예제 #1
0
파일: test3.c 프로젝트: a157634/libpki
int main (int argc, char *argv[] ) {

	printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n");
	printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n");
	printf("OpenCA Licensed Software\n\n");

	printf("TOKEN Generation testsuite.\n\n");

	if(( PKI_log_init (PKI_LOG_TYPE_SYSLOG, PKI_LOG_NOTICE, NULL,
			PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) {
		exit(1);
	}

	gen_X509_tk(PKI_SCHEME_RSA, 1024, "results/cert_rsa_1024.pem");
	gen_X509_tk(PKI_SCHEME_RSA, 2048, "results/cert_rsa_2048.pem");
	gen_X509_tk(PKI_SCHEME_RSA, 4096, "results/cert_rsa_4096.pem");
	gen_X509_tk(PKI_SCHEME_DSA, 2048,"results/cert_dsa_2048.pem");
	gen_X509_tk(PKI_SCHEME_ECDSA, 256, "results/cert_ecdsa_256.pem");

	PKI_log_end();

	printf("Done.\n\n");

	return (0);
}
예제 #2
0
파일: url-tool.c 프로젝트: dago/libpki
int main (int argc, char *argv[]) {

	PKI_MEM_STACK *sk = NULL;
	PKI_MEM *obj = NULL;
	PKI_SSL *ssl = NULL;
	// PKI_TOKEN *tk = NULL;
	PKI_SOCKET *sock = NULL;

	URL * url = NULL;

	char *url_s = NULL;
	char *outurl_s = "fd://1";
	char *trusted_certs = NULL;
	char *dump_cert = NULL;
	char *dump_chain = NULL;

	int debug = 0;
	int verify_chain = 1;
	int i = 0;
	int timeout = 0;
	int get_via_socket = 0;

	PKI_init_all();

	if( !argv[1] ) {
		usage();
		return(1);
	}

	for( i = 1; i <= argc; i++ ) {
		if( strcmp_nocase( argv[i], "-out" ) == 0 ) {
			outurl_s = argv[++i];
		} else if ( strcmp_nocase ( argv[i], "-trusted" ) == 0 ) {
			trusted_certs = argv[++i];
		} else if ( strcmp_nocase ( argv[i], "-dumpcert" ) == 0 ) {
			if((dump_cert = argv[++i]) == NULL ) {
				fprintf(stderr, "\nERROR: -dumpcert needs a file url!\n\n");
				exit(1);
			}
		} else if ( strcmp_nocase ( argv[i], "-dumpchain" ) == 0 ) {
			if((dump_chain = argv[++i]) == NULL ) {
				fprintf(stderr, "\nERROR: -dumpchain needs a file url!\n\n");
				exit(1);
			}
		} else if ( strcmp_nocase ( argv[i], "-timeout" ) == 0 ) {
			timeout = atoi( argv[++i] );
			if ( timeout < 0 ) timeout = 0;
		} else if ( strcmp_nocase ( argv[i], "-no_verify" ) == 0 ) {
			verify_chain = 0;
		} else if ( strcmp_nocase( argv[i], "-debug" ) == 0 ) {
			debug = 1;
		} else {
			url_s = argv[i];
			if ( i < argc - 1 ) {
				fprintf( stderr, "Args after URL ignored!(%s %d/%d)\n",
					url_s, i, argc );
			}
			break;
		}
	}

	if((url = URL_new( url_s )) == NULL ) {
		printf("\nERROR, %s is not a valid URL!\n\n", url_s );

		usage();
		return (1);
	}

	if( debug ) {
		if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
        	              PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR) {
        	        exit(1);
        	}
	} else {
		if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
        	              0, NULL )) == PKI_ERR) {
        	        exit(1);
        	}
	}

	// Check if we should use the socket approach or the simple URL
	// retrieval facility
	switch (url->proto) {
		case URI_PROTO_FD:
		case URI_PROTO_FILE:
		case URI_PROTO_HTTP:
		case URI_PROTO_HTTPS:
		case URI_PROTO_LDAP:
			get_via_socket = 1;
			break;
		default:
			get_via_socket = 0;
	}

	//
	// -------------------------- Setup the SSL Options ------------------------
	//
	if(( ssl = PKI_SSL_new( NULL )) == NULL ) {
		fprintf(stderr, "ERROR: Memory allocation error (PKI_SSL_new)\n");
		return ( 1 );
	}

	if ( trusted_certs ) {
		PKI_X509_CERT_STACK *sk = NULL;

		if(( sk = PKI_X509_CERT_STACK_get ( trusted_certs, NULL, NULL))
								== NULL ) {
			PKI_log_err ("Can't load Trusted Certs from %s",
						trusted_certs );
			return 1;
		}		

		PKI_SSL_set_trusted ( ssl, sk );

		if ( verify_chain ) {
			PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER_REQUIRE);
		} else {
			PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER);
		}
	}

	if ( verify_chain == 0 ) {
			PKI_SSL_set_verify ( ssl, PKI_SSL_VERIFY_NONE );
			fprintf(stderr, "WARNING: no verify set!\n");
	}

	if(( sock = PKI_SOCKET_new ()) == NULL ) {
		fprintf(stderr, "ERROR, can not create a new Socket!\n\n");
		exit(1);
	}

