📄 sreqresp.c
字号:
if( !connectOCSP( CRYPT_SESSION_OCSP, FALSE, FALSE, FALSE ) )
return( FALSE );
if( !connectOCSPDirect() )
return( FALSE );
#if OCSP_SERVER_NO == 1
if( !( connectOCSP( CRYPT_SESSION_OCSP, TRUE, FALSE, FALSE ) ) )
return( FALSE );
return( connectOCSP( CRYPT_SESSION_OCSP, FALSE, TRUE, FALSE ) );
#else
return( TRUE );
#endif /* Server that has a revoked cert */
}
int testSessionOCSPServer( void )
{
return( connectOCSP( CRYPT_SESSION_OCSP_SERVER, FALSE, FALSE, FALSE ) );
}
/* Perform a client/server loopback test */
#ifdef WINDOWS_THREADS
unsigned __stdcall ocspServerThread( void *dummy )
{
connectOCSP( CRYPT_SESSION_OCSP_SERVER, FALSE, FALSE, TRUE );
_endthreadex( 0 );
return( 0 );
}
int testSessionOCSPClientServer( void )
{
HANDLE hThread;
unsigned threadID;
int status;
/* Start the server and wait for it to initialise */
hThread = ( HANDLE ) _beginthreadex( NULL, 0, &ocspServerThread,
NULL, 0, &threadID );
Sleep( 1000 );
/* Connect to the local server */
status = connectOCSP( CRYPT_SESSION_OCSP, FALSE, FALSE, TRUE );
if( WaitForSingleObject( hThread, 15000 ) == WAIT_TIMEOUT )
{
puts( "Warning: Server thread is still active due to session "
"negotiation failure,\n this will cause an error "
"condition when cryptEnd() is called due\n to "
"resources remaining allocated. Press a key to continue." );
getchar();
}
CloseHandle( hThread );
return( status );
}
#endif /* WINDOWS_THREADS */
/****************************************************************************
* *
* TSP Routines Test *
* *
****************************************************************************/
/* There are various test TSP servers running, the following remapping allows
us to switch between them in the hope of finding at least one which is
actually working. Implementation peculiarities:
#1 - cryptlib:
None.
#2 - Peter Sylvester
Requires Host: header even for HTTP 1.0.
#3 - Timeproof
None (currently not active).
#4 - Korea Mobile Payment Service
Currently not active.
#5 - IAIK Graz
Never been seen active.
#6 - Fst s.r.l.
Returns garbled TCP-socket-protocol header.
#7 - Datum
Almost never active
#8 - Chinese University of Hong Kong
None, info at http://www.e-timestamping.com/status.html.
#9 - SeMarket
None
#10 - Entrust
None
#11 - nCipher
Very slow TSP, requires extended read timeout to get response */
#define TSP_SERVER1_NAME TEXT( "localhost" )
#define TSP_SERVER2_NAME TEXT( "http://www.edelweb.fr/cgi-bin/service-tsp" )
#define TSP_SERVER3_NAME TEXT( "tcp://test.timeproof.de" )
#define TSP_SERVER4_NAME TEXT( "tcp://203.238.37.132:3318" )
#define TSP_SERVER5_NAME TEXT( "tcp://neurath.iaik.at" )
#define TSP_SERVER6_NAME TEXT( "tcp://ricerca.fst.it" )
#define TSP_SERVER7_NAME TEXT( "tcp://tssdemo2.datum.com" )
#define TSP_SERVER8_NAME TEXT( "tcp://ts2.itsc.cuhk.edu.hk:3318" )
#define TSP_SERVER9_NAME TEXT( "tcp://80.81.104.150" )
#define TSP_SERVER10_NAME TEXT( "http://vsinterop.entrust.com:7001/verificationserver/rfc3161timestamp" )
#define TSP_SERVER11_NAME TEXT( "tcp://dse200.ncipher.com" )
#define TSP_SERVER_NAME TSP_SERVER2_NAME
#define TSP_SERVER_NO 2
/* Perform a timestamping test */
static int testTSP( const CRYPT_SESSION cryptSession,
const BOOLEAN isServer,
const BOOLEAN isRecycledConnection )
{
int status;
/* If we're the client, create a message imprint to timestamp */
if( !isServer )
{
CRYPT_CONTEXT hashContext;
/* Create the hash value to add to the TSP request */
cryptCreateContext( &hashContext, CRYPT_UNUSED, CRYPT_ALGO_SHA );
cryptEncrypt( hashContext, "12345678", 8 );
cryptEncrypt( hashContext, "", 0 );
if( isRecycledConnection )
{
/* If we're moving further data over an existing connection,
delete the message imprint from the previous run */
status = cryptDeleteAttribute( cryptSession,
CRYPT_SESSINFO_TSP_MSGIMPRINT );
