libreCMC/package/luci/libs/luci-lib-nixio/axTLS/samples/csharp/axssl.cs

/*
 * Copyright (c) 2007, Cameron Rich
 * 
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, 
 *   this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright notice, 
 *   this list of conditions and the following disclaimer in the documentation 
 *   and/or other materials provided with the distribution.
 * * Neither the name of the axTLS project nor the names of its contributors 
 *   may be used to endorse or promote products derived from this software 
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/**
 * Demonstrate the use of the axTLS library in C# with a set of 
 * command-line parameters similar to openssl. In fact, openssl clients 
 * should be able to communicate with axTLS servers and visa-versa.
 *
 * This code has various bits enabled depending on the configuration. To enable
 * the most interesting version, compile with the 'full mode' enabled.
 *
 * To see what options you have, run the following:
 * > axssl.csharp.exe s_server -?
 * > axssl.csharp.exe s_client -?
 *
 * The axtls shared library must be in the same directory or be found 
 * by the OS.
 */

using System;
using System.Net;
using System.Net.Sockets;
using axTLS;

public class axssl
{
    /*
     * Main()
     */
    public static void Main(string[] args)
    {
        if (args.Length == 1 && args[0] == "version")
        {
            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
            Environment.Exit(0); 
        }

        axssl runner = new axssl();

        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
            runner.print_options(args.Length > 0 ? args[0] : "");

        int build_mode = SSLUtil.BuildMode();

        if (args[0] == "s_server")
            runner.do_server(build_mode, args);
        else 
            runner.do_client(build_mode, args);
    }

    /*
     * do_server()
     */
    private void do_server(int build_mode, string[] args)
    {
        int i = 1;
        int port = 4433;
        uint options = axtls.SSL_DISPLAY_CERTS;
        bool quiet = false;
        string password = null;
        string private_key_file = null;

        /* organise the cert/ca_cert lists */
        int cert_size = SSLUtil.MaxCerts();
        int ca_cert_size = SSLUtil.MaxCACerts();
        string[] cert = new string[cert_size];
        string[] ca_cert = new string[ca_cert_size];
        int cert_index = 0;
        int ca_cert_index = 0;

        while (i < args.Length)
        {
            if (args[i] == "-accept")
            {
                if (i >= args.Length-1)
                {
                    print_server_options(build_mode, args[i]);
                }

                port = Int32.Parse(args[++i]);
            }
            else if (args[i] == "-quiet")
            {
                quiet = true;
                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
            }
            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
            {
                if (args[i] == "-cert")
                {
                    if (i >= args.Length-1 || cert_index >= cert_size)
                    {
                        print_server_options(build_mode, args[i]);
                    }

                    cert[cert_index++] = args[++i];
                }
                else if (args[i] == "-key")
                {
                    if (i >= args.Length-1)
                    {
                        print_server_options(build_mode, args[i]);
                    }

                    private_key_file = args[++i];
                    options |= axtls.SSL_NO_DEFAULT_KEY;
                }
                else if (args[i] == "-pass")
                {
                    if (i >= args.Length-1)
                    {
                        print_server_options(build_mode, args[i]);
                    }

                    password = args[++i];
                }
                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
                {
                    if (args[i] == "-verify")
                    {
                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
                    }
                    else if (args[i] == "-CAfile")
                    {
                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
                        {
                            print_server_options(build_mode, args[i]);
                        }

                        ca_cert[ca_cert_index++] = args[++i];
                    }
                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
                    {
                        if (args[i] == "-debug")
                        {
                            options |= axtls.SSL_DISPLAY_BYTES;
                        }
                        else if (args[i] == "-state")
                        {
                            options |= axtls.SSL_DISPLAY_STATES;
                        }
                        else if (args[i] == "-show-rsa")
                        {
                            options |= axtls.SSL_DISPLAY_RSA;
                        }
                        else
                            print_server_options(build_mode, args[i]);
                    }
                    else
                        print_server_options(build_mode, args[i]);
                }
                else 
                    print_server_options(build_mode, args[i]);
            }
            else
                print_server_options(build_mode, args[i]);

            i++;
        }

        /* Create socket for incoming connections */
        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
        TcpListener server_sock = new TcpListener(ep);
        server_sock.Start();      

