Blame - programs/x509/cert_app.c - mirror/mbed-tls

blob: d924cb144ae444e8ee0cd1683670c58a8cb3a377 [file] [log] [blame]

Paul Bakker	4fc4552	2010-03-18 20:11:58 +0000	[diff] [blame]	1	/*
				2	* Certificate reading application
				3	*
Paul Bakker	fc8c436	2010-03-21 17:37:16 +0000	[diff] [blame]	4	* Copyright (C) 2006-2010, Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	4fc4552	2010-03-18 20:11:58 +0000	[diff] [blame]	5	* All rights reserved.
				6	*
Paul Bakker	4fc4552	2010-03-18 20:11:58 +0000	[diff] [blame]	7	* This program is free software; you can redistribute it and/or modify
				8	* it under the terms of the GNU General Public License as published by
				9	* the Free Software Foundation; either version 2 of the License, or
				10	* (at your option) any later version.
				11	*
				12	* This program is distributed in the hope that it will be useful,
				13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				15	* GNU General Public License for more details.
				16	*
				17	* You should have received a copy of the GNU General Public License along
				18	* with this program; if not, write to the Free Software Foundation, Inc.,
				19	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				20	*/
				21
				22	#ifndef _CRT_SECURE_NO_DEPRECATE
				23	#define _CRT_SECURE_NO_DEPRECATE 1
				24	#endif
				25
				26	#include <string.h>
				27	#include <stdlib.h>
				28	#include <stdio.h>
				29
				30	#include "polarssl/havege.h"
				31	#include "polarssl/net.h"
				32	#include "polarssl/ssl.h"
				33	#include "polarssl/x509.h"
				34
				35	#define MODE_NONE 0
				36	#define MODE_FILE 1
				37	#define MODE_SSL 2
				38
				39	#define DFL_MODE MODE_NONE
				40	#define DFL_FILENAME "cert.crt"
				41	#define DFL_SERVER_NAME "localhost"
				42	#define DFL_SERVER_PORT 4433
				43	#define DFL_DEBUG_LEVEL 0
				44
				45	/*
				46	* global options
				47	*/
				48	struct options
				49	{
				50	int mode; /* the mode to run the application in */
				51	char filename; / filename of the certificate file */
				52	char server_name; / hostname of the server (client only) */
				53	int server_port; /* port on which the ssl service runs */
				54	int debug_level; /* level of debugging */
				55	} opt;
				56
				57	void my_debug( void ctx, int level, const char str )
				58	{
				59	if( level < opt.debug_level )
				60	{
				61	fprintf( (FILE *) ctx, "%s", str );
				62	fflush( (FILE *) ctx );
				63	}
				64	}
				65
				66	#define USAGE \
				67	"\n usage: cert_app param=<>...\n" \
				68	"\n acceptable parameters:\n" \
				69	" mode=file\|ssl default: none\n" \
				70	" filename=%%s default: cert.crt\n" \
				71	" server_name=%%s default: localhost\n" \
				72	" server_port=%%d default: 4433\n" \
				73	" debug_level=%%d default: 0 (disabled)\n" \
				74	"\n"
				75
				76	int main( int argc, char *argv[] )
				77	{
				78	int ret = 0, server_fd;
				79	unsigned char buf[1024];
				80	havege_state hs;
				81	ssl_context ssl;
				82	ssl_session ssn;
				83	x509_cert clicert;
				84	rsa_context rsa;
				85	int i, j, n;
				86	char p, q;
				87
				88	if( argc == 0 )
				89	{
				90	usage:
				91	printf( USAGE );
				92	goto exit;
				93	}
				94
				95	opt.mode = DFL_MODE;
				96	opt.filename = DFL_FILENAME;
				97	opt.server_name = DFL_SERVER_NAME;
				98	opt.server_port = DFL_SERVER_PORT;
				99	opt.debug_level = DFL_DEBUG_LEVEL;
				100
				101	for( i = 1; i < argc; i++ )
				102	{
				103	n = strlen( argv[i] );
				104
				105	for( j = 0; j < n; j++ )
				106	{
				107	if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
				108	argv[i][j] \|= 0x20;
				109	}
				110
				111	p = argv[i];
				112	if( ( q = strchr( p, '=' ) ) == NULL )
				113	goto usage;
				114	*q++ = '\0';
				115
				116	if( strcmp( p, "mode" ) == 0 )
				117	{
				118	if( strcmp( q, "file" ) == 0 )
				119	opt.mode = MODE_FILE;
				120	else if( strcmp( q, "ssl" ) == 0 )
				121	opt.mode = MODE_SSL;
				122	else
				123	goto usage;
				124	}
				125	else if( strcmp( p, "filename" ) == 0 )
				126	opt.filename = q;
				127	else if( strcmp( p, "server_name" ) == 0 )
				128	opt.server_name = q;
				129	else if( strcmp( p, "server_port" ) == 0 )
				130	{
				131	opt.server_port = atoi( q );
				132	if( opt.server_port < 1 \|\| opt.server_port > 65535 )
				133	goto usage;
				134	}
				135	else if( strcmp( p, "debug_level" ) == 0 )
				136	{
				137	opt.debug_level = atoi( q );
				138	if( opt.debug_level < 0 \|\| opt.debug_level > 65535 )
				139	goto usage;
				140	}
				141	else
				142	goto usage;
				143	}
				144
				145	if( opt.mode == MODE_FILE )
				146	{
				147	x509_cert crt;
				148
				149	memset( &crt, 0, sizeof( x509_cert ) );
				150
				151	/*
				152	* 1.1. Load the certificate
				153	*/
				154	printf( "\n . Loading the certificate ..." );
				155	fflush( stdout );
				156
				157	ret = x509parse_crtfile( &crt, opt.filename );
				158
				159	if( ret != 0 )
				160	{
				161	printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
				162	x509_free( &crt );
				163	goto exit;
				164	}
				165
				166	printf( " ok\n" );
				167
				168	/*
				169	* 1.2 Print the certificate
				170	*/
				171	printf( " . Peer certificate information ...\n" );
				172	ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
				173	if( ret == -1 )
				174	{
				175	printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
				176	x509_free( &crt );
				177	goto exit;
				178	}
				179
				180	printf( "%s\n", buf );
				181
				182	x509_free( &crt );
				183	}
				184	else if( opt.mode == MODE_SSL )
				185	{
				186	/*
				187	* 1. Initialize the RNG and the session data
				188	*/
				189	havege_init( &hs );
				190	memset( &ssn, 0, sizeof( ssl_session ) );
				191
				192	/*
				193	* 2. Start the connection
				194	*/
				195	printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
				196	opt.server_port );
				197	fflush( stdout );
				198
				199	if( ( ret = net_connect( &server_fd, opt.server_name,
				200	opt.server_port ) ) != 0 )
				201	{
				202	printf( " failed\n ! net_connect returned %d\n\n", ret );
				203	goto exit;
				204	}
				205
				206	/*
				207	* 3. Setup stuff
				208	*/
				209	if( ( ret = ssl_init( &ssl ) ) != 0 )
				210	{
				211	printf( " failed\n ! ssl_init returned %d\n\n", ret );
				212	goto exit;
				213	}
				214
				215	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
				216	ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
				217
				218	ssl_set_rng( &ssl, havege_rand, &hs );
				219	ssl_set_dbg( &ssl, my_debug, stdout );
				220	ssl_set_bio( &ssl, net_recv, &server_fd,
				221	net_send, &server_fd );
				222
				223	ssl_set_ciphers( &ssl, ssl_default_ciphers );
				224	ssl_set_session( &ssl, 1, 600, &ssn );
				225
				226	ssl_set_own_cert( &ssl, &clicert, &rsa );
				227
				228	ssl_set_hostname( &ssl, opt.server_name );
				229
				230	/*
				231	* 4. Handshake
				232	*/
				233	while( ( ret = ssl_handshake( &ssl ) ) != 0 )
				234	{
				235	if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
				236	{
				237	printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
				238	goto exit;
				239	}
				240	}
				241
				242	printf( " ok\n" );
				243
				244	/*
				245	* 5. Print the certificate
				246	*/
				247	printf( " . Peer certificate information ...\n" );
				248	ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
				249	if( ret == -1 )
				250	{
				251	printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
				252	goto exit;
				253	}
				254
				255	printf( "%s\n", buf );
				256
				257	ssl_close_notify( &ssl );
				258	}
				259	else
				260	goto usage;
				261
				262	exit:
				263
				264	net_close( server_fd );
				265	x509_free( &clicert );
				266	rsa_free( &rsa );
				267	ssl_free( &ssl );
				268
				269	memset( &ssl, 0, sizeof( ssl ) );
				270
				271	#ifdef WIN32
				272	printf( " + Press Enter to exit this program.\n" );
				273	fflush( stdout ); getchar();
				274	#endif
				275
				276	return( ret );
				277	}