tls_test.cxx

Diameter协议栈

/* BEGIN_COPYRIGHT                                                        */
/*                                                                        */
/* Open Diameter: Open-source software for the Diameter and               */
/*                Diameter related protocols                              */
/*                                                                        */
/* Copyright (C) 2002-2004 Open Diameter Project                          */
/*                                                                        */
/* This program is free software; you can redistribute it and/or modify   */
/* it under the terms of the GNU General Public License as published by   */
/* the Free Software Foundation; either version 2 of the License, or      */
/* (at your option) any later version.                                    */
/*                                                                        */          
/* This program is distributed in the hope that it will be useful,        */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of         */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          */
/* GNU General Public License for more details.                           */
/*                                                                        */
/* You should have received a copy of the GNU General Public License      */
/* along with this program; if not, write to the Free Software            */
/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307    */
/* USA.                                                                   */
/*                                                                        */
/* In addition, when you copy and redistribute some or the entire part of */
/* the source code of this software with or without modification, you     */
/* MUST include this copyright notice in each copy.                       */
/*                                                                        */
/* If you make any changes that are appeared to be useful, please send    */
/* sources that include the changed part to                               */
/* diameter-developers@lists.sourceforge.net so that we can reflect your  */
/* changes to one unified version of this software.                       */
/*                                                                        */
/* END_COPYRIGHT                                                          */
// $Id: tls_test.cxx,v 1.5 2004/07/05 10:10:20 canelaman Exp $ 
// A test program for EAP API.
// Written by Yoshihiro Ohba

#include "eap.hxx"
#include "eap_peerfsm.hxx"
#include "eap_authfsm.hxx"
#include "eap_identity.hxx"
#include "eap_policy.hxx"
#include "eap_method_registrar.hxx"
#include "eap_fsm.hxx"
#include "eap_log.hxx"
#include "eap_md5.hxx"
#include "eap_tls.hxx"
#include "eap_tls_fsm.hxx"
#include <openssl/rand.h>
#include <iostream>

void print_cadena(ACE_Byte *cad, ACE_INT32 length)
{
        EAP_LOG(LM_DEBUG,"LENGTH cad %d\n",length);
        for (int i=0; i < length ; i++)
        {
          EAP_LOG(LM_DEBUG," %02x ",(ACE_Byte)(cad[i]));
        }
          EAP_LOG(LM_DEBUG,"\n");
}

class MyPeerSwitchStateMachine;
class MyStandAloneAuthSwitchStateMachine;
class MyBackendAuthSwitchStateMachine;
class MyPassThroughAuthSwitchStateMachine;

class PeerData;
class StandAloneAuthApplication;
class BackendAuthApplication;
class PassThroughAuthApplication;

/// Task class used in this sample program.
class EapTask : public AAA_Task
{
 public:
  /// Constructor.
  EapTask() : AAA_Task(AAA_SCHED_WFQ, "EAP") 
  {}

  /// Destructor.
  ~EapTask() {}
};

/// This class defines an EAP transport.  When an EAP message is sent
/// to a particular entity (e.g., an entity may be peer, standalone
/// authenticator, backend authenticator or passthrough authenticator
/// depending on the role of the sender, Transmit() method of the
/// Channel object of the receiving entity is called.  Transmit()
/// method can have sub-channels which is used for distinguishing different
/// types of messages.
class Channel 
{
 public:
  Channel() {}
  virtual void Transmit(AAAMessageBlock *msg)=0;
  virtual void Transmit(AAAMessageBlock *msg, int subChannel)=0;
};

/*
  ---------------------------------------------------------
  Brief explanation on what is done in this sample program.
  ---------------------------------------------------------

  This program includes three test cases from which the program will
  prompt you to choose one.

  o Case 1 is for EAP conversation between a peer and an authenticator
  *without* a passthrough authenticator in between.

  o Case 2 is for EAP conversation between a peer and an authenticator
  *with* a passthrough authenticator in between.

  All cases completes with success after EAP-TLS authentication
  method is performed.  In both cases, the peer session entity will
  prompt you to input a username.  Once the username is input, it is
  carried in an Response/TLS-Response message and sent to the
  (backend) authenticator.  In Case 2, passthrough authenticator will
  forward the response to the backend authenticator.

  The authenticator or passthrough authenticator will retransmit the
  Request/Tls-Request message until you input the username or the
  number of retransmission reaches its maximum value (the maximum
  value is set to 3 in this program).  For the latter case, the
  authenticator will stop its state machine and the peer will timeout
  and fail.

  Message passing between the entities are based on callbacks.  For
  example, when an authenticator sends an Request, Send() callback
  function is called from the authenticator state machine.  In this
  program, the contents of Send() is simply calling the Receive()
  function of the communicating peer entity.  For example, in Case 1,
  Send() of the authenticator calls Receive() of the peer.

  Case 1:

  Peer                Authenticator
   |                          |
   |  Request/Tls-Request  |
   |<-------------------------|
   |  Response/Tls-Response|
   |------------------------->|
   |  Request/Tls-Confirm  |
   |<-------------------------|
   |  Response/Tls-Finish  |
   |------------------------->|
   |                          |
   |       Success            |
   |<-------------------------|


Case 2:

  Peer                  PassThough                   Backend
                        Authenticator                Authenticator
   |                          |  Null message            |
   |                          |------------------------->|
   |                          |                          |
   |                          |  Request/Tls-Request  |
   |  Request/Tls-Request  |<-------------------------|
   |<-------------------------|                          |
   |                          |                          |
   |  Response/Tls-Response|                          |
   |------------------------->|  Response/Tls-Response|
   |                          |------------------------->|
   |                          |  Request/Tls-Confirm  |
   |  Request/Tls-Confirm  |<-------------------------|
   |<-------------------------|                          |
   |  Response/Tls-Finish  |                          |
   |------------------------->|  Response/Tls-Finish  |
   |                          |------------------------->|
   |                          |                          |
   |                          |          Success         |
   |       Success            |<-------------------------|
   |<-------------------------|

 */

static std::string sharedSecret;

// Class definition for peer archie state machine.
class MyEapPeerTlsStateMachine : public EapPeerTlsStateMachine
{
  friend class EapMethodStateMachineCreator<MyEapPeerTlsStateMachine>;
public:
  MyEapPeerTlsStateMachine(EapSwitchStateMachine &s)
    : EapPeerTlsStateMachine(s) {}

  /// This pure virtual function is a callback used when a shared-secret 
  /// needs to be obtained.
  std::string& InputSharedSecret()
  {
    return ::sharedSecret;
  }

  /// This pure virtual function is a callback used when an AuthID
  /// needs to be obtained.
  std::string& InputIdentity()
  {
    std::cout << "Received an Tls-Request "<< std::endl;
      
    static std::string identity;
    std::cout << "Input username (within 10sec.): " << std::endl;
    std::cin >> identity;
    std::cout << "username = " << identity << std::endl;
    return identity;
  }
  
  protected:
  std::string& InputConfigFile()
  {
/*    static std::string configFile;
    std::cout << "Input config filename (within 10sec.): " << std::endl;
    std::cin >> configFile;
    std::cout << "Config file name = " << configFile << std::endl;
    return configFile;*/
static std::string configFile ("./config/client.eap-tls.xml");
    return configFile;
  }

private:
  ~MyEapPeerTlsStateMachine() {} 
};

// Class definition for authenticator identity method for my application.
class MyEapAuthTlsStateMachine : public EapAuthTlsStateMachine
{
  friend class EapMethodStateMachineCreator<MyEapAuthTlsStateMachine>;
public:
  MyEapAuthTlsStateMachine(EapSwitchStateMachine &s) :
    EapAuthTlsStateMachine(s) {}

  /// This pure virtual function is a callback used when a shared-secret 
  /// needs to be obtained.
  std::string& InputSharedSecret()
  {
    return ::sharedSecret;
  }

  /// This pure virtual function is a callback used when an AuthID
  /// needs to be obtained.
  std::string& InputIdentity()
  {
    static std::string serverID("myserver@opendiameter.org");
    return serverID;
  }
  
  protected:
  std::string& InputConfigFile()
  {
/*    static std::string configFile;
    std::cout << "Input config filename (within 10sec.): " << std::endl;
    std::cin >> configFile;
    std::cout << "Config file name = " << configFile << std::endl;
    return configFile;*/
static std::string configFile ("./config/server.eap-tls.xml");
    return configFile;
  }

private:
  ~MyEapAuthTlsStateMachine() {} 
};

class MyPeerSwitchStateMachine: public EapPeerSwitchStateMachine
{
 public:

  MyPeerSwitchStateMachine(ACE_Reactor &r, EapJobHandle& h) 
    : EapPeerSwitchStateMachine(r, h)
  {}


  void Send(AAAMessageBlock *b);

  void Success();

  void Failure();

  void Notification(std::string &str);

  void Abort();

  std::string& InputIdentity();

private:

  std::string identity;
};

class MyStandAloneAuthSwitchStateMachine
  : public EapStandAloneAuthSwitchStateMachine
{
 public:

  MyStandAloneAuthSwitchStateMachine(ACE_Reactor &r, EapJobHandle& h)
    : EapStandAloneAuthSwitchStateMachine(r, h)
  {}

  void Send(AAAMessageBlock *b);

  void Success(AAAMessageBlock *b);

  void Success();

  void Failure(AAAMessageBlock *b);

  void Failure();

  void Abort();

 private:
};

class MyBackendAuthSwitchStateMachine: public EapBackendAuthSwitchStateMachine
{
public:

  MyBackendAuthSwitchStateMachine(ACE_Reactor &r, EapJobHandle& h)
    : EapBackendAuthSwitchStateMachine(r, h)
  {}

  void Send(AAAMessageBlock *b);

  void Success(AAAMessageBlock *b);

  void Success();

  void Failure(AAAMessageBlock *b);

  void Failure();

  void Abort();

  void ForwardResponse(AAAMessageBlock *b);

 private:
};

class MyPassThroughAuthSwitchStateMachine
  : public EapPassThroughAuthSwitchStateMachine
{
 public:

  MyPassThroughAuthSwitchStateMachine(ACE_Reactor &r, EapJobHandle& h)
    : EapPassThroughAuthSwitchStateMachine(r, h)
  {}

  void Send(AAAMessageBlock *b);

  void Success(AAAMessageBlock *b);

  void Success();

  void Failure(AAAMessageBlock *b);

  void Failure();

  void Abort();

  void ForwardResponse(AAAMessageBlock *b);

 private:
};

class PeerChannel : public Channel
{
 public:
  PeerChannel(MyPeerSwitchStateMachine &s) : eap(s) {}
  void Transmit(AAAMessageBlock *msg) { eap.Receive(msg); }
  void Transmit(AAAMessageBlock *msg, int) {}
  MyPeerSwitchStateMachine &eap;
};

class StandAloneAuthChannel : public Channel
{
 public:
  StandAloneAuthChannel(MyStandAloneAuthSwitchStateMachine &s) : eap(s) {}
  void Transmit(AAAMessageBlock *msg) { eap.Receive(msg); }
  void Transmit(AAAMessageBlock *msg, int) {}
  MyStandAloneAuthSwitchStateMachine &eap;
};
class BackendAuthChannel : public Channel
{
 public:
  BackendAuthChannel(MyBackendAuthSwitchStateMachine &s)
    : eap(s), firstMessage(true) {}
  void Transmit(AAAMessageBlock *msg=0) 
  { 
    if (firstMessage)
      {
	msg ? eap.Start(msg) : eap.Start();
	firstMessage = false;
      }
    else
      {
	eap.Receive(msg); 
      }
  }
  void Transmit(AAAMessageBlock *msg, int) {}
  MyBackendAuthSwitchStateMachine &eap;
  bool firstMessage;
};

class PassThroughAuthChannel : public Channel
{
 public:
  PassThroughAuthChannel(MyPassThroughAuthSwitchStateMachine& s) : eap(s) {}

  void Transmit(AAAMessageBlock *msg) { eap.Receive(msg); }
  void Transmit(AAAMessageBlock *msg, int subChannel) 
  { 
    switch(subChannel)
      {
      case 1:
	eap.AAA_Continue(msg); 
	break;
      case 2:
	eap.AAA_Success(msg); 
	break;
      case 3:
	eap.AAA_Failure(msg); 
	break;
      }
  }
  MyPassThroughAuthSwitchStateMachine &eap;
};

class PeerApplication : public AAA_JobData
{
 public:
  PeerApplication(EapTask &task, ACE_Semaphore &sem) : 
    handle(EapJobHandle(AAA_GroupedJob::Create(task.Job(), this, "peer"))),
    eap(boost::shared_ptr<MyPeerSwitchStateMachine>
	(new MyPeerSwitchStateMachine(*task.reactor(), handle))),
    semaphore(sem),
    rxChannel(PeerChannel(*eap)),
    txChannel(0),
    method(EapContinuedPolicyElement(EapType(TLS_METHOD_TYPE)))
  {
    eap->Policy().InitialPolicyElement(&method);
    semaphore.acquire();
  }
  ~PeerApplication() 
  {}
  void Start(Channel *c)
  { 
    txChannel = c;