luci/libs/luci-lib-nixio/axTLS/samples/vbnet/axssl.vb

'
' Copyright (c) 2007, Cameron Rich
'
' All rights reserved.
'
' Redistribution and use in source and binary forms, with or without
' modification, are permitted provided that the following conditions are met:
'
' * Redistributions of source code must retain the above copyright notice,
'   this list of conditions and the following disclaimer.
' * Redistributions in binary form must reproduce the above copyright
'   notice, this list of conditions and the following disclaimer in the
'   documentation and/or other materials provided with the distribution.
' * Neither the name of the axTLS project nor the names of its
'   contributors may be used to endorse or promote products derived
'   from this software without specific prior written permission.
'
' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'

'
' Demonstrate the use of the axTLS library in VB.NET with a set of 
' command-line parameters similar to openssl. In fact, openssl clients 
' should be able to communicate with axTLS servers and visa-versa.
'
' This code has various bits enabled depending on the configuration. To enable
' the most interesting version, compile with the 'full mode' enabled.
'
' To see what options you have, run the following:
' > axssl.vbnet.exe s_server -?
' > axssl.vbnet.exe s_client -?
'
' The axtls shared library must be in the same directory or be found 
' by the OS.
'

Imports System
Imports System.Net
Imports System.Net.Sockets
Imports Microsoft.VisualBasic
Imports axTLSvb

Public Class axssl
    ' 
    ' do_server()
    '
    Public Sub do_server(ByVal build_mode As Integer, _
                                        ByVal args() As String)
        Dim i As Integer = 1
        Dim port As Integer = 4433
        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
        Dim quiet As Boolean = False
        Dim password As String = Nothing
        Dim private_key_file As String = Nothing

        ' organise the cert/ca_cert lists 
        Dim cert_size As Integer = SSLUtil.MaxCerts()
        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
        Dim cert(cert_size) As String
        Dim ca_cert(ca_cert_size) As String
        Dim cert_index As Integer = 0
        Dim ca_cert_index As Integer = 0

        While i < args.Length
            If args(i) = "-accept" Then
                If i >= args.Length-1
                    print_server_options(build_mode, args(i))
                End If

                i += 1
                port = Int32.Parse(args(i))
            ElseIf args(i) = "-quiet"
                quiet = True
                options = options And Not axtls.SSL_DISPLAY_CERTS
            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
                If args(i) = "-cert"
                    If i >= args.Length-1 Or cert_index >= cert_size
                        print_server_options(build_mode, args(i))
                    End If

                    i += 1
                    cert(cert_index) = args(i)
                    cert_index += 1
                ElseIf args(i) = "-key"
                    If i >= args.Length-1
                        print_server_options(build_mode, args(i))
                    End If

                    i += 1
                    private_key_file = args(i)
                    options = options Or axtls.SSL_NO_DEFAULT_KEY
                ElseIf args(i) = "-pass"
                    If i >= args.Length-1
                        print_server_options(build_mode, args(i))
                    End If

                    i += 1
                    password = args(i)
                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
                    If args(i) = "-verify" Then
                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
                    ElseIf args(i) = "-CAfile"
                        If i >= args.Length-1 Or _
                                    ca_cert_index >= ca_cert_size Then
                            print_server_options(build_mode, args(i))
                        End If

                        i += 1
                        ca_cert(ca_cert_index) = args(i)
                        ca_cert_index += 1
                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
                        If args(i) = "-debug" Then
                            options = options Or axtls.SSL_DISPLAY_BYTES
                        ElseIf args(i) = "-state"
                            options = options Or axtls.SSL_DISPLAY_STATES
                        ElseIf args(i) = "-show-rsa"
                            options = options Or axtls.SSL_DISPLAY_RSA
                        Else
                            print_server_options(build_mode, args(i))
                        End If
                    Else
                        print_server_options(build_mode, args(i))
                    End If
                Else
                    print_server_options(build_mode, args(i))
                End If
            End If

            i += 1
        End While

        ' Create socket for incoming connections
        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
        Dim server_sock As TcpListener = New TcpListener(ep)
        server_sock.Start()      

