static gnutls_x509_crq generate_certificate_request(requiem_client_profile_t *cp,
requiem_connection_permission_t permission,
gnutls_x509_privkey key, unsigned char *buf, size_t *size)
{
int ret;
gnutls_x509_crq crq;
ret = gnutls_x509_crq_init(&crq);
if ( ret < 0 ) {
fprintf(stderr, "error creating certificate request: %s.\n", gnutls_strerror(ret));
return NULL;
}
ret = gnutls_x509_crq_set_key(crq, key);
if ( ret < 0 ) {
fprintf(stderr, "error setting certificate request key: %s.\n", gnutls_strerror(ret));
gnutls_x509_crq_deinit(crq);
return NULL;
}
if ( permission ) {
ret = snprintf((char *) buf, *size, "%d", (int) permission);
ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, 0, buf, ret);
if ( ret < 0 ) {
fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret));
return NULL;
}
}
gnutls_x509_crq_set_version(crq, 3);
ret = snprintf((char*) buf, *size, "%" REQUIEM_PRIu64, requiem_client_profile_get_analyzerid(cp));
ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_DN_QUALIFIER, 0, buf, ret);
if ( ret < 0 ) {
fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret));
return NULL;
}
ret = gnutls_x509_crq_sign(crq, key);
if ( ret < 0 ) {
fprintf(stderr, "error signing certificate request: %s.\n", gnutls_strerror(ret));
gnutls_x509_crq_deinit(crq);
return NULL;
}
ret = gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buf, size);
if ( ret < 0 ) {
fprintf(stderr, "error exporting certificate request: %s.\n", gnutls_strerror(ret));
gnutls_x509_crq_deinit(crq);
return NULL;
}
return crq;
}
int
main (void)
{
gnutls_x509_crq_t crq;
gnutls_x509_privkey_t key;
unsigned char buffer[10 * 1024];
size_t buffer_size = sizeof (buffer);
unsigned int bits;
gnutls_global_init ();
/* Initialize an empty certificate request, and
* an empty private key.
*/
gnutls_x509_crq_init (&crq);
gnutls_x509_privkey_init (&key);
/* Generate an RSA key of moderate security.
*/
bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL);
gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0);
/* Add stuff to the distinguished name
*/
gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME,
0, "GR", 2);
gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
0, "Nikos", strlen ("Nikos"));
/* Set the request version.
*/
gnutls_x509_crq_set_version (crq, 1);
/* Set a challenge password.
*/
gnutls_x509_crq_set_challenge_password (crq, "something to remember here");
/* Associate the request with the private key
*/
gnutls_x509_crq_set_key (crq, key);
/* Self sign the certificate request.
*/
gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
/* Export the PEM encoded certificate request, and
* display it.
*/
gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
printf ("Certificate Request: \n%s", buffer);
/* Export the PEM encoded private key, and
* display it.
*/
buffer_size = sizeof (buffer);
gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
printf ("\n\nPrivate key: \n%s", buffer);
gnutls_x509_crq_deinit (crq);
gnutls_x509_privkey_deinit (key);
return 0;
}
