2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 #include <sys/types.h>
19 #include <sys/socket.h>
24 #include <tls_socket.h>
25 #include <utils/host.h>
26 #include <credentials/sets/mem_cred.h>
29 * Print usage information
31 static void usage(FILE *out
, char *cmd
)
33 fprintf(out
, "usage:\n");
34 fprintf(out
, " %s --connect <address> --port <port> [--cert <file>]+\n", cmd
);
35 fprintf(out
, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ --oneshot\n", cmd
);
39 * Stream between stdio and TLS socket
41 static int stream(int fd
, tls_socket_t
*tls
)
52 if (select(fd
+ 1, &set
, NULL
, NULL
, NULL
) == -1)
56 if (FD_ISSET(fd
, &set
))
58 if (!tls
->read(tls
, &data
))
60 DBG1(DBG_TLS
, "TLS read error/end\n");
65 ignore_result(write(1, data
.ptr
, data
.len
));
69 if (FD_ISSET(0, &set
))
74 len
= read(0, buf
, sizeof(buf
));
81 if (!tls
->write(tls
, chunk_create(buf
, len
)))
83 DBG1(DBG_TLS
, "TLS write error\n");
94 static int client(int fd
, host_t
*host
, identification_t
*server
)
99 if (connect(fd
, host
->get_sockaddr(host
),
100 *host
->get_sockaddr_len(host
)) == -1)
102 DBG1(DBG_TLS
, "connecting to %#H failed: %m\n", host
);
105 tls
= tls_socket_create(FALSE
, server
, NULL
, fd
);
110 res
= stream(fd
, tls
);
118 static int serve(int fd
, host_t
*host
, identification_t
*server
, bool oneshot
)
123 if (bind(fd
, host
->get_sockaddr(host
),
124 *host
->get_sockaddr_len(host
)) == -1)
126 DBG1(DBG_TLS
, "binding to %#H failed: %m\n", host
);
129 if (listen(fd
, 1) == -1)
131 DBG1(DBG_TLS
, "listen to %#H failed: %m\n", host
);
137 cfd
= accept(fd
, host
->get_sockaddr(host
), host
->get_sockaddr_len(host
));
140 DBG1(DBG_TLS
, "accept failed: %m\n");
143 DBG1(DBG_TLS
, "%#H connected\n", host
);
145 tls
= tls_socket_create(TRUE
, server
, NULL
, cfd
);
151 DBG1(DBG_TLS
, "%#H disconnected\n", host
);
160 * In-Memory credential set
162 static mem_cred_t
*creds
;
165 * Load certificate from file
167 static bool load_certificate(char *filename
)
171 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
172 BUILD_FROM_FILE
, filename
, BUILD_END
);
175 DBG1(DBG_TLS
, "loading certificate from '%s' failed\n", filename
);
178 creds
->add_cert(creds
, TRUE
, cert
);
183 * Load private key from file
185 static bool load_key(char *filename
)
189 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, KEY_RSA
,
190 BUILD_FROM_FILE
, filename
, BUILD_END
);
193 DBG1(DBG_TLS
, "loading key from '%s' failed\n", filename
);
196 creds
->add_key(creds
, key
);
203 static level_t tls_level
= 1;
205 static void dbg_tls(debug_t group
, level_t level
, char *fmt
, ...)
207 if ((group
== DBG_TLS
&& level
<= tls_level
) || level
<= 1)
212 vfprintf(stderr
, fmt
, args
);
213 fprintf(stderr
, "\n");
221 static void cleanup()
223 lib
->credmgr
->remove_set(lib
->credmgr
, &creds
->set
);
224 creds
->destroy(creds
);
237 lib
->plugins
->load(lib
->plugins
, NULL
, PLUGINS
);
239 creds
= mem_cred_create();
240 lib
->credmgr
->add_set(lib
->credmgr
, &creds
->set
);
245 int main(int argc
, char *argv
[])
247 char *address
= NULL
;
248 bool listen
= FALSE
, oneshot
= FALSE
;
249 int port
= 0, fd
, res
;
250 identification_t
*server
;
257 struct option long_opts
[] = {
258 {"help", no_argument
, NULL
, 'h' },
259 {"connect", required_argument
, NULL
, 'c' },
260 {"listen", required_argument
, NULL
, 'l' },
261 {"port", required_argument
, NULL
, 'p' },
262 {"cert", required_argument
, NULL
, 'x' },
263 {"key", required_argument
, NULL
, 'k' },
264 {"oneshot", no_argument
, NULL
, 'o' },
265 {"debug", required_argument
, NULL
, 'd' },
268 switch (getopt_long(argc
, argv
, "", long_opts
, NULL
))
273 usage(stdout
, argv
[0]);
276 if (!load_certificate(optarg
))
282 if (!load_key(optarg
))
293 usage(stderr
, argv
[0]);
305 tls_level
= atoi(optarg
);
308 usage(stderr
, argv
[0]);
313 if (!port
|| !address
)
315 usage(stderr
, argv
[0]);
318 if (oneshot
&& !listen
)
320 usage(stderr
, argv
[0]);
324 fd
= socket(AF_INET
, SOCK_STREAM
, 0);
327 DBG1(DBG_TLS
, "opening socket failed: %m\n");
330 host
= host_create_from_dns(address
, 0, port
);
333 DBG1(DBG_TLS
, "resolving hostname %s failed\n", address
);
337 server
= identification_create_from_string(address
);
340 res
= serve(fd
, host
, server
, oneshot
);
344 res
= client(fd
, host
, server
);
348 server
->destroy(server
);
projects / strongswan.git / blob