static gnutls_x509_crq generate_certificate_request(requiem_client_profile_t *cp, requiem_connection_permission_t permission, gnutls_x509_privkey key, unsigned char *buf, size_t *size) { int ret; gnutls_x509_crq crq; ret = gnutls_x509_crq_init(&crq); if ( ret < 0 ) { fprintf(stderr, "error creating certificate request: %s.\n", gnutls_strerror(ret)); return NULL; } ret = gnutls_x509_crq_set_key(crq, key); if ( ret < 0 ) { fprintf(stderr, "error setting certificate request key: %s.\n", gnutls_strerror(ret)); gnutls_x509_crq_deinit(crq); return NULL; } if ( permission ) { ret = snprintf((char *) buf, *size, "%d", (int) permission); ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, 0, buf, ret); if ( ret < 0 ) { fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret)); return NULL; } } gnutls_x509_crq_set_version(crq, 3); ret = snprintf((char*) buf, *size, "%" REQUIEM_PRIu64, requiem_client_profile_get_analyzerid(cp)); ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_DN_QUALIFIER, 0, buf, ret); if ( ret < 0 ) { fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret)); return NULL; } ret = gnutls_x509_crq_sign(crq, key); if ( ret < 0 ) { fprintf(stderr, "error signing certificate request: %s.\n", gnutls_strerror(ret)); gnutls_x509_crq_deinit(crq); return NULL; } ret = gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buf, size); if ( ret < 0 ) { fprintf(stderr, "error exporting certificate request: %s.\n", gnutls_strerror(ret)); gnutls_x509_crq_deinit(crq); return NULL; } return crq; }
static void inf_test_certificate_request_notify_status_cb(GObject* object, GParamSpec* pspec, gpointer user_data) { InfTestCertificateRequest* test; InfBrowserStatus status; gnutls_x509_crq_t crq; InfRequest* request; GError* error; int res; test = (InfTestCertificateRequest*)user_data; g_object_get(G_OBJECT(test->browser), "status", &status, NULL); if(status == INF_BROWSER_OPEN) { fprintf(stderr, "Connection established, creating key... (4096 bit)\n"); /* TODO: Some error checking here */ gnutls_x509_privkey_init(&test->key); gnutls_x509_privkey_generate(test->key, GNUTLS_PK_RSA, 4096, 0); fprintf(stderr, "Done, sending the certificate request\n"); gnutls_x509_crq_init(&crq); gnutls_x509_crq_set_key(crq, test->key); gnutls_x509_crq_set_key_usage(crq, GNUTLS_KEY_DIGITAL_SIGNATURE); gnutls_x509_crq_set_version(crq, 3); gnutls_x509_crq_set_dn_by_oid( crq, GNUTLS_OID_X520_COMMON_NAME, 0, "Armin Burgmeier", strlen("Armin Burgmeier") ); /* TODO: gnutls_x509_crq_sign2 is deprecated in favour of * gnutls_x509_crq_privkey_sign, but the latter returns the error code * GNUTLS_E_UNIMPLEMENTED_FEATURE, so we keep using the deprecated * version here. */ /*gnutls_x509_crq_privkey_sign(crq, key, GNUTLS_DIG_SHA1, 0);*/ gnutls_x509_crq_sign2(crq, test->key, GNUTLS_DIG_SHA1, 0); error = NULL; request = inf_browser_create_acl_account( INF_BROWSER(object), crq, inf_test_certificate_request_finished_cb, test ); gnutls_x509_crq_deinit(crq); } if(status == INF_BROWSER_CLOSED) { if(inf_standalone_io_loop_running(test->io)) inf_standalone_io_loop_quit(test->io); } }
void doit (void) { gnutls_x509_privkey_t pkey; gnutls_privkey_t abs_pkey; gnutls_x509_crq_t crq; size_t pkey_key_id_len; unsigned char *pkey_key_id = NULL; size_t crq_key_id_len; unsigned char *crq_key_id = NULL; gnutls_pk_algorithm_t algorithm; int ret; ret = global_init (); if (ret < 0) fail ("global_init: %d\n", ret); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (4711); for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA; algorithm++) { ret = gnutls_x509_crq_init (&crq); if (ret < 0) fail ("gnutls_x509_crq_init: %d\n", ret); ret = gnutls_x509_privkey_init (&pkey); if (ret < 0) { fail ("gnutls_x509_privkey_init: %d\n", ret); } ret = gnutls_privkey_init (&abs_pkey); if (ret < 0) { fail ("gnutls_privkey_init: %d\n", ret); } ret = gnutls_x509_privkey_generate (pkey, algorithm, 1024, 0); if (ret < 0) { fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret); } else if (debug) { success ("Key[%s] generation ok: %d\n", gnutls_pk_algorithm_get_name (algorithm), ret); } pkey_key_id_len = 0; ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id, &pkey_key_id_len); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", ret); } pkey_key_id = malloc (sizeof (unsigned char) * pkey_key_id_len); ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id, &pkey_key_id_len); if (ret != GNUTLS_E_SUCCESS) { fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", ret); } ret = gnutls_x509_crq_set_version (crq, 1); if (ret < 0) { fail ("gnutls_x509_crq_set_version: %d\n", ret); } ret = gnutls_x509_crq_set_key (crq, pkey); if (ret < 0) { fail ("gnutls_x509_crq_set_key: %d\n", ret); } ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, 0, "CN-Test", 7); if (ret < 0) { fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret); } ret = gnutls_privkey_import_x509( abs_pkey, pkey, 0); if (ret < 0) { fail ("gnutls_privkey_import_x509: %d\n", ret); } ret = gnutls_x509_crq_privkey_sign (crq, abs_pkey, GNUTLS_DIG_SHA1, 0); if (ret < 0) { fail ("gnutls_x509_crq_sign: %d\n", ret); } ret = gnutls_x509_crq_verify (crq, 0); if (ret < 0) { fail ("gnutls_x509_crq_verify: %d\n", ret); } crq_key_id_len = 0; ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret); } crq_key_id = malloc (sizeof (unsigned char) * crq_key_id_len); ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len); if (ret != GNUTLS_E_SUCCESS) { fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret); } if (crq_key_id_len == pkey_key_id_len) { ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len); if (ret == 0) { if (debug) success ("Key ids are identical. OK.\n"); } else { fail ("Key ids differ incorrectly: %d\n", ret); } } else { fail ("Key_id lengths differ incorrectly: %d - %d\n", (int) crq_key_id_len, (int) pkey_key_id_len); } if (pkey_key_id) { free (pkey_key_id); pkey_key_id = NULL; } if (crq_key_id) { free (crq_key_id); crq_key_id = NULL; } gnutls_x509_crq_deinit (crq); gnutls_x509_privkey_deinit (pkey); gnutls_privkey_deinit (abs_pkey); } gnutls_global_deinit (); }
int main (void) { gnutls_x509_crq_t crq; gnutls_x509_privkey_t key; unsigned char buffer[10 * 1024]; size_t buffer_size = sizeof (buffer); unsigned int bits; gnutls_global_init (); /* Initialize an empty certificate request, and * an empty private key. */ gnutls_x509_crq_init (&crq); gnutls_x509_privkey_init (&key); /* Generate an RSA key of moderate security. */ bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL); gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0); /* Add stuff to the distinguished name */ gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME, 0, "GR", 2); gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, 0, "Nikos", strlen ("Nikos")); /* Set the request version. */ gnutls_x509_crq_set_version (crq, 1); /* Set a challenge password. */ gnutls_x509_crq_set_challenge_password (crq, "something to remember here"); /* Associate the request with the private key */ gnutls_x509_crq_set_key (crq, key); /* Self sign the certificate request. */ gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0); /* Export the PEM encoded certificate request, and * display it. */ gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size); printf ("Certificate Request: \n%s", buffer); /* Export the PEM encoded private key, and * display it. */ buffer_size = sizeof (buffer); gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size); printf ("\n\nPrivate key: \n%s", buffer); gnutls_x509_crq_deinit (crq); gnutls_x509_privkey_deinit (key); return 0; }