summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <matthias@gamezock.de>2008-09-06 03:15:06 +0200
committerMatthias Schiffer <matthias@gamezock.de>2008-09-06 03:15:06 +0200
commit7d5b81e9936b1c778fd6408f3f22478e9ab9486b (patch)
tree671e3f323d7298a5a0887302d6f1a397f5e0c1cd
parentb961ec7011bb50785dbbc271592b84f3ebae6432 (diff)
downloadmad-7d5b81e9936b1c778fd6408f3f22478e9ab9486b.tar
mad-7d5b81e9936b1c778fd6408f3f22478e9ab9486b.zip
X.509-basierte TLS-Verbindung funktioniert
-rw-r--r--Cert/ca-cert.pem19
-rw-r--r--Cert/ca-key.pem27
-rw-r--r--Cert/cert.pem18
-rw-r--r--Cert/key.pem27
-rw-r--r--src/Common/Request/Request.h2
-rw-r--r--src/Core/ConfigManager.cpp16
-rw-r--r--src/Core/ConfigManager.h9
-rw-r--r--src/Core/ConnectionManager.cpp9
-rw-r--r--src/Core/ConnectionManager.h4
-rw-r--r--src/Net/ClientConnection.cpp8
-rw-r--r--src/Net/ClientConnection.h18
-rw-r--r--src/Net/Connection.cpp4
-rw-r--r--src/Net/Connection.h5
-rw-r--r--src/Net/Listener.cpp6
-rw-r--r--src/Net/Listener.h4
-rw-r--r--src/Net/ServerConnection.cpp18
-rw-r--r--src/Net/ServerConnection.h20
-rw-r--r--src/mad-core.conf6
-rw-r--r--src/mad-core.cpp2
-rw-r--r--src/madc.cpp2
20 files changed, 164 insertions, 60 deletions
diff --git a/Cert/ca-cert.pem b/Cert/ca-cert.pem
new file mode 100644
index 0000000..1183859
--- /dev/null
+++ b/Cert/ca-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeegAwIBAgIESMFobjALBgkqhkiG9w0BAQUwDTELMAkGA1UEBhMCREUw
+HhcNMDgwOTA1MTcxMjE1WhcNMDkwOTA1MTcxMjE3WjANMQswCQYDVQQGEwJERTCC
+AR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAMupM+LVKJOBO7Ti6rQmGRhUaHy4
+eGWEhldNEpVt4fKdNkReaQvsRKcUIJbxAkzUbh2eiCp0uy+qbXv1+sH/fJYqcHf6
+gDWeXXjKZj7KlxZJndStajttypW92nKu/EQNlVyTgyRr4B2HHWDgU+iluQEEZFpE
+YrJxnWbW6Z6XfHy588EVWEuAF3UP2We8Bs4GHUsgBYGazJE/90s2DXIJBqCGFm57
+3g5wP87bg01earFaXvpISe95UNuPPmz1wUMFsiLv+XRlsGYuUjr3bnE0x220aDFE
+9V5Nu/eJDPs4V1d6FB10gtn/88NgF/7B0mJ5pKx4JbnyK6fbhEAxIDIgWsECAwEA
+AaNsMGowDwYDVR0TAQH/BAUwAwEB/zAnBgNVHSUEIDAeBggrBgEFBQcDAwYIKwYB
+BQUHAwkGCCsGAQUFBwMIMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFFgTKL31
+vq0XJ0ZRMeEfjMsPGyc9MAsGCSqGSIb3DQEBBQOCAQEApydl1A2CFlMoNQ0PYXs2
+bhe99o8Wxk2Aq/FqOjrgxxk4JXpLde66AJbzl/s06dVUG1EImr4PYXifU6a1IF2k
+XNr2rRm4GBTirefy/W073T4dseTveu7flkAVg209vSUkfhsFuYJBJDjc6yoo5jsx
+NBW6OWmI/nASnIfQiHpMUIxhzll+zKTAQFzfzlaQOdMFs6GiaDRUIM/FMBVCHGXy
+gZllP5N6N6gpDN+lydZtKSSys860Dpo+OQiENWvvxkdzUdmBPSzVQlzW/lGLB4bL
+TKut2SnLAq5z+VcvhFCcKchkOV8LKXfZngVQ4tozGrjokaeXBFrblJW4zQqwAY5y
+3Q==
+-----END CERTIFICATE-----
diff --git a/Cert/ca-key.pem b/Cert/ca-key.pem
new file mode 100644
index 0000000..65d44f7
--- /dev/null
+++ b/Cert/ca-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAy6kz4tUok4E7tOLqtCYZGFRofLh4ZYSGV00SlW3h8p02RF5p
+C+xEpxQglvECTNRuHZ6IKnS7L6pte/X6wf98lipwd/qANZ5deMpmPsqXFkmd1K1q
+O23Klb3acq78RA2VXJODJGvgHYcdYOBT6KW5AQRkWkRisnGdZtbpnpd8fLnzwRVY
