📄 testcert.c
字号:
return( TRUE );
}
/* Test complex certification request code */
static const CERT_DATA complexCertRequestData[] = {
/* Identification information */
{ CRYPT_CERTINFO_COUNTRYNAME, IS_STRING, 0, "NZ" },
{ CRYPT_CERTINFO_ORGANIZATIONNAME, IS_STRING, 0, "Dave's Wetaburgers" },
{ CRYPT_CERTINFO_ORGANIZATIONALUNITNAME, IS_STRING, 0, "Procurement" },
{ CRYPT_CERTINFO_COMMONNAME, IS_STRING, 0, "Dave Smith" },
/* Subject altName */
{ CRYPT_CERTINFO_RFC822NAME, IS_STRING, 0, "dave@wetas-r-us.com" },
{ CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER, IS_STRING, 0, "http://www.wetas-r-us.com" },
/* SSL server and client authentication */
{ CRYPT_CERTINFO_EXTKEY_SERVERAUTH, IS_NUMERIC, CRYPT_UNUSED },
{ CRYPT_CERTINFO_EXTKEY_CLIENTAUTH, IS_NUMERIC, CRYPT_UNUSED },
{ CRYPT_ATTRIBUTE_NONE, IS_VOID }
};
int testComplexCertRequest( void )
{
CRYPT_CERTIFICATE cryptCert;
CRYPT_CONTEXT pubKeyContext, privKeyContext;
int status;
puts( "Testing complex certification request creation/export..." );
/* Create the RSA en/decryption contexts */
if( !loadRSAContexts( CRYPT_UNUSED, &pubKeyContext, &privKeyContext ) )
return( FALSE );
/* Create the certificate object */
status = cryptCreateCert( &cryptCert, CRYPT_UNUSED,
CRYPT_CERTTYPE_CERTREQUEST );
if( cryptStatusError( status ) )
{
printf( "cryptCreateCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Add some certification request components */
status = cryptSetAttribute( cryptCert,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, pubKeyContext );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptSetAttribute()", status,
__LINE__ ) );
if( !addCertFields( cryptCert, complexCertRequestData ) )
return( FALSE );
/* Sign the certification request */
status = cryptSignCert( cryptCert, privKeyContext );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptSignCert()", status,
__LINE__ ) );
/* Check the signature. Since it's self-signed, we don't need to pass in
a signature check key */
status = cryptCheckCert( cryptCert, CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptCheckCert()", status,
__LINE__ ) );
/* Print information on what we've got */
if( !printCertInfo( cryptCert ) )
return( FALSE );
/* Export the cert */
status = cryptExportCert( certBuffer, &certificateLength,
CRYPT_CERTFORMAT_CERTIFICATE, cryptCert );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptExportCert()", status,
__LINE__ ) );
printf( "Exported certification request is %d bytes long.\n",
certificateLength );
debugDump( "certreqc", certBuffer, certificateLength );
/* Destroy the certificate */
status = cryptDestroyCert( cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptDestroyCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Make sure we can read what we created */
status = cryptImportCert( certBuffer, certificateLength, CRYPT_UNUSED,
&cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptImportCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptCheckCert( cryptCert, CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptCheckCert()", status,
__LINE__ ) );
cryptDestroyCert( cryptCert );
/* Clean up */
destroyContexts( CRYPT_UNUSED, pubKeyContext, privKeyContext );
puts( "Complex certification request creation succeeded.\n" );
return( TRUE );
}
/* Test CRMF certification request code */
int testCRMFRequest( void )
{
CRYPT_CERTIFICATE cryptCert;
CRYPT_CONTEXT pubKeyContext, privKeyContext;
int status;
puts( "Testing CRMF certification request creation/export..." );
/* Create the RSA en/decryption contexts */
if( !loadRSAContexts( CRYPT_UNUSED, &pubKeyContext, &privKeyContext ) )
return( FALSE );
/* Create the certificate object */
status = cryptCreateCert( &cryptCert, CRYPT_UNUSED,
CRYPT_CERTTYPE_REQUEST_CERT );
if( cryptStatusError( status ) )
{
printf( "cryptCreateCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Add some certification request components */
status = cryptSetAttribute( cryptCert,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, pubKeyContext );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptSetAttribute()", status,
__LINE__ ) );
if( !addCertFields( cryptCert, certRequestData ) )
return( FALSE );
/* Sign the certification request */
status = cryptSignCert( cryptCert, privKeyContext );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptSignCert()", status,
__LINE__ ) );
/* Print information on what we've got */
if( !printCertInfo( cryptCert ) )
return( FALSE );
/* Check the signature. Since it's self-signed, we don't need to pass in
a signature check key */
status = cryptCheckCert( cryptCert, CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptCheckCert()", status,
__LINE__ ) );
/* Export the cert */
status = cryptExportCert( certBuffer, &certificateLength,
CRYPT_CERTFORMAT_CERTIFICATE, cryptCert );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptExportCert()", status,
__LINE__ ) );
printf( "Exported certification request is %d bytes long.\n",
certificateLength );
debugDump( "req_crmf", certBuffer, certificateLength );
/* Destroy the certificate */
status = cryptDestroyCert( cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptDestroyCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Make sure we can read what we created */
status = cryptImportCert( certBuffer, certificateLength, CRYPT_UNUSED,
&cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptImportCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptCheckCert( cryptCert, CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptCheckCert()", status,
__LINE__ ) );
cryptDestroyCert( cryptCert );
/* Clean up */
destroyContexts( CRYPT_UNUSED, pubKeyContext, privKeyContext );
puts( "CRMF certification request creation succeeded.\n" );
return( TRUE );
}
int testComplexCRMFRequest( void )
{
CRYPT_CERTIFICATE cryptCert;
CRYPT_CONTEXT pubKeyContext, privKeyContext;
int status;
puts( "Testing complex CRMF certification request creation/export..." );
/* Create the RSA en/decryption contexts */
if( !loadRSAContexts( CRYPT_UNUSED, &pubKeyContext, &privKeyContext ) )
return( FALSE );
/* Create the certificate object */
status = cryptCreateCert( &cryptCert, CRYPT_UNUSED,
CRYPT_CERTTYPE_REQUEST_CERT );
if( cryptStatusError( status ) )
{
printf( "cryptCreateCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Add some certification request components */
status = cryptSetAttribute( cryptCert,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, pubKeyContext );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptSetAttribute()", status,
__LINE__ ) );
if( !addCertFields( cryptCert, complexCertRequestData ) )
return( FALSE );
/* Sign the certification request */
status = cryptSignCert( cryptCert, privKeyContext );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptSignCert()", status,
__LINE__ ) );
/* Check the signature. Since it's self-signed, we don't need to pass in
a signature check key */
status = cryptCheckCert( cryptCert, CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptCheckCert()", status,
__LINE__ ) );
/* Print information on what we've got */
if( !printCertInfo( cryptCert ) )
return( FALSE );
/* Export the cert */
status = cryptExportCert( certBuffer, &certificateLength,
CRYPT_CERTFORMAT_CERTIFICATE, cryptCert );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptExportCert()", status,
__LINE__ ) );
printf( "Exported certification request is %d bytes long.\n",
certificateLength );
debugDump( "req_crmfc", certBuffer, certificateLength );
/* Destroy the certificate */
status = cryptDestroyCert( cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptDestroyCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Make sure we can read what we created */
status = cryptImportCert( certBuffer, certificateLength, CRYPT_UNUSED,
&cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptImportCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptCheckCert( cryptCert, CRYPT_UNUSED );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCert, "cryptCheckCert()", status,
__LINE__ ) );
cryptDestroyCert( cryptCert );
/* Clean up */
destroyContexts( CRYPT_UNUSED, pubKeyContext, privKeyContext );
puts( "Complex CRMF certification request creation succeeded.\n" );
return( TRUE );
}
/* Test CRL code. This one represents a bit of a chicken-and-egg problem
since we need a CA cert to create the CRL, but we can't read this until
the private key file read has been tested, and that requires testing of
the cert management. At the moment we just assume that private key file
reads work for this test */
int testCRL( void )
{
CRYPT_CERTIFICATE cryptCRL;
CRYPT_CONTEXT cryptCAKey;
int status;
puts( "Testing CRL creation/export..." );
/* Get the CA's private key */
status = getPrivateKey( &cryptCAKey, CA_PRIVKEY_FILE,
CA_PRIVKEY_LABEL, TEST_PRIVKEY_PASSWORD );
if( cryptStatusError( status ) )
{
printf( "CA private key read failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Create the CRL */
status = cryptCreateCert( &cryptCRL, CRYPT_UNUSED, CRYPT_CERTTYPE_CRL );
if( cryptStatusError( status ) )
{
printf( "cryptCreateCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Add some CRL components. In this case the CA is revoking its own
key */
status = cryptSetAttribute( cryptCRL,
CRYPT_CERTINFO_USERCERTIFICATE, cryptCAKey );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCRL, "cryptSetAttribute()", status,
__LINE__ ) );
/* Sign the CRL */
status = cryptSignCert( cryptCRL, cryptCAKey );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCRL, "cryptSignCert()", status,
__LINE__ ) );
/* Print information on what we've got */
if( !printCertInfo( cryptCRL ) )
return( FALSE );
/* Check the signature. Since we have the CA private key handy, we
use that to check the signature */
status = cryptCheckCert( cryptCRL, cryptCAKey );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCRL, "cryptCheckCert()", status,
__LINE__ ) );
/* Export the CRL */
status = cryptExportCert( certBuffer, &certificateLength,
CRYPT_CERTFORMAT_CERTIFICATE, cryptCRL );
if( cryptStatusError( status ) )
return( attrErrorExit( cryptCRL, "cryptExportCert()", status,
__LINE__ ) );
printf( "Exported CRL is %d bytes long.\n", certificateLength );
debugDump( "crl", certBuffer, certificateLength );
/* Destroy the CRL */
status = cryptDestroyCert( cryptCRL );
if( cryptStatusError( status ) )
{
printf( "cryptDestroyCert() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Make sure we can read what we created */
status = cryptImportCert( certBuffer, certificateLength, CRYPT_UNUSED,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -