# $Id$
#
# Copyright (C) 2013--2014  Dragon Research Labs ("DRL")
# Portions copyright (C) 2011--2012  Internet Systems Consortium ("ISC")
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notices and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL
# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL DRL OR
# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.

"""
Common Django ORM field classes.

Many of these are complex ASN.1 DER objects stored as binaray data,
since the only sane text representation would just be the Base64
encoding of the DER and thus would add no value.
"""

import logging

from django.db import models

import rpki.x509
import rpki.sundial

logger = logging.getLogger(__name__)


class EnumField(models.PositiveSmallIntegerField):
    """
    An enumeration type that uses strings in Python and small integers
    in SQL.
    """

    description = "An enumeration type"

    def __init__(self, *args, **kwargs):
        if isinstance(kwargs.get("choices"), (tuple, list)) and isinstance(kwargs["choices"][0], (str, unicode)):
            kwargs["choices"] = tuple(enumerate(kwargs["choices"], 1))
        # Might need something here to handle string-valued default parameter
        models.PositiveSmallIntegerField.__init__(self, *args, **kwargs)
        self.enum_i2s = dict(self.flatchoices)
        self.enum_s2i = dict((v, k) for k, v in self.flatchoices)

    def from_db_value(self, value, expression, connection, context):
        return self.enum_i2s.get(value, value)

    def to_python(self, value):
        value = super(EnumField, self).to_python(value)
        return self.enum_i2s.get(value, value)

    def get_prep_value(self, value):
        return self.enum_s2i.get(value, value)


class SundialField(models.DateTimeField):
    """
    A field type for our customized datetime objects.
    """

    description = "A datetime type using our customized datetime objects"

    def from_db_value(self, value, expression, connection, context):
        return self.to_python(value)

    def to_python(self, value):
        if isinstance(value, rpki.sundial.pydatetime.datetime):
            return rpki.sundial.datetime.from_datetime(
                models.DateTimeField.to_python(self, value))
        else:
            return value

    def get_prep_value(self, value):
        if isinstance(value, rpki.sundial.datetime):
            return value.to_datetime()
        else:
            return value


class BlobField(models.Field):
    """
    Old BLOB field type, predating Django's BinaryField type.

    Do not use, this is only here for backwards compatabilty during migrations.
    """

    description   = "Raw BLOB type without ASN.1 encoding/decoding"

    def __init__(self, *args, **kwargs):
        self.blob_type = kwargs.pop("blob_type", None)
        kwargs["serialize"] = False
        kwargs["blank"] = True
        kwargs["default"] = None
        models.Field.__init__(self, *args, **kwargs)

    def deconstruct(self):
        name, path, args, kwargs = super(BlobField, self).deconstruct()
        del kwargs["serialize"]
        del kwargs["blank"]
        del kwargs["default"]
        return name, path, args, kwargs

    def db_type(self, connection):
        if self.blob_type is not None:
            return self.blob_type
        elif connection.settings_dict['ENGINE'] == "django.db.backends.mysql":
            return "LONGBLOB"
        elif connection.settings_dict['ENGINE'] == "django.db.backends.posgresql":
            return "bytea"
        else:
            return "BLOB"


# For reasons which now escape me, I had a few fields in the old
# hand-coded SQL which used MySQL type BINARY(20) to hold SKIs.
# Presumably this was so that I could then use those SKIs in indexes
# and searches, but apparently I never got around to that part.
#
# SKIs probably would be better stored as hex strings anyway, so not
# bothering with a separate binary type model for this.  Deal with
# this if and when it ever becomes an issue.


# DERField used to be a subclass of BlobField.  Try changing it to be
# a subclass of BinaryField instead, leave BlobField (for now) for
# backwards compatability during migrations,

class DERField(models.BinaryField):
    """
    Field class for DER objects, with automatic translation between
    ASN.1 and Python types.  This is an abstract class, concrete field
    classes are derived from it.
    """

    rpki_type = rpki.x509.DER_object

    def __init__(self, *args, **kwargs):
        kwargs["blank"] = True
        kwargs["default"] = None
        super(DERField, self).__init__(*args, **kwargs)

    def deconstruct(self):
        name, path, args, kwargs = super(DERField, self).deconstruct()
        del kwargs["blank"]
        del kwargs["default"]
        return name, path, args, kwargs

    def from_db_value(self, value, expression, connection, context):
        if value is not None:
            value = self.rpki_type(DER = str(value))
        return value

    def to_python(self, value):
        value = super(DERField, self).to_python(value)
        if value is not None and not isinstance(value, self.rpki_type):
            value = self.rpki_type(DER = str(value))
        return value

    def get_prep_value(self, value):
        if value is not None:
            value = value.get_DER()
        return super(DERField, self).get_prep_value(value)


class CertificateField(DERField):
    description = "X.509 certificate"
    rpki_type   = rpki.x509.X509

class RSAPrivateKeyField(DERField):
    description = "RSA keypair"
    rpki_type   = rpki.x509.RSA

KeyField = RSAPrivateKeyField

class PublicKeyField(DERField):
    description = "RSA keypair"
    rpki_type   = rpki.x509.PublicKey

class CRLField(DERField):
    description = "Certificate Revocation List"
    rpki_type   = rpki.x509.CRL

class PKCS10Field(DERField):
    description = "PKCS #10 certificate request"
    rpki_type   = rpki.x509.PKCS10

class ManifestField(DERField):
    description = "RPKI Manifest"
    rpki_type   = rpki.x509.SignedManifest

class ROAField(DERField):
    description = "ROA"
    rpki_type   = rpki.x509.ROA

class GhostbusterField(DERField):
    description = "Ghostbuster Record"
    rpki_type   = rpki.x509.Ghostbuster
'>112</a>
<a id='n113' href='#n113'>113</a>
<a id='n114' href='#n114'>114</a>
<a id='n115' href='#n115'>115</a>
<a id='n116' href='#n116'>116</a>
<a id='n117' href='#n117'>117</a>
<a id='n118' href='#n118'>118</a>
<a id='n119' href='#n119'>119</a>
<a id='n120' href='#n120'>120</a>
<a id='n121' href='#n121'>121</a>
<a id='n122' href='#n122'>122</a>
<a id='n123' href='#n123'>123</a>
<a id='n124' href='#n124'>124</a>
<a id='n125' href='#n125'>125</a>
<a id='n126' href='#n126'>126</a>
<a id='n127' href='#n127'>127</a>
<a id='n128' href='#n128'>128</a>
<a id='n129' href='#n129'>129</a>
<a id='n130' href='#n130'>130</a>
<a id='n131' href='#n131'>131</a>
<a id='n132' href='#n132'>132</a>
<a id='n133' href='#n133'>133</a>
<a id='n134' href='#n134'>134</a>
<a id='n135' href='#n135'>135</a>
<a id='n136' href='#n136'>136</a>
<a id='n137' href='#n137'>137</a>
<a id='n138' href='#n138'>138</a>
<a id='n139' href='#n139'>139</a>
<a id='n140' href='#n140'>140</a>
<a id='n141' href='#n141'>141</a>
<a id='n142' href='#n142'>142</a>
<a id='n143' href='#n143'>143</a>
<a id='n144' href='#n144'>144</a>
<a id='n145' href='#n145'>145</a>
<a id='n146' href='#n146'>146</a>
<a id='n147' href='#n147'>147</a>
<a id='n148' href='#n148'>148</a>
<a id='n149' href='#n149'>149</a>
<a id='n150' href='#n150'>150</a>
<a id='n151' href='#n151'>151</a>
<a id='n152' href='#n152'>152</a>
</pre></td>
<td class='lines'><pre><code><style>pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="cm">/* serv.cpp  -  Minimal ssleay server for Unix</span>
<span class="cm">   30.9.1996, Sampo Kellomaki &lt;sampo@iki.fi&gt; */</span>


<span class="cm">/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b</span>
<span class="cm">   Simplified to be even more minimal</span>
<span class="cm">   12/98 - 4/99 Wade Scholine &lt;wades@mail.cybg.com&gt; */</span>

<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;stdio.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;unistd.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;stdlib.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;memory.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;errno.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;sys/types.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;sys/socket.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;netinet/in.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;arpa/inet.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;netdb.h&gt;</span>

<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/rsa.h&gt;</span><span class="c1">       /* SSLeay stuff */</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/crypto.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/x509.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/pem.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/ssl.h&gt;</span>
<span class="cp">#include</span><span class="w"> </span><span class="cpf">&lt;openssl/err.h&gt;</span>


<span class="cm">/* define HOME to be dir for key and cert files... */</span>
<span class="cp">#define HOME &quot;./&quot;</span>
<span class="cm">/* Make these what you want for cert &amp; key files */</span>
<span class="cp">#define CERTF  HOME &quot;foo-cert.pem&quot;</span>
<span class="cp">#define KEYF  HOME  &quot;foo-cert.pem&quot;</span>


<span class="cp">#define CHK_NULL(x) if ((x)==NULL) exit (1)</span>
<span class="cp">#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }</span>
<span class="cp">#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }</span>

<span class="kt">void</span><span class="w"> </span><span class="nf">main</span><span class="w"> </span><span class="p">()</span>
<span class="p">{</span>
<span class="w">  </span><span class="kt">int</span><span class="w"> </span><span class="n">err</span><span class="p">;</span>
<span class="w">  </span><span class="kt">int</span><span class="w"> </span><span class="n">listen_sd</span><span class="p">;</span>
<span class="w">  </span><span class="kt">int</span><span class="w"> </span><span class="n">sd</span><span class="p">;</span>
<span class="w">  </span><span class="k">struct</span><span class="w"> </span><span class="nc">sockaddr_in</span><span class="w"> </span><span class="n">sa_serv</span><span class="p">;</span>
<span class="w">  </span><span class="k">struct</span><span class="w"> </span><span class="nc">sockaddr_in</span><span class="w"> </span><span class="n">sa_cli</span><span class="p">;</span>
<span class="w">  </span><span class="kt">size_t</span><span class="w"> </span><span class="n">client_len</span><span class="p">;</span>
<span class="w">  </span><span class="n">SSL_CTX</span><span class="o">*</span><span class="w"> </span><span class="n">ctx</span><span class="p">;</span>
<span class="w">  </span><span class="n">SSL</span><span class="o">*</span><span class="w">     </span><span class="n">ssl</span><span class="p">;</span>
<span class="w">  </span><span class="n">X509</span><span class="o">*</span><span class="w">    </span><span class="n">client_cert</span><span class="p">;</span>
<span class="w">  </span><span class="kt">char</span><span class="o">*</span><span class="w">    </span><span class="n">str</span><span class="p">;</span>
<span class="w">  </span><span class="kt">char</span><span class="w">     </span><span class="n">buf</span><span class="w"> </span><span class="p">[</span><span class="mi">4096</span><span class="p">];</span>
<span class="w">  </span><span class="n">SSL_METHOD</span><span class="w"> </span><span class="o">*</span><span class="n">meth</span><span class="p">;</span>
<span class="w">  </span>
<span class="w">  </span><span class="cm">/* SSL preliminaries. We keep the certificate and key with the context. */</span>

<span class="w">  </span><span class="n">SSL_load_error_strings</span><span class="p">();</span>
<span class="w">  </span><span class="n">SSLeay_add_ssl_algorithms</span><span class="p">();</span>
<span class="w">  </span><span class="n">meth</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSLv23_server_method</span><span class="p">();</span>
<span class="w">  </span><span class="n">ctx</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSL_CTX_new</span><span class="w"> </span><span class="p">(</span><span class="n">meth</span><span class="p">);</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">ctx</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="w">    </span><span class="n">exit</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span>
<span class="w">  </span><span class="p">}</span>
<span class="w">  </span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_CTX_use_certificate_file</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">CERTF</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_FILETYPE_PEM</span><span class="p">)</span><span class="w"> </span><span class="o">&lt;=</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="w">    </span><span class="n">exit</span><span class="p">(</span><span class="mi">3</span><span class="p">);</span>
<span class="w">  </span><span class="p">}</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">SSL_CTX_use_PrivateKey_file</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span><span class="w"> </span><span class="n">KEYF</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_FILETYPE_PEM</span><span class="p">)</span><span class="w"> </span><span class="o">&lt;=</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">ERR_print_errors_fp</span><span class="p">(</span><span class="n">stderr</span><span class="p">);</span>
<span class="w">    </span><span class="n">exit</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">SSL_CTX_check_private_key</span><span class="p">(</span><span class="n">ctx</span><span class="p">))</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span><span class="s">&quot;Private key does not match the certificate public key</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">);</span>
<span class="w">    </span><span class="n">exit</span><span class="p">(</span><span class="mi">5</span><span class="p">);</span>
<span class="w">  </span><span class="p">}</span>

<span class="w">  </span><span class="cm">/* ----------------------------------------------- */</span>
<span class="w">  </span><span class="cm">/* Prepare TCP socket for receiving connections */</span>