+S4AXdQ/ZZ7wGzgYdSyAFgZrMkT/3SzYNcgkGoIYWbnveDnA/ztuDTV5qsVpe+khJ
+73lQ248+bPXBQwWyIu/5dGWwZi5SOvducTTHbbRoMUT1Xk2794kM+zhXV3oUHXSC
+2f/zw2AX/sHSYnmkrHglufIrp9uEQDEgMiBawQIDAQABAoIBAAR6xMbk/F7+NTN9
+2D69JckotiGkJxXIi/HoopOB1rnw5kwrrXDTMhFgunTHeU76Ty+8mG8ioSljvMPA
+vdK9jV56MX4aFu7W/GRXQ1d3OkqFtQCEDfWfrRiNE/x4x9ixWcsu/W/0JXpQyf8j
+AAV6e66/i3uGzIrzP8yOxpWz7EuL+3jTHqK5/lOBbxFvxfpixjwullTpZPDRykDt
+u7qcql67x0nGYGG9pFRGWcqgXCfaGy6Y54Cuf36FIgsHXarlicupRz1MxQFhTmzN
+xjUVpui+s8bFWwuNYf0SA3uIOwTRiTPK4kI+V3o1/r/H9CKuuEiYjJnb4DN8aI0i
+BzIclkcCgYEA2/t9xWFVypYxRQqcH8Gv13f7RX3eYKd1koH1cW4mQIFID9g6V30Z
+wuVcoWQ5mB0wbVp87UkKQpv64O40OBCjYTudN9o3U9bF8ctGayodSbWswZ0/dIYx
+ayj4M8x+E6MhNB3y2yhy+wl89yPkmfewKSfJ/gtC0vH0OXZBxT/fJG8CgYEA7QGa
+J/E++wAfNdGQma2inb2vtserZhp/s/Qkswp5uyEUpIvWaMzTxGhxSOsoxLBaxpxQ
+5Nk5qGVLoTfS57fls1fna0c+YSapUkxQqq8Y6batm3vBsg3BpbRe2Lr88Qa9kP/v
+ZfYsJO/4F2S6mseEI3cJDCv7FEXpaqjMwU3A688CgYB/QYUIYb5Xa3slDXYziMBI
+TUg2cxHpp/YDwtpRu/604hTl1ZgqdFwqurRTSL9ol7okCGysd8xPrBv9cs8Sf82D
+uhDA9qN7BIuNzKH37Gz07vv5JRZIOjjsXM74aBunEH9svsZ2sXeScXKxJTphNz/Z
+DwNyyuDlVsKJWzfA+6oCUQKBgQDAWtqIrG3XPWQXQ/y+HYSrzbX8/NUJS1x16yKW
+BVyDGfgtDCl6aTM+Zx36dpFiAVfLdjbZZcw79eqJ8ErGMiTFiASUtv/TzZMC7llS
+DkaD+PWyCaFNJ4kROfD4qdp8rGHSe0YLVN7DI9gQ9HnXATMnrYa0UEW5UHx/SnzU
+LozzVQKBgB9PlCgkgZivhbWVtvOX3Tr+aqSnxHTl9XDscJ4D3xLxCcF9obkF0y0L
+ew4BXuM/64ZeSIOSFZgkrGveb0rV5H1Jtda4IaIB+PqeZDxNxQNNIE3Ps3LmDRgA
+j6/JQ9xrCvWkBp+Wj8NBkZPXP4+IUgTUKpxfQEzjIkVdmsSQDRyP
+-----END RSA PRIVATE KEY-----
diff --git a/Cert/cert.pem b/Cert/cert.pem
new file mode 100644
index 0000000..cae5a2b
--- /dev/null
+++ b/Cert/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdygAwIBAgIESMFo4TALBgkqhkiG9w0BAQUwDTELMAkGA1UEBhMCREUw
+HhcNMDgwOTA1MTcxNDA5WhcNMDkwOTA1MTcxNDEyWjANMQswCQYDVQQGEwJkZTCC
+AR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAL7w5LIgN4hi1b1t3p+FxptD1EbG
+rrMWB93POmL7ryFKDkir070jvdTQyLGB6rHxYe7IXbFv+TLKc70zlqGjn9137auy
+vTGjc24Ik2fwNKGHtIVwIWCkOsLocnmfYRjS0n3nrrrOUnlcL8T+XF32+ZQm6zn2
+e1mLcnRYOiPQYTcHPxjYekwK6vdFag5CamZERv4tbTpi7XKpFJFTkm/G71BGA4IJ
+6vJ4SrWHAID8oYeEyRJEG1wI4Pnp3Wj3D32+22Iv4SnDkgy01TkLvqcfwPpWezAD
+G6pzsm7nKPMi2aUJaV08SShjEryIrVy2ucOR/njgyblXcVe049JKn+GcXNkCAwEA
+AaNhMF8wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRI
+N/Wr/mCGVhYoyYQHKvKjF10w6DAfBgNVHSMEGDAWgBRYEyi99b6tFydGUTHhH4zL
+DxsnPTALBgkqhkiG9w0BAQUDggEBAEuRtz4DSBQsTy1oaR2DtFieSwmSwhAcUlDc
+UqKw1TcapuO0cnXr2RJrLU/u1nAL4/E8vK1jdcYwDWZm1VTiiFEcJ0X9YfxOBWf+
+qnoUdJ4PaCbaONEGTct3IprTXErpPNT5ftpc+OHTK0sBr+yUysbaEBHmadoXggYZ
+NrZgl2Guz+l3uyFHtE7enzCpGWAugNc8EFkyDgLKo/8dcvxzsR5+2uasbose0Wav
+f3hHmXgGdULWTagnJKjin6lMoHHr7WZALd3Evo/puQmfEi8F9Lom7G+Rxd9w3aG4
+XHrr/1hQSCSyAYsjC8TaHN2Zi4bbOL4GEoFKJDuF//y9QDXfY6Q=
+-----END CERTIFICATE-----
diff --git a/Cert/key.pem b/Cert/key.pem
new file mode 100644
index 0000000..61b1eeb
--- /dev/null
+++ b/Cert/key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvvDksiA3iGLVvW3en4XGm0PURsausxYH3c86YvuvIUoOSKvT
+vSO91NDIsYHqsfFh7shdsW/5MspzvTOWoaOf3Xftq7K9MaNzbgiTZ/A0oYe0hXAh
+YKQ6wuhyeZ9hGNLSfeeuus5SeVwvxP5cXfb5lCbrOfZ7WYtydFg6I9BhNwc/GNh6
+TArq90VqDkJqZkRG/i1tOmLtcqkUkVOSb8bvUEYDggnq8nhKtYcAgPyhh4TJEkQb
+XAjg+endaPcPfb7bYi/hKcOSDLTVOQu+px/A+lZ7MAMbqnOybuco8yLZpQlpXTxJ
+KGMSvIitXLa5w5H+eODJuVdxV7Tj0kqf4Zxc2QIDAQABAoIBABNXteMxjk6brIlf
+CvFgDOmHqoZs9B+iOLPInWKPmoMlzGKiPXXom/9mEx6gSZUzHbehxpQGAtmZVrYw
+9q5zM+usjYAaQD46D6Ry6/PYioxegfQOkuMGYAmEoKwfcCeim74zbSjxY7t1kkVD
+ezntngTbGHMru/0rOjH9Cg68ukxnm2biEfUu73b7D4uscviK9I3t7xKqIkhteCCU
+Ax+8UNlAJ7j+sIjBAtbk04/QiyUkGANVSZ5YlHw/PMqPlZZHc3yyyPQwgXzBoyY7
+5Be3i9SqZorNFUQ02WnX7h9kYzzuZuHaOWqPI6KEvmvpwpbptSGA1wlHVF0R/wAU
+HXLgMo0CgYEAw/gJa8FvgYeMcgcWOYspSjuwn+EENasQnOnvbzsiPs9NQ4HrG/+z
+fkI3Cihu6L9DnS6V6EZrSZ6H+iyDWn1rbLy2GLdNJe/JwpTEeHZa4RCCJ+I2LHXR
+IpVoQlUM0M1qQfrPGSKDu5Z/bW5sB11RpWc3wZeS3g3YA7dAPWokuc8CgYEA+W6Q
+8Vd7CPZkdqtchS/c+qSzSZEBDr/axO0kD+9zHgfufnswI9cjhIonHBJLDZaAwEB7
+nFQw28TkrohI+hFKdO0IWlIXzviDRdq5PrmYC/q1s2NBHPcWuCgbOXh4alkooKVc
+0+lRC+SCD4M9/cIg4ZoWNoPZuFRMdyRx3AIasNcCgYEAn8vh4rwY8MZW/6RHuyR+
+xsllfPk/NYQIR+t6Enlls1HW7vVBgdM/yfS0bNQLnD5aJBGYq47AbYeX2afydBdR
+QZmf4weVIRomq0Qj8RaRhHSxrVQIWLi5kDnEilJP4POfca3Ssewy/wP5ZIJmFJtD
+uFwyWun+GJOxUVZcS7gBuoECgYA79oubqUcnqWwPZzSvxAjgrHV5awWRESg7jTLN
+LehDwO5hs6WoCBE+zKOISRGH67V6AkZ1F3xDaPr8xkCc9UksAMuwQun8VJviUCmW
+XbGit5u0y1ic6P2qOeIJl9+C2Xo93GMLgpx8OmvV5NwjQ+b5tTw/0MSnXoSfY8CH
+fm4CMwKBgQC/7FoIiivRPnYqUyGbwr0rfGm1VubpEIFiGxzpWcrLNv9kanbeFwKz
+RfJsiqoTBbu+iHeLWAAb+XT5F04IFK/ZNsN2zsON2Y1r4OVpUWrj1SPZgjqXrcOS
+c0GGWn7u9iL5HL3f01JJwIx6vd9Kovxt0WXbbS4QxMPIqzFMrM3IYQ==
+-----END RSA PRIVATE KEY-----
diff --git a/src/Common/Request/Request.h b/src/Common/Request/Request.h
index e156b1b..5c8d6c4 100644
--- a/src/Common/Request/Request.h
+++ b/src/Common/Request/Request.h
@@ -1,7 +1,7 @@
/*
* Request.h
*
- * Copyright (C) 2008 Matthias Schiffer
+ * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/Core/ConfigManager.cpp b/src/Core/ConfigManager.cpp
index b4c81bc..5f40afd 100644
--- a/src/Core/ConfigManager.cpp
+++ b/src/Core/ConfigManager.cpp
@@ -42,6 +42,18 @@ bool ConfigManager::parseLine(const std::vector<std::string> &section, const std
// TODO Logging
}
}
+ else if(Common::Util::tolower(key) == "x509trustfile") {
+ x509TrustFile = value;
+ }
+ else if(Common::Util::tolower(key) == "x509crlfile") {
+ x509CrlFile = value;
+ }
+ else if(Common::Util::tolower(key) == "x509certfile") {
+ x509CertFile = value;
+ }
+ else if(Common::Util::tolower(key) == "x509keyfile") {
+ x509KeyFile = value;
+ }
else {
// TODO Logging
@@ -71,9 +83,5 @@ ConfigManager::ConfigManager() {
loadFile("mad-core.conf");
}
-ConfigManager::~ConfigManager() {
- // TODO Auto-generated destructor stub
-}
-