        '*********************************************************************
        ' This is where the interesting stuff happens. Up until now we've
        ' just been setting up sockets etc. Now we do the SSL handshake.
        '*********************************************************************/
        Dim ssl_ctx As SSLServer = New SSLServer(options, _
                axtls.SSL_DEFAULT_SVR_SESS)

        If ssl_ctx Is Nothing Then
            Console.Error.WriteLine("Error: Server context is invalid")
            Environment.Exit(1)
        End If

        If private_key_file <> Nothing Then
            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY

            If private_key_file.EndsWith(".p8") Then
                obj_type = axtls.SSL_OBJ_PKCS8
            Else If (private_key_file.EndsWith(".p12"))
                obj_type = axtls.SSL_OBJ_PKCS12
            End If

            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
                                            password) <> axtls.SSL_OK Then
                Console.Error.WriteLine("Error: Private key '" & _
                        private_key_file & "' is undefined.")
                Environment.Exit(1)
            End If
        End If

        For i = 0 To cert_index-1
            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
                            cert(i), Nothing) <> axtls.SSL_OK Then
                Console.WriteLine("Certificate '" & cert(i) & _
                        "' is undefined.")
                Environment.Exit(1)
            End If
        Next

        For i = 0 To ca_cert_index-1
            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
                Console.WriteLine("Certificate '" & ca_cert(i) & _
                        "' is undefined.")
                Environment.Exit(1)
            End If
        Next

        Dim buf As Byte() = Nothing
        Dim res As Integer
        Dim ssl As SSL

        While 1
            If Not quiet Then
                Console.WriteLine("ACCEPT")
            End If

            Dim client_sock As Socket = server_sock.AcceptSocket()

            ssl = ssl_ctx.Connect(client_sock)

            ' do the actual SSL handshake 
            While 1
                res = ssl_ctx.Read(ssl, buf)
                If  res <> axtls.SSL_OK Then
                    Exit While
                End If

                ' check when the connection has been established 
                If ssl.HandshakeStatus() = axtls.SSL_OK
                    Exit While
                End If

                ' could do something else here 
            End While

            If res = axtls.SSL_OK Then  ' connection established and ok
                If Not quiet
                    display_session_id(ssl)
                    display_cipher(ssl)
                End If

                ' now read (and display) whatever the client sends us
                While 1
                    ' keep reading until we get something interesting 
                    While 1
                        res = ssl_ctx.Read(ssl, buf)
                        If res <> axtls.SSL_OK Then
                            Exit While
                        End If

                        ' could do something else here
                    End While

                    If res < axtls.SSL_OK
                        If Not quiet
                            Console.WriteLine("CONNECTION CLOSED")
                        End If

                        Exit While
                    End If

                    ' convert to String 
                    Dim str(res) As Char
                    For i = 0 To res-1
                        str(i) = Chr(buf(i))
                    Next

                    Console.Write(str)
                End While
            ElseIf Not quiet
                SSLUtil.DisplayError(res)
            End If

            ' client was disconnected or the handshake failed. */
            ssl.Dispose()
            client_sock.Close()
        End While

        ssl_ctx.Dispose()
    End Sub

    ' 
    ' do_client()
    '
    Public Sub do_client(ByVal build_mode As Integer, _
                                    ByVal args() As String)

        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
            print_client_options(build_mode, args(1))
        End If

        Dim i As Integer = 1
        Dim res As Integer
        Dim port As Integer = 4433
        Dim quiet As Boolean = False
        Dim password As String = Nothing
        Dim reconnect As Integer = 0
        Dim private_key_file As String = Nothing
        Dim hostname As String = "127.0.0.1"

