friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzab6_5.4.0.1/xgskclient.htm

376 lines
17 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Establish a secure client with Global Secure ToolKit (GSKit) APIs" />
<meta name="abstract" content="This code sample provides an example of a client that uses the GSKit APIs." />
<meta name="description" content="This code sample provides an example of a client that uses the GSKit APIs." />
<meta name="DC.Relation" scheme="URI" content="x1ssl.htm" />
<meta name="DC.Relation" scheme="URI" content="cgskit.htm" />
<meta name="DC.Relation" scheme="URI" content="xgskserver.htm" />
<meta name="DC.Relation" scheme="URI" content="xgskserver.htm" />
<meta name="DC.Relation" scheme="URI" content="xgskasynch.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/socket.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/close.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/connec.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_environment_open.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_attribute_set_buffer.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_attribute_set_enum.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_environment_init.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_secure_soc_open.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_attribute_set_numeric_value.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_secure_soc_init.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_secure_soc_close.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_environment_close.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_secure_soc_write.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gskstartinit.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gskstartrecv.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsk_secure_soc_read.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2001, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2001, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="xgskclient" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Establish a secure client with Global Secure ToolKit (GSKit)
APIs</title>
</head>
<body id="xgskclient"><a name="xgskclient"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Establish a secure client with Global Secure ToolKit (GSKit)
APIs</h1>
<div><p>This code sample provides an example of a client that uses the
GSKit APIs. </p>
<div class="section"><p>The following graphic shows the function calls on a secure client
using the GSKit APIs:</p>
</div>
<div class="section"><p><br /><a name="xgskclient__gskclgraphic"><!-- --></a><img id="xgskclient__gskclgraphic" src="rzab6513.gif" alt="" /><br /></p>
</div>
<div class="section"><h4 class="sectiontitle">Socket flow of events: GSKit client</h4><p>This flow describes
the socket calls in the following sample application. Use this client example
with the GSKit server example and the Example: GSKit secure server with asynchronous
handshake.</p>
<ol><li>The <span class="apiname">gsk_environment_open()</span> function obtains a handle
to an SSL environment.</li>
<li>One or more calls to gsk_attribute_set_xxxxx() to set attributes of the
SSL environment. At a minimum, either a call to <span class="apiname">gsk_attribute_set_buffer()</span> to
set the GSK_OS400_APPLICATION_ID value or to set the GSK_KEYRING_FILE value.
Only one of these should be set. It is preferred that you use the GSK_OS400_APPLICATION_ID
value. Also ensure you set the type of application (client or server),
GSK_SESSION_TYPE, using <span class="apiname">gsk_attribute_set_enum()</span>.</li>
<li>A call to <span class="apiname">gsk_environment_init()</span> to initialize this
environment for SSL processing and to establish the SSL security information
for all SSL sessions that run using this environment.</li>
<li>The <span class="apiname">socket()</span> function creates a socket descriptor.
The client then issues the <span class="apiname">connect()</span> to connect to the
server application.</li>
<li>The <span class="apiname">gsk_secure_soc_open()</span> function obtains storage
for a secure session, sets default values for attributes, and returns a handle
that must be saved and used on secure session-related function calls. </li>
<li>The <span class="apiname">gsk_attribute_set_numeric_value()</span> function associates
a specific socket with this secure session.</li>
<li>The <span class="apiname">gsk_secure_soc_init()</span> function starts an asynchronous
