]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/nisccSimpleClient.cpp
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / NISCC / TLS_SSL / nisccSimpleClient / nisccSimpleClient.cpp
1 /*
2 * nisccSimpleClient.cpp - just do one SSL client session expecting
3 * errSSLPeerCertUnknown and ClientCertRejected
4 */
5
6 #include <Security/SecureTransport.h>
7 #include <Security/Security.h>
8 #include <Security/SecBasePriv.h>
9 #include <clAppUtils/sslAppUtils.h>
10 #include <clAppUtils/ioSock.h>
11 #include <clAppUtils/sslThreading.h>
12 #include <security_cdsa_utils/cuFileIo.h>
13 #include <security_cdsa_utils/cuCdsaUtils.h>
14 #include <security_cdsa_utils/cuPrintCert.h>
15 #include <security_utilities/threading.h>
16 #include <security_utilities/devrandom.h>
17
18 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <string.h>
23 #include <time.h>
24 #include <ctype.h>
25 #include <sys/param.h>
26
27 /* skip certs larger than this - ST can't fragment protocol msgs (yet) */
28 #define MAX_CERT_SIZE 16000
29
30 static void usage(char **argv)
31 {
32 printf("Usage: %s hostname port keychain [q(uiet)]\n", argv[0]);
33 exit(1);
34 }
35
36 #define IGNORE_SIGPIPE 1
37 #if IGNORE_SIGPIPE
38 #include <signal.h>
39
40 void sigpipe(int sig)
41 {
42 }
43 #endif /* IGNORE_SIGPIPE */
44
45 SslAppTestParams clientDefaults =
46 {
47 NULL, // hostName - user-provided
48 true, // skipHostNameCHeck
49 0, // port - user-provided
50 NULL, NULL, // RingBuffers
51 false, // noProtSpec
52 kTLSProtocol1,
53 NULL, // acceptedProts - not used in this test
54 NULL, // myCerts - user-provided
55 NULL, // password - same as myCerts
56 false, // idIsTrustedRoot
57 true, // disableCertVerify - SPECIAL FOR THIS TEST
58 NULL, // anchorFile - not needed - right?
59 false, // replaceAnchors
60 kAlwaysAuthenticate,
61 false, // resumeEnable
62 NULL, // ciphers
63 false, // nonBlocking
64 NULL, // dhParams
65 0, // dhParamsLen
66 errSSLPeerCertUnknown, // expectRtn
67 kTLSProtocol1, // expectVersion
68 kSSLClientCertRejected,
69 SSL_CIPHER_IGNORE,
70 false, // quiet - user-provided
71 false, // silent
72 false, // verbose
73 NULL, // lock
74 0, // clientDone
75 false, // serverAbort
76 /* returned */
77 kSSLProtocolUnknown,
78 SSL_NULL_WITH_NULL_NULL,
79 kSSLClientCertNone,
80 noHardwareErr
81
82 };
83
84 static void testStartBanner(
85 char *testName,
86 int argc,
87 char **argv)
88 {
89 printf("Starting %s; args: ", testName);
90 for(int i=1; i<argc; i++) {
91 printf("%s ", argv[i]);
92 }
93 printf("\n");
94 }
95
96 /* this normally comes from libcsputils.a, which we don't link against */
97
98 extern "C" {
99 char *cssmErrToStr(CSSM_RETURN err);
100 }
101
102 char *cssmErrToStr(CSSM_RETURN err)
103 {
104 string errStr = cssmErrorString(err);
105 return const_cast<char *>(errStr.c_str());
106 }
107
108
109 int main(int argc, char **argv)
110 {
111 int ourRtn = 0;
112 char *argp;
113 int errCount = 0;
114
115 if(argc < 4) {
116 usage(argv);
117 }
118
119 /* required args */
120 clientDefaults.hostName = argv[1];
121 clientDefaults.password = argv[1];
122 clientDefaults.port = atoi(argv[2]);
123 clientDefaults.myCertKcName = argv[3];
124
125 /* optional args */
126 for(int arg=4; arg<argc; arg++) {
127 argp = argv[arg];
128 switch(argp[0]) {
129 case 'q':
130 clientDefaults.quiet = true;
131 break;
132 default:
133 usage(argv);
134 }
135 }
136
137 #if IGNORE_SIGPIPE
138 signal(SIGPIPE, sigpipe);
139 #endif
140
141 if(!clientDefaults.quiet) {
142 testStartBanner("nisccSimpleClient", argc, argv);
143 }
144 ourRtn = sslAppClient(&clientDefaults);
145
146 /* accept a number of returns - even success! */
147 if((ourRtn != errSSLPeerCertUnknown) &&
148 (ourRtn != errSSLPeerUnknownCA) &&
149 (ourRtn != errSSLPeerRecordOverflow) &&
150 (ourRtn != noErr)) {
151 printf("***Unexpected error return (%s)\n",
152 sslGetSSLErrString(ourRtn));
153 errCount++;
154 }
155 if(ourRtn == noErr) {
156 errCount += sslVerifyClientCertState("client",
157 kSSLClientCertSent,
158 clientDefaults.certState);
159 }
160 else {
161 errCount += sslVerifyClientCertState("client",
162 clientDefaults.expectCertState,
163 clientDefaults.certState);
164 }
165
166 if(!clientDefaults.quiet) {
167 if(errCount == 0) {
168 printf("===== %s test PASSED =====\n", argv[0]);
169 ourRtn = noErr;
170 }
171 else {
172 printf("****FAIL: sslAppClient detected %d errors\n", errCount);
173 }
174 }
175
176 return errCount;
177 }