	PKI_SOCKET_set_ssl ( sock, ssl );

	//
	// ------------------------------ Retrieve Data -----------------------------
	//
	if (get_via_socket) {

		if( PKI_SOCKET_open( sock, url_s, timeout ) == PKI_ERR ) {
			fprintf(stderr, "ERROR, can not connect to %s!\n\n", url_s);
			exit(1);
		}

		ssl = PKI_SOCKET_get_ssl (sock);

		if (dump_cert) { 
			PKI_X509_CERT *x = NULL;

			if ( !ssl ) {
				fprintf( stderr, 
					"ERROR: Can not dump cert (no SSL)\n");
			}

			if((x = PKI_SSL_get_peer_cert ( ssl )) == NULL ) {
				fprintf( stderr,
					"ERROR: No Peer certificate is available\n");
			}

			if( PKI_X509_CERT_put ( x, PKI_DATA_FORMAT_PEM,
					dump_cert, NULL, NULL, NULL ) == PKI_ERR){
				fprintf(stderr, "ERROR: can not write Peer cert to "
					"%s\n", dump_cert );
			}
		}

		if (dump_chain) { 
			PKI_X509_CERT_STACK *x_sk = NULL;
	
			if ( !ssl ) {
				fprintf( stderr, 
					"ERROR: Can not dump cert (no SSL)\n");
			}

			if((x_sk = PKI_SSL_get_peer_chain ( ssl )) == NULL ) {
				fprintf( stderr,
					"ERROR: No certificate chain is available\n");
			}

			if( PKI_X509_CERT_STACK_put ( x_sk, PKI_DATA_FORMAT_PEM,
					dump_chain, NULL, NULL, NULL ) == PKI_ERR){
				fprintf(stderr, "ERROR: can not write Peer cert to "
					"%s\n", dump_cert );
			}
		}

		if((sk = URL_get_data_socket ( sock, timeout, 0 )) == NULL ) {
			fprintf(stderr, "ERROR, can not retrieve data!\n\n");
			return(-1);
		}

		PKI_SOCKET_close ( sock );
		PKI_SOCKET_free ( sock );
	}
	else // Get Data via the usual URL socket-less approach
	{
		sk = URL_get_data_url (url, timeout, 0, ssl);
	}

	PKI_log_debug("URL: Number of retrieved entries is %d",
		PKI_STACK_MEM_elements(sk));

	while( (obj = PKI_STACK_MEM_pop ( sk )) != NULL ) {
		URL_put_data ( outurl_s, obj, NULL, NULL, 0, 0, NULL );
	}

	return 0;
}
예제 #3
0
파일: test6.c 프로젝트: openca/libpki
int main (int argc, char *argv[] ) {

	PKI_TOKEN *tk = NULL;
	PKI_X509_PROFILE *prof =  NULL;
	// PKI_OID *oid = NULL;

	PKI_X509_CRL *crl = NULL;
	PKI_X509_CRL_ENTRY *entry = NULL;
	PKI_X509_CRL_ENTRY_STACK *sk = NULL;

	printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n");
	printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n");
	printf("OpenCA Licensed Software\n\n");

	if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_NOTICE, NULL,
			PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) {
		exit(1);
	}

	if((tk = PKI_TOKEN_new_null()) == NULL ) {
		printf("ERROR, can not allocate token!\n\n");
		exit(1);
	}

	if(( PKI_TOKEN_init( tk, "etc" , "Default" )) == PKI_ERR) {
		printf("ERROR, can not configure token!\n\n");
		exit(1);
	}

	if((PKI_TOKEN_set_algor ( tk, PKI_ALGOR_RSA_SHA256 )) == PKI_ERR ) {
                printf("ERROR, can not set the RSA crypto scheme!\n");
                return (0);
        }

        if((PKI_TOKEN_new_keypair ( tk, 1024, NULL )) == PKI_ERR) {
                printf("ERROR, can not generate new keypair!\n");
                return (0);
        }

	printf("* Self Signing certificate .... ");
        if((PKI_TOKEN_self_sign( tk, NULL, "23429", 24*3600, "User" )) == PKI_ERR ) {
                printf("ERROR, can not self sign certificate!\n");
                return(0);
        }

	printf("Generating a new CRL ENTRY ... ");
	if((entry = PKI_X509_CRL_ENTRY_new_serial ( "12345678", 
			CRL_REASON_KEY_COMPROMISE, NULL, NULL )) 
								== NULL ) {
		printf("ERROR!\n");
		exit(1);
	}
	printf("Ok\n");

	sk = PKI_STACK_X509_CRL_ENTRY_new();
	PKI_STACK_X509_CRL_ENTRY_push( sk, entry );

	printf("Generating new CRL ... ");
	if((crl = PKI_TOKEN_issue_crl (tk, "3", 
				PKI_VALIDITY_ONE_WEEK, sk, "crl")) == NULL ) {
		printf("ERROR, can not generate new CRL!\n");
		exit(1);
	}
	printf("Ok\n");

	if( tk ) PKI_TOKEN_free ( tk );
	if( prof ) PKI_X509_PROFILE_free ( prof );
	if( crl )  PKI_X509_CRL_free ( crl );

	PKI_log_end();

	printf("\n\n[ Test Ended Succesfully ]\n\n");

	return (0);
}