int main (int argc, char *argv[] ) { printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n"); printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n"); printf("OpenCA Licensed Software\n\n"); printf("TOKEN Generation testsuite.\n\n"); if(( PKI_log_init (PKI_LOG_TYPE_SYSLOG, PKI_LOG_NOTICE, NULL, PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) { exit(1); } gen_X509_tk(PKI_SCHEME_RSA, 1024, "results/cert_rsa_1024.pem"); gen_X509_tk(PKI_SCHEME_RSA, 2048, "results/cert_rsa_2048.pem"); gen_X509_tk(PKI_SCHEME_RSA, 4096, "results/cert_rsa_4096.pem"); gen_X509_tk(PKI_SCHEME_DSA, 2048,"results/cert_dsa_2048.pem"); gen_X509_tk(PKI_SCHEME_ECDSA, 256, "results/cert_ecdsa_256.pem"); PKI_log_end(); printf("Done.\n\n"); return (0); }
int main (int argc, char *argv[]) { PKI_MEM_STACK *sk = NULL; PKI_MEM *obj = NULL; PKI_SSL *ssl = NULL; // PKI_TOKEN *tk = NULL; PKI_SOCKET *sock = NULL; URL * url = NULL; char *url_s = NULL; char *outurl_s = "fd://1"; char *trusted_certs = NULL; char *dump_cert = NULL; char *dump_chain = NULL; int debug = 0; int verify_chain = 1; int i = 0; int timeout = 0; int get_via_socket = 0; PKI_init_all(); if( !argv[1] ) { usage(); return(1); } for( i = 1; i <= argc; i++ ) { if( strcmp_nocase( argv[i], "-out" ) == 0 ) { outurl_s = argv[++i]; } else if ( strcmp_nocase ( argv[i], "-trusted" ) == 0 ) { trusted_certs = argv[++i]; } else if ( strcmp_nocase ( argv[i], "-dumpcert" ) == 0 ) { if((dump_cert = argv[++i]) == NULL ) { fprintf(stderr, "\nERROR: -dumpcert needs a file url!\n\n"); exit(1); } } else if ( strcmp_nocase ( argv[i], "-dumpchain" ) == 0 ) { if((dump_chain = argv[++i]) == NULL ) { fprintf(stderr, "\nERROR: -dumpchain needs a file url!\n\n"); exit(1); } } else if ( strcmp_nocase ( argv[i], "-timeout" ) == 0 ) { timeout = atoi( argv[++i] ); if ( timeout < 0 ) timeout = 0; } else if ( strcmp_nocase ( argv[i], "-no_verify" ) == 0 ) { verify_chain = 0; } else if ( strcmp_nocase( argv[i], "-debug" ) == 0 ) { debug = 1; } else { url_s = argv[i]; if ( i < argc - 1 ) { fprintf( stderr, "Args after URL ignored!(%s %d/%d)\n", url_s, i, argc ); } break; } } if((url = URL_new( url_s )) == NULL ) { printf("\nERROR, %s is not a valid URL!\n\n", url_s ); usage(); return (1); } if( debug ) { if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL, PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR) { exit(1); } } else { if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL, 0, NULL )) == PKI_ERR) { exit(1); } } // Check if we should use the socket approach or the simple URL // retrieval facility switch (url->proto) { case URI_PROTO_FD: case URI_PROTO_FILE: case URI_PROTO_HTTP: case URI_PROTO_HTTPS: case URI_PROTO_LDAP: get_via_socket = 1; break; default: get_via_socket = 0; } // // -------------------------- Setup the SSL Options ------------------------ // if(( ssl = PKI_SSL_new( NULL )) == NULL ) { fprintf(stderr, "ERROR: Memory allocation error (PKI_SSL_new)\n"); return ( 1 ); } if ( trusted_certs ) { PKI_X509_CERT_STACK *sk = NULL; if(( sk = PKI_X509_CERT_STACK_get ( trusted_certs, NULL, NULL)) == NULL ) { PKI_log_err ("Can't load Trusted Certs from %s", trusted_certs ); return 1; } PKI_SSL_set_trusted ( ssl, sk ); if ( verify_chain ) { PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER_REQUIRE); } else { PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER); } } if ( verify_chain == 0 ) { PKI_SSL_set_verify ( ssl, PKI_SSL_VERIFY_NONE ); fprintf(stderr, "WARNING: no verify set!\n"); } if(( sock = PKI_SOCKET_new ()) == NULL ) { fprintf(stderr, "ERROR, can not create a new Socket!