}
}
diff --git a/src/Core/ConfigManager.h b/src/Core/ConfigManager.h
index 6a5cf2c..3b23750 100644
--- a/src/Core/ConfigManager.h
+++ b/src/Core/ConfigManager.h
@@ -24,6 +24,7 @@
#include <Common/ConfigManager.h>
#include <Net/IPAddress.h>
#include <vector>
+#include <string>
namespace Mad {
namespace Core {
@@ -39,15 +40,21 @@ class ConfigManager : public Common::ConfigManager {
std::vector<Net::IPAddress> listeners;
std::vector<DaemonInfo> daemons;
+ std::string x509TrustFile, x509CrlFile, x509CertFile, x509KeyFile;
+
protected:
virtual bool parseLine(const std::vector<std::string> &section, const std::string &key, const std::string &value);
public:
ConfigManager();
- virtual ~ConfigManager();
const std::vector<Net::IPAddress>& getListenerAddresses() const {return listeners;}
const std::vector<DaemonInfo>& getDaemonList() const {return daemons;}
+
+ const std::string& getX509TrustFile() const {return x509TrustFile;}
+ const std::string& getX509CrlFile() const {return x509CrlFile;}
+ const std::string& getX509CertFile() const {return x509CertFile;}
+ const std::string& getX509KeyFile() const {return x509KeyFile;}
};
}
diff --git a/src/Core/ConnectionManager.cpp b/src/Core/ConnectionManager.cpp
index b1cfd40..a537539 100644
--- a/src/Core/ConnectionManager.cpp
+++ b/src/Core/ConnectionManager.cpp
@@ -18,6 +18,7 @@
*/
#include "ConnectionManager.h"
+#include "ConfigManager.h"
#include "RequestHandler/CertificateRequestHandler.h"
#include <Net/ServerConnection.h>
#include <Net/Packet.h>
@@ -51,12 +52,14 @@ void ConnectionManager::refreshPollfds() {
}
}
-ConnectionManager::ConnectionManager(const std::vector<Net::IPAddress> &listenerAddresses) : requestManager(true) {
+ConnectionManager::ConnectionManager(const ConfigManager& configManager) : requestManager(true) {
requestManager.registerPacketType<RequestHandler::CertificateRequestHandler>(Net::Packet::TYPE_CERT_REQ);
+ const std::vector<Net::IPAddress> &listenerAddresses = configManager.getListenerAddresses();
+
if(listenerAddresses.empty()) {
try {
- listeners.push_back(new Net::Listener());
+ listeners.push_back(new Net::Listener(configManager.getX509CertFile(), configManager.getX509KeyFile()));
}
catch(Net::Exception &e) {
// TODO: Log error
@@ -65,7 +68,7 @@ ConnectionManager::ConnectionManager(const std::vector<Net::IPAddress> &listener
else {
for(std::vector<Net::IPAddress>::const_iterator address = listenerAddresses.begin(); address != listenerAddresses.end(); ++address) {
try {
- listeners.push_back(new Net::Listener(*address));
+ listeners.push_back(new Net::Listener(configManager.getX509CertFile(), configManager.getX509KeyFile(), *address));
}
catch(Net::Exception &e) {
// TODO: Log error
diff --git a/src/Core/ConnectionManager.h b/src/Core/ConnectionManager.h
index 54d5d5e..7429a44 100644
--- a/src/Core/ConnectionManager.h
+++ b/src/Core/ConnectionManager.h
@@ -37,6 +37,8 @@ class Packet;
namespace Core {
+class ConfigManager;
+
class ConnectionManager {
private:
// Prevent shallow copy
@@ -56,7 +58,7 @@ class ConnectionManager {
void refreshPollfds();
public:
- ConnectionManager(const std::vector<Net::IPAddress> &listenerAddresses);
+ ConnectionManager(const ConfigManager& configManager);
virtual ~ConnectionManager();
bool wait(int timeout) {
diff --git a/src/Net/ClientConnection.cpp b/src/Net/ClientConnection.cpp
index 8705795..e0058ff 100644
--- a/src/Net/ClientConnection.cpp
+++ b/src/Net/ClientConnection.cpp
@@ -87,14 +87,8 @@ void ClientConnection::connect(const IPAddress &address, bool daemon0) throw(Con
setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
gnutls_init(&session, GNUTLS_CLIENT);
-
gnutls_set_default_priority(session);
-
- const int kx_list[] = {GNUTLS_KX_ANON_DH, 0};
- gnutls_kx_set_priority(session, kx_list);
-
- gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
-
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_ptr(session, reinterpret_cast<gnutls_transport_ptr_t>(sock));
handshake();
diff --git a/src/Net/ClientConnection.h b/src/Net/ClientConnection.h
index 18b1a02..280f382 100644
--- a/src/Net/ClientConnection.h
+++ b/src/Net/ClientConnection.h
@@ -30,24 +30,16 @@ class IPAddress;
class ClientConnection : public Connection {
private:
- gnutls_anon_client_credentials_t anoncred;
-
bool daemon;
-
+
void connectionHeaderReceiveHandler(const void *data, unsigned long length);
-
+
protected:
virtual void connectionHeader();
-
+
public:
- ClientConnection() : daemon(0) {
- gnutls_anon_allocate_client_credentials(&anoncred);
- }
-
- virtual ~ClientConnection() {
- gnutls_anon_free_client_credentials(anoncred);
- }
-
+ ClientConnection() : daemon(0) {}
+
void connect(const IPAddress &address, bool daemon0 = false) throw(ConnectionException);
};
diff --git a/src/Net/Connection.cpp b/src/Net/Connection.cpp
index 5d221fb..ac3121d 100644
--- a/src/Net/Connection.cpp
+++ b/src/Net/Connection.cpp
@@ -22,6 +22,8 @@
#include <cstring>
#include <sys/socket.h>
+#include <iostream>
+
namespace Mad {
namespace Net {
@@ -34,6 +36,8 @@ void Connection::doHandshake() {
if(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
return;
+ std::cerr << "Handshake error: " << gnutls_strerror(ret) << std::endl;
+
// TODO: Error
doDisconnect();
return;
diff --git a/src/Net/Connection.h b/src/Net/Connection.h
index 0949ec4..21e8444 100644
--- a/src/Net/Connection.h
+++ b/src/Net/Connection.h
@@ -98,6 +98,7 @@ class Connection {
int sock;
gnutls_session_t session;
+ gnutls_certificate_credentials_t x509_cred;
IPAddress *peer;
@@ -128,6 +129,8 @@ class Connection {
Connection() : state(DISCONNECTED), peer(0) {
transR.length = transR.transmitted = 0;
transR.data = 0;
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
}
virtual ~Connection() {
@@ -141,6 +144,8 @@ class Connection {
delete [] transS.front().data;
transS.pop();
}
+
+ gnutls_certificate_free_credentials(x509_cred);
}
bool isConnected() const {return (state != DISCONNECTED);}
diff --git a/src/Net/Listener.cpp b/src/Net/Listener.cpp
index 3b2e3d6..892d057 100644
--- a/src/Net/Listener.cpp
+++ b/src/Net/Listener.cpp
@@ -28,8 +28,8 @@
namespace Mad {
namespace Net {
-Listener::Listener(const IPAddress &address0) throw(ConnectionException)
-: address(address0) {
+Listener::Listener(const std::string &x905CertFile0, const std::string &x905KeyFile0, const IPAddress &address0) throw(ConnectionException)
+: x905CertFile(x905CertFile0), x905KeyFile(x905KeyFile0), address(address0) {
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_generate2(dh_params, 768);
@@ -99,7 +99,7 @@ ServerConnection* Listener::getConnection(const std::map<int,const short*> &poll
while((sd = accept(sock, reinterpret_cast<struct sockaddr*>(&sa), &addrlen)) >= 0) {
- connections.push_back(new ServerConnection(sd, IPAddress(sa), dh_params));
+ connections.push_back(new ServerConnection(sd, IPAddress(sa), dh_params, x905CertFile, x905KeyFile));
addrlen = sizeof(sa);
}
diff --git a/src/Net/Listener.h b/src/Net/Listener.h
index 81260ed..63e12c6 100644
--- a/src/Net/Listener.h
+++ b/src/Net/Listener.h
@@ -27,6 +27,7 @@
#include <list>
#include <vector>
#include <map>
+#include <string>
namespace Mad {
namespace Net {
@@ -35,6 +36,7 @@ class ServerConnection;
class Listener {
private:
+ std::string x905CertFile, x905KeyFile;
IPAddress address;
int sock;
@@ -47,7 +49,7 @@ class Listener {
Listener& operator=(const Listener &o);
public:
- Listener(const IPAddress &address0 = IPAddress()) throw(ConnectionException);
+ Listener(const std::string &x905CertFile0, const std::string &x905KeyFile0, const IPAddress &address0 = IPAddress()) throw(ConnectionException);
virtual ~Listener();
std::vector<struct pollfd> getPollfds() const;
diff --git a/src/Net/ServerConnection.cpp b/src/Net/ServerConnection.cpp
index c011f66..0c35991 100644
--- a/src/Net/ServerConnection.cpp
+++ b/src/Net/ServerConnection.cpp
@@ -57,26 +57,18 @@ void ServerConnection::connectionHeaderReceiveHandler(const void *data, unsigned
enterReceiveLoop();
}
-ServerConnection::ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params)
+ServerConnection::ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params, const std::string &x905CertFile, const std::string &x905KeyFile)
: daemon(false) {
sock = sock0;
- gnutls_anon_allocate_server_credentials(&anoncred);
-
-
- gnutls_anon_set_server_dh_params(anoncred, dh_params);
-
peer = new IPAddress(address);
- gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+ gnutls_certificate_set_x509_key_file(x509_cred, x905CertFile.c_str(), x905KeyFile.c_str(), GNUTLS_X509_FMT_PEM);
