nahttps_pd: HTTPS Server Sample Application using the AWS

This sample application demonstrates:
    - The HTTPS Server using the features of the Advanced Web Server 
        (AWS) interface using the Pbuilder tool.
    - How FTP can provide firmware upgrade capability

Application can run on all platforms. 

You must make the following changes to the BSP:

1) In netos/src/bsp/platforms/xxx/bsp_fs.h, set
BSP_INCLUDE_FILESYSTEM_FOR_CLIBRARY to TRUE. This change creates a RAM and 
Flash file system volume by default and allows using the C library file I/O 
API functions to access the file system services.

2) Rebuild the BSP.


Application requires following  CA (Certificate Authority) issued certificates
1. cacert.pem - CA certificate required for client certificate varification
2. svrcert.pem - CA signed server certificate with public key. This certificate
                 will be sent to client during authentication. 
3. svrkey.pem - Server's RSA encrypted private key, required to decrypt 
                client's random key
4. clntcert.pem - Used by SSL client if server requests the client certificate
                  or server can add this to update trusted peer table.  
5. clntkey.pem - Used by the client
6. clntrevcert.pem - Revoked client certificate
7. clntrevkey.pem - Revoked client's private key (used by client)                 
8. nassl.crl - CA's certification revokation list
9. httpsClnt.pfx - HTTPS client's PKCS#12 certificate which includes both 
                   clntcert.pem and clntkey.pem. You can use this file to add
                   personal certificate in Microsoft IE client. 
10. httpsRevClnt.pfx - Revoked HTTPS client's PKCS#12 certificate

Keys that are required by server:
  If CRL is used then server just requires 
    1. CA certificate
    2. Server certificate and private key
    3. CRL 

  If CRL is not used then server requires
    1. CA certificate
    2. Server certificate and private key
    3. Client certificate to update trusted peer list
    4. Revoked client certificate to update revoked peer list

Keys that are required by client:
    1. CA certificate to verify server certificate
    2. Client certificate if server requests one
    3. Client's private key used to decrypt server's secret key

  You can find the above keys under ./keys/ and they are valid until Nov 2011.

Pass phrase used are:
1. svrkey.pem     : "Digi sslsvr key"
2. clntkey.pem    : "Digi sslclnt key"
3. svrrevkey.pem  : "Digi sslsvr rev key"
4. clntrevkey.pem : "Digi sslclnt rev key"
5. httpsClnt.pfx  : "Digi https key"
6. httpsRevClnt.pfx: "Digi https rev key"

What this application does?

1. Starts FTP server to allow user to download certificates and CRL
2. Prompts user if the required certificate is not available in flash file
   system volume. 
3. Waits for user to download the requested file via FTP 
     (user:user and password:password)
4. Starts the HTTPS Server using the features of the Advanced Web Server 
   (AWS) interface

The HTTPS Server has three pages: an introduction page alerting the
operator of the ensuing Username/Password, a password-protected page
which has several components used to accept form data, and a Form
response page.  The HTTPS Server files (in the ./pbuilder/html 
directory) contain the HTML source used as input to the PBuilder.exe 
tool, which converts these web pages into C files.  The C files are 
annotated and built to create the application.  The Web pages contain 
several Comment Tags described in the Rompager Web Application Toolkit.

On the password-protected page, password authentication can be either 
Basic or MD5 Digest Authentication.  The default Authentication mode 
is Basic, because the THIS_APPLICATION_USES_DIGEST_AUTHENTICATION  
compiler directive is prefixed with underscores.  When the underscores
are removed, Digest Authentication mode is enabled, however, Digest 
Authentication mode will not operate with a Netscape browser.
All application results are observed be means of a web browser (e.g.,
Netscape, Internet Explorer).

We need to add CA certificate (cacert.pem) and client certificate 
(httpsClnt.pfx for IE).

How to add certificates to Internet Explorer data base?
1. Using IE Tools menu goto Internet Options...
2. Select Content window
3. Click certificates... button
4. Add CA certificate to database
    a. Select Trusted Root Certificate Authorities
    b. Click on import
    c. Use wizard to browse ./keys/cacert.pem and complete the wizard
    d. This will add NASSL CA to the Trusted Root CA list
5. Add client certificate
    a. Select Personal from the certificate window
    b. Click on import
    c. Use wizard to browse httpsClnt.pfx
    d. Enter 'Digi https key' as password and complete the wizard
    e. This will add Nassl Client to the Personal list
6. If you want to add revoked client then follow step 5, but browse for
   httpsRevClnt.pfx and 'Digi https rev key' as password

Following files are provided in this example.

appconf.h           sets application configuration settings

.\32b\image.gpj     used to build the big endian Green Hills version of the
                    application.  The build script creates a version that
                    can be debugged with Multi, and the file image.bin 
                    which can be written into a ROM that uses the bootloader.
makefile            makefile for the GNU toolset.

project.gpj         contains application specific build settings

readme              this file

.\32b\rom.gpj       used to build the big endian ROM image of application

root.c              Application starting point.

security.c          Contains the Realmname, username, and password 
                    specific to this application.
                    

Following files are generic stubs required by all applications that
use and include the AWS (rphttpd.a) library.  These files are located
in directory .\..\..\..\src\rphttpd\:

cgi.c               Contains the blank stubs for CGI functions.

file.c              Contains the blank stubs for File System functions.


Following files are input/outputs to/from the pbuilder tool,
and are contained in the pbuilder directory:

list.bat            File listing as parameter to pbuilder tool.

netarm1_v.c         Stub file with fleshed out bodies, initially 
                    generated by the PBUILDER Utility.  Naked stub 
                    originally located in the pbuilder\html directory.

pbsetup.txt         PBUILDER Utility options file (do not alter).

rppages.c           PBUILDER Utility output file containing all the
                    application web pages defined in list.bat.

pusrdct.h           PBUILDER Utility output file containing phrase
                    dictionary prototypes.

rpusrdct.c          PBUILDER Utility output file containing phrase
                    dictionary data structures.

rpusrdct.txt        PBUILDER Utility input file containing phrase
                    dictionary definitions.


Following Web content files are contained in the pbuilder\html
directory:

logo.gif            GIF file for Digi International logo.

netarm1.c           Source file generated by PBUILDER Utility.

netarm1.htm         Initial (i.e., opening) web page.

netarm2.htm         Secure web page with form components.

netarm3.htm         Reply page from Form page.


In addition, the following files in the BSP directory are built
as part of this application.

reset.s         contains the reset code

appconf_api.c   contains code used to read settings in appconf.h


The application build file links in the following libraries.

libbsp.a            contains the BSP library
libtcpip.a          contains the TCP/IP stack library
libtx.a             contains the ThreadX kernel library
libfilesys.a        contains the file system library
libposix.a          contains the POSIX layer library
libflash.a          contains the Flash driver library
libftpsvr.a         contains the FTP server library
librphttpd.a        contains the NET+Works AWS API library
libcrypto.a	        contains the cryptographic code
libssl.a	        contains SSL/TLS protocol code 
libcrypto.a         contains the cryptography library


The application uses the following files located in the
netos\src\bsp\platforms\<platform> directory.

bootldr.dat     bootloader configuration file used to generate the
                file image.bin.  It controls the information placed
                in the bootloader header of the image.

image.lx        Green Hills linker script used to build an image
                that can be debugged and used with the bootloader.

customize.lx    Customizable GHS linker script

image.ldr       GNU linker script used to build an image that can
                be debugged and used with the bootloader.
                
customize.ldr   Customizable GNU linker script
