1 /* 2 * Sigma Control API DUT (server) 3 * Copyright (c) 2014, Qualcomm Atheros, Inc. 4 * Copyright (c) 2018, The Linux Foundation 5 * All Rights Reserved. 6 * Licensed under the Clear BSD license. See README for more details. 7 */ 8 9 #include "sigma_dut.h" 10 #include <sqlite3.h> 11 12 #ifndef SERVER_DB 13 #define SERVER_DB "/home/user/hs20-server/AS/DB/eap_user.db" 14 #endif /* SERVER_DB */ 15 16 #ifndef CERT_DIR 17 #define CERT_DIR "/home/user/hs20-server/certs" 18 #endif /* CERT_DIR */ 19 20 21 static int cmd_server_ca_get_version(struct sigma_dut *dut, 22 struct sigma_conn *conn, 23 struct sigma_cmd *cmd) 24 { 25 send_resp(dut, conn, SIGMA_COMPLETE, "version,1.0"); 26 return 0; 27 } 28 29 30 static int cmd_server_get_info(struct sigma_dut *dut, 31 struct sigma_conn *conn, 32 struct sigma_cmd *cmd) 33 { 34 send_resp(dut, conn, SIGMA_COMPLETE, "vendor,OSU,model,OS,version,1.0"); 35 return 0; 36 } 37 38 39 static int server_reset_user(struct sigma_dut *dut, const char *user) 40 { 41 sqlite3 *db; 42 int res = -1; 43 char *sql = NULL; 44 const char *realm = "wi-fi.org"; 45 const char *methods = "TTLS-MSCHAPV2"; 46 const char *password = "ChangeMe"; 47 int phase2 = 1; 48 int machine_managed = 1; 49 const char *remediation = ""; 50 int fetch_pps = 0; 51 const char *osu_user = NULL; 52 const char *osu_password = NULL; 53 54 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s", user); 55 56 if (sqlite3_open(SERVER_DB, &db)) { 57 sigma_dut_print(dut, DUT_MSG_ERROR, 58 "Failed to open SQLite database %s", 59 SERVER_DB); 60 return -1; 61 } 62 63 if (strcmp(user, "test01") == 0) { 64 remediation = "machine"; 65 } else if (strcmp(user, "test02") == 0) { 66 remediation = "user"; 67 machine_managed = 0; 68 } else if (strcmp(user, "test03") == 0) { 69 /* UpdateInterval-based client trigger for policy update */ 70 } else if (strcmp(user, "test04") == 0) { 71 } else if (strcmp(user, "test05") == 0) { 72 } else if (strcmp(user, "test06") == 0) { 73 realm = "example.com"; 74 } else if (strcmp(user, "test07") == 0) { 75 } else if (strcmp(user, "test08") == 0) { 76 remediation = "machine"; 77 osu_user = "testdmacc08"; 78 osu_password = "P@ssw0rd"; 79 } else if (strcmp(user, "test09") == 0) { 80 /* UpdateInterval-based client trigger for policy update */ 81 } else if (strcmp(user, "test10") == 0) { 82 remediation = "machine"; 83 methods = "TLS"; 84 } else if (strcmp(user, "test11") == 0) { 85 } else if (strcmp(user, "test12") == 0) { 86 remediation = "user"; 87 methods = "TLS"; 88 } else if (strcmp(user, "test20") == 0) { 89 } else if (strcmp(user, "test26") == 0) { 90 /* TODO: Cred01 with username/password? */ 91 user = "1310026000000001"; 92 methods = "SIM"; 93 } else if (strcmp(user, "test30") == 0) { 94 osu_user = "testdmacc30"; 95 osu_password = "P@ssw0rd"; 96 } else if (strcmp(user, "test31") == 0) { 97 osu_user = "testdmacc31"; 98 osu_password = "P@ssw0rd"; 99 } else if (strcmp(user, "test32") == 0) { 100 osu_user = "testdmacc32"; 101 