rdpproxy/trunk/x509test.c

/* Test of various x509 API calls in OpenSSL for later use with rdesktop */

#include <stdio.h>
#include <openssl/x509v3.h>

int
main(int argc, char **argv)
{
        X509 *cacert, *cert;
        char *cacertfilename;
        char *certfilename;
        FILE *cacertfile;
        FILE *certfile;
        FILE *stdout_FILE;
        RSA *pubkey;
        EVP_PKEY *epk = NULL;
        int cert_type = 0;
        int certstatus = -1;

        X509_STORE *ctx = NULL;
        X509_STORE_CTX *csc;
        X509_LOOKUP *lookup = NULL;

        if (argc < 3)
        {
                printf("Usage: %s <cacertfile> <certfile>\n", argv[0]);
                return 1;
        }

        cacertfilename = argv[1];
        certfilename = argv[2];

        cacertfile = fopen(cacertfilename, "r");
        if (NULL == cacertfile)
        {
                perror(cacertfilename);
                return 2;
        }
        certfile = fopen(certfilename, "r");
        if (NULL == certfile)
        {
                perror(certfilename);
                fclose(cacertfile);
                return 3;
        }

        cacert = d2i_X509_fp(cacertfile, NULL);
        if (NULL == cacert)
        {
                printf("Failed to load %s into a X509 structure", cacertfilename);
        }

        cert = d2i_X509_fp(certfile, NULL);
        if (NULL == cert)
        {
                printf("Failed to load %s into a X509 structure", certfilename);
        }

        ctx = X509_STORE_new();

        //  lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
        //  X509_LOOKUP_load_file(lookup,"w2k3cert_ca.pem",X509_FILETYPE_PEM);
        X509_STORE_add_cert(ctx, cacert);

        csc = X509_STORE_CTX_new();
        X509_STORE_CTX_init(csc, ctx, cert, NULL);
        certstatus = X509_verify_cert(csc);


        printf("X509_verify_cert returns %d\n", certstatus);
        if (0 == certstatus)
        {
                printf("X509_STORE_CTX_get_error returns %d\n", X509_STORE_CTX_get_error(csc));
                X509_print_fp(stdout, X509_STORE_CTX_get_current_cert(csc));
        }


        // Many thanks to Richard Levitte for the following (. intiutive .) lines of code.
        if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption)
        {
                printf("Re-setting algorithm type to RSA ($#¤?=## Microsoft!)\n");
                cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
        }

        //  X509_print_fp(stdout, cert);

        epk = X509_get_pubkey(cert);
        if (NULL == epk)
        {
                printf("Failed to extract public key from X509 structure\n");
        }

        if (EVP_PKEY_RSA == epk->type)
        {
                printf("Type is probably RSA\n");
                pubkey = (RSA *) epk->pkey.ptr;
        }


        cert_type = X509_certificate_type(cert, epk);

        printf("X509_certificate_type returned %d\n", cert_type);


        /* X509->cert_info->key->algor->algorithm is a ASN1_OBJECT   */

        return 0;

}
1	/* Test of various x509 API calls in OpenSSL for later use with rdesktop */
2
3	#include <stdio.h>
4	#include <openssl/x509v3.h>
5
6	int
7	main(int argc, char **argv)
8	{
9	X509 cacert, cert;
10	char *cacertfilename;
11	char *certfilename;
12	FILE *cacertfile;
13	FILE *certfile;
14	FILE *stdout_FILE;
15	RSA *pubkey;
16	EVP_PKEY *epk = NULL;
17	int cert_type = 0;
18	int certstatus = -1;
19
20	X509_STORE *ctx = NULL;
21	X509_STORE_CTX *csc;
22	X509_LOOKUP *lookup = NULL;
23
24	if (argc < 3)
25	{
26	printf("Usage: %s <cacertfile> <certfile>\n", argv[0]);
27	return 1;
28	}
29
30	cacertfilename = argv[1];
31	certfilename = argv[2];
32
33	cacertfile = fopen(cacertfilename, "r");
34	if (NULL == cacertfile)
35	{
36	perror(cacertfilename);
37	return 2;
38	}
39	certfile = fopen(certfilename, "r");
40	if (NULL == certfile)
41	{
42	perror(certfilename);
43	fclose(cacertfile);
44	return 3;
45	}
46
47	cacert = d2i_X509_fp(cacertfile, NULL);
48	if (NULL == cacert)
49	{
50	printf("Failed to load %s into a X509 structure", cacertfilename);
51	}
52
53	cert = d2i_X509_fp(certfile, NULL);
54	if (NULL == cert)
55	{
56	printf("Failed to load %s into a X509 structure", certfilename);
57	}
58
59	ctx = X509_STORE_new();
60
61	// lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
62	// X509_LOOKUP_load_file(lookup,"w2k3cert_ca.pem",X509_FILETYPE_PEM);
63	X509_STORE_add_cert(ctx, cacert);
64
65	csc = X509_STORE_CTX_new();
66	X509_STORE_CTX_init(csc, ctx, cert, NULL);
67	certstatus = X509_verify_cert(csc);
68
69
70	printf("X509_verify_cert returns %d\n", certstatus);
71	if (0 == certstatus)
72	{
73	printf("X509_STORE_CTX_get_error returns %d\n", X509_STORE_CTX_get_error(csc));
74	X509_print_fp(stdout, X509_STORE_CTX_get_current_cert(csc));
75	}
76
77
78
79
80	// Many thanks to Richard Levitte for the following (. intiutive .) lines of code.
81	if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption)
82	{
83	printf("Re-setting algorithm type to RSA ($#¤?=## Microsoft!)\n");
84	cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
85	}
86
87	// X509_print_fp(stdout, cert);
88
89	epk = X509_get_pubkey(cert);
90	if (NULL == epk)
91	{
92	printf("Failed to extract public key from X509 structure\n");
93	}
94
95	if (EVP_PKEY_RSA == epk->type)
96	{
97	printf("Type is probably RSA\n");
98	pubkey = (RSA *) epk->pkey.ptr;
99	}
100
101
102	cert_type = X509_certificate_type(cert, epk);
103
104	printf("X509_certificate_type returned %d\n", cert_type);
105
106
107
108	/* X509->cert_info->key->algor->algorithm is a ASN1_OBJECT */
109
110	return 0;
111
112	}