int main() {
time_t t;
srand((unsigned) time(&t));
unsigned int id = rand(), i;
char cname[CNAME_MAX_SIZE], time[TIME_BUFFER_SIZE], valid[TIME_BUFFER_SIZE], csr[CSR_MAX_SIZE], csr_cpy[CSR_MAX_SIZE], certificate[CERTIFICATE_MAX_SIZE], certificate_cpy[CERTIFICATE_MAX_SIZE];
unsigned char auth_key[SMQV_PKEY_SIZE], token_keypair[MSS_SKEY_SIZE + MSS_PKEY_SIZE], token_skey[MSS_SKEY_SIZE], token_pkey[MSS_PKEY_SIZE], csr_signature[MSS_SIGNATURE_SIZE], signature[ECDSA_SIGNATURE_SIZE];
// valid: 3333XXXXXXXXXX
now(&valid);
valid[0] = '3';
valid[1] = '3';
valid[2] = '3';
valid[3] = '3';
sprintf(cname, "TESTE do CERTIFICATE");
unsigned char seed[LEN_BYTES(MSS_SEC_LVL)] = {0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,0x3D,0x3E,0x3F};
memcpy(token_keypair, mss_keygen(seed), MSS_SKEY_SIZE + MSS_PKEY_SIZE);
memcpy(token_skey, token_keypair, MSS_SKEY_SIZE);
memcpy(token_pkey, token_keypair + MSS_SKEY_SIZE, MSS_PKEY_SIZE);
for(i = 0; i < SMQV_PKEY_SIZE; i++)
auth_key[i] = rand();
/**
* CSR
*/
generate_csr(id, cname, auth_key, token_pkey, token_skey, csr);
if(read_csr(&id, cname, time, auth_key, token_pkey, csr_signature, csr))
printf("CSR generation/read - OK\n");
else
printf("CSR generation/read - Fail\n");
printf("\n");
/**
* CERTIFICATE
*/
unsigned char ca_skey[ECDSA_SKEY_SIZE], ca_pkey[ECDSA_PKEY_SIZE];
ecdsa_keygen(ca_skey, ca_pkey);
generate_certificate(csr, valid, ca_skey, certificate);
if(read_certificate(&id, cname, time, valid, auth_key, token_pkey, signature, ca_pkey, certificate))
printf("CERTIFICATE generation/read - OK\n");
else
printf("CERTIFICATE generation/read - Fail\n");
printf("\n");
return 0;
}
int
main (int argc, char **argv )
{
ARGPARSE_ARGS pargs;
assuan_context_t ctx;
gpg_error_t err;
unsigned char *certbuf;
size_t certbuflen = 0;
int cmd_ping = 0;
int cmd_cache_cert = 0;
int cmd_validate = 0;
int cmd_lookup = 0;
int cmd_loadcrl = 0;
int cmd_squid_mode = 0;
set_strusage (my_strusage);
log_set_prefix ("dirmngr-client",
JNLIB_LOG_WITH_PREFIX);
/* For W32 we need to initialize the socket subsystem. Becuase we
don't use Pth we need to do this explicit. */
#ifdef HAVE_W32_SYSTEM
{
WSADATA wsadat;
WSAStartup (0x202, &wsadat);
}
#endif /*HAVE_W32_SYSTEM*/
/* Init Assuan. */
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
/* Setup I18N. */
i18n_init();
/* Parse the command line. */
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1; /* Do not remove the args. */
while (arg_parse (&pargs, opts) )
{
switch (pargs.r_opt)
{
case oVerbose: opt.verbose++; break;
case oQuiet: opt.quiet++; break;
case oOCSP: opt.use_ocsp++; break;
case oPing: cmd_ping = 1; break;
case oCacheCert: cmd_cache_cert = 1; break;
case oValidate: cmd_validate = 1; break;
case oLookup: cmd_lookup = 1; break;
case oUrl: opt.url = 1; break;
case oLocal: opt.local = 1; break;
case oLoadCRL: cmd_loadcrl = 1; break;
case oPEM: opt.pem = 1; break;