+ gnutls_init(&session, GNUTLS_SERVER);
gnutls_set_default_priority(session);
-
- const int kx_list[] = {GNUTLS_KX_ANON_DH, 0};
- gnutls_kx_set_priority(session, kx_list);
-
- gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
-
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_ptr(session, reinterpret_cast<gnutls_transport_ptr_t>(sock));
handshake();
diff --git a/src/Net/ServerConnection.h b/src/Net/ServerConnection.h
index ff88ad3..9a4d86b 100644
--- a/src/Net/ServerConnection.h
+++ b/src/Net/ServerConnection.h
@@ -31,28 +31,24 @@ class Listener;
class ServerConnection : public Connection {
friend class Listener;
-
+
private:
IPAddress *peer;
-
+
bool daemon;
-
+
gnutls_anon_server_credentials_t anoncred;
-
+
void connectionHeaderReceiveHandler(const void *data, unsigned long length);
-
+
protected:
- ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params);
-
+ ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params, const std::string &x905certFile, const std::string &x905keyFile);
+
virtual void connectionHeader() {
rawReceive(sizeof(ConnectionHeader), sigc::mem_fun(this, &ServerConnection::connectionHeaderReceiveHandler));
}
-
+
public:
- virtual ~ServerConnection() {
- gnutls_anon_free_server_credentials(anoncred);
- }
-
bool isDaemonConnection() const {return daemon;}
};
diff --git a/src/mad-core.conf b/src/mad-core.conf
index 9a03e00..9eda7c3 100644
--- a/src/mad-core.conf
+++ b/src/mad-core.conf
@@ -2,6 +2,12 @@ ConfigMethod Mysql
Listen *
+
+X509TrustFile ../Cert/ca-cert.pem
+#X509CrlFile ../Cert/crl.pem
+X509CertFile ../Cert/cert.pem
+X509KeyFile ../Cert/key.pem
+
Daemon ic01 {
IpAddress 192.168.2.11
}
diff --git a/src/mad-core.cpp b/src/mad-core.cpp
index d78ec3e..0bbee97 100644
--- a/src/mad-core.cpp
+++ b/src/mad-core.cpp
@@ -33,7 +33,7 @@ int main() {
Mad::Net::Connection::init();
- Mad::Core::ConnectionManager *connectionManager = new Mad::Core::ConnectionManager(configManager.getListenerAddresses());
+ Mad::Core::ConnectionManager *connectionManager = new Mad::Core::ConnectionManager(configManager);
while(true) {
if(connectionManager->wait(10000))
diff --git a/src/madc.cpp b/src/madc.cpp
index e4a36a4..f08be77 100644
--- a/src/madc.cpp
+++ b/src/madc.cpp
@@ -23,6 +23,7 @@
#include "Common/RequestManager.h"
#include "Common/Request/CertificateRequest.h"
#include "Common/Request/DisconnectRequest.h"
+#include "Common/Request/IdentifyRequest.h"
#include <iostream>
int main() {
@@ -43,6 +44,7 @@ int main() {
requestManager.registerConnection(connection);
+ Mad::Common::Request::IdentifyRequest::send(connection, requestManager, "localhost");
Mad::Common::Request::CertificateRequest::send(connection, requestManager, "host");
Mad::Common::Request::DisconnectRequest::send(connection, requestManager);