osu_password = "P@ssw0rd"; 102 } else if (strcmp(user, "test33") == 0) { 103 osu_user = "testdmacc33"; 104 osu_password = "P@ssw0rd"; 105 } else if (strcmp(user, "test34") == 0) { 106 osu_user = "testdmacc34"; 107 osu_password = "P@ssw0rd"; 108 } else if (strcmp(user, "test35") == 0) { 109 osu_user = "testdmacc35"; 110 osu_password = "P@ssw0rd"; 111 } else if (strcmp(user, "test36") == 0) { 112 } else if (strcmp(user, "test37") == 0) { 113 osu_user = "testdmacc37"; 114 osu_password = "P@ssw0rd"; 115 } else { 116 sigma_dut_print(dut, DUT_MSG_INFO, "Unsupported username '%s'", 117 user); 118 goto fail; 119 } 120 121 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,password,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password) VALUES (%Q,%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q)", 122 user, realm, methods, password, 123 phase2, machine_managed, remediation, fetch_pps, 124 osu_user, osu_password); 125 126 if (!sql) 127 goto fail; 128 129 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); 130 131 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { 132 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s", 133 sqlite3_errmsg(db)); 134 } else { 135 res = 0; 136 } 137 138 sqlite3_free(sql); 139 140 fail: 141 sqlite3_close(db); 142 143 return res; 144 } 145 146 147 static int server_reset_cert_enroll(struct sigma_dut *dut, const char *addr) 148 { 149 sqlite3 *db; 150 char *sql; 151 152 sigma_dut_print(dut, DUT_MSG_DEBUG, 153 "Reset certificate enrollment status for %s", addr); 154 155 if (sqlite3_open(SERVER_DB, &db)) { 156 sigma_dut_print(dut, DUT_MSG_ERROR, 157 "Failed to open SQLite database %s", 158 SERVER_DB); 159 return -1; 160 } 161 sql = sqlite3_mprintf("DELETE FROM cert_enroll WHERE mac_addr=%Q", 162 addr); 163 if (!sql) { 164 sqlite3_close(db); 165 return -1; 166 } 167 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); 168 169 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { 170 sigma_dut_print(dut, DUT_MSG_ERROR, 171 "SQL operation failed: %s", 172 sqlite3_errmsg(db)); 173 sqlite3_free(sql); 174 sqlite3_close(db); 175 return -1; 176 } 177 178 sqlite3_free(sql); 179 sqlite3_close(db); 180 181 return 0; 182 } 183 184 185 static int cmd_server_reset_default(struct sigma_dut *dut, 186 struct sigma_conn *conn, 187 struct sigma_cmd *cmd) 188 { 189 const char *var; 190 enum sigma_program prog; 191 192 var = get_param(cmd, "Program"); 193 if (!var) { 194 send_resp(dut, conn, SIGMA_ERROR, 195 "errorCode,Missing program parameter"); 196 return 0; 197 } 198 199 prog = sigma_program_to_enum(var); 200 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3) { 201 send_resp(dut, conn, SIGMA_ERROR, 202 "errorCode,Unsupported program"); 203 return 0; 204 } 205 206 var = get_param(cmd, "UserName"); 207 if (var && server_reset_user(dut, var) < 0) { 208 send_resp(dut, conn, SIGMA_ERROR, 209 "errorCode,Failed to reset user account to defaults"); 210 return 0; 211 } 212 213 var = get_param(cmd, "SerialNo"); 