1 |
forsberg |
429 |
/* Test of various x509 API calls in OpenSSL for later use with rdesktop */ |
2 |
|
|
|
3 |
|
|
#include <stdio.h> |
4 |
|
|
#include <openssl/x509v3.h> |
5 |
|
|
|
6 |
|
|
int |
7 |
|
|
main(int argc, char **argv) |
8 |
|
|
{ |
9 |
|
|
X509 *cacert, *cert; |
10 |
|
|
char *cacertfilename; |
11 |
|
|
char *certfilename; |
12 |
|
|
FILE *cacertfile; |
13 |
|
|
FILE *certfile; |
14 |
|
|
FILE *stdout_FILE; |
15 |
|
|
RSA *pubkey; |
16 |
|
|
EVP_PKEY *epk = NULL; |
17 |
|
|
int cert_type = 0; |
18 |
|
|
int certstatus = -1; |
19 |
|
|
|
20 |
|
|
X509_STORE *ctx = NULL; |
21 |
|
|
X509_STORE_CTX *csc; |
22 |
|
|
X509_LOOKUP *lookup = NULL; |
23 |
|
|
|
24 |
|
|
if (argc < 3) |
25 |
|
|
{ |
26 |
|
|
printf("Usage: %s <cacertfile> <certfile>\n", argv[0]); |
27 |
|
|
return 1; |
28 |
|
|
} |
29 |
|
|
|
30 |
|
|
cacertfilename = argv[1]; |
31 |
|
|
certfilename = argv[2]; |
32 |
|
|
|
33 |
|
|
cacertfile = fopen(cacertfilename, "r"); |
34 |
|
|
if (NULL == cacertfile) |
35 |
|
|
{ |
36 |
|
|
perror(cacertfilename); |
37 |
|
|
return 2; |
38 |
|
|
} |
39 |
|
|
certfile = fopen(certfilename, "r"); |
40 |
|
|
if (NULL == certfile) |
41 |
|
|
{ |
42 |
|
|
perror(certfilename); |
43 |
|
|
fclose(cacertfile); |
44 |
|
|
return 3; |
45 |
|
|
} |
46 |
|
|
|
47 |
|
|
cacert = d2i_X509_fp(cacertfile, NULL); |
48 |
|
|
if (NULL == cacert) |
49 |
|
|
{ |
50 |
|
|
printf("Failed to load %s into a X509 structure", cacertfilename); |
51 |
|
|
} |
52 |
|
|
|
53 |
|
|
cert = d2i_X509_fp(certfile, NULL); |
54 |
|
|
if (NULL == cert) |
55 |
|
|
{ |
56 |
|
|
printf("Failed to load %s into a X509 structure", certfilename); |
57 |
|
|
} |
58 |
|
|
|
59 |
|
|
ctx = X509_STORE_new(); |
60 |
|
|
|
61 |
|
|
// lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); |
62 |
|
|
// X509_LOOKUP_load_file(lookup,"w2k3cert_ca.pem",X509_FILETYPE_PEM); |
63 |
|
|
X509_STORE_add_cert(ctx, cacert); |
64 |
|
|
|
65 |
|
|
csc = X509_STORE_CTX_new(); |
66 |
|
|
X509_STORE_CTX_init(csc, ctx, cert, NULL); |
67 |
|
|
certstatus = X509_verify_cert(csc); |
68 |
|
|
|
69 |
|
|
|
70 |
|
|
printf("X509_verify_cert returns %d\n", certstatus); |
71 |
|
|
if (0 == certstatus) |
72 |
|
|
{ |
73 |
|
|
printf("X509_STORE_CTX_get_error returns %d\n", X509_STORE_CTX_get_error(csc)); |
74 |
|
|
X509_print_fp(stdout, X509_STORE_CTX_get_current_cert(csc)); |
75 |
|
|
} |
76 |
|
|
|
77 |
|
|
|
78 |
|
|
|
79 |
|
|
|
80 |
|
|
// Many thanks to Richard Levitte for the following (. intiutive .) lines of code. |
81 |
|
|
if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption) |
82 |
|
|
{ |
83 |
|
|
printf("Re-setting algorithm type to RSA ($#ยค?=## Microsoft!)\n"); |
84 |
|
|
cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
85 |
|
|
} |
86 |
|
|
|
87 |
|
|
// X509_print_fp(stdout, cert); |
88 |
|
|
|
89 |
|
|
epk = X509_get_pubkey(cert); |
90 |
|
|
if (NULL == epk) |
91 |
|
|
{ |
92 |
|
|
printf("Failed to extract public key from X509 structure\n"); |
93 |
|
|
} |
94 |
|
|
|
95 |
|
|
if (EVP_PKEY_RSA == epk->type) |
96 |
|
|
{ |
97 |
|
|
printf("Type is probably RSA\n"); |
98 |
|
|
pubkey = (RSA *) epk->pkey.ptr; |
99 |
|
|
} |
100 |
|
|
|
101 |
|
|
|
102 |
|
|
cert_type = X509_certificate_type(cert, epk); |
103 |
|
|
|
104 |
|
|
printf("X509_certificate_type returned %d\n", cert_type); |
105 |
|
|
|
106 |
|
|
|
107 |
|
|
|
108 |
|
|
/* X509->cert_info->key->algor->algorithm is a ASN1_OBJECT */ |
109 |
|
|
|
110 |
|
|
return 0; |
111 |
|
|
|
112 |
|
|
} |