From 7d5b81e9936b1c778fd6408f3f22478e9ab9486b Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 6 Sep 2008 03:15:06 +0200 Subject: X.509-basierte TLS-Verbindung funktioniert --- Cert/ca-cert.pem | 19 +++++++++++++++++++ Cert/ca-key.pem | 27 +++++++++++++++++++++++++++ Cert/cert.pem | 18 ++++++++++++++++++ Cert/key.pem | 27 +++++++++++++++++++++++++++ src/Common/Request/Request.h | 2 +- src/Core/ConfigManager.cpp | 16 ++++++++++++---- src/Core/ConfigManager.h | 9 ++++++++- src/Core/ConnectionManager.cpp | 9 ++++++--- src/Core/ConnectionManager.h | 4 +++- src/Net/ClientConnection.cpp | 8 +------- src/Net/ClientConnection.h | 18 +++++------------- src/Net/Connection.cpp | 4 ++++ src/Net/Connection.h | 5 +++++ src/Net/Listener.cpp | 6 +++--- src/Net/Listener.h | 4 +++- src/Net/ServerConnection.cpp | 18 +++++------------- src/Net/ServerConnection.h | 20 ++++++++------------ src/mad-core.conf | 6 ++++++ src/mad-core.cpp | 2 +- src/madc.cpp | 2 ++ 20 files changed, 164 insertions(+), 60 deletions(-) create mode 100644 Cert/ca-cert.pem create mode 100644 Cert/ca-key.pem create mode 100644 Cert/cert.pem create mode 100644 Cert/key.pem diff --git a/Cert/ca-cert.pem b/Cert/ca-cert.pem new file mode 100644 index 0000000..1183859 --- /dev/null +++ b/Cert/ca-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/TCCAeegAwIBAgIESMFobjALBgkqhkiG9w0BAQUwDTELMAkGA1UEBhMCREUw +HhcNMDgwOTA1MTcxMjE1WhcNMDkwOTA1MTcxMjE3WjANMQswCQYDVQQGEwJERTCC +AR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAMupM+LVKJOBO7Ti6rQmGRhUaHy4 +eGWEhldNEpVt4fKdNkReaQvsRKcUIJbxAkzUbh2eiCp0uy+qbXv1+sH/fJYqcHf6 +gDWeXXjKZj7KlxZJndStajttypW92nKu/EQNlVyTgyRr4B2HHWDgU+iluQEEZFpE +YrJxnWbW6Z6XfHy588EVWEuAF3UP2We8Bs4GHUsgBYGazJE/90s2DXIJBqCGFm57 +3g5wP87bg01earFaXvpISe95UNuPPmz1wUMFsiLv+XRlsGYuUjr3bnE0x220aDFE +9V5Nu/eJDPs4V1d6FB10gtn/88NgF/7B0mJ5pKx4JbnyK6fbhEAxIDIgWsECAwEA +AaNsMGowDwYDVR0TAQH/BAUwAwEB/zAnBgNVHSUEIDAeBggrBgEFBQcDAwYIKwYB +BQUHAwkGCCsGAQUFBwMIMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFFgTKL31 +vq0XJ0ZRMeEfjMsPGyc9MAsGCSqGSIb3DQEBBQOCAQEApydl1A2CFlMoNQ0PYXs2 +bhe99o8Wxk2Aq/FqOjrgxxk4JXpLde66AJbzl/s06dVUG1EImr4PYXifU6a1IF2k +XNr2rRm4GBTirefy/W073T4dseTveu7flkAVg209vSUkfhsFuYJBJDjc6yoo5jsx +NBW6OWmI/nASnIfQiHpMUIxhzll+zKTAQFzfzlaQOdMFs6GiaDRUIM/FMBVCHGXy +gZllP5N6N6gpDN+lydZtKSSys860Dpo+OQiENWvvxkdzUdmBPSzVQlzW/lGLB4bL +TKut2SnLAq5z+VcvhFCcKchkOV8LKXfZngVQ4tozGrjokaeXBFrblJW4zQqwAY5y +3Q== +-----END CERTIFICATE----- diff --git a/Cert/ca-key.pem b/Cert/ca-key.pem new file mode 100644 index 0000000..65d44f7 --- /dev/null +++ b/Cert/ca-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAy6kz4tUok4E7tOLqtCYZGFRofLh4ZYSGV00SlW3h8p02RF5p +C+xEpxQglvECTNRuHZ6IKnS7L6pte/X6wf98lipwd/qANZ5deMpmPsqXFkmd1K1q +O23Klb3acq78RA2VXJODJGvgHYcdYOBT6KW5AQRkWkRisnGdZtbpnpd8fLnzwRVY +S4AXdQ/ZZ7wGzgYdSyAFgZrMkT/3SzYNcgkGoIYWbnveDnA/ztuDTV5qsVpe+khJ +73lQ248+bPXBQwWyIu/5dGWwZi5SOvducTTHbbRoMUT1Xk2794kM+zhXV3oUHXSC +2f/zw2AX/sHSYnmkrHglufIrp9uEQDEgMiBawQIDAQABAoIBAAR6xMbk/F7+NTN9 +2D69JckotiGkJxXIi/HoopOB1rnw5kwrrXDTMhFgunTHeU76Ty+8mG8ioSljvMPA +vdK9jV56MX4aFu7W/GRXQ1d3OkqFtQCEDfWfrRiNE/x4x9ixWcsu/W/0JXpQyf8j +AAV6e66/i3uGzIrzP8yOxpWz7EuL+3jTHqK5/lOBbxFvxfpixjwullTpZPDRykDt +u7qcql67x0nGYGG9pFRGWcqgXCfaGy6Y54Cuf36FIgsHXarlicupRz1MxQFhTmzN +xjUVpui+s8bFWwuNYf0SA3uIOwTRiTPK4kI+V3o1/r/H9CKuuEiYjJnb4DN8aI0i +BzIclkcCgYEA2/t9xWFVypYxRQqcH8Gv13f7RX3eYKd1koH1cW4mQIFID9g6V30Z +wuVcoWQ5mB0wbVp87UkKQpv64O40OBCjYTudN9o3U9bF8ctGayodSbWswZ0/dIYx +ayj4M8x+E6MhNB3y2yhy+wl89yPkmfewKSfJ/gtC0vH0OXZBxT/fJG8CgYEA7QGa +J/E++wAfNdGQma2inb2vtserZhp/s/Qkswp5uyEUpIvWaMzTxGhxSOsoxLBaxpxQ +5Nk5qGVLoTfS57fls1fna0c+YSapUkxQqq8Y6batm3vBsg3BpbRe2Lr88Qa9kP/v +ZfYsJO/4F2S6mseEI3cJDCv7FEXpaqjMwU3A688CgYB/QYUIYb5Xa3slDXYziMBI +TUg2cxHpp/YDwtpRu/604hTl1ZgqdFwqurRTSL9ol7okCGysd8xPrBv9cs8Sf82D +uhDA9qN7BIuNzKH37Gz07vv5JRZIOjjsXM74aBunEH9svsZ2sXeScXKxJTphNz/Z +DwNyyuDlVsKJWzfA+6oCUQKBgQDAWtqIrG3XPWQXQ/y+HYSrzbX8/NUJS1x16yKW +BVyDGfgtDCl6aTM+Zx36dpFiAVfLdjbZZcw79eqJ8ErGMiTFiASUtv/TzZMC7llS +DkaD+PWyCaFNJ4kROfD4qdp8rGHSe0YLVN7DI9gQ9HnXATMnrYa0UEW5UHx/SnzU +LozzVQKBgB9PlCgkgZivhbWVtvOX3Tr+aqSnxHTl9XDscJ4D3xLxCcF9obkF0y0L +ew4BXuM/64ZeSIOSFZgkrGveb0rV5H1Jtda4IaIB+PqeZDxNxQNNIE3Ps3LmDRgA +j6/JQ9xrCvWkBp+Wj8NBkZPXP4+IUgTUKpxfQEzjIkVdmsSQDRyP +-----END RSA PRIVATE KEY----- diff --git a/Cert/cert.pem b/Cert/cert.pem new file mode 100644 index 0000000..cae5a2b --- /dev/null +++ b/Cert/cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8jCCAdygAwIBAgIESMFo4TALBgkqhkiG9w0BAQUwDTELMAkGA1UEBhMCREUw +HhcNMDgwOTA1MTcxNDA5WhcNMDkwOTA1MTcxNDEyWjANMQswCQYDVQQGEwJkZTCC +AR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAL7w5LIgN4hi1b1t3p+FxptD1EbG +rrMWB93POmL7ryFKDkir070jvdTQyLGB6rHxYe7IXbFv+TLKc70zlqGjn9137auy +vTGjc24Ik2fwNKGHtIVwIWCkOsLocnmfYRjS0n3nrrrOUnlcL8T+XF32+ZQm6zn2 +e1mLcnRYOiPQYTcHPxjYekwK6vdFag5CamZERv4tbTpi7XKpFJFTkm/G71BGA4IJ +6vJ4SrWHAID8oYeEyRJEG1wI4Pnp3Wj3D32+22Iv4SnDkgy01TkLvqcfwPpWezAD +G6pzsm7nKPMi2aUJaV08SShjEryIrVy2ucOR/njgyblXcVe049JKn+GcXNkCAwEA +AaNhMF8wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRI +N/Wr/mCGVhYoyYQHKvKjF10w6DAfBgNVHSMEGDAWgBRYEyi99b6tFydGUTHhH4zL +DxsnPTALBgkqhkiG9w0BAQUDggEBAEuRtz4DSBQsTy1oaR2DtFieSwmSwhAcUlDc +UqKw1TcapuO0cnXr2RJrLU/u1nAL4/E8vK1jdcYwDWZm1VTiiFEcJ0X9YfxOBWf+ +qnoUdJ4PaCbaONEGTct3IprTXErpPNT5ftpc+OHTK0sBr+yUysbaEBHmadoXggYZ +NrZgl2Guz+l3uyFHtE7enzCpGWAugNc8EFkyDgLKo/8dcvxzsR5+2uasbose0Wav +f3hHmXgGdULWTagnJKjin6lMoHHr7WZALd3Evo/puQmfEi8F9Lom7G+Rxd9w3aG4 +XHrr/1hQSCSyAYsjC8TaHN2Zi4bbOL4GEoFKJDuF//y9QDXfY6Q= +-----END CERTIFICATE----- diff --git a/Cert/key.pem b/Cert/key.pem new file mode 100644 index 0000000..61b1eeb --- /dev/null +++ b/Cert/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvvDksiA3iGLVvW3en4XGm0PURsausxYH3c86YvuvIUoOSKvT +vSO91NDIsYHqsfFh7shdsW/5MspzvTOWoaOf3Xftq7K9MaNzbgiTZ/A0oYe0hXAh +YKQ6wuhyeZ9hGNLSfeeuus5SeVwvxP5cXfb5lCbrOfZ7WYtydFg6I9BhNwc/GNh6 +TArq90VqDkJqZkRG/i1tOmLtcqkUkVOSb8bvUEYDggnq8nhKtYcAgPyhh4TJEkQb +XAjg+endaPcPfb7bYi/hKcOSDLTVOQu+px/A+lZ7MAMbqnOybuco8yLZpQlpXTxJ +KGMSvIitXLa5w5H+eODJuVdxV7Tj0kqf4Zxc2QIDAQABAoIBABNXteMxjk6brIlf +CvFgDOmHqoZs9B+iOLPInWKPmoMlzGKiPXXom/9mEx6gSZUzHbehxpQGAtmZVrYw +9q5zM+usjYAaQD46D6Ry6/PYioxegfQOkuMGYAmEoKwfcCeim74zbSjxY7t1kkVD +ezntngTbGHMru/0rOjH9Cg68ukxnm2biEfUu73b7D4uscviK9I3t7xKqIkhteCCU +Ax+8UNlAJ7j+sIjBAtbk04/QiyUkGANVSZ5YlHw/PMqPlZZHc3yyyPQwgXzBoyY7 +5Be3i9SqZorNFUQ02WnX7h9kYzzuZuHaOWqPI6KEvmvpwpbptSGA1wlHVF0R/wAU +HXLgMo0CgYEAw/gJa8FvgYeMcgcWOYspSjuwn+EENasQnOnvbzsiPs9NQ4HrG/+z +fkI3Cihu6L9DnS6V6EZrSZ6H+iyDWn1rbLy2GLdNJe/JwpTEeHZa4RCCJ+I2LHXR +IpVoQlUM0M1qQfrPGSKDu5Z/bW5sB11RpWc3wZeS3g3YA7dAPWokuc8CgYEA+W6Q +8Vd7CPZkdqtchS/c+qSzSZEBDr/axO0kD+9zHgfufnswI9cjhIonHBJLDZaAwEB7 +nFQw28TkrohI+hFKdO0IWlIXzviDRdq5PrmYC/q1s2NBHPcWuCgbOXh4alkooKVc +0+lRC+SCD4M9/cIg4ZoWNoPZuFRMdyRx3AIasNcCgYEAn8vh4rwY8MZW/6RHuyR+ +xsllfPk/NYQIR+t6Enlls1HW7vVBgdM/yfS0bNQLnD5aJBGYq47AbYeX2afydBdR +QZmf4weVIRomq0Qj8RaRhHSxrVQIWLi5kDnEilJP4POfca3Ssewy/wP5ZIJmFJtD +uFwyWun+GJOxUVZcS7gBuoECgYA79oubqUcnqWwPZzSvxAjgrHV5awWRESg7jTLN +LehDwO5hs6WoCBE+zKOISRGH67V6AkZ1F3xDaPr8xkCc9UksAMuwQun8VJviUCmW +XbGit5u0y1ic6P2qOeIJl9+C2Xo93GMLgpx8OmvV5NwjQ+b5tTw/0MSnXoSfY8CH +fm4CMwKBgQC/7FoIiivRPnYqUyGbwr0rfGm1VubpEIFiGxzpWcrLNv9kanbeFwKz +RfJsiqoTBbu+iHeLWAAb+XT5F04IFK/ZNsN2zsON2Y1r4OVpUWrj1SPZgjqXrcOS +c0GGWn7u9iL5HL3f01JJwIx6vd9Kovxt0WXbbS4QxMPIqzFMrM3IYQ== +-----END RSA PRIVATE KEY----- diff --git a/src/Common/Request/Request.h b/src/Common/Request/Request.h index e156b1b..5c8d6c4 100644 --- a/src/Common/Request/Request.h +++ b/src/Common/Request/Request.h @@ -1,7 +1,7 @@ /* * Request.h * - * Copyright (C) 2008 Matthias Schiffer + * Copyright (C) 2008 Matthias Schiffer * * This program is free software: you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/Core/ConfigManager.cpp b/src/Core/ConfigManager.cpp index b4c81bc..5f40afd 100644 --- a/src/Core/ConfigManager.cpp +++ b/src/Core/ConfigManager.cpp @@ -42,6 +42,18 @@ bool ConfigManager::parseLine(const std::vector §ion, const std // TODO Logging } } + else if(Common::Util::tolower(key) == "x509trustfile") { + x509TrustFile = value; + } + else if(Common::Util::tolower(key) == "x509crlfile") { + x509CrlFile = value; + } + else if(Common::Util::tolower(key) == "x509certfile") { + x509CertFile = value; + } + else if(Common::Util::tolower(key) == "x509keyfile") { + x509KeyFile = value; + } else { // TODO Logging @@ -71,9 +83,5 @@ ConfigManager::ConfigManager() { loadFile("mad-core.conf"); } -ConfigManager::~ConfigManager() { - // TODO Auto-generated destructor stub -} - } } diff --git a/src/Core/ConfigManager.h b/src/Core/ConfigManager.h index 6a5cf2c..3b23750 100644 --- a/src/Core/ConfigManager.h +++ b/src/Core/ConfigManager.h @@ -24,6 +24,7 @@ #include #include #include +#include namespace Mad { namespace Core { @@ -39,15 +40,21 @@ class ConfigManager : public Common::ConfigManager { std::vector listeners; std::vector daemons; + std::string x509TrustFile, x509CrlFile, x509CertFile, x509KeyFile; + protected: virtual bool parseLine(const std::vector §ion, const std::string &key, const std::string &value); public: ConfigManager(); - virtual ~ConfigManager(); const std::vector& getListenerAddresses() const {return listeners;} const std::vector& getDaemonList() const {return daemons;} + + const std::string& getX509TrustFile() const {return x509TrustFile;} + const std::string& getX509CrlFile() const {return x509CrlFile;} + const std::string& getX509CertFile() const {return x509CertFile;} + const std::string& getX509KeyFile() const {return x509KeyFile;} }; } diff --git a/src/Core/ConnectionManager.cpp b/src/Core/ConnectionManager.cpp index b1cfd40..a537539 100644 --- a/src/Core/ConnectionManager.cpp +++ b/src/Core/ConnectionManager.cpp @@ -18,6 +18,7 @@ */ #include "ConnectionManager.h" +#include "ConfigManager.h" #include "RequestHandler/CertificateRequestHandler.h" #include #include @@ -51,12 +52,14 @@ void ConnectionManager::refreshPollfds() { } } -ConnectionManager::ConnectionManager(const std::vector &listenerAddresses) : requestManager(true) { +ConnectionManager::ConnectionManager(const ConfigManager& configManager) : requestManager(true) { requestManager.registerPacketType(Net::Packet::TYPE_CERT_REQ); + const std::vector &listenerAddresses = configManager.getListenerAddresses(); + if(listenerAddresses.empty()) { try { - listeners.push_back(new Net::Listener()); + listeners.push_back(new Net::Listener(configManager.getX509CertFile(), configManager.getX509KeyFile())); } catch(Net::Exception &e) { // TODO: Log error @@ -65,7 +68,7 @@ ConnectionManager::ConnectionManager(const std::vector &listener else { for(std::vector::const_iterator address = listenerAddresses.begin(); address != listenerAddresses.end(); ++address) { try { - listeners.push_back(new Net::Listener(*address)); + listeners.push_back(new Net::Listener(configManager.getX509CertFile(), configManager.getX509KeyFile(), *address)); } catch(Net::Exception &e) { // TODO: Log error diff --git a/src/Core/ConnectionManager.h b/src/Core/ConnectionManager.h index 54d5d5e..7429a44 100644 --- a/src/Core/ConnectionManager.h +++ b/src/Core/ConnectionManager.h @@ -37,6 +37,8 @@ class Packet; namespace Core { +class ConfigManager; + class ConnectionManager { private: // Prevent shallow copy @@ -56,7 +58,7 @@ class ConnectionManager { void refreshPollfds(); public: - ConnectionManager(const std::vector &listenerAddresses); + ConnectionManager(const ConfigManager& configManager); virtual ~ConnectionManager(); bool wait(int timeout) { diff --git a/src/Net/ClientConnection.cpp b/src/Net/ClientConnection.cpp index 8705795..e0058ff 100644 --- a/src/Net/ClientConnection.cpp +++ b/src/Net/ClientConnection.cpp @@ -87,14 +87,8 @@ void ClientConnection::connect(const IPAddress &address, bool daemon0) throw(Con setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); gnutls_init(&session, GNUTLS_CLIENT); - gnutls_set_default_priority(session); - - const int kx_list[] = {GNUTLS_KX_ANON_DH, 0}; - gnutls_kx_set_priority(session, kx_list); - - gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); - + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_ptr(session, reinterpret_cast(sock)); handshake(); diff --git a/src/Net/ClientConnection.h b/src/Net/ClientConnection.h index 18b1a02..280f382 100644 --- a/src/Net/ClientConnection.h +++ b/src/Net/ClientConnection.h @@ -30,24 +30,16 @@ class IPAddress; class ClientConnection : public Connection { private: - gnutls_anon_client_credentials_t anoncred; - bool daemon; - + void connectionHeaderReceiveHandler(const void *data, unsigned long length); - + protected: virtual void connectionHeader(); - + public: - ClientConnection() : daemon(0) { - gnutls_anon_allocate_client_credentials(&anoncred); - } - - virtual ~ClientConnection() { - gnutls_anon_free_client_credentials(anoncred); - } - + ClientConnection() : daemon(0) {} + void connect(const IPAddress &address, bool daemon0 = false) throw(ConnectionException); }; diff --git a/src/Net/Connection.cpp b/src/Net/Connection.cpp index 5d221fb..ac3121d 100644 --- a/src/Net/Connection.cpp +++ b/src/Net/Connection.cpp @@ -22,6 +22,8 @@ #include #include +#include + namespace Mad { namespace Net { @@ -34,6 +36,8 @@ void Connection::doHandshake() { if(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) return; + std::cerr << "Handshake error: " << gnutls_strerror(ret) << std::endl; + // TODO: Error doDisconnect(); return; diff --git a/src/Net/Connection.h b/src/Net/Connection.h index 0949ec4..21e8444 100644 --- a/src/Net/Connection.h +++ b/src/Net/Connection.h @@ -98,6 +98,7 @@ class Connection { int sock; gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; IPAddress *peer; @@ -128,6 +129,8 @@ class Connection { Connection() : state(DISCONNECTED), peer(0) { transR.length = transR.transmitted = 0; transR.data = 0; + + gnutls_certificate_allocate_credentials(&x509_cred); } virtual ~Connection() { @@ -141,6 +144,8 @@ class Connection { delete [] transS.front().data; transS.pop(); } + + gnutls_certificate_free_credentials(x509_cred); } bool isConnected() const {return (state != DISCONNECTED);} diff --git a/src/Net/Listener.cpp b/src/Net/Listener.cpp index 3b2e3d6..892d057 100644 --- a/src/Net/Listener.cpp +++ b/src/Net/Listener.cpp @@ -28,8 +28,8 @@ namespace Mad { namespace Net { -Listener::Listener(const IPAddress &address0) throw(ConnectionException) -: address(address0) { +Listener::Listener(const std::string &x905CertFile0, const std::string &x905KeyFile0, const IPAddress &address0) throw(ConnectionException) +: x905CertFile(x905CertFile0), x905KeyFile(x905KeyFile0), address(address0) { gnutls_dh_params_init(&dh_params); gnutls_dh_params_generate2(dh_params, 768); @@ -99,7 +99,7 @@ ServerConnection* Listener::getConnection(const std::map &poll while((sd = accept(sock, reinterpret_cast(&sa), &addrlen)) >= 0) { - connections.push_back(new ServerConnection(sd, IPAddress(sa), dh_params)); + connections.push_back(new ServerConnection(sd, IPAddress(sa), dh_params, x905CertFile, x905KeyFile)); addrlen = sizeof(sa); } diff --git a/src/Net/Listener.h b/src/Net/Listener.h index 81260ed..63e12c6 100644 --- a/src/Net/Listener.h +++ b/src/Net/Listener.h @@ -27,6 +27,7 @@ #include #include #include +#include namespace Mad { namespace Net { @@ -35,6 +36,7 @@ class ServerConnection; class Listener { private: + std::string x905CertFile, x905KeyFile; IPAddress address; int sock; @@ -47,7 +49,7 @@ class Listener { Listener& operator=(const Listener &o); public: - Listener(const IPAddress &address0 = IPAddress()) throw(ConnectionException); + Listener(const std::string &x905CertFile0, const std::string &x905KeyFile0, const IPAddress &address0 = IPAddress()) throw(ConnectionException); virtual ~Listener(); std::vector getPollfds() const; diff --git a/src/Net/ServerConnection.cpp b/src/Net/ServerConnection.cpp index c011f66..0c35991 100644 --- a/src/Net/ServerConnection.cpp +++ b/src/Net/ServerConnection.cpp @@ -57,26 +57,18 @@ void ServerConnection::connectionHeaderReceiveHandler(const void *data, unsigned enterReceiveLoop(); } -ServerConnection::ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params) +ServerConnection::ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params, const std::string &x905CertFile, const std::string &x905KeyFile) : daemon(false) { sock = sock0; - gnutls_anon_allocate_server_credentials(&anoncred); - - - gnutls_anon_set_server_dh_params(anoncred, dh_params); - peer = new IPAddress(address); - gnutls_init(&session, GNUTLS_SERVER); + gnutls_certificate_set_dh_params(x509_cred, dh_params); + gnutls_certificate_set_x509_key_file(x509_cred, x905CertFile.c_str(), x905KeyFile.c_str(), GNUTLS_X509_FMT_PEM); + gnutls_init(&session, GNUTLS_SERVER); gnutls_set_default_priority(session); - - const int kx_list[] = {GNUTLS_KX_ANON_DH, 0}; - gnutls_kx_set_priority(session, kx_list); - - gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); - + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_ptr(session, reinterpret_cast(sock)); handshake(); diff --git a/src/Net/ServerConnection.h b/src/Net/ServerConnection.h index ff88ad3..9a4d86b 100644 --- a/src/Net/ServerConnection.h +++ b/src/Net/ServerConnection.h @@ -31,28 +31,24 @@ class Listener; class ServerConnection : public Connection { friend class Listener; - + private: IPAddress *peer; - + bool daemon; - + gnutls_anon_server_credentials_t anoncred; - + void connectionHeaderReceiveHandler(const void *data, unsigned long length); - + protected: - ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params); - + ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params, const std::string &x905certFile, const std::string &x905keyFile); + virtual void connectionHeader() { rawReceive(sizeof(ConnectionHeader), sigc::mem_fun(this, &ServerConnection::connectionHeaderReceiveHandler)); } - + public: - virtual ~ServerConnection() { - gnutls_anon_free_server_credentials(anoncred); - } - bool isDaemonConnection() const {return daemon;} }; diff --git a/src/mad-core.conf b/src/mad-core.conf index 9a03e00..9eda7c3 100644 --- a/src/mad-core.conf +++ b/src/mad-core.conf @@ -2,6 +2,12 @@ ConfigMethod Mysql Listen * + +X509TrustFile ../Cert/ca-cert.pem +#X509CrlFile ../Cert/crl.pem +X509CertFile ../Cert/cert.pem +X509KeyFile ../Cert/key.pem + Daemon ic01 { IpAddress 192.168.2.11 } diff --git a/src/mad-core.cpp b/src/mad-core.cpp index d78ec3e..0bbee97 100644 --- a/src/mad-core.cpp +++ b/src/mad-core.cpp @@ -33,7 +33,7 @@ int main() { Mad::Net::Connection::init(); - Mad::Core::ConnectionManager *connectionManager = new Mad::Core::ConnectionManager(configManager.getListenerAddresses()); + Mad::Core::ConnectionManager *connectionManager = new Mad::Core::ConnectionManager(configManager); while(true) { if(connectionManager->wait(10000)) diff --git a/src/madc.cpp b/src/madc.cpp index e4a36a4..f08be77 100644 --- a/src/madc.cpp +++ b/src/madc.cpp @@ -23,6 +23,7 @@ #include "Common/RequestManager.h" #include "Common/Request/CertificateRequest.h" #include "Common/Request/DisconnectRequest.h" +#include "Common/Request/IdentifyRequest.h" #include int main() { @@ -43,6 +44,7 @@ int main() { requestManager.registerConnection(connection); + Mad::Common::Request::IdentifyRequest::send(connection, requestManager, "localhost"); Mad::Common::Request::CertificateRequest::send(connection, requestManager, "host"); Mad::Common::Request::DisconnectRequest::send(connection, requestManager); -- cgit v1.2.3