214 if (var) { 215 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset serial number %s", 216 var); 217 /* TODO */ 218 } 219 220 var = get_param(cmd, "ClientMACAddr"); 221 if (var && server_reset_cert_enroll(dut, var) < 0) { 222 send_resp(dut, conn, SIGMA_ERROR, 223 "errorCode,Failed to reset cert enroll to defaults"); 224 return 0; 225 } 226 227 return 1; 228 } 229 230 231 static int get_last_msk_cb(void *ctx, int argc, char *argv[], char *col[]) 232 { 233 char **last_msk = ctx; 234 235 if (argc < 1 || !argv[0]) 236 return 0; 237 238 free(*last_msk); 239 *last_msk = strdup(argv[0]); 240 241 return 0; 242 } 243 244 245 static char * get_last_msk(struct sigma_dut *dut, sqlite3 *db, 246 const char *username) 247 { 248 char *sql, *last_msk = NULL; 249 250 sql = sqlite3_mprintf("SELECT last_msk FROM users WHERE identity=%Q", 251 username); 252 if (!sql) 253 return NULL; 254 255 if (sqlite3_exec(db, sql, get_last_msk_cb, &last_msk, NULL) != 256 SQLITE_OK) { 257 sigma_dut_print(dut, DUT_MSG_ERROR, 258 "SQL operation to fetch last_msk failed: %s", 259 sqlite3_errmsg(db)); 260 sqlite3_free(sql); 261 return NULL; 262 } 263 264 sqlite3_free(sql); 265 266 return last_msk; 267 } 268 269 270 static int aaa_auth_status(struct sigma_dut *dut, struct sigma_conn *conn, 271 struct sigma_cmd *cmd, const char *username, 272 int timeout) 273 { 274 sqlite3 *db; 275 char *sql = NULL; 276 int i; 277 char resp[500]; 278 279 if (sqlite3_open(SERVER_DB, &db)) { 280 sigma_dut_print(dut, DUT_MSG_ERROR, 281 "Failed to open SQLite database %s", 282 SERVER_DB); 283 return -1; 284 } 285 286 sql = sqlite3_mprintf("UPDATE users SET last_msk=NULL WHERE identity=%Q", 287 username); 288 if (!sql) { 289 sqlite3_close(db); 290 return -1; 291 } 292 293 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { 294 sigma_dut_print(dut, DUT_MSG_ERROR, 295 "SQL operation to clear last_msk failed: %s", 296 sqlite3_errmsg(db)); 297 sqlite3_free(sql); 298 sqlite3_close(db); 299 return -1; 300 } 301 302 sqlite3_free(sql); 303 304 if (sqlite3_changes(db) < 1) { 305 sigma_dut_print(dut, DUT_MSG_ERROR, 306 "No DB rows modified (specified user not found)"); 307 sqlite3_close(db); 308 return -1; 309 } 310 311 snprintf(resp, sizeof(resp), "AuthStatus,TIMEOUT,MSK,NULL"); 312 313 for (i = 0; i < timeout; i++) { 314 char *last_msk; 315 316 last_msk = get_last_msk(dut, db, username); 317 if (last_msk) { 318 if (strcmp(last_msk, "FAIL") == 0) { 319 snprintf(resp, sizeof(resp), 320 "AuthStatus,FAIL,MSK,NULL"); 321 } else { 322 snprintf(resp, sizeof(resp), 323 "AuthStatus,SUCCESS,MSK,%s", last_msk); 324 } 325 free(last_msk); 326 break; 327 } 328 sleep(1); 329 } 330 331 sqlite3_close(db); 332 333 send_resp(dut, conn, SIGMA_COMPLETE, resp); 334 return 0; 335 } 336 337 338 static int get_last_serial_cb(void *ctx, int argc, char *argv[], char *col[]) 339 { 340 char **last_serial = ctx; 341 342 if (argc < 1 || !argv[0]) 343 return 0; 344 345 free(*last_serial); 346 *last_serial = strdup(argv[0]); 