1 /*
2 * lws-minimal-secure-streams-staticpolicy
3 *
4 * Written in 2010-2021 by Andy Green <andy@warmcat.com>
5 *
6 * This file is made available under the Creative Commons CC0 1.0
7 * Universal Public Domain Dedication.
8 *
9 *
10 * This demonstrates a minimal http client using secure streams api.
11 *
12 * It visits https://warmcat.com/ and receives the html page there.
13 *
14 * This example is built two different ways from the same source... one includes
15 * the policy everything needed to fulfil the stream directly. The other -client
16 * variant has no policy itself and some other minor init changes, and connects
17 * to the -proxy example to actually get the connection done.
18 *
19 * In the -client build case, the example does not even init the tls libraries
20 * since the proxy part will take care of all that.
21 */
22
23 #include <libwebsockets.h>
24 #include <string.h>
25 #include <signal.h>
26
27 static int interrupted, bad = 1, force_cpd_fail_portal,
28 force_cpd_fail_no_internet;
29 static lws_state_notify_link_t nl;
30
31 /*
32 * This is example builds with a static policy autogenerated from a JSON
33 * policy...
34 */
35 #include "static-policy.h"
36
37
38 typedef struct myss {
39 struct lws_ss_handle *ss;
40 void *opaque_data;
41 /* ... application specific state ... */
42 lws_sorted_usec_list_t sul;
43 } myss_t;
44
45 static const char *canned_root_token_payload =
46 "grant_type=refresh_token"
47 "&refresh_token=Atzr|IwEBIJedGXjDqsU_vMxykqOMg"
48 "SHfYe3CPcedueWEMWSDMaDnEmiW8RlR1Kns7Cb4B-TOSnqp7ifVsY4BMY2B8tpHfO39XP"
49 "zfu9HapGjTR458IyHX44FE71pWJkGZ79uVBpljP4sazJuk8XS3Oe_yLnm_DIO6fU1nU3Y"
50 "0flYmsOiOAQE_gRk_pdlmEtHnpMA-9rLw3mkY5L89Ty9kUygBsiFaYatouROhbsTn8-jW"
51 "k1zZLUDpT6ICtBXSnrCIg0pUbZevPFhTwdXd6eX-u4rq0W-XaDvPWFO7au-iPb4Zk5eZE"
52 "iX6sissYrtNmuEXc2uHu7MnQO1hHCaTdIO2CANVumf-PHSD8xseamyh04sLV5JgFzY45S"
53 "KvKMajiUZuLkMokOx86rjC2Hdkx5DO7G-dbG1ufBDG-N79pFMSs7Ck5pc283IdLoJkCQc"
54 "AGvTX8o8I29QqkcGou-9TKhOJmpX8As94T61ok0UqqEKPJ7RhfQHHYdCtsdwxgvfVr9qI"
55 "xL_hDCcTho8opCVX-6QhJHl6SQFlTw13"
56 "&client_id="
57 "amzn1.application-oa2-client.4823334c434b4190a2b5a42c07938a2d";
58
59 /* secure streams payload interface */
60
61 static int
myss_rx(void * userobj,const uint8_t * buf,size_t len,int flags)62 myss_rx(void *userobj, const uint8_t *buf, size_t len, int flags)
63 {
64 // myss_t *m = (myss_t *)userobj;
65
66 lwsl_user("%s: len %d, flags: %d\n", __func__, (int)len, flags);
67 lwsl_hexdump_info(buf, len);
68
69 /*
70 * If we received the whole message, for our example it means
71 * we are done.
72 */
73 if (flags & LWSSS_FLAG_EOM) {
74 bad = 0;
75 interrupted = 1;
76 }
77
78 return 0;
79 }
80
81 static int
myss_tx(void * userobj,lws_ss_tx_ordinal_t ord,uint8_t * buf,size_t * len,int * flags)82 myss_tx(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len,
83 int *flags)
84 {
85 //myss_t *m = (myss_t *)userobj;
86
87 return 0;
88 }
89
90 static int
myss_state(void * userobj,void * sh,lws_ss_constate_t state,lws_ss_tx_ordinal_t ack)91 myss_state(void *userobj, void *sh, lws_ss_constate_t state,
92 lws_ss_tx_ordinal_t ack)
93 {
94 myss_t *m = (myss_t *)userobj;
95
96 lwsl_user("%s: %s, ord 0x%x\n", __func__, lws_ss_state_name(state),
97 (unsigned int)ack);
98
99 switch (state) {
100 case LWSSSCS_CREATING:
101 if (lws_ss_set_metadata(m->ss, "uptag", "myuptag123", 10))
102 lwsl_err("%s set metadata uptag failed\n", __func__);
103 if (lws_ss_set_metadata(m->ss, "ctype", "myctype", 7))
104 lwsl_err("%s set metadata ctype failed\n", __func__);
105 return lws_ss_client_connect(m->ss);
106
107 case LWSSSCS_ALL_RETRIES_FAILED:
108 /* if we're out of retries, we want to close the app and FAIL */
109 interrupted = 1;
110 break;
111 case LWSSSCS_QOS_ACK_REMOTE:
112 lwsl_notice("%s: LWSSSCS_QOS_ACK_REMOTE\n", __func__);
113 break;
114 default:
115 break;
116 }
117
118 return 0;
119 }
120
121 static int
app_system_state_nf(lws_state_manager_t * mgr,lws_state_notify_link_t * link,int current,int target)122 app_system_state_nf(lws_state_manager_t *mgr, lws_state_notify_link_t *link,
123 int current, int target)
124 {
125 struct lws_context *context = lws_system_context_from_system_mgr(mgr);
126 lws_system_blob_t *ab = lws_system_get_blob(context,
127 LWS_SYSBLOB_TYPE_AUTH, 1 /* AUTH_IDX_ROOT */);
128 size_t size;
129
130 /*
131 * For the things we care about, let's notice if we are trying to get
132 * past them when we haven't solved them yet, and make the system
133 * state wait while we trigger the dependent action.
134 */
135 switch (target) {
136
137 case LWS_SYSTATE_REGISTERED:
138 size = lws_system_blob_get_size(ab);
139 if (size)
140 break;
141
142 /* let's register our canned root token so auth can use it */
143 lws_system_blob_direct_set(ab,
144 (const uint8_t *)canned_root_token_payload,
145 strlen(canned_root_token_payload));
146 break;
147
148 case LWS_SYSTATE_OPERATIONAL:
149 if (current == LWS_SYSTATE_OPERATIONAL) {
150 lws_ss_info_t ssi;
151
152 /* We're making an outgoing secure stream ourselves */
153
154 memset(&ssi, 0, sizeof(ssi));
155 ssi.handle_offset = offsetof(myss_t, ss);
156 ssi.opaque_user_data_offset = offsetof(myss_t,
157 opaque_data);
158 ssi.rx = myss_rx;
159 ssi.tx = myss_tx;
160 ssi.state = myss_state;
161 ssi.user_alloc = sizeof(myss_t);
162 ssi.streamtype = "mintest";
163
164 if (lws_ss_create(context, 0, &ssi, NULL, NULL,
165 NULL, NULL)) {
166 lwsl_err("%s: failed to create secure stream\n",
167 __func__);
168 return -1;
169 }
170 }
171 break;
172 }
173
174 return 0;
175 }
176
177 static lws_state_notify_link_t * const app_notifier_list[] = {
178 &nl, NULL
179 };
180
181 static void
sigint_handler(int sig)182 sigint_handler(int sig)
183 {
184 interrupted = 1;
185 }
186
main(int argc,const char ** argv)187 int main(int argc, const char **argv)
188 {
189 struct lws_context_creation_info info;
190 struct lws_context *context;
191 int n = 0;
192
193 signal(SIGINT, sigint_handler);
194
195 memset(&info, 0, sizeof info);
196 lws_cmdline_option_handle_builtin(argc, argv, &info);
197
198 lwsl_user("LWS secure streams static policy test client [-d<verb>]\n");
199
200 /* these options are mutually exclusive if given */
201
202 if (lws_cmdline_option(argc, argv, "--force-portal"))
203 force_cpd_fail_portal = 1;
204
205 if (lws_cmdline_option(argc, argv, "--force-no-internet"))
206 force_cpd_fail_no_internet = 1;
207
208 info.fd_limit_per_thread = 1 + 6 + 1;
209 info.port = CONTEXT_PORT_NO_LISTEN;
210 #if defined(LWS_SS_USE_SSPC)
211 info.protocols = lws_sspc_protocols;
212 {
213 const char *p;
214
215 /* connect to ssproxy via UDS by default, else via
216 * tcp connection to this port */
217 if ((p = lws_cmdline_option(argc, argv, "-p")))
218 info.ss_proxy_port = atoi(p);
219
220 /* UDS "proxy.ss.lws" in abstract namespace, else this socket
221 * path; when -p given this can specify the network interface
222 * to bind to */
223 if ((p = lws_cmdline_option(argc, argv, "-i")))
224 info.ss_proxy_bind = p;
225
226 /* if -p given, -a specifies the proxy address to connect to */
227 if ((p = lws_cmdline_option(argc, argv, "-a")))
228 info.ss_proxy_address = p;
229 }
230 #else
231 info.pss_policies = &_ss_static_policy_entry;
232 info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS |
233 LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
234 #endif
235
236 /* integrate us with lws system state management when context created */
237
238 nl.name = "app";
239 nl.notify_cb = app_system_state_nf;
240 info.register_notifier_list = app_notifier_list;
241
242 /* create the context */
243
244 context = lws_create_context(&info);
245 if (!context) {
246 lwsl_err("lws init failed\n");
247 return 1;
248 }
249
250 /*
251 * Set the related lws_system blobs
252 *
253 * ...direct_set() sets a pointer, so the thing pointed to has to have
254 * a suitable lifetime, eg, something that already exists on the heap or
255 * a const string in .rodata like this
256 */
257
258 lws_system_blob_direct_set(lws_system_get_blob(context,
259 LWS_SYSBLOB_TYPE_DEVICE_SERIAL, 0),
260 (const uint8_t *)"SN12345678", 10);
261 lws_system_blob_direct_set(lws_system_get_blob(context,
262 LWS_SYSBLOB_TYPE_DEVICE_FW_VERSION, 0),
263 (const uint8_t *)"v0.01", 5);
264
265 /*
266 * ..._heap_append() appends to a buflist kind of arrangement on heap,
267 * just one block is fine, otherwise it will concatenate the fragments
268 * in the order they were appended (and take care of freeing them at
269 * context destroy time). ..._heap_empty() is also available to remove
270 * everything that was already allocated.
271 *
272 * Here we use _heap_append() just so it's tested as well as direct set.
273 */
274
275 lws_system_blob_heap_append(lws_system_get_blob(context,
276 LWS_SYSBLOB_TYPE_DEVICE_TYPE, 0),
277 (const uint8_t *)"spacerocket", 11);
278
279 /* the event loop */
280
281 while (n >= 0 && !interrupted)
282 n = lws_service(context, 0);
283
284 lws_context_destroy(context);
285
286 lwsl_user("Completed: %s\n", bad ? "failed" : "OK");
287
288 return bad;
289 }
290