        /**********************************************************************
         * This is where the interesting stuff happens. Up until now we've
         * just been setting up sockets etc. Now we do the SSL handshake.
         **********************************************************************/
        SSLServer ssl_ctx = new SSLServer(
                                options, axtls.SSL_DEFAULT_SVR_SESS);

        if (ssl_ctx == null)
        {
            Console.Error.WriteLine("Error: Server context is invalid");
            Environment.Exit(1);
        }

        if (private_key_file != null)
        {
            int obj_type = axtls.SSL_OBJ_RSA_KEY;

            if (private_key_file.EndsWith(".p8"))
                obj_type = axtls.SSL_OBJ_PKCS8;
            else if (private_key_file.EndsWith(".p12"))
                obj_type = axtls.SSL_OBJ_PKCS12;

            if (ssl_ctx.ObjLoad(obj_type,
                             private_key_file, password) != axtls.SSL_OK)
            {
                Console.Error.WriteLine("Private key '" + private_key_file +
                                                            "' is undefined.");
                Environment.Exit(1);
            }
        }

        for (i = 0; i < cert_index; i++)
        {
            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
                                        cert[i], null) != axtls.SSL_OK)
            {
                Console.WriteLine("Certificate '" + cert[i] + 
                        "' is undefined.");
                Environment.Exit(1);
            }
        }

        for (i = 0; i < ca_cert_index; i++)
        {
            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
                                        ca_cert[i], null) != axtls.SSL_OK)
            {
                Console.WriteLine("Certificate '" + cert[i] + 
                                                        "' is undefined.");
                Environment.Exit(1);
            }
        }

        byte[] buf = null;
        int res;

        for (;;)
        {
            if (!quiet)
            {
                Console.WriteLine("ACCEPT");
            }

            Socket client_sock = server_sock.AcceptSocket();

            SSL ssl = ssl_ctx.Connect(client_sock);

            /* do the actual SSL handshake */
            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
            {
                /* check when the connection has been established */
                if (ssl.HandshakeStatus() == axtls.SSL_OK)
                    break;

                /* could do something else here */
            }

            if (res == axtls.SSL_OK) /* connection established and ok */
            {
                if (!quiet)
                {
                    display_session_id(ssl);
                    display_cipher(ssl);
                }

                /* now read (and display) whatever the client sends us */
                for (;;)
                {
                    /* keep reading until we get something interesting */
                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
                    {
                        /* could do something else here */
                    }

                    if (res < axtls.SSL_OK)
                    {
                        if (!quiet)
                        {
                            Console.WriteLine("CONNECTION CLOSED");
                        }

                        break;
                    }

                    /* convert to string */
                    char[] str = new char[res];
                    for (i = 0; i < res; i++)
                    {
                        str[i] = (char)buf[i];
                    }

                    Console.Write(str);
                }
            }
            else if (!quiet)
            {
                SSLUtil.DisplayError(res);
            }

            /* client was disconnected or the handshake failed. */
            ssl.Dispose();
            client_sock.Close();
        }

        /* ssl_ctx.Dispose(); */
    }

    /*
     * do_client()
     */
    private void do_client(int build_mode, string[] args)
    {
        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
        {
            print_client_options(build_mode, args[1]);
        }

        int i = 1, res;
        int port = 4433;
        bool quiet = false;
        string password = null;
        int reconnect = 0;
        string private_key_file = null;
        string hostname = "127.0.0.1";

        /* organise the cert/ca_cert lists */
        int cert_index = 0;
        int ca_cert_index = 0;
        int cert_size = SSLUtil.MaxCerts();
        int ca_cert_size = SSLUtil.MaxCACerts();
        string[] cert = new string[cert_size];
        string[] ca_cert = new string[ca_cert_size];

        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
        byte[] session_id = null;

        while (i < args.Length)
        {
            if (args[i] == "-connect")
            {
                string host_port;

                if (i >= args.Length-1)
                {
                    print_client_options(build_mode, args[i]);
                }

                host_port = args[++i];
                int index_colon;

                if ((index_colon = host_port.IndexOf(':')) < 0)
                    print_client_options(build_mode, args[i]);

                hostname = new string(host_port.ToCharArray(), 
                        0, index_colon);
                port = Int32.Parse(new String(host_port.ToCharArray(), 
                            index_colon+1, host_port.Length-index_colon-1));
            }
            else if (args[i] == "-cert")
            {
                if (i >= args.Length-1 || cert_index >= cert_size)
                {
                    print_client_options(build_mode, args[i]);
                }

                cert[cert_index++] = args[++i];
            }
            else if (args[i] == "-key")
            {
                if (i >= args.Length-1)
                {
                    print_client_options(build_mode, args[i]);
                }

                private_key_file = args[++i];
                options |= axtls.SSL_NO_DEFAULT_KEY;
            }
            else if (args[i] == "-CAfile")
            {
                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
                {
                    print_client_options(build_mode, args[i]);
                }

                ca_cert[ca_cert_index++] = args[++i];
            }
            else if (args[i] == "-verify")
            {
                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
            }
            else if (args[i] == "-reconnect")
            {
                reconnect = 4;
            }
            else if (args[i] == "-quiet")
            {
                quiet = true;
                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
            }
            else if (args[i] == "-pass")
            {
                if (i >= args.Length-1)
                {
                    print_client_options(build_mode, args[i]);
                }

                password = args[++i];
            }
            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
            {
                if (args[i] == "-debug")
                {
                    options |= axtls.SSL_DISPLAY_BYTES;
                }
                else if (args[i] == "-state")
                {
                    options |= axtls.SSL_DISPLAY_STATES;
                }
                else if (args[i] == "-show-rsa")
                {
                    options |= axtls.SSL_DISPLAY_RSA;
                }
                else
                    print_client_options(build_mode, args[i]);
            }
            else    /* don't know what this is */
                print_client_options(build_mode, args[i]);

            i++;
        }

        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
        IPAddress[] addresses = hostInfo.AddressList;
        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
                SocketType.Stream, ProtocolType.Tcp);
        client_sock.Connect(ep);

        if (!client_sock.Connected)
        {
            Console.WriteLine("could not connect");
            Environment.Exit(1);
        }

        if (!quiet)
        {
            Console.WriteLine("CONNECTED");
        }

        /**********************************************************************
         * This is where the interesting stuff happens. Up until now we've
         * just been setting up sockets etc. Now we do the SSL handshake.
         **********************************************************************/
        SSLClient ssl_ctx = new SSLClient(options,
                                    axtls.SSL_DEFAULT_CLNT_SESS);

        if (ssl_ctx == null)
        {
            Console.Error.WriteLine("Error: Client context is invalid");
            Environment.Exit(1);
        }

        if (private_key_file != null)
        {
            int obj_type = axtls.SSL_OBJ_RSA_KEY;

            if (private_key_file.EndsWith(".p8"))
                obj_type = axtls.SSL_OBJ_PKCS8;
            else if (private_key_file.EndsWith(".p12"))
                obj_type = axtls.SSL_OBJ_PKCS12;

            if (ssl_ctx.ObjLoad(obj_type,
                             private_key_file, password) != axtls.SSL_OK)
            {
                Console.Error.WriteLine("Private key '" + private_key_file +
                                                            "' is undefined.");
                Environment.Exit(1);
            }
        }

        for (i = 0; i < cert_index; i++)
        {
            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
                                        cert[i], null) != axtls.SSL_OK)
            {
                Console.WriteLine("Certificate '" + cert[i] + 
                        "' is undefined.");
                Environment.Exit(1);
            }
        }

        for (i = 0; i < ca_cert_index; i++)
        {
            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
                                        ca_cert[i], null) != axtls.SSL_OK)
            {
                Console.WriteLine("Certificate '" + cert[i] + 
                                                        "' is undefined.");
                Environment.Exit(1);
            }
        }

        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */

        /* Try session resumption? */
        if (reconnect > 0)
        {
            while (reconnect-- > 0)
            {
                ssl = ssl_ctx.Connect(client_sock, session_id);

                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
                {
                    if (!quiet)
                    {
                        SSLUtil.DisplayError(res);
                    }

                    ssl.Dispose();
                    Environment.Exit(1);
                }

                display_session_id(ssl);
                session_id = ssl.GetSessionId();

                if (reconnect > 0)
                {
                    ssl.Dispose();
                    client_sock.Close();
                    
                    /* and reconnect */
                    client_sock = new Socket(AddressFamily.InterNetwork, 
                        SocketType.Stream, ProtocolType.Tcp);
                    client_sock.Connect(ep);
                }
            }
        }
        else
        {
            ssl = ssl_ctx.Connect(client_sock, null);
        }

        /* check the return status */
        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
        {
            if (!quiet)
            {
                SSLUtil.DisplayError(res);
            }

            Environment.Exit(1);
        }

        if (!quiet)
        {
            string common_name =
                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);

            if (common_name != null)
            {
                Console.WriteLine("Common Name:\t\t\t" + common_name);
            }

            display_session_id(ssl);
            display_cipher(ssl);
        }

        for (;;)
        {
            string user_input = Console.ReadLine();

            if (user_input == null)
                break;

            byte[] buf = new byte[user_input.Length+2];
            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
            buf[buf.Length-1] = 0;              /* null terminate */

            for (i = 0; i < buf.Length-2; i++)
            {
                buf[i] = (byte)user_input[i];
            }

            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
            {
                if (!quiet)
                {
                    SSLUtil.DisplayError(res);
                }

                break;
            }
        }

        ssl_ctx.Dispose();
    }

    /**
     * We've had some sort of command-line error. Print out the basic options.
     */
    private void print_options(string option)
    {
        Console.WriteLine("axssl: Error: '" + option + 
                "' is an invalid command.");
        Console.WriteLine("usage: axssl.csharp [s_server|" +
                            "s_client|version] [args ...]");
        Environment.Exit(1);
    }

    /**
     * We've had some sort of command-line error. Print out the server options.
     */
    private void print_server_options(int build_mode, string option)
    {
        int cert_size = SSLUtil.MaxCerts();
        int ca_cert_size = SSLUtil.MaxCACerts();

        Console.WriteLine("unknown option " + option);
        Console.WriteLine("usage: s_server [args ...]");
        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
                "is 4433)");
        Console.WriteLine(" -quiet\t\t- No server output");

        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
        {
          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
                  "addition to default) to chain -");
          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
          Console.WriteLine(" -key arg\t- Private key file to use");
          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
        }

        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
        {
            Console.WriteLine(" -verify\t- turn on peer certificate " +
                    "verification");
            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
            Console.WriteLine("\t\t  Can repeat up to " + 
                    ca_cert_size + "times");
        }

        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
        {
            Console.WriteLine(" -debug\t\t- Print more output");
            Console.WriteLine(" -state\t\t- Show state messages");
            Console.WriteLine(" -show-rsa\t- Show RSA state");
        }

        Environment.Exit(1);
    }

    /**
     * We've had some sort of command-line error. Print out the client options.
     */
    private void print_client_options(int build_mode, string option)
    {
        int cert_size = SSLUtil.MaxCerts();
        int ca_cert_size = SSLUtil.MaxCACerts();

        Console.WriteLine("unknown option " + option);

        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
        {
            Console.WriteLine("usage: s_client [args ...]");
            Console.WriteLine(" -connect host:port - who to connect to " + 
                    "(default is localhost:4433)");
            Console.WriteLine(" -verify\t- turn on peer certificate " + 
                    "verification");
            Console.WriteLine(" -cert arg\t- certificate file to use");
            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
            Console.WriteLine(" -key arg\t- Private key file to use");
            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
                    " times");
            Console.WriteLine(" -quiet\t\t- No client output");
            Console.WriteLine(" -pass\t\t- private key file pass " + 
                    "phrase source");
            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
                    "connection with the same Session-ID");

            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
            {
                Console.WriteLine(" -debug\t\t- Print more output");
                Console.WriteLine(" -state\t\t- Show state messages");
                Console.WriteLine(" -show-rsa\t- Show RSA state");
            }
        }
        else 
        {
            Console.WriteLine("Change configuration to allow this feature");
        }

        Environment.Exit(1);
    }

    /**
     * Display what cipher we are using 
     */
    private void display_cipher(SSL ssl)
    {
        Console.Write("CIPHER is ");

        switch (ssl.GetCipherId())
        {
            case axtls.SSL_AES128_SHA:
                Console.WriteLine("AES128-SHA");
                break;

            case axtls.SSL_AES256_SHA:
                Console.WriteLine("AES256-SHA");
                break;

            case axtls.SSL_RC4_128_SHA:
                Console.WriteLine("RC4-SHA");
                break;

            case axtls.SSL_RC4_128_MD5:
                Console.WriteLine("RC4-MD5");
                break;

            default:
                Console.WriteLine("Unknown - " + ssl.GetCipherId());
                break;
        }
    }

    /**
     * Display what session id we have.
     */
    private void display_session_id(SSL ssl)
    {    
        byte[] session_id = ssl.GetSessionId();

        if (session_id.Length > 0)
        {
            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
            foreach (byte b in session_id)
            {
                Console.Write("{0:x02}", b);
            }

            Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
        }
    }
}