347 348 return 0; 349 } 350 351 352 static char * get_last_serial(struct sigma_dut *dut, sqlite3 *db, 353 const char *addr) 354 { 355 char *sql, *last_serial = NULL; 356 357 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll WHERE mac_addr=%Q", 358 addr); 359 if (!sql) 360 return NULL; 361 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); 362 363 if (sqlite3_exec(db, sql, get_last_serial_cb, &last_serial, NULL) != 364 SQLITE_OK) { 365 sigma_dut_print(dut, DUT_MSG_ERROR, 366 "SQL operation to fetch last_serial failed: %s", 367 sqlite3_errmsg(db)); 368 sqlite3_free(sql); 369 return NULL; 370 } 371 372 sqlite3_free(sql); 373 374 return last_serial; 375 } 376 377 378 static int osu_cert_enroll_status(struct sigma_dut *dut, 379 struct sigma_conn *conn, 380 struct sigma_cmd *cmd, const char *addr, 381 int timeout) 382 { 383 sqlite3 *db; 384 int i; 385 char resp[500]; 386 387 if (sqlite3_open(SERVER_DB, &db)) { 388 sigma_dut_print(dut, DUT_MSG_ERROR, 389 "Failed to open SQLite database %s", 390 SERVER_DB); 391 return -1; 392 } 393 394 snprintf(resp, sizeof(resp), "OSUStatus,TIMEOUT"); 395 396 for (i = 0; i < timeout; i++) { 397 char *last_serial; 398 399 last_serial = get_last_serial(dut, db, addr); 400 if (last_serial) { 401 if (strcmp(last_serial, "FAIL") == 0) { 402 snprintf(resp, sizeof(resp), 403 "OSUStatus,FAIL"); 404 } else if (strlen(last_serial) > 0) { 405 snprintf(resp, sizeof(resp), 406 "OSUStatus,SUCCESS,SerialNo,%s", 407 last_serial); 408 } 409 free(last_serial); 410 break; 411 } 412 sleep(1); 413 } 414 415 sqlite3_close(db); 416 417 send_resp(dut, conn, SIGMA_COMPLETE, resp); 418 return 0; 419 } 420 421 422 static int cmd_server_request_status(struct sigma_dut *dut, 423 struct sigma_conn *conn, 424 struct sigma_cmd *cmd) 425 { 426 const char *var, *username, *serialno, *imsi, *addr, *status; 427 int osu, timeout; 428 char resp[500]; 429 enum sigma_program prog; 430 431 var = get_param(cmd, "Program"); 432 if (!var) { 433 send_resp(dut, conn, SIGMA_ERROR, 434 "errorCode,Missing program parameter"); 435 return 0; 436 } 437 438 prog = sigma_program_to_enum(var); 439 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3) { 440 send_resp(dut, conn, SIGMA_ERROR, 441 "errorCode,Unsupported program"); 442 return 0; 443 } 444 445 var = get_param(cmd, "Device"); 446 if (!var || 447 (strcasecmp(var, "AAAServer") != 0 && 448 strcasecmp(var, "OSUServer") != 0)) { 449 send_resp(dut, conn, SIGMA_ERROR, 450 "errorCode,Unsupported device type"); 451 return 0; 452 } 453 osu = strcasecmp(var, "OSUServer") == 0; 454 455 var = get_param(cmd, "Timeout"); 456 if (!var) { 457 send_resp(dut, conn, SIGMA_ERROR, 458 "errorCode,Missing timeout"); 459 return 0; 460 } 461 timeout = atoi(var); 462 sigma_dut_print(dut, DUT_MSG_DEBUG, "timeout: %d", timeout); 463 464 username = get_param(cmd, "UserName"); 465 if (username) 466 sigma_dut_print(dut, DUT_MSG_DEBUG, "UserName: %s", username); 467 serialno = get_param(cmd, "SerialNo"); 468 if (serialno) 469 sigma_dut_print(dut, DUT_MSG_DEBUG, "SerialNo: %s", serialno); 470 imsi = get_param(cmd, "imsi_val"); 471 if (imsi) 472 sigma_dut_print(dut, DUT_MSG_DEBUG, "imsi_val: %s", imsi); 473 addr = get_param(cmd, "ClientMACAddr"); 474 if (addr) 475 sigma_dut_print(dut, DUT_MSG_DEBUG, "ClientMACAddr: %s", addr); 476 status = get_param(cmd, "Status"); 477 if (status) 478 sigma_dut_print(dut, DUT_MSG_DEBUG, "Status: %s", status); 479 480 if (osu && status && strcasecmp(status, "Remediation") == 0) { 481 /* TODO */ 482 sleep(1); 483 snprintf(resp, sizeof(resp), 484 "RemediationStatus,Remediation Complete"); 485 send_resp(dut, conn, SIGMA_COMPLETE, resp); 486 return 0; 487 } 488 489 if (!osu && status && strcasecmp(status, "Authentication") == 0 && 490 username) 491 return aaa_auth_status(dut, conn, cmd, username, timeout); 492 493 if (!osu && status && strcasecmp(status, "Authentication") == 0 && 494 serialno) { 495 snprintf(resp, sizeof(resp), "cert-%s", serialno); 496 return aaa_auth_status(dut, conn, cmd, resp, timeout); 497 } 498 499 if (osu && status && strcasecmp(status, "OSU") == 0 && addr) 500 return osu_cert_enroll_status(dut, conn, cmd, addr, timeout); 501 502 return 1; 503 } 504 505 506 static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial, 507 int enable) 508 { 509 sqlite3 *db; 510 char *sql; 511 char id[100]; 512 int ret = -1; 513 514 if (sqlite3_open(SERVER_DB, &db)) { 515 sigma_dut_print(dut, DUT_MSG_ERROR, 516 "Failed to open SQLite database %s", 517 SERVER_DB); 518 return -1; 519 } 520 521 snprintf(id, sizeof(id), "cert-%s", serial); 522 sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)", 523 enable ? "machine" : "", id); 524 if (!sql) 525 goto fail; 526 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); 527 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { 528 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s", 529 sqlite3_errmsg(db)); 530 goto fail; 531 } 532 533 if (sqlite3_changes(db) < 1) { 534 sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)"); 535 goto fail; 536 } 537 538 ret = 0; 539 fail: 540 sqlite3_close(db); 541 542 return ret; 543 } 544 545 546 static int cmd_server_set_parameter(struct sigma_dut *dut, 547 struct sigma_conn *conn, 548 struct sigma_cmd *cmd) 549 { 550 const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name; 551 const char *reenroll, *serial; 552 int osu, timeout = -1; 553 enum sigma_program prog; 554 555 var = get_param(cmd, "Program"); 556 if (!var) { 557 send_resp(dut, conn, SIGMA_ERROR, 558 "errorCode,Missing program parameter"); 559 return 0; 560 } 561 562 prog = sigma_program_to_enum(var); 563 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3) { 564 send_resp(dut, conn, SIGMA_ERROR, 565 "errorCode,Unsupported program"); 566 return 0; 567 } 568 569 var = get_param(cmd, "Device"); 570 if (!var || 571 (strcasecmp(var, "AAAServer") != 0 && 572 strcasecmp(var, "OSUServer") != 0)) { 573 send_resp(dut, conn, SIGMA_ERROR, 574 "errorCode,Unsupported device type"); 575 return 0; 576 } 577 osu = strcasecmp(var, "OSUServer") == 0; 578 579 var = get_param(cmd, "Timeout"); 580 if (var) 581 timeout = atoi(var); 582 583 var = get_param(cmd, "ProvisioningProto"); 584 if (var && strcasecmp(var, "SOAP") != 0) { 585 send_resp(dut, conn, SIGMA_ERROR, 586 "errorCode,Unsupported ProvisioningProto"); 587 return 0; 588 } 589 590 reenroll = get_param(cmd, "CertReEnroll"); 591 serial = get_param(cmd, "SerialNo"); 592 if (reenroll && serial) { 593 int enable; 594 595 if (strcasecmp(reenroll, "Enable") == 0) { 596 enable = 1; 597 } else if (strcasecmp(reenroll, "Disable") == 0) { 598 enable = 0; 599 } else { 600 send_resp(dut, conn, SIGMA_ERROR, 601 "errorCode,Invalid CertReEnroll value"); 602 return 0; 603 } 604 605 if (osu_set_cert_reenroll(dut, serial, enable) < 0) { 606 send_resp(dut, conn, SIGMA_ERROR, 607 "errorCode,Failed to update certificate reenrollment state"); 608 return 0; 609 } 610 } 611 612 name = get_param(cmd, "Name"); 613 root_ca = get_param(cmd, "TrustRootCACert"); 614 inter_ca = get_param(cmd, "InterCACert"); 615 osu_cert = get_param(cmd, "OSUServerCert"); 616 issuing_arch = get_param(cmd, "Issuing_Arch"); 617 618 if (timeout > -1) { 619 /* TODO */ 620 } 621 622 if (osu && name && root_ca && inter_ca && osu_cert && issuing_arch) { 623 const char *srv; 624 char buf[500]; 625 char buf2[500]; 626 int col; 627 628 sigma_dut_print(dut, DUT_MSG_DEBUG, 629 "Update server certificate setup"); 630 631 if (strcasecmp(name, "ruckus") == 0) { 632 srv = "RKS"; 633 } else if (strcasecmp(name, "aruba") == 0) { 634 srv = "ARU"; 635 } else { 636 send_resp(dut, conn, SIGMA_ERROR, 637 "errorCode,Unsupported Name value"); 638 return 0; 639 } 640 641 if (strcasecmp(issuing_arch, "col2") == 0) { 642 col = 2; 643 } else if (strcasecmp(issuing_arch, "col4") == 0) { 644 col = 4; 645 } else { 646 send_resp(dut, conn, SIGMA_ERROR, 647 "errorCode,Unsupported Issuing_Arch value"); 648 return 0; 649 } 650 651 if (strcasecmp(root_ca, "ID-T") == 0) { 652 sigma_dut_print(dut, DUT_MSG_DEBUG, 653 "OSU trust root: NetworkFX"); 654 if (system("cp " CERT_DIR "/IDT-cert-RootCA.pem " 655 CERT_DIR "/cacert.pem") < 0) 656 return -2; 657 } else if (strcasecmp(root_ca, "ID-Y") == 0) { 658 sigma_dut_print(dut, DUT_MSG_DEBUG, 659 "OSU trust root: NetworkFX"); 660 if (system("cp " CERT_DIR "/IDY-cert-RootCA.pem " 661 CERT_DIR "/cacert.pem") < 0) 662 return -2; 663 } else { 664 send_resp(dut, conn, SIGMA_ERROR, 665 "errorCode,Unsupported TrustRootCACert value"); 666 return 0; 667 } 668 669 if (strcasecmp(inter_ca, "ID-Z.2") == 0) { 670 sigma_dut_print(dut, DUT_MSG_DEBUG, 671 "OSU intermediate CA: NetworkFX (col2)"); 672 if (system("cat " CERT_DIR "/IDZ2-cert-InterCA.pem >> " 673 CERT_DIR "/cacert.pem") < 0) 674 return -2; 675 } else if (strcasecmp(inter_ca, "ID-Z.4") == 0) { 676 sigma_dut_print(dut, DUT_MSG_DEBUG, 677 "OSU intermediate CA: DigiCert (col2)"); 678 if (system("cat " CERT_DIR "/IDZ4-cert-InterCA.pem >> " 679 CERT_DIR "/cacert.pem") < 0) 680 return -2; 681 } else if (strcasecmp(inter_ca, "ID-Z.6") == 0) { 682 sigma_dut_print(dut, DUT_MSG_DEBUG, 683 "OSU intermediate CA: NetworkFX (col4)"); 684 if (system("cat " CERT_DIR "/IDZ6-cert-InterCA.pem >> " 685 CERT_DIR "/cacert.pem") < 0) 686 return -2; 687 } else if (strcasecmp(inter_ca, "ID-Z.8") == 0) { 688 sigma_dut_print(dut, DUT_MSG_DEBUG, 689 "OSU intermediate CA: DigiCert (col4)"); 690 if (system("cat " CERT_DIR "/IDZ8-cert-InterCA.pem >> " 691 CERT_DIR "/cacert.pem") < 0) 692 return -2; 693 } else { 694 send_resp(dut, conn, SIGMA_ERROR, 695 "errorCode,Unsupported InterCACert value"); 696 return 0; 697 } 698 699 if (strcasecmp(osu_cert, "ID-Q") == 0) { 700 sigma_dut_print(dut, DUT_MSG_DEBUG, 701 "OSU server cert: NetworkFX col%d", 702 col); 703 snprintf(buf, sizeof(buf), 704 "cp " CERT_DIR "/IDQ-cert-c%d-%s.pem " 705 CERT_DIR "/server.pem", 706 col, srv); 707 snprintf(buf2, sizeof(buf2), 708 "cp " CERT_DIR "/IDQ-key-%s.pem " 709 CERT_DIR "/server.key", srv); 710 } else if (strcasecmp(osu_cert, "ID-W") == 0) { 711 sigma_dut_print(dut, DUT_MSG_DEBUG, 712 "OSU server cert: DigiCert col%d", 713 col); 714 snprintf(buf, sizeof(buf), 715 "cp " CERT_DIR "/IDW-cert-c%d-%s.pem " 716 CERT_DIR "/server.pem", 717 col, srv); 718 snprintf(buf2, sizeof(buf2), 719 "cp " CERT_DIR "/IDW-key-%s.pem " 720 CERT_DIR "/server.key", srv); 721 } else if (strcasecmp(osu_cert, "ID-R.2") == 0) { 722 sigma_dut_print(dut, DUT_MSG_DEBUG, 723 "OSU server cert: NetworkFX revoked col%d", 724 col); 725 snprintf(buf, sizeof(buf), 726 "cp " CERT_DIR "/IDR2-cert-c%d-%s.pem " 727 CERT_DIR "/server.pem", 728 col, srv); 729 snprintf(buf2, sizeof(buf2), 730 "cp " CERT_DIR "/IDR2-key-%s.pem " 731 CERT_DIR "/server.key", srv); 732 } else if (strcasecmp(osu_cert, "ID-R.4") == 0) { 733 sigma_dut_print(dut, DUT_MSG_DEBUG, 734 "OSU server cert: DigiCert revoked col%d", 735 col); 736 snprintf(buf, sizeof(buf), 737 "cp " CERT_DIR "/IDR4-cert-c%d-%s.pem " 738 CERT_DIR "/server.pem", 739 col, srv); 740 snprintf(buf2, sizeof(buf2), 741 "cp " CERT_DIR "/IDR4-key-%s.pem " 742 CERT_DIR "/server.key", srv); 743 } else { 744 send_resp(dut, conn, SIGMA_ERROR, 745 "errorCode,Unsupported OSUServerCert value"); 746 return 0; 747 } 748 749 if (system(buf) < 0 || system(buf2) < 0) 750 return -2; 751 752 if (system("service apache2 reload") < 0) { 753 send_resp(dut, conn, SIGMA_ERROR, 754 "errorCode,Failed to restart Apache"); 755 return 0; 756 } 757 } 758 759 /* TODO */ 760 return 1; 761 } 762 763 764 void server_register_cmds(void) 765 { 766 sigma_dut_reg_cmd("server_ca_get_version", NULL, 767 cmd_server_ca_get_version); 768 sigma_dut_reg_cmd("server_get_info", NULL, 769 cmd_server_get_info); 770 sigma_dut_reg_cmd("server_reset_default", NULL, 771 cmd_server_reset_default); 772 sigma_dut_reg_cmd("server_request_status", NULL, 773 cmd_server_request_status); 774 sigma_dut_reg_cmd("server_set_parameter", NULL, 775 cmd_server_set_parameter); 776 } 777