        ' organise the cert/ca_cert lists
        Dim ssl As SSL = Nothing
        Dim cert_size As Integer = SSLUtil.MaxCerts()
        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
        Dim cert(cert_size) As String
        Dim ca_cert(ca_cert_size) As String
        Dim cert_index As Integer = 0
        Dim ca_cert_index As Integer = 0

        Dim options As Integer = _
                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
        Dim session_id As Byte() = Nothing

        While i < args.Length
            If args(i) = "-connect" Then
                Dim host_port As String

                If i >= args.Length-1
                    print_client_options(build_mode, args(i))
                End If

                i += 1
                host_port = args(i)

                Dim index_colon As Integer = host_port.IndexOf(":"C)
                If index_colon < 0 Then 
                    print_client_options(build_mode, args(i))
                End If

                hostname = New String(host_port.ToCharArray(), _
                        0, index_colon)
                port = Int32.Parse(New String(host_port.ToCharArray(), _
                            index_colon+1, host_port.Length-index_colon-1))
            ElseIf args(i) = "-cert"
                If i >= args.Length-1 Or cert_index >= cert_size Then
                    print_client_options(build_mode, args(i))
                End If

                i += 1
                cert(cert_index) = args(i)
                cert_index += 1
            ElseIf args(i) = "-key"
                If i >= args.Length-1
                    print_client_options(build_mode, args(i))
                End If

                i += 1
                private_key_file = args(i)
                options = options Or axtls.SSL_NO_DEFAULT_KEY
            ElseIf args(i) = "-CAfile"
                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
                    print_client_options(build_mode, args(i))
                End If

                i += 1
                ca_cert(ca_cert_index) = args(i)
                ca_cert_index += 1
            ElseIf args(i) = "-verify"
                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
            ElseIf args(i) = "-reconnect"
                reconnect = 4
            ElseIf args(i) = "-quiet"
                quiet = True
                options = options And  Not axtls.SSL_DISPLAY_CERTS
            ElseIf args(i) = "-pass"
                If i >= args.Length-1
                    print_client_options(build_mode, args(i))
                End If

                i += 1
                password = args(i)
            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
                If args(i) = "-debug" Then
                    options = options Or axtls.SSL_DISPLAY_BYTES
                ElseIf args(i) = "-state"
                    options = options Or axtls.SSL_DISPLAY_STATES
                ElseIf args(i) = "-show-rsa"
                    options = options Or axtls.SSL_DISPLAY_RSA
                Else
                    print_client_options(build_mode, args(i))
                End If
            Else    ' don't know what this is 
                print_client_options(build_mode, args(i))
            End If

            i += 1
        End While

        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
        Dim  addresses As IPAddress() = hostInfo.AddressList
        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
                SocketType.Stream, ProtocolType.Tcp)
        client_sock.Connect(ep)

        If Not client_sock.Connected Then
            Console.WriteLine("could not connect")
            Environment.Exit(1)
        End If

        If Not quiet Then
            Console.WriteLine("CONNECTED")
        End If

        '*********************************************************************
        ' This is where the interesting stuff happens. Up until now we've
        ' just been setting up sockets etc. Now we do the SSL handshake.
        '*********************************************************************/
        Dim ssl_ctx As SSLClient = New SSLClient(options, _
                axtls.SSL_DEFAULT_CLNT_SESS)

        If ssl_ctx Is Nothing Then
            Console.Error.WriteLine("Error: Client context is invalid")
            Environment.Exit(1)
        End If

        If private_key_file <> Nothing Then
            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY

            If private_key_file.EndsWith(".p8") Then
                obj_type = axtls.SSL_OBJ_PKCS8
            Else If (private_key_file.EndsWith(".p12"))
                obj_type = axtls.SSL_OBJ_PKCS12
            End If

            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
                                            password) <> axtls.SSL_OK Then
                Console.Error.WriteLine("Error: Private key '" & _
                        private_key_file & "' is undefined.")
                Environment.Exit(1)
            End If
        End If

        For i = 0 To cert_index-1
            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
                            cert(i), Nothing) <> axtls.SSL_OK Then
                Console.WriteLine("Certificate '" & cert(i) & _
                        "' is undefined.")
                Environment.Exit(1)
            End If
        Next

        For i = 0 To ca_cert_index-1
            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
                Console.WriteLine("Certificate '" & ca_cert(i) & _
                        "' is undefined.")
                Environment.Exit(1)
            End If
        Next

        ' Try session resumption?
        If reconnect > 0 Then
            While reconnect > 0
                reconnect -= 1
                ssl = ssl_ctx.Connect(client_sock, session_id)

                res = ssl.HandshakeStatus()
                If res <> axtls.SSL_OK Then
                    If Not quiet Then
                        SSLUtil.DisplayError(res)
                    End If

                    ssl.Dispose()
                    Environment.Exit(1)
                End If

                display_session_id(ssl)
                session_id = ssl.GetSessionId()

                If reconnect > 0 Then
                    ssl.Dispose()
                    client_sock.Close()
                    
                    ' and reconnect
                    client_sock = New Socket(AddressFamily.InterNetwork, _
                        SocketType.Stream, ProtocolType.Tcp)
                    client_sock.Connect(ep)
                End If
            End While
        Else
            ssl = ssl_ctx.Connect(client_sock, Nothing)
        End If

        ' check the return status 
        res = ssl.HandshakeStatus()
        If res <> axtls.SSL_OK Then
            If Not quiet Then
                SSLUtil.DisplayError(res)
            End If

            Environment.Exit(1)
        End If

        If Not quiet Then
            Dim common_name As String = _
                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)

            If common_name <> Nothing
                Console.WriteLine("Common Name:" & _
                        ControlChars.Tab & ControlChars.Tab & _
                        ControlChars.Tab & common_name)
            End If

            display_session_id(ssl)
            display_cipher(ssl)
        End If

        While (1)
            Dim user_input As String = Console.ReadLine()

            If user_input = Nothing Then
                Exit While
            End If

            Dim buf(user_input.Length+1) As Byte
            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
            buf(buf.Length-1) = 0                    ' null terminate 

            For i = 0 To user_input.Length-1
                buf(i) = Asc(user_input.Chars(i))
            Next

            res = ssl_ctx.Write(ssl, buf, buf.Length)
            If res < axtls.SSL_OK Then
                If Not quiet Then
                    SSLUtil.DisplayError(res)
                End If

                Exit While
            End If
        End While

        ssl_ctx.Dispose()
    End Sub

    '
    ' Display what cipher we are using
    '
    Private Sub display_cipher(ByVal ssl As SSL)
        Console.Write("CIPHER is ")

        Select ssl.GetCipherId()
            Case axtls.SSL_AES128_SHA
                Console.WriteLine("AES128-SHA")

            Case axtls.SSL_AES256_SHA
                Console.WriteLine("AES256-SHA")

            Case axtls.SSL_RC4_128_SHA
                Console.WriteLine("RC4-SHA")

            Case axtls.SSL_RC4_128_MD5
                Console.WriteLine("RC4-MD5")

            Case Else
                Console.WriteLine("Unknown - " & ssl.GetCipherId())
        End Select
    End Sub

    '
    ' Display what session id we have.
    '
    Private Sub display_session_id(ByVal ssl As SSL)
        Dim session_id As Byte() = ssl.GetSessionId()

        If session_id.Length > 0 Then
            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
            Dim b As Byte
            For Each b In session_id
                Console.Write("{0:x02}", b)
            Next

            Console.WriteLine()
            Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
        End If
    End Sub

    ' 
    ' We've had some sort of command-line error. Print out the basic options.
    '
    Public Sub print_options(ByVal options As String)
        Console.WriteLine("axssl: Error: '" & options & _
                "' is an invalid command.")
        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
                "version] [args ...]")
        Environment.Exit(1)
    End Sub

    ' 
    ' We've had some sort of command-line error. Print out the server options.
    '
    Private Sub print_server_options(ByVal build_mode As Integer, _
                                    ByVal options As String)
        Dim cert_size As Integer = SSLUtil.MaxCerts()
        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()

        Console.WriteLine("unknown option " & options)
        Console.WriteLine("usage: s_server [args ...]")
        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
                "- port to accept on (default is 4433)")
        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
                "- No server output")
        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
               "- certificate file to add (in addition to default) to chain -")
            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
                    "  Can repeat up to " & cert_size & " times")
            Console.WriteLine(" -key arg" & ControlChars.Tab & _
                        "- Private key file to use")
            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
                    "- private key file pass phrase source")
        End If

        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
            Console.WriteLine(" -verify" & ControlChars.Tab & _
                    "- turn on peer certificate verification")
            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
                    "- Certificate authority")
            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
                    "  Can repeat up to " & ca_cert_size & " times")
        End If

        If build_mode = axtls.SSL_BUILD_FULL_MODE
            Console.WriteLine(" -debug" & _
                    ControlChars.Tab & ControlChars.Tab & _
                    "- Print more output")
            Console.WriteLine(" -state" & _
                    ControlChars.Tab & ControlChars.Tab & _
                    "- Show state messages")
            Console.WriteLine(" -show-rsa" & _
                    ControlChars.Tab & "- Show RSA state")
        End If

        Environment.Exit(1)
    End Sub

    '
    ' We've had some sort of command-line error. Print out the client options.
    '
    Private Sub print_client_options(ByVal build_mode As Integer, _
                                                ByVal options As String)
        Dim cert_size As Integer = SSLUtil.MaxCerts()
        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()

        Console.WriteLine("unknown option " & options)

        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
            Console.WriteLine("usage: s_client [args ...]")
            Console.WriteLine(" -connect host:port - who to connect to " & _
                    "(default is localhost:4433)")
            Console.WriteLine(" -verify" & ControlChars.Tab & _
                    "- turn on peer certificate verification")
            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
                    "- certificate file to use")
            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
                    "  Can repeat up to " & cert_size & " times")
            Console.WriteLine(" -key arg" & ControlChars.Tab & _
                    "- Private key file to use")
            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
                    "- Certificate authority")
            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
                    "  Can repeat up to " & ca_cert_size & " times")
            Console.WriteLine(" -quiet" & _
                    ControlChars.Tab & ControlChars.Tab & "- No client output")
            Console.WriteLine(" -pass" & ControlChars.Tab & _
                    ControlChars.Tab & _
                    "- private key file pass phrase source")
            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
                    "- Drop and re-make the " & _
                    "connection with the same Session-ID")

            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
                Console.WriteLine(" -debug" & _
                        ControlChars.Tab & ControlChars.Tab & _
                        "- Print more output")
                Console.WriteLine(" -state" & _
                        ControlChars.Tab & ControlChars.Tab & _
                        "- Show state messages")
                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
                        "- Show RSA state")
            End If
        Else 
            Console.WriteLine("Change configuration to allow this feature")
        End If

        Environment.Exit(1)
    End Sub

End Class

Public Module MyMain
    Function Main(ByVal args() As String) As Integer
        Dim runner As axssl = New axssl()

        If args.Length = 1 And args(0) = "version" Then
           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
            Environment.Exit(0)
        End If

        If args.Length < 1 
            runner.print_options("")
        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
            runner.print_options(args(0))
        End If

        Dim build_mode As Integer = SSLUtil.BuildMode()

        If args(0) = "s_server" Then
            runner.do_server(build_mode, args)
        Else
            runner.do_client(build_mode, args)
        End If
    End Function
End Module