int main (int argc, char *argv[] ) { PKI_TOKEN *tk = NULL; PKI_X509_PROFILE *prof = NULL; // PKI_OID *oid = NULL; PKI_X509_CRL *crl = NULL; PKI_X509_CRL_ENTRY *entry = NULL; PKI_X509_CRL_ENTRY_STACK *sk = NULL; printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n"); printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n"); printf("OpenCA Licensed Software\n\n"); if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_NOTICE, NULL, PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) { exit(1); } if((tk = PKI_TOKEN_new_null()) == NULL ) { printf("ERROR, can not allocate token!\n\n"); exit(1); } if(( PKI_TOKEN_init( tk, "etc" , "Default" )) == PKI_ERR) { printf("ERROR, can not configure token!\n\n"); exit(1); } if((PKI_TOKEN_set_algor ( tk, PKI_ALGOR_RSA_SHA256 )) == PKI_ERR ) { printf("ERROR, can not set the RSA crypto scheme!\n"); return (0); } if((PKI_TOKEN_new_keypair ( tk, 1024, NULL )) == PKI_ERR) { printf("ERROR, can not generate new keypair!\n"); return (0); } printf("* Self Signing certificate .... "); if((PKI_TOKEN_self_sign( tk, NULL, "23429", 24*3600, "User" )) == PKI_ERR ) { printf("ERROR, can not self sign certificate!\n"); return(0); } printf("Generating a new CRL ENTRY ... "); if((entry = PKI_X509_CRL_ENTRY_new_serial ( "12345678", CRL_REASON_KEY_COMPROMISE, NULL, NULL )) == NULL ) { printf("ERROR!\n"); exit(1); } printf("Ok\n"); sk = PKI_STACK_X509_CRL_ENTRY_new(); PKI_STACK_X509_CRL_ENTRY_push( sk, entry ); printf("Generating new CRL ... "); if((crl = PKI_TOKEN_issue_crl (tk, "3", PKI_VALIDITY_ONE_WEEK, sk, "crl")) == NULL ) { printf("ERROR, can not generate new CRL!\n"); exit(1); } printf("Ok\n"); if( tk ) PKI_TOKEN_free ( tk ); if( prof ) PKI_X509_PROFILE_free ( prof ); if( crl ) PKI_X509_CRL_free ( crl ); PKI_log_end(); printf("\n\n[ Test Ended Succesfully ]\n\n"); return (0); }
int gen_X509_tk(int scheme, int bits, char *file ) { PKI_TOKEN *tk = NULL; PKI_X509_KEYPAIR *p = NULL; PKI_X509_CERT *r = NULL; PKI_ALGOR_ID algor = PKI_ALGOR_UNKNOWN; switch (scheme) { case PKI_SCHEME_RSA: printf(" * Generating RSA Key and Certificate:\n"); algor = PKI_ALGOR_RSA_SHA1; break; case PKI_SCHEME_DSA: printf(" * Generating DSA Key and Certificate:\n"); algor = PKI_ALGOR_DSA_SHA1; break; case PKI_SCHEME_ECDSA: printf(" * Generating ECDSA Key and Certificate: \n"); algor = PKI_ALGOR_ECDSA_SHA1; break; default: printf("Unrecognized format!\n"); return (0); } printf(" - generating a new token ... " ); if((tk = PKI_TOKEN_new_null()) == NULL ) { printf("ERROR::Can not generate a new Token!\n\n"); return(0); } printf("Ok.\n"); printf(" - setting token algorithm (%d) ... ", algor ); if((PKI_TOKEN_set_algor ( tk, algor )) == PKI_ERR ) { printf("ERROR::Can not set the token algorithm!\n\n"); return (0); } printf("Ok.\n"); printf(" - generating new Keypair (%d bits) ... ", bits ); if((PKI_TOKEN_new_keypair ( tk, bits, NULL )) == PKI_ERR) { printf("ERROR::can not generate a new Keypair!\n\n"); return (0); } printf("Ok.\n"); printf(" - generating a self-signed cert ... " ); if((PKI_TOKEN_self_sign( tk, NULL, "01", 24*3600, NULL )) == PKI_ERR ) { printf("ERROR::Can not generate a new self-signed cert!\n\n"); return(0); } printf("Ok.\n"); /* Assign the Certificate to the Token---when freeing the PKI_TOKEN the cert memory is also freed */ /* if((PKI_TOKEN_set_cert( tk, r )) == 0 ) { printf("ERROR!\n"); return(0); } */ /* if(!PKI_X509_CERT_write_file( r, PKI_FORMAT_PEM, file )) { fprintf( stderr, "<file write error %s> ", file); } */ // if( tk ) PKI_TOKEN_free ( tk ); // if( r ) PKI_X509_CERT_free ( r ); // if( p ) PKI_KEYPAIR_free( p ); printf("\n"); if( tk ) PKI_TOKEN_free ( tk ); return 1; }