2 * Copyright (C) 2010-2013 Martin Willi, revosec AG
3 * Copyright (C) 2013 Andreas Steffen, HSR Hochschule für Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 #include <sys/types.h>
19 #include <sys/socket.h>
26 #include <pt_tls_client.h>
31 #include <utils/debug.h>
32 #include <credentials/sets/mem_cred.h>
33 #include <utils/optionsfrom.h>
36 * Print usage information
38 static void usage(FILE *out
, char *cmd
)
40 fprintf(out
, "usage:\n");
41 fprintf(out
, " %s --connect <address> [--port <port>] [--cert <file>]+\n", cmd
);
42 fprintf(out
, " [--client <client-id>] [--secret <password>]\n");
43 fprintf(out
, " [--optionsfrom <filename>]\n");
49 static int client(char *address
, u_int16_t port
, char *identity
)
51 pt_tls_client_t
*assessment
;
53 identification_t
*server
, *client
;
57 host
= host_create_from_dns(address
, AF_UNSPEC
, port
);
62 server
= identification_create_from_string(address
);
63 client
= identification_create_from_string(identity
);
64 tnccs
= (tls_t
*)tnc
->tnccs
->create_instance(tnc
->tnccs
, TNCCS_2_0
, FALSE
,
65 server
, client
, TNC_IFT_TLS_2_0
, NULL
);
68 fprintf(stderr
, "loading TNCCS failed: %s\n", PLUGINS
);
70 server
->destroy(server
);
71 client
->destroy(client
);
74 assessment
= pt_tls_client_create(host
, server
, client
);
75 status
= assessment
->run_assessment(assessment
, (tnccs_t
*)tnccs
);
76 assessment
->destroy(assessment
);
77 tnccs
->destroy(tnccs
);
83 * In-Memory credential set
85 static mem_cred_t
*creds
;
88 * Load certificate from file
90 static bool load_certificate(char *filename
)
94 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
95 BUILD_FROM_FILE
, filename
, BUILD_END
);
98 DBG1(DBG_TLS
, "loading certificate from '%s' failed", filename
);
101 creds
->add_cert(creds
, TRUE
, cert
);
106 * Load private key from file
108 static bool load_key(char *filename
)
112 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, KEY_RSA
,
113 BUILD_FROM_FILE
, filename
, BUILD_END
);
116 DBG1(DBG_TLS
, "loading key from '%s' failed", filename
);
119 creds
->add_key(creds
, key
);
126 static level_t pt_tls_level
= 1;
128 static void dbg_pt_tls(debug_t group
, level_t level
, char *fmt
, ...)
130 if (level
<= pt_tls_level
)
135 vfprintf(stderr
, fmt
, args
);
136 fprintf(stderr
, "\n");
142 * Handles --optionsfrom arguments
149 static void cleanup()
151 lib
->processor
->cancel(lib
->processor
);
152 lib
->credmgr
->remove_set(lib
->credmgr
, &creds
->set
);
153 creds
->destroy(creds
);
154 options
->destroy(options
);
164 plugin_feature_t features
[] = {
166 PLUGIN_PROVIDE(CUSTOM
, "pt-tls-client"),
167 PLUGIN_DEPENDS(CUSTOM
, "tnccs-manager"),
173 options
= options_create();
175 lib
->plugins
->add_static_features(lib
->plugins
, "pt-tls-client", features
,
176 countof(features
), TRUE
);
177 if (!lib
->plugins
->load(lib
->plugins
,
178 lib
->settings
->get_str(lib
->settings
, "pt-tls-client.load", PLUGINS
)))
180 exit(SS_RC_INITIALIZATION_FAILED
);
183 creds
= mem_cred_create();
184 lib
->credmgr
->add_set(lib
->credmgr
, &creds
->set
);
189 int main(int argc
, char *argv
[])
191 char *address
= NULL
, *identity
= "%any", *secret
= NULL
;
192 int port
= PT_TLS_PORT
;
198 struct option long_opts
[] = {
199 {"help", no_argument
, NULL
, 'h' },
200 {"connect", required_argument
, NULL
, 'c' },
201 {"client", required_argument
, NULL
, 'i' },
202 {"secret", required_argument
, NULL
, 's' },
203 {"port", required_argument
, NULL
, 'p' },
204 {"cert", required_argument
, NULL
, 'x' },
205 {"key", required_argument
, NULL
, 'k' },
206 {"debug", required_argument
, NULL
, 'd' },
207 {"optionsfrom", required_argument
, NULL
, '+' },
210 switch (getopt_long(argc
, argv
, "", long_opts
, NULL
))
215 usage(stdout
, argv
[0]);
218 if (!load_certificate(optarg
))
224 if (!load_key(optarg
))
232 usage(stderr
, argv
[0]);
247 pt_tls_level
= atoi(optarg
);
249 case '+': /* --optionsfrom <filename> */
250 if (!options
->from(options
, optarg
, &argc
, &argv
, optind
))
256 usage(stderr
, argv
[0]);
263 usage(stderr
, argv
[0]);
268 creds
->add_shared(creds
, shared_key_create(SHARED_EAP
,
269 chunk_clone(chunk_from_str(secret
))),
270 identification_create_from_string(identity
), NULL
);
273 return client(address
, port
, identity
);