\n\n"); exit(1); } PKI_SOCKET_set_ssl ( sock, ssl ); // // ------------------------------ Retrieve Data ----------------------------- // if (get_via_socket) { if( PKI_SOCKET_open( sock, url_s, timeout ) == PKI_ERR ) { fprintf(stderr, "ERROR, can not connect to %s!\n\n", url_s); exit(1); } ssl = PKI_SOCKET_get_ssl (sock); if (dump_cert) { PKI_X509_CERT *x = NULL; if ( !ssl ) { fprintf( stderr, "ERROR: Can not dump cert (no SSL)\n"); } if((x = PKI_SSL_get_peer_cert ( ssl )) == NULL ) { fprintf( stderr, "ERROR: No Peer certificate is available\n"); } if( PKI_X509_CERT_put ( x, PKI_DATA_FORMAT_PEM, dump_cert, NULL, NULL, NULL ) == PKI_ERR){ fprintf(stderr, "ERROR: can not write Peer cert to " "%s\n", dump_cert ); } } if (dump_chain) { PKI_X509_CERT_STACK *x_sk = NULL; if ( !ssl ) { fprintf( stderr, "ERROR: Can not dump cert (no SSL)\n"); } if((x_sk = PKI_SSL_get_peer_chain ( ssl )) == NULL ) { fprintf( stderr, "ERROR: No certificate chain is available\n"); } if( PKI_X509_CERT_STACK_put ( x_sk, PKI_DATA_FORMAT_PEM, dump_chain, NULL, NULL, NULL ) == PKI_ERR){ fprintf(stderr, "ERROR: can not write Peer cert to " "%s\n", dump_cert ); } } if((sk = URL_get_data_socket ( sock, timeout, 0 )) == NULL ) { fprintf(stderr, "ERROR, can not retrieve data!\n\n"); return(-1); } PKI_SOCKET_close ( sock ); PKI_SOCKET_free ( sock ); } else // Get Data via the usual URL socket-less approach { sk = URL_get_data_url (url, timeout, 0, ssl); } PKI_log_debug("URL: Number of retrieved entries is %d", PKI_STACK_MEM_elements(sk)); while( (obj = PKI_STACK_MEM_pop ( sk )) != NULL ) { URL_put_data ( outurl_s, obj, NULL, NULL, 0, 0, NULL ); } return 0; }
int main (int argc, char *argv[] ) { PKI_TOKEN *tk = NULL; PKI_X509_PROFILE *prof = NULL; // PKI_OID *oid = NULL; PKI_X509_CRL *crl = NULL; PKI_X509_CRL_ENTRY *entry = NULL; PKI_X509_CRL_ENTRY_STACK *sk = NULL; printf("\n\nlibpki Test - Massimiliano Pala <*****@*****.**>\n"); printf("(c) 2006 by Massimiliano Pala and OpenCA Project\n"); printf("OpenCA Licensed Software\n\n"); if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_NOTICE, NULL, PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) { exit(1); } if((tk = PKI_TOKEN_new_null()) == NULL ) { printf("ERROR, can not allocate token!\n\n"); exit(1); } if(( PKI_TOKEN_init( tk, "etc" , "Default" )) == PKI_ERR) { printf("ERROR, can not configure token!\n\n"); exit(1); } if((PKI_TOKEN_set_algor ( tk, PKI_ALGOR_RSA_SHA256 )) == PKI_ERR ) { printf("ERROR, can not set the RSA crypto scheme!\n"); return (0); } if((PKI_TOKEN_new_keypair ( tk, 1024, NULL )) == PKI_ERR) { printf("ERROR, can not generate new keypair!\n"); return (0); } printf("* Self Signing certificate .... "); if((PKI_TOKEN_self_sign( tk, NULL, "23429", 24*3600, "User" )) == PKI_ERR ) { printf("ERROR, can not self sign certificate!\n"); return(0); } printf("Generating a new CRL ENTRY ... "); if((entry = PKI_X509_CRL_ENTRY_new_serial ( "12345678", CRL_REASON_KEY_COMPROMISE, NULL, NULL )) == NULL ) { printf("ERROR!\n"); exit(1); } printf("Ok\n"); sk = PKI_STACK_X509_CRL_ENTRY_new(); PKI_STACK_X509_CRL_ENTRY_push( sk, entry ); printf("Generating new CRL ... "); if((crl = PKI_TOKEN_issue_crl (tk, "3", PKI_VALIDITY_ONE_WEEK, sk, "crl")) == NULL ) { printf("ERROR, can not generate new CRL!\n"); exit(1); } printf("Ok\n"); if( tk ) PKI_TOKEN_free ( tk ); if( prof ) PKI_X509_PROFILE_free ( prof ); if( crl ) PKI_X509_CRL_free ( crl ); PKI_log_end(); printf("\n\n[ Test Ended Succesfully ]\n\n"); return (0); }