PKI_X509_EXTENSION * PKI_X509_CERT_get_extension_by_id(const PKI_X509_CERT *x,
PKI_ID num ) {
PKI_OID *oid = NULL;
oid = PKI_OID_new_id ( num );
if( !x || !oid ) return NULL;
return PKI_X509_CERT_get_extension_by_oid ( x, oid );
}
int main(int argc, char *argv[])
{
PKI_X509 *sigObj = NULL;
PKI_X509 *obj = NULL;
PKI_X509_KEYPAIR *kp = NULL;
PKI_X509_KEYPAIR_VALUE *pVal = NULL;
// PKI_X509_SIGNATURE *sig = NULL;
PKI_ALGOR *algor = NULL;
PKI_OID *oid = NULL;
char *pnt = NULL;
char *sigName = NULL;
char *kName = NULL;
int nid = 0;
if(argv[0]) prg_name = strdup(argv[0]);
// Check the number of Arguments
if ( argc < 2 ) usage();
while( argc > 0 ) {
argv++;
argc--;
if((pnt = *argv) == NULL) break;
if( strcmp_nocase( pnt, "-in" ) == 0) {
if( ++argv == NULL ) usage();
sigName = *argv;
argc--;
} else if ( strcmp_nocase(pnt, "-signer") == 0) {
if( ++argv == NULL ) usage();
kName = *argv;
argc--;
} else if ( strcmp_nocase(pnt, "-h") == 0 ) {
usage();
} else {
fprintf(stderr, "\n ERROR: unknown param %s\n\n", pnt);
usage();
};
};
if( !sigName ) sigName = "stdin";
if( !kName ) {
fprintf( stderr, "\n ERROR, signer param is needed!\n\n");
usage();
};
// Init LibPKI
PKI_init_all();
// Loads the Signer's Object
obj = PKI_X509_get( kName, PKI_DATATYPE_ANY, NULL, NULL);
if( obj == NULL) {
fprintf(stderr, "ERROR, can not load key source: %s\n\n", kName);
exit(1);
}
// Loads the Signed Object
sigObj = PKI_X509_get( sigName, PKI_DATATYPE_ANY, NULL, NULL);
if( sigObj == NULL) {
fprintf(stderr, "ERROR, can not load signed Object: %s\n\n", kName);
exit(1);
}
// Check if the Object is signed (has a signature ?)
if ( PKI_X509_is_signed ( sigObj ) != PKI_OK ) {
fprintf(stderr, "ERROR, object (%s) is not signed!\n\n", sigName);
exit(1);
}
// Get the Key from the Key Source
switch ( PKI_X509_get_type( obj )) {
case PKI_DATATYPE_X509_KEYPAIR:
kp = obj;
break;
case PKI_DATATYPE_X509_CERT:
pVal = PKI_X509_get_data ( obj, PKI_X509_DATA_PUBKEY );
if ( !pVal ) {
fprintf(stderr, "ERROR, can not retrieve the PubKey!\n\n");
exit(1);
};
kp = PKI_X509_new_value ( PKI_DATATYPE_X509_KEYPAIR, pVal, NULL );
break;
default:
fprintf(stderr, "ERROR, (%s) not a cert or a key (%d)!\n\n",
kName, PKI_X509_get_type( obj ) );
exit(1);
}
if (!kp) {
fprintf( stderr, "ERROR, no key found in %s!\n\n", kName );
exit(1);
};
printf("Signature:\n Info:\n");
printf(" Signed Object Type:\n %s\n",
PKI_X509_get_type_parsed( sigObj ));
algor = PKI_X509_get_data ( sigObj, PKI_X509_DATA_ALGORITHM );
if ( algor ) {
printf(" Algorithm:\n %s\n",
PKI_ALGOR_get_parsed ( algor ));
};
printf("\n Signer's Key Info:\n");
printf(" Scheme: ");
switch ( PKI_X509_KEYPAIR_get_scheme( kp ))
{
case PKI_SCHEME_RSA:
printf("RSA\n");
break;
case PKI_SCHEME_DSA:
printf("DSA\n");
break;
case PKI_SCHEME_ECDSA:
printf("ECDSA\n");
nid = PKI_X509_KEYPAIR_get_curve ( kp );
if((oid = PKI_OID_new_id( nid )) != NULL ) {
printf(" Curve Name: %s\n", PKI_OID_get_descr( oid ));
PKI_OID_free ( oid );
};
break;
default:
printf("Unknown!\n");
exit(1);
};
printf(" Key Size: %d\n", PKI_X509_KEYPAIR_get_size( kp ));
printf("\n Verify: ");
if( PKI_X509_verify(sigObj, kp) == PKI_OK) {
printf("Ok\n");
} else {
printf("ERROR!\n");
};
printf("\n");
return 0;
}
