ourRtn = 0; 112 char *argp; 113 int errCount = 0; 114 115 if(argc < 4) { 116 usage(argv); 117 } 118 119 /* required args */ 120 clientDefaults.hostName = argv[1]; 121 clientDefaults.password = argv[1]; 122 clientDefaults.port = atoi(argv[2]); 123 clientDefaults.myCertKcName = argv[3]; 124 125 /* optional args */ 126 for(int arg=4; arg<argc; arg++) { 127 argp = argv[arg]; 128 switch(argp[0]) { 129 case 'q': 130 clientDefaults.quiet = true; 131 break; 132 default: 133 usage(argv); 134 } 135 } 136 137 #if IGNORE_SIGPIPE 138 signal(SIGPIPE, sigpipe); 139 #endif 140 141 if(!clientDefaults.quiet) { 142 testStartBanner("nisccSimpleClient", argc, argv); 143 } 144 ourRtn = sslAppClient(&clientDefaults); 145 146 /* accept a number of returns - even success! */ 147 if((ourRtn != errSSLPeerCertUnknown) && 148 (ourRtn != errSSLPeerUnknownCA) && 149 (ourRtn != errSSLPeerRecordOverflow) && 150 (ourRtn != noErr)) { 151 printf("***Unexpected error return (%s)\n", 152 sslGetSSLErrString(ourRtn)); 153 errCount++; 154 } 155 if(ourRtn == noErr) { 156 errCount += sslVerifyClientCertState("client", 157 kSSLClientCertSent, 158 clientDefaults.certState); 159 } 160 else { 161 errCount += sslVerifyClientCertState("client", 162 clientDefaults.expectCertState, 163 clientDefaults.certState); 164 } 165 166 if(!clientDefaults.quiet) { 167 if(errCount == 0) { 168 printf("===== %s test PASSED =====\n", argv[0]); 169 ourRtn = noErr; 170 } 171 else { 172 printf("****FAIL: sslAppClient detected %d errors\n", errCount); 173 } 174 } 175 176 return errCount; 177} 178