negotiation of a secure session, using the attributes set for the SSL environment
and the secure session.</li>
<li>The <span class="apiname">gsk_secure_soc_write()</span> function writes data on
a secure session to the worker thread. <div class="note"><span class="notetitle">Note:</span> For the GSKit server example,
this function writes data to the worker thread where the <span class="apiname">gsk_secure_soc_startRecv()</span> function
is completed. In the asynchronous example, it writes to the completed <span class="apiname">gsk_secure_soc_startInit() </span>.</div>
</li>
<li>The <span class="apiname">gsk_secure_soc_read()</span> function receives a message
from the worker thread using the secure session.</li>
<li>The <span class="apiname">gsk_secure_soc_close()</span> function ends the secure
session.</li>
<li>The <span class="apiname">gsk_environment_close()</span> function closes the SSL
environment. </li>
<li>The <span class="apiname">close()</span> function ends the connection.</li>
</ol>
</div>
<div class="section"><div class="note"><span class="notetitle">Note:</span> By using the code examples, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
<pre>/* GSK Client Program using Application Id */
/* This program assumes that the application id is */
/* already registered and a certificate has been */
/* associated with the application id */
/* */
/* No parameters, some comments and many hardcoded */
/* values to keep it short and simple */
/* use following command to create bound program: */
/* CRTBNDC PGM(MYLIB/GSKCLIENT) */
/* SRCFILE(MYLIB/CSRC) */
/* SRCMBR(GSKCLIENT) */
#include &lt;stdio.h&gt;
#include &lt;sys/types.h&gt;
#include &lt;sys/socket.h&gt;
#include &lt;gskssl.h&gt;
#include &lt;netinet/in.h&gt;
#include &lt;arpa/inet.h&gt;
#include &lt;errno.h&gt;
#define TRUE 1
#define FALSE 0
void main(void)
{
gsk_handle my_env_handle=NULL; /* secure environment handle */
gsk_handle my_session_handle=NULL; /* secure session handle */
struct sockaddr_in address;
int buf_len, rc = 0, sd = -1;
int amtWritten, amtRead;
char buff1[1024];
char buff2[1024];
/* hardcoded IP address (change to make address were server program runs */
char addr[16] = "1.1.1.1";
/*********************************************/
/* Issue all of the command in a do/while */
/* loop so that clean up can happen at end */
/*********************************************/
do
{
/* open a gsk environment */
rc = errno = 0;
rc = gsk_environment_open(&amp;my_env_handle);
if (rc != GSK_OK)
{
printf("gsk_environment_open() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* set the Application ID to use */
rc = errno = 0;
rc = gsk_attribute_set_buffer(my_env_handle,
GSK_OS400_APPLICATION_ID,
"MY_CLIENT_APP",
13);
if (rc != GSK_OK)
{
printf("gsk_attribute_set_buffer() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* set this side as the client (this is the default */
rc = errno = 0;
rc = gsk_attribute_set_enum(my_env_handle,
GSK_SESSION_TYPE,
GSK_CLIENT_SESSION);
if (rc != GSK_OK)
{
printf("gsk_attribute_set_enum() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* by default SSL_V2, SSL_V3, and TLS_V1 are enabled */
/* We will disable SSL_V2 for this example. */
rc = errno = 0;
rc = gsk_attribute_set_enum(my_env_handle,
GSK_PROTOCOL_SSLV2,
GSK_PROTOCOL_SSLV2_OFF);
if (rc != GSK_OK)
{
printf("gsk_attribute_set_enum() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* set the cipher suite to use. By default our default list */
/* of ciphers is enabled. For this example we will just use one */
rc = errno = 0;
rc = gsk_attribute_set_buffer(my_env_handle,
GSK_V3_CIPHER_SPECS,
"05", /* SSL_RSA_WITH_RC4_128_SHA */
2);
if (rc != GSK_OK)
{
printf("gsk_attribute_set_buffer() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* Initialize the secure environment */
rc = errno = 0;
rc = gsk_environment_init(my_env_handle);
if (rc != GSK_OK)
{
printf("gsk_environment_init() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* initialize a socket to be used for listening */
sd = socket(AF_INET, SOCK_STREAM, 0);
if (sd &lt; 0)
{
perror("socket() failed");
break;
}
/* connect to the server using a set port number */
memset((char *) &amp;address, 0, sizeof(address));
address.sin_family = AF_INET;
address.sin_port = 13333;
address.sin_addr.s_addr = inet_addr(addr);
rc = connect(sd, (struct sockaddr *) &amp;address, sizeof(address));
if (rc &lt; 0)
{
perror("connect() failed");
break;
}
/* open a secure session */
rc = errno = 0;
rc = gsk_secure_soc_open(my_env_handle, &amp;my_session_handle);
if (rc != GSK_OK)
{
printf("gsk_secure_soc_open() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* associate our socket with the secure session */
rc=errno=0;
rc = gsk_attribute_set_numeric_value(my_session_handle,
GSK_FD,
sd);
if (rc != GSK_OK)
{
printf("gsk_attribute_set_numeric_value() failed with rc = %d ", rc);
printf("and errno = %d.\n", errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* initiate the SSL handshake */
rc = errno = 0;
rc = gsk_secure_soc_init(my_session_handle);
if (rc != GSK_OK)
{
printf("gsk_secure_soc_init() failed with rc = %d and errno = %d.\n",
rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* memset buffer to hex zeros */
memset((char *) buff1, 0, sizeof(buff1));
/* send a message to the server using the secure session */
strcpy(buff1,"Test of gsk_secure_soc_write \n\n");
/* send the message to the client using the secure session */
buf_len = strlen(buff1);
amtWritten = 0;
rc = gsk_secure_soc_write(my_session_handle, buff1, buf_len, &amp;amtWritten);
if (amtWritten != buf_len)
{
if (rc != GSK_OK)
{
printf("gsk_secure_soc_write() rc = %d and errno = %d.\n",rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
else
{
printf("gsk_secure_soc_write() did not write all data.\n");
break;
}
}
/* write results to screen */
printf("gsk_secure_soc_write() wrote %d bytes...\n", amtWritten);
printf("%s\n",buff1);
/* memset buffer to hex zeros */
memset((char *) buff2, 0x00, sizeof(buff2));
/* receive a message from the client using the secure session */
amtRead = 0;
rc = gsk_secure_soc_read(my_session_handle, buff2, sizeof(buff2), &amp;amtRead);
if (rc != GSK_OK)
{
printf("gsk_secure_soc_read() rc = %d and errno = %d.\n",rc,errno);
printf("rc of %d means %s\n", rc, gsk_strerror(rc));
break;
}
/* write results to screen */
printf("gsk_secure_soc_read() received %d bytes, here they are ...\n",
amtRead);
printf("%s\n",buff2);
} while(FALSE);
/* disable SSL support for the socket */
if (my_session_handle != NULL)
gsk_secure_soc_close(&amp;my_session_handle);
/* disable the SSL environment */
if (my_env_handle != NULL)
gsk_environment_close(&amp;my_env_handle);
/* close the connection */
if (sd &gt; -1)
close(sd);
return;
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="x1ssl.htm" title="You can create secure server and clients using either the Global Secure ToolKit (GSKit) APIs or the Secure Sockets Layer (SSL_) APIs.">Examples: Establish secure connections</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="cgskit.htm" title="Global Secure ToolKit (GSKit) is a set of programmable interfaces that allow an application to be SSL enabled.">Global Secure ToolKit (GSKit) APIs</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="xgskserver.htm" title="This code example can be used to establish a secure server using Global Secure ToolKit (GSKit) APIs.">Example: GSKit secure server with asynchronous data receive</a></div>
<div><a href="xgskasynch.htm" title="The gsk_secure_soc_startInit() API allows you to create secure server applications that can handle request asynchronously.">Example: GSKit secure server with asynchronous handshake</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../apis/socket.htm">socket()</a></div>
<div><a href="../apis/close.htm">close()</a></div>
<div><a href="../apis/connec.htm">connect()</a></div>
<div><a href="../apis/gsk_environment_open.htm">gsk_environment_open()</a></div>
<div><a href="../apis/gsk_attribute_set_buffer.htm">gsk_attribute_set_buffer</a></div>
<div><a href="../apis/gsk_attribute_set_enum.htm">gsk_attribute_set_enum()</a></div>
<div><a href="../apis/gsk_environment_init.htm">gsk_environment_init()</a></div>
<div><a href="../apis/gsk_secure_soc_open.htm">gsk_secure_soc_open()</a></div>
<div><a href="../apis/gsk_attribute_set_numeric_value.htm">gsk_attribute_set_numeric_value()</a></div>
<div><a href="../apis/gsk_secure_soc_init.htm">gsk_secure_soc_init()</a></div>
<div><a href="../apis/gsk_secure_soc_close.htm">gsk_secure_soc_close()</a></div>
<div><a href="../apis/gsk_environment_close.htm">gsk_environment_close()</a></div>
<div><a href="../apis/gsk_secure_soc_write.htm">gsk_secure_soc_write()</a></div>
<div><a href="../apis/gskstartinit.htm">gsk_secure_soc_startInit()</a></div>
<div><a href="../apis/gskstartrecv.htm">gsk_secure_soc_startRecv()</a></div>
<div><a href="../apis/gsk_secure_soc_read.htm">gsk_secure_soc_read()</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink