1 |
/* Test of various x509 API calls in OpenSSL for later use with rdesktop */ |
2 |
|
3 |
#include <stdio.h> |
4 |
#include <openssl/x509v3.h> |
5 |
|
6 |
int |
7 |
main(int argc, char **argv) |
8 |
{ |
9 |
X509 *cacert, *cert; |
10 |
char *cacertfilename; |
11 |
char *certfilename; |
12 |
FILE *cacertfile; |
13 |
FILE *certfile; |
14 |
FILE *stdout_FILE; |
15 |
RSA *pubkey; |
16 |
EVP_PKEY *epk = NULL; |
17 |
int cert_type = 0; |
18 |
int certstatus = -1; |
19 |
|
20 |
X509_STORE *ctx = NULL; |
21 |
X509_STORE_CTX *csc; |
22 |
X509_LOOKUP *lookup = NULL; |
23 |
|
24 |
if (argc < 3) |
25 |
{ |
26 |
printf("Usage: %s <cacertfile> <certfile>\n", argv[0]); |
27 |
return 1; |
28 |
} |
29 |
|
30 |
cacertfilename = argv[1]; |
31 |
certfilename = argv[2]; |
32 |
|
33 |
cacertfile = fopen(cacertfilename, "r"); |
34 |
if (NULL == cacertfile) |
35 |
{ |
36 |
perror(cacertfilename); |
37 |
return 2; |
38 |
} |
39 |
certfile = fopen(certfilename, "r"); |
40 |
if (NULL == certfile) |
41 |
{ |
42 |
perror(certfilename); |
43 |
fclose(cacertfile); |
44 |
return 3; |
45 |
} |
46 |
|
47 |
cacert = d2i_X509_fp(cacertfile, NULL); |
48 |
if (NULL == cacert) |
49 |
{ |
50 |
printf("Failed to load %s into a X509 structure", cacertfilename); |
51 |
} |
52 |
|
53 |
cert = d2i_X509_fp(certfile, NULL); |
54 |
if (NULL == cert) |
55 |
{ |
56 |
printf("Failed to load %s into a X509 structure", certfilename); |
57 |
} |
58 |
|
59 |
ctx = X509_STORE_new(); |
60 |
|
61 |
// lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); |
62 |
// X509_LOOKUP_load_file(lookup,"w2k3cert_ca.pem",X509_FILETYPE_PEM); |
63 |
X509_STORE_add_cert(ctx, cacert); |
64 |
|
65 |
csc = X509_STORE_CTX_new(); |
66 |
X509_STORE_CTX_init(csc, ctx, cert, NULL); |
67 |
certstatus = X509_verify_cert(csc); |
68 |
|
69 |
|
70 |
printf("X509_verify_cert returns %d\n", certstatus); |
71 |
if (0 == certstatus) |
72 |
{ |
73 |
printf("X509_STORE_CTX_get_error returns %d\n", X509_STORE_CTX_get_error(csc)); |
74 |
X509_print_fp(stdout, X509_STORE_CTX_get_current_cert(csc)); |
75 |
} |
76 |
|
77 |
|
78 |
|
79 |
|
80 |
// Many thanks to Richard Levitte for the following (. intiutive .) lines of code. |
81 |
if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption) |
82 |
{ |
83 |
printf("Re-setting algorithm type to RSA ($#ยค?=## Microsoft!)\n"); |
84 |
cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
85 |
} |
86 |
|
87 |
// X509_print_fp(stdout, cert); |
88 |
|
89 |
epk = X509_get_pubkey(cert); |
90 |
if (NULL == epk) |
91 |
{ |
92 |
printf("Failed to extract public key from X509 structure\n"); |
93 |
} |
94 |
|
95 |
if (EVP_PKEY_RSA == epk->type) |
96 |
{ |
97 |
printf("Type is probably RSA\n"); |
98 |
pubkey = (RSA *) epk->pkey.ptr; |
99 |
} |
100 |
|
101 |
|
102 |
cert_type = X509_certificate_type(cert, epk); |
103 |
|
104 |
printf("X509_certificate_type returned %d\n", cert_type); |
105 |
|
106 |
|
107 |
|
108 |
/* X509->cert_info->key->algor->algorithm is a ASN1_OBJECT */ |
109 |
|
110 |
return 0; |
111 |
|
112 |
} |