int main (int argc, char *argv[] ) {
printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n");
printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n");
printf("OpenCA Licensed Software\n\n");
printf("TOKEN Generation testsuite.\n\n");
if(( PKI_log_init (PKI_LOG_TYPE_SYSLOG, PKI_LOG_NOTICE, NULL,
PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) {
exit(1);
}
gen_X509_tk(PKI_SCHEME_RSA, 1024, "results/cert_rsa_1024.pem");
gen_X509_tk(PKI_SCHEME_RSA, 2048, "results/cert_rsa_2048.pem");
gen_X509_tk(PKI_SCHEME_RSA, 4096, "results/cert_rsa_4096.pem");
gen_X509_tk(PKI_SCHEME_DSA, 2048,"results/cert_dsa_2048.pem");
gen_X509_tk(PKI_SCHEME_ECDSA, 256, "results/cert_ecdsa_256.pem");
PKI_log_end();
printf("Done.\n\n");
return (0);
}
int main (int argc, char *argv[]) {
PKI_MEM_STACK *sk = NULL;
PKI_MEM *obj = NULL;
PKI_SSL *ssl = NULL;
// PKI_TOKEN *tk = NULL;
PKI_SOCKET *sock = NULL;
URL * url = NULL;
char *url_s = NULL;
char *outurl_s = "fd://1";
char *trusted_certs = NULL;
char *dump_cert = NULL;
char *dump_chain = NULL;
int debug = 0;
int verify_chain = 1;
int i = 0;
int timeout = 0;
int get_via_socket = 0;
PKI_init_all();
if( !argv[1] ) {
usage();
return(1);
}
for( i = 1; i <= argc; i++ ) {
if( strcmp_nocase( argv[i], "-out" ) == 0 ) {
outurl_s = argv[++i];
} else if ( strcmp_nocase ( argv[i], "-trusted" ) == 0 ) {
trusted_certs = argv[++i];
} else if ( strcmp_nocase ( argv[i], "-dumpcert" ) == 0 ) {
if((dump_cert = argv[++i]) == NULL ) {
fprintf(stderr, "\nERROR: -dumpcert needs a file url!\n\n");
exit(1);
}
} else if ( strcmp_nocase ( argv[i], "-dumpchain" ) == 0 ) {
if((dump_chain = argv[++i]) == NULL ) {
fprintf(stderr, "\nERROR: -dumpchain needs a file url!\n\n");
exit(1);
}
} else if ( strcmp_nocase ( argv[i], "-timeout" ) == 0 ) {
timeout = atoi( argv[++i] );
if ( timeout < 0 ) timeout = 0;
} else if ( strcmp_nocase ( argv[i], "-no_verify" ) == 0 ) {
verify_chain = 0;
} else if ( strcmp_nocase( argv[i], "-debug" ) == 0 ) {
debug = 1;
} else {
url_s = argv[i];
if ( i < argc - 1 ) {
fprintf( stderr, "Args after URL ignored!(%s %d/%d)\n",
url_s, i, argc );
}
break;
}
}
if((url = URL_new( url_s )) == NULL ) {
printf("\nERROR, %s is not a valid URL!\n\n", url_s );
usage();
return (1);
}
if( debug ) {
if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR) {
exit(1);
}
} else {
if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
0, NULL )) == PKI_ERR) {
exit(1);
}
}
// Check if we should use the socket approach or the simple URL
// retrieval facility
switch (url->proto) {
case URI_PROTO_FD:
case URI_PROTO_FILE:
case URI_PROTO_HTTP:
case URI_PROTO_HTTPS:
case URI_PROTO_LDAP:
get_via_socket = 1;
break;
default:
get_via_socket = 0;
}
//
// -------------------------- Setup the SSL Options ------------------------
//
if(( ssl = PKI_SSL_new( NULL )) == NULL ) {
fprintf(stderr, "ERROR: Memory allocation error (PKI_SSL_new)\n");
return ( 1 );
}
if ( trusted_certs ) {
PKI_X509_CERT_STACK *sk = NULL;
if(( sk = PKI_X509_CERT_STACK_get ( trusted_certs, NULL, NULL))
== NULL ) {
PKI_log_err ("Can't load Trusted Certs from %s",
trusted_certs );
return 1;
}
PKI_SSL_set_trusted ( ssl, sk );
if ( verify_chain ) {
PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER_REQUIRE);
} else {
PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER);
}
}
if ( verify_chain == 0 ) {
PKI_SSL_set_verify ( ssl, PKI_SSL_VERIFY_NONE );
fprintf(stderr, "WARNING: no verify set!\n");
}
if(( sock = PKI_SOCKET_new ()) == NULL ) {
fprintf(stderr, "ERROR, can not create a new Socket!\n\n");
exit(1);
}
PKI_SOCKET_set_ssl ( sock, ssl );
//
// ------------------------------ Retrieve Data -----------------------------
//
if (get_via_socket) {
if( PKI_SOCKET_open( sock, url_s, timeout ) == PKI_ERR ) {
fprintf(stderr, "ERROR, can not connect to %s!\n\n", url_s);
exit(1);
}
ssl = PKI_SOCKET_get_ssl (sock);
if (dump_cert) {
PKI_X509_CERT *x = NULL;
if ( !ssl ) {
fprintf( stderr,
"ERROR: Can not dump cert (no SSL)\n");
}
if((x = PKI_SSL_get_peer_cert ( ssl )) == NULL ) {
fprintf( stderr,
"ERROR: No Peer certificate is available\n");
}
if( PKI_X509_CERT_put ( x, PKI_DATA_FORMAT_PEM,
dump_cert, NULL, NULL, NULL ) == PKI_ERR){
fprintf(stderr, "ERROR: can not write Peer cert to "
"%s\n", dump_cert );
}
}
if (dump_chain) {
PKI_X509_CERT_STACK *x_sk = NULL;
if ( !ssl ) {
fprintf( stderr,
"ERROR: Can not dump cert (no SSL)\n");
}
if((x_sk = PKI_SSL_get_peer_chain ( ssl )) == NULL ) {
fprintf( stderr,
"ERROR: No certificate chain is available\n");
}
if( PKI_X509_CERT_STACK_put ( x_sk, PKI_DATA_FORMAT_PEM,
dump_chain, NULL, NULL, NULL ) == PKI_ERR){
fprintf(stderr, "ERROR: can not write Peer cert to "
"%s\n", dump_cert );
}
}
if((sk = URL_get_data_socket ( sock, timeout, 0 )) == NULL ) {
fprintf(stderr, "ERROR, can not retrieve data!\n\n");
return(-1);
}
PKI_SOCKET_close ( sock );
PKI_SOCKET_free ( sock );
}
else // Get Data via the usual URL socket-less approach
{
sk = URL_get_data_url (url, timeout, 0, ssl);
}
PKI_log_debug("URL: Number of retrieved entries is %d",
PKI_STACK_MEM_elements(sk));
while( (obj = PKI_STACK_MEM_pop ( sk )) != NULL ) {
URL_put_data ( outurl_s, obj, NULL, NULL, 0, 0, NULL );
}
return 0;
}
int main (int argc, char *argv[] ) {
PKI_TOKEN *tk = NULL;
PKI_X509_PROFILE *prof = NULL;
// PKI_OID *oid = NULL;
PKI_X509_CRL *crl = NULL;
PKI_X509_CRL_ENTRY *entry = NULL;
PKI_X509_CRL_ENTRY_STACK *sk = NULL;
printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n");
printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n");
printf("OpenCA Licensed Software\n\n");
if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_NOTICE, NULL,
PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) {
exit(1);
}
if((tk = PKI_TOKEN_new_null()) == NULL ) {
printf("ERROR, can not allocate token!\n\n");
exit(1);
}
if(( PKI_TOKEN_init( tk, "etc" , "Default" )) == PKI_ERR) {
printf("ERROR, can not configure token!\n\n");
exit(1);
}
if((PKI_TOKEN_set_algor ( tk, PKI_ALGOR_RSA_SHA256 )) == PKI_ERR ) {
printf("ERROR, can not set the RSA crypto scheme!\n");
return (0);
}
if((PKI_TOKEN_new_keypair ( tk, 1024, NULL )) == PKI_ERR) {
printf("ERROR, can not generate new keypair!\n");
return (0);
}
printf("* Self Signing certificate .... ");
if((PKI_TOKEN_self_sign( tk, NULL, "23429", 24*3600, "User" )) == PKI_ERR ) {
printf("ERROR, can not self sign certificate!\n");
return(0);
}
printf("Generating a new CRL ENTRY ... ");
if((entry = PKI_X509_CRL_ENTRY_new_serial ( "12345678",
CRL_REASON_KEY_COMPROMISE, NULL, NULL ))
== NULL ) {
printf("ERROR!\n");
exit(1);
}
printf("Ok\n");
sk = PKI_STACK_X509_CRL_ENTRY_new();
PKI_STACK_X509_CRL_ENTRY_push( sk, entry );
printf("Generating new CRL ... ");
if((crl = PKI_TOKEN_issue_crl (tk, "3",
PKI_VALIDITY_ONE_WEEK, sk, "crl")) == NULL ) {
printf("ERROR, can not generate new CRL!\n");
exit(1);
}
printf("Ok\n");
if( tk ) PKI_TOKEN_free ( tk );
if( prof ) PKI_X509_PROFILE_free ( prof );
if( crl ) PKI_X509_CRL_free ( crl );
PKI_log_end();
printf("\n\n[ Test Ended Succesfully ]\n\n");
return (0);
}