case oSquidMode:
opt.pem = 1;
opt.escaped_pem = 1;
cmd_squid_mode = 1;
break;
case oForceDefaultResponder: opt.force_default_responder = 1; break;
default : pargs.err = 2; break;
}
}
if (log_get_errorcount (0))
exit (2);
/* Build the helptable for radix64 to bin conversion. */
if (opt.pem)
{
int i;
unsigned char *s;
for (i=0; i < 256; i++ )
asctobin[i] = 255; /* Used to detect invalid characters. */
for (s=bintoasc, i=0; *s; s++, i++)
asctobin[*s] = i;
}
if (cmd_ping)
err = 0;
else if (cmd_lookup || cmd_loadcrl)
{
if (!argc)
usage (1);
err = 0;
}
else if (cmd_squid_mode)
{
err = 0;
if (argc)
usage (1);
}
else if (!argc)
{
err = read_certificate (NULL, &certbuf, &certbuflen);
if (err)
log_error (_("error reading certificate from stdin: %s\n"),
gpg_strerror (err));
}
else if (argc == 1)
{
err = read_certificate (*argv, &certbuf, &certbuflen);
if (err)
log_error (_("error reading certificate from '%s': %s\n"),
*argv, gpg_strerror (err));
}
else
{
err = 0;
usage (1);
}
if (log_get_errorcount (0))
exit (2);
if (certbuflen > 20000)
{
log_error (_("certificate too large to make any sense\n"));
exit (2);
}
ctx = start_dirmngr (1);
if (!ctx)
exit (2);
if (cmd_ping)
;
else if (cmd_squid_mode)
{
while (!(err = squid_loop_body (ctx)))
;
if (gpg_err_code (err) == GPG_ERR_EOF)
err = 0;
}
else if (cmd_lookup)
{
int last_err = 0;
for (; argc; argc--, argv++)
{
err = do_lookup (ctx, *argv);
if (err)
{
log_error (_("lookup failed: %s\n"), gpg_strerror (err));
last_err = err;
}
}
err = last_err;
}
else if (cmd_loadcrl)
{
int last_err = 0;
for (; argc; argc--, argv++)
{
err = do_loadcrl (ctx, *argv);
if (err)
{
log_error (_("loading CRL '%s' failed: %s\n"),
*argv, gpg_strerror (err));
last_err = err;
}
}
err = last_err;
}
else if (cmd_cache_cert)
{
err = do_cache (ctx, certbuf, certbuflen);
xfree (certbuf);
}
else if (cmd_validate)
{
err = do_validate (ctx, certbuf, certbuflen);
xfree (certbuf);
}
else
{
err = do_check (ctx, certbuf, certbuflen);
xfree (certbuf);
}
assuan_release (ctx);
if (cmd_ping)
{
if (!opt.quiet)
log_info (_("a dirmngr daemon is up and running\n"));
return 0;
}
else if (cmd_lookup|| cmd_loadcrl || cmd_squid_mode)
return err? 1:0;
else if (cmd_cache_cert)
{
if (err && gpg_err_code (err) == GPG_ERR_DUP_VALUE )
{
if (!opt.quiet)
log_info (_("certificate already cached\n"));
}
else if (err)
{
log_error (_("error caching certificate: %s\n"),
gpg_strerror (err));
return 1;
}
return 0;
}
else if (cmd_validate && err)
{
log_error (_("validation of certificate failed: %s\n"),
gpg_strerror (err));
return 1;
}
else if (!err)
{
if (!opt.quiet)
log_info (_("certificate is valid\n"));
return 0;
}
else if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED )
{
if (!opt.quiet)
log_info (_("certificate has been revoked\n"));
return 1;
}
else
{
log_error (_("certificate check failed: %s\n"), gpg_strerror (err));
return 2;
}
}