testing networking features

mainframe/logic.py

@@ -69,7 +69,10 @@ def add_financing(db, title, value):
 def add_topup(db, user_id, value):
     __sql_execute(db, "INSERT INTO %stopups (value, user_id, datetime) VALUES (%%s, %%s, NOW());" % config.db_prefix, (value, user_id))
 
-def add_purchase(db, user_id, product_id):
+def add_purchase(db, user_id, product_id, code=None):
+    if code:
+        product_id = __sql_execute(db, "SELECT product_id FROM %spurchases WHERE code=%%s" % 
+                config.db_prefix, (code,))[0]['product_id']
     __sql_execute(db, "INSERT INTO %spurchases (product_id, user_id, datetime) VALUES (%%s, %%s, NOW());" % config.db_prefix, (product_id, user_id))
 
 def print_info(db):

mainframe/server.py

@@ -0,0 +1,39 @@
+import SocketServer
+import logic
+import config
+import ssl
+import socket
+
+class TerminalHandler(SocketServer.StreamRequestHandler):
+    def handle(self):
+        print '<'
+        try:
+            line = self.rfile.readline()
+            db = logic.sql_connect()
+            code, dn = line.split(' ')
+            print code, dn
+            logic.add_purchase(db, dn, None, code)
+            db.close()
+        except Exception as e:
+            self.server.errlog.write(str(e) + '\n')
+        finally:
+            print '>'
+
+# http://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-secure-communica/
+
+class MainframeServer(SocketServer.TCPServer):
+    def __init__(self, address, handler, cert_file, key_file, ca_cert, **kw):
+        SocketServer.BaseServer.__init__(self, address, handler, **kw)
+        self.socket = ssl.wrap_socket(socket.socket(self.address_family, self.socket_type),
+                keyfile=key_file, certfile=cert_file, server_side=True, cert_reqs=ssl.CERT_REQUIRED,
+                ca_certs=ca_cert, ssl_version=ssl.PROTOCOL_TLSv1)
+        self.allow_reuse_address = True
+        self.server_bind()
+        self.server_activate()
+
+if __name__ == '__main__':
+    from sys import stderr
+    server = MainframeServer((config.HOST, config.PORT), TerminalHandler,
+            config.cert_file, config.key_file, config.ca_cert)
+    server.errlog = stderr
+    server.serve_forever()

terminal/CMakeLists.txt

@@ -1,8 +1,8 @@
 project(hf-terminal)
 
-add_executable(hf-terminal main.c tts.c base64.c ldap.c nfc.c)
+add_executable(hf-terminal main.c tts.c base64.c ldap.c nfc.c network.c)
 add_executable(hash-one hash-one.c ldap.c)
-set(CMAKE_C_FLAGS "-std=c99 -g")
+set(CMAKE_C_FLAGS "-std=c99 -g -I/usr/local/include -L/usr/local/lib")
 
-target_link_libraries(hf-terminal nfc m ldap crypto)
+target_link_libraries(hf-terminal nfc m ldap crypto ssl)
 target_link_libraries(hash-one m crypto ldap)

terminal/network.c

@@ -0,0 +1,107 @@
+// heavily copypasted from http://www.rtfm.com/openssl-examples/
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <unistd.h>
+#include "config.h"
+size_t strnlen(const char *s, size_t maxlen);
+
+static char id_ctx[] = "hackfridge-ssl-context";
+int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata) {
+  strncpy(buf, userdata, size);
+  return strlen(userdata);
+}
+
+int initialize_ctx(const char* chainfile, const char* keyfile, const char* password, 
+    const char* ca_file, SSL_CTX** rctx)
+  {
+    const SSL_METHOD *meth;
+    SSL_CTX* ctx;
+    int result = 1;
+    
+    /* Create our context*/
+    meth=SSLv23_method();
+    ctx=SSL_CTX_new(meth);
+
+    /* Load our keys and certificates*/
+    result = SSL_CTX_use_certificate_chain_file(ctx, chainfile);
+    if(!result) goto exit;
+
+    SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb);
+    SSL_CTX_set_default_passwd_cb_userdata(ctx, (void*) password);
+    result = SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
+    if(!result) goto finalize;
+
+    /* Load the CAs we trust*/
+    result = SSL_CTX_load_verify_locations(ctx, ca_file,0);
+    if(!result) goto finalize;
+    goto exit;
+finalize:
+    SSL_CTX_free(ctx);
+exit:
+    *rctx = ctx;
+    return result;
+  }
+     
+int send_purchase(const char* host, int port, const char* code, const char* dn) {
+  SSL_CTX* ctx;
+  BIO* bio;
+  SSL* ssl;
+  int result, sock, conn;
+  char msg[200];
+  *msg = 0;
+  result = initialize_ctx(SSL_CERT, SSL_CERT_KEY, SSL_PASSWORD, CA_FILE, &ctx);
+  if(!result) return result; // :(
+  SSL_CTX_set_session_id_context(ctx, id_ctx, sizeof id_ctx);
+  
+  struct sockaddr_in addr;
+  memset(&addr, 0, sizeof(addr));
+  struct hostent *hp;
+  if(!(hp = gethostbyname(host))) {
+    result = -2;
+    goto finalize;
+  }
+  addr.sin_addr = *(struct in_addr*)hp->h_addr_list[0];
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(port);
+  sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+  result = -3;
+  if(sock < 0) goto finalize;
+  result = connect(sock, (struct sockaddr*) &addr, sizeof(addr));
+  if(result < 0) goto close_socket;
+
+  ssl = SSL_new(ctx);
+  bio = BIO_new_socket(sock, BIO_NOCLOSE);
+  if(!bio) {
+    result = -4;
+    goto free_ssl;
+  }
+  SSL_set_bio(ssl, bio, bio);
+  result = SSL_connect(ssl);
+  if(result < 0) goto free_ssl;
+
+  strncat(msg, code, 200);
+  strncat(msg, " ", 200);
+  strncat(msg, dn, 200);
+  strncat(msg, "\n", 200);
+  int pending = strnlen(msg, 200);
+  char* t_msg = msg;
+  while(pending > 0) {
+    result = SSL_write(ssl, t_msg, pending);
+    if(result == 0) result = SSL_get_error(ssl, result); // :(
+    if(result < 0) goto free_ssl;
+    pending -= result;
+    t_msg += result;
+  }
+  SSL_shutdown(ssl);
+free_ssl:
+  SSL_free(ssl);
+close_socket:
+  close(sock);
+finalize:
+  SSL_CTX_free(ctx);
+  return result;
+}

terminal/network.h

@@ -0,0 +1,6 @@
+#ifndef __HASHFRIDGE_NETWORK__
+#define __HASHFRIDGE_NETWORK__
+
+int send_purchase(const char* host, int port, const char* code, const char* dn);
+
+#endif