/**
* Parse a directory to get a certificate with the given subject common name
*
*/
void sal_certificates_chain_parse_directory(char **certificate_pem, char **key_pem, char **fingerprint, const char* path, const char *subject, SalCertificateRawFormat format, bool_t generate_certificate, bool_t generate_dtls_fingerprint) {
belle_sip_certificates_chain_t *certificate = NULL;
belle_sip_signing_key_t *key = NULL;
*certificate_pem = NULL;
*key_pem = NULL;
if (belle_sip_get_certificate_and_pkey_in_dir(path, subject, &certificate, &key, (belle_sip_certificate_raw_format_t)format) == 0) {
*certificate_pem = belle_sip_certificates_chain_get_pem(certificate);
*key_pem = belle_sip_signing_key_get_pem(key);
ms_message("Retrieve certificate with CN=%s successful\n", subject);
} else {
if (generate_certificate == TRUE) {
if ( belle_sip_generate_self_signed_certificate(path, subject, &certificate, &key) == 0) {
*certificate_pem = belle_sip_certificates_chain_get_pem(certificate);
*key_pem = belle_sip_signing_key_get_pem(key);
ms_message("Generate self-signed certificate with CN=%s successful\n", subject);
}
}
}
/* generate the fingerprint as described in RFC4572 if needed */
if ((generate_dtls_fingerprint == TRUE) && (fingerprint != NULL)) {
if (*fingerprint != NULL) {
ms_free(*fingerprint);
}
*fingerprint = belle_sip_certificates_chain_get_fingerprint(certificate);
}
/* free key and certificate */
if ( certificate != NULL ) {
belle_sip_object_unref(certificate);
}
if ( key != NULL ) {
belle_sip_object_unref(key);
}
}
static void test_generate_and_parse_certificates(void) {
belle_sip_certificates_chain_t *certificate, *parsed_certificate;
belle_sip_signing_key_t *key, *parsed_key;
char *pem_certificate, *pem_parsed_certificate, *pem_key, *pem_parsed_key;
int ret = 0;
char *belle_sip_certificate_temporary_dir = bc_tester_file(TEMPORARY_CERTIFICATE_DIR);
/* create 2 certificates in the temporary certificate directory (TODO : set the directory in a absolute path?? where?)*/
ret = belle_sip_generate_self_signed_certificate(belle_sip_certificate_temporary_dir, "test_certificate1", &certificate, &key);
if (ret == BCTOOLBOX_ERROR_UNAVAILABLE_FUNCTION) {
belle_sip_warning("Test skipped, self signed certificate generation not available.");
return;
}
BC_ASSERT_EQUAL_FATAL(0, ret, int, "%d");
belle_sip_object_unref(certificate);
belle_sip_object_unref(key);
ret = belle_sip_generate_self_signed_certificate(belle_sip_certificate_temporary_dir, "test_certificate2", &certificate, &key);
BC_ASSERT_EQUAL_FATAL(0, ret, int, "%d");
/* parse directory to get the certificate2 */
ret = belle_sip_get_certificate_and_pkey_in_dir(belle_sip_certificate_temporary_dir, "test_certificate2", &parsed_certificate, &parsed_key, BELLE_SIP_CERTIFICATE_RAW_FORMAT_PEM);
free(belle_sip_certificate_temporary_dir);
BC_ASSERT_EQUAL_FATAL(0, ret, int, "%d");
/* get pem version of generated and parsed certificate and compare them */
pem_certificate = belle_sip_certificates_chain_get_pem(certificate);
BC_ASSERT_TRUE_FATAL(pem_certificate!=NULL);
pem_parsed_certificate = belle_sip_certificates_chain_get_pem(parsed_certificate);
BC_ASSERT_TRUE_FATAL(pem_parsed_certificate!=NULL);
BC_ASSERT_STRING_EQUAL(pem_certificate, pem_parsed_certificate);
/* get pem version of generated and parsed key and compare them */
pem_key = belle_sip_signing_key_get_pem(key);
BC_ASSERT_TRUE_FATAL(pem_key!=NULL);
pem_parsed_key = belle_sip_signing_key_get_pem(parsed_key);
BC_ASSERT_TRUE_FATAL(pem_parsed_key!=NULL);
BC_ASSERT_STRING_EQUAL(pem_key, pem_parsed_key);
belle_sip_free(pem_certificate);
belle_sip_free(pem_parsed_certificate);
belle_sip_free(pem_key);
belle_sip_free(pem_parsed_key);
belle_sip_object_unref(certificate);
belle_sip_object_unref(parsed_certificate);
belle_sip_object_unref(key);
belle_sip_object_unref(parsed_key);
}