<span class="w">  </span><span class="n">listen_sd</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">socket</span><span class="w"> </span><span class="p">(</span><span class="n">AF_INET</span><span class="p">,</span><span class="w"> </span><span class="n">SOCK_STREAM</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span><span class="w">   </span><span class="n">CHK_ERR</span><span class="p">(</span><span class="n">listen_sd</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;socket&quot;</span><span class="p">);</span>
<span class="w">  </span>
<span class="w">  </span><span class="n">memset</span><span class="w"> </span><span class="p">(</span><span class="o">&amp;</span><span class="n">sa_serv</span><span class="p">,</span><span class="w"> </span><span class="sc">&#39;\0&#39;</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">sa_serv</span><span class="p">));</span>
<span class="w">  </span><span class="n">sa_serv</span><span class="p">.</span><span class="n">sin_family</span><span class="w">      </span><span class="o">=</span><span class="w"> </span><span class="n">AF_INET</span><span class="p">;</span>
<span class="w">  </span><span class="n">sa_serv</span><span class="p">.</span><span class="n">sin_addr</span><span class="p">.</span><span class="n">s_addr</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">INADDR_ANY</span><span class="p">;</span>
<span class="w">  </span><span class="n">sa_serv</span><span class="p">.</span><span class="n">sin_port</span><span class="w">        </span><span class="o">=</span><span class="w"> </span><span class="n">htons</span><span class="w"> </span><span class="p">(</span><span class="mi">1111</span><span class="p">);</span><span class="w">          </span><span class="cm">/* Server Port number */</span>
<span class="w">  </span>
<span class="w">  </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">bind</span><span class="p">(</span><span class="n">listen_sd</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="k">struct</span><span class="w"> </span><span class="nc">sockaddr</span><span class="o">*</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;</span><span class="n">sa_serv</span><span class="p">,</span>
<span class="w">	     </span><span class="k">sizeof</span><span class="w"> </span><span class="p">(</span><span class="n">sa_serv</span><span class="p">));</span><span class="w">                   </span><span class="n">CHK_ERR</span><span class="p">(</span><span class="n">err</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;bind&quot;</span><span class="p">);</span>
<span class="w">	     </span>
<span class="w">  </span><span class="cm">/* Receive a TCP connection. */</span>
<span class="w">	     </span>
<span class="w">  </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">listen</span><span class="w"> </span><span class="p">(</span><span class="n">listen_sd</span><span class="p">,</span><span class="w"> </span><span class="mi">5</span><span class="p">);</span><span class="w">                    </span><span class="n">CHK_ERR</span><span class="p">(</span><span class="n">err</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;listen&quot;</span><span class="p">);</span>
<span class="w">  </span>
<span class="w">  </span><span class="n">client_len</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">sa_cli</span><span class="p">);</span>
<span class="w">  </span><span class="n">sd</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">accept</span><span class="w"> </span><span class="p">(</span><span class="n">listen_sd</span><span class="p">,</span><span class="w"> </span><span class="p">(</span><span class="k">struct</span><span class="w"> </span><span class="nc">sockaddr</span><span class="o">*</span><span class="p">)</span><span class="w"> </span><span class="o">&amp;</span><span class="n">sa_cli</span><span class="p">,</span><span class="w"> </span><span class="o">&amp;</span><span class="n">client_len</span><span class="p">);</span>
<span class="w">  </span><span class="n">CHK_ERR</span><span class="p">(</span><span class="n">sd</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;accept&quot;</span><span class="p">);</span>
<span class="w">  </span><span class="n">close</span><span class="w"> </span><span class="p">(</span><span class="n">listen_sd</span><span class="p">);</span>

<span class="w">  </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;Connection from %lx, port %x</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span>
<span class="w">	  </span><span class="n">sa_cli</span><span class="p">.</span><span class="n">sin_addr</span><span class="p">.</span><span class="n">s_addr</span><span class="p">,</span><span class="w"> </span><span class="n">sa_cli</span><span class="p">.</span><span class="n">sin_port</span><span class="p">);</span>
<span class="w">  </span>
<span class="w">  </span><span class="cm">/* ----------------------------------------------- */</span>
<span class="w">  </span><span class="cm">/* TCP connection is ready. Do server side SSL. */</span>

<span class="w">  </span><span class="n">ssl</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSL_new</span><span class="w"> </span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span><span class="w">                           </span><span class="n">CHK_NULL</span><span class="p">(</span><span class="n">ssl</span><span class="p">);</span>
<span class="w">  </span><span class="n">SSL_set_fd</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">,</span><span class="w"> </span><span class="n">sd</span><span class="p">);</span>
<span class="w">  </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSL_accept</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">);</span><span class="w">                        </span><span class="n">CHK_SSL</span><span class="p">(</span><span class="n">err</span><span class="p">);</span>
<span class="w">  </span>
<span class="w">  </span><span class="cm">/* Get the cipher - opt */</span>
<span class="w">  </span>
<span class="w">  </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;SSL connection using %s</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">SSL_get_cipher</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">));</span>
<span class="w">  </span>
<span class="w">  </span><span class="cm">/* Get client&#39;s certificate (note: beware of dynamic allocation) - opt */</span>

<span class="w">  </span><span class="n">client_cert</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSL_get_peer_certificate</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">);</span>
<span class="w">  </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">client_cert</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="nb">NULL</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w">    </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;Client certificate:</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">);</span>
<span class="w">    </span>
<span class="w">    </span><span class="n">str</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">X509_NAME_oneline</span><span class="w"> </span><span class="p">(</span><span class="n">X509_get_subject_name</span><span class="w"> </span><span class="p">(</span><span class="n">client_cert</span><span class="p">),</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span>
<span class="w">    </span><span class="n">CHK_NULL</span><span class="p">(</span><span class="n">str</span><span class="p">);</span>
<span class="w">    </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;</span><span class="se">\t</span><span class="s"> subject: %s</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">str</span><span class="p">);</span>
<span class="w">    </span><span class="n">OPENSSL_free</span><span class="w"> </span><span class="p">(</span><span class="n">str</span><span class="p">);</span>
<span class="w">    </span>
<span class="w">    </span><span class="n">str</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">X509_NAME_oneline</span><span class="w"> </span><span class="p">(</span><span class="n">X509_get_issuer_name</span><span class="w">  </span><span class="p">(</span><span class="n">client_cert</span><span class="p">),</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="mi">0</span><span class="p">);</span>
<span class="w">    </span><span class="n">CHK_NULL</span><span class="p">(</span><span class="n">str</span><span class="p">);</span>
<span class="w">    </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;</span><span class="se">\t</span><span class="s"> issuer: %s</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">str</span><span class="p">);</span>
<span class="w">    </span><span class="n">OPENSSL_free</span><span class="w"> </span><span class="p">(</span><span class="n">str</span><span class="p">);</span>
<span class="w">    </span>
<span class="w">    </span><span class="cm">/* We could do all sorts of certificate verification stuff here before</span>
<span class="cm">       deallocating the certificate. */</span>
<span class="w">    </span>
<span class="w">    </span><span class="n">X509_free</span><span class="w"> </span><span class="p">(</span><span class="n">client_cert</span><span class="p">);</span>
<span class="w">  </span><span class="p">}</span><span class="w"> </span><span class="k">else</span>
<span class="w">    </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;Client does not have certificate.</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">);</span>

<span class="w">  </span><span class="cm">/* DATA EXCHANGE - Receive message and send reply. */</span>

<span class="w">  </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSL_read</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">,</span><span class="w"> </span><span class="n">buf</span><span class="p">,</span><span class="w"> </span><span class="k">sizeof</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">1</span><span class="p">);</span><span class="w">                   </span><span class="n">CHK_SSL</span><span class="p">(</span><span class="n">err</span><span class="p">);</span>
<span class="w">  </span><span class="n">buf</span><span class="p">[</span><span class="n">err</span><span class="p">]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sc">&#39;\0&#39;</span><span class="p">;</span>
<span class="w">  </span><span class="n">printf</span><span class="w"> </span><span class="p">(</span><span class="s">&quot;Got %d chars:&#39;%s&#39;</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">err</span><span class="p">,</span><span class="w"> </span><span class="n">buf</span><span class="p">);</span>
<span class="w">  </span>
<span class="w">  </span><span class="n">err</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSL_write</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;I hear you.&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">strlen</span><span class="p">(</span><span class="s">&quot;I hear you.&quot;</span><span class="p">));</span><span class="w">  </span><span class="n">CHK_SSL</span><span class="p">(</span><span class="n">err</span><span class="p">);</span>

<span class="w">  </span><span class="cm">/* Clean up. */</span>

<span class="w">  </span><span class="n">close</span><span class="w"> </span><span class="p">(</span><span class="n">sd</span><span class="p">);</span>
<span class="w">  </span><span class="n">SSL_free</span><span class="w"> </span><span class="p">(</span><span class="n">ssl</span><span class="p">);</span>
<span class="w">  </span><span class="n">SSL_CTX_free</span><span class="w"> </span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span>
<span class="p">}</span>
<span class="cm">/* EOF - serv.cpp */</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2025-05-13 14:16:04 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>