if( cryptStatusError( status ) )
{
printf( "cryptDeleteAttribute() failed with error code %d, "
"line %d.\n", status, __LINE__ );
return( FALSE );
}
}
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_TSP_MSGIMPRINT,
hashContext );
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute() failed with error code %d, line "
"%d.\n", status, __LINE__ );
return( FALSE );
}
cryptDestroyContext( hashContext );
}
/* Active the session and timestamp the message */
#if TSP_SERVER_NO == 11
cryptSetAttribute( cryptSession, CRYPT_OPTION_NET_READTIMEOUT, 30 );
#endif /* Very slow TSP */
status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_ACTIVE, TRUE );
if( isServer )
printConnectInfo( cryptSession );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, isServer ? \
"SVR: Attempt to activate TSP server session" : \
"Attempt to activate TSP client session", status,
__LINE__ );
cryptDestroySession( cryptSession );
if( status == CRYPT_ERROR_OPEN || status == CRYPT_ERROR_NOTFOUND || \
status == CRYPT_ERROR_TIMEOUT || status == CRYPT_ERROR_PERMISSION )
{
/* These servers are constantly appearing and disappearing so if
we get a straight connect error we don't treat it as a serious
failure. In addition we can get server busy and no permission
to access errors that are also treated as soft errors */
puts( " (Server could be down, faking it and continuing...)\n" );
return( CRYPT_ERROR_FAILED );
}
return( FALSE );
}
/* There's not much more we can do in the client at this point since the
TSP data is only used internally by cryptlib, OTOH if we get to here
then we've received a valid response from the TSA so all is OK */
if( !isServer )
{
CRYPT_ENVELOPE cryptEnvelope;
BYTE buffer[ BUFFER_SIZE ];
int bytesCopied;
status = cryptGetAttribute( cryptSession, CRYPT_SESSINFO_RESPONSE,
&cryptEnvelope );
if( cryptStatusError( status ) )
{
printExtError( cryptSession, "Attempt to process returned "
"timestamp", status, __LINE__ );
return( FALSE );
}
status = cryptPopData( cryptEnvelope, buffer, BUFFER_SIZE,
&bytesCopied );
if( cryptStatusError( status ) )
{
printf( "cryptPopData() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
printf( "Timestamp data size = %d bytes.\n", bytesCopied );
debugDump( "tstinfo", buffer, bytesCopied );
cryptDestroyEnvelope( cryptEnvelope );
}
return( TRUE );
}
static int connectTSP( const CRYPT_SESSION_TYPE sessionType,
const CRYPT_HANDLE externalCryptContext,
const BOOLEAN persistentConnection,
const BOOLEAN localSession )
{
CRYPT_SESSION cryptSession;
const BOOLEAN isServer = ( sessionType == CRYPT_SESSION_TSP_SERVER ) ? \
TRUE : FALSE;
int status;
printf( "%sTesting %sTSP session...\n", isServer ? "SVR: " : "",
localSession ? "local " : "" );
/* Create the TSP session */
status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType );
if( status == CRYPT_ERROR_PARAM3 ) /* TSP session access not available */
return( CRYPT_ERROR_NOTAVAIL );
if( cryptStatusError( status ) )
{
printf( "%scryptCreateSession() failed with error code %d, line "
"%d.\n", isServer ? "SVR: " : "", status, __LINE__ );
return( FALSE );
}
/* Set up the server information and activate the session. Since this
test explicitly tests the ability to handle persistent connections,
we don't use the general-purpose request/response server wrapper,
which only uses persistent connections opportunistically */
if( isServer )
{
CRYPT_CONTEXT privateKey = externalCryptContext;
if( !setLocalConnect( cryptSession, 318 ) )
return( FALSE );
if( externalCryptContext == CRYPT_UNUSED )
status = getPrivateKey( &privateKey, TSA_PRIVKEY_FILE,
USER_PRIVKEY_LABEL,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusOK( status ) )
{
status = cryptSetAttribute( cryptSession,
CRYPT_SESSINFO_PRIVATEKEY, privateKey );
if( externalCryptContext == CRYPT_UNUSED )
cryptDestroyContext( privateKey );
}
}
else
{
if( localSession )
{
if( !setLocalConnect( cryptSession, 318 ) )
return( FALSE );
}
else
status = cryptSetAttributeString( cryptSession,
CRYPT_SESSINFO_SERVER_NAME, TSP_SERVER_NAME,
paramStrlen( TSP_SERVER_NAME ) );
}
if( cryptStatusError( status ) )
{
printf( "cryptSetAttribute/cryptSetAttributeString() failed with "
"error code %d, line %d.\n", status, __LINE__ );
return( FALSE );
}
status = testTSP( cryptSession, isServer, FALSE );
if( status <= 0 )
return( status );
/* Check whether the session connection is still open */
if( persistentConnection )
{
int connectionActive;
status = cryptGetAttribute( cryptSession, CRYPT_SESSINFO_CONNECTIONACTIVE,
&connectionActive );
if( cryptStatusError( status ) || !connectionActive )
{
printExtError( cryptSession, isServer ? \
"SVR: Persistent connection has been closed, "
"operation" : \
"Persistent connection has been closed, operation",
status, __LINE__ );
return( FALSE );
}
/* Activate the connection to handle two more requests */
status = testTSP( cryptSession, isServer, TRUE );
if( status <= 0 )
return( status );
status = testTSP( cryptSession, isServer, TRUE );
if( status <= 0 )
return( status );
}
/* Clean up */
status = cryptDestroySession( cryptSession );
if( cryptStatusError( status ) )
{
printf( "cryptDestroySession() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
printf( isServer ? "SVR: %sTSP server session succeeded.\n\n" : \
"%sTSP client session succeeded.\n\n",
persistentConnection ? "Persistent " : "" );
return( TRUE );
}
int testSessionTSP( void )
{
return( connectTSP( CRYPT_SESSION_TSP, CRYPT_UNUSED, FALSE, FALSE ) );
}
int testSessionTSPServer( void )
{
return( connectTSP( CRYPT_SESSION_TSP_SERVER, CRYPT_UNUSED, FALSE, FALSE ) );
}
int testSessionTSPServerEx( const CRYPT_CONTEXT privKeyContext )
{
return( connectTSP( CRYPT_SESSION_TSP_SERVER, privKeyContext, FALSE, FALSE ) );
}
/* Perform a client/server loopback test */
#ifdef WINDOWS_THREADS
unsigned __stdcall tspServerThread( void *dummy )
{
connectTSP( CRYPT_SESSION_TSP_SERVER, CRYPT_UNUSED, FALSE, TRUE );
_endthreadex( 0 );
return( 0 );
}
int testSessionTSPClientServer( void )
{
HANDLE hThread;
unsigned threadID;
int status;
/* Start the server and wait for it to initialise */
hThread = ( HANDLE ) _beginthreadex( NULL, 0, &tspServerThread,
NULL, 0, &threadID );
Sleep( 1000 );
/* Connect to the local server */
status = connectTSP( CRYPT_SESSION_TSP, CRYPT_UNUSED, FALSE, TRUE );
if( WaitForSingleObject( hThread, 15000 ) == WAIT_TIMEOUT )
{
puts( "Warning: Server thread is still active due to session "
"negotiation failure,\n this will cause an error "
"condition when cryptEnd() is called due\n to "
"resources remaining allocated. Press a key to continue." );
getchar();
}
CloseHandle( hThread );
return( status );
}
unsigned __stdcall tspServerPersistentThread( void *dummy )
{
connectTSP( CRYPT_SESSION_TSP_SERVER, CRYPT_UNUSED, TRUE, TRUE );
_endthreadex( 0 );
return( 0 );
}
int testSessionTSPClientServerPersistent( void )
{
HANDLE hThread;
unsigned threadID;
int status;
/* Start the server and wait for it to initialise */
hThread = ( HANDLE ) _beginthreadex( NULL, 0, &tspServerPersistentThread,
NULL, 0, &threadID );
Sleep( 1000 );
/* Connect to the local server */
status = connectTSP( CRYPT_SESSION_TSP, CRYPT_UNUSED, TRUE, TRUE );
if( WaitForSingleObject( hThread, 15000 ) == WAIT_TIMEOUT )
{
puts( "Warning: Server thread is still active due to session "
"negotiation failure,\n this will cause an error "
"condition when cryptEnd() is called due\n to "
"resources remaining allocated. Press a key to continue." );
getchar();
}
CloseHandle( hThread );
return( status );
}
#endif /* WINDOWS_THREADS */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -