📄 testkey.c
字号:
/* Write the key to the file */
status = cryptAddPrivateKey( cryptKeyset, privateKeyContext,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusError( status ) )
{
printf( "cryptAddPrivateKey() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Close the keyset */
status = cryptKeysetClose( cryptKeyset );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetClose() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Clean up */
cryptDestroyContext( privateKeyContext );
printf( "Write of %s private key to key file succeeded.\n\n",
useRSA ? "RSA" : "DSA" );
return( TRUE );
}
int testReadWriteFileKey( void )
{
int status;
status = writeFileKey( TRUE );
if( status )
status = readFileKey( TRUE );
if( status )
status = writeFileKey( FALSE );
if( status )
status = readFileKey( FALSE );
return( status );
}
/* Read only the public key/cert/cert chain portion of a keyset */
int testReadFilePublicKey( void )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CONTEXT cryptContext;
int cryptAlgo, status;
puts( "Testing public key read from key file..." );
/* Open the file keyset */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
TEST_PRIVKEY_FILE, CRYPT_KEYOPT_READONLY );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Read the public key from the file and make sure it really is a public-
key context */
status = cryptGetPublicKey( cryptKeyset, &cryptContext, CRYPT_KEYID_NAME,
RSA_PRIVKEY_LABEL );
if( cryptStatusError( status ) )
{
printf( "cryptGetPublicKey() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptGetAttribute( cryptContext, CRYPT_CTXINFO_ALGO, &cryptAlgo );
if( cryptStatusError( status ) || \
cryptAlgo < CRYPT_ALGO_FIRST_PKC || cryptAlgo > CRYPT_ALGO_LAST_PKC )
{
puts( "Returned object isn't a public-key context." );
return( FALSE );
}
/* Close the keyset */
status = cryptKeysetClose( cryptKeyset );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetClose() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
cryptDestroyContext( cryptContext );
puts( "Read of public key from key file succeeded.\n" );
return( TRUE );
}
static int readCert( const char *certTypeName,
const CRYPT_CERTTYPE_TYPE certType )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE cryptCert;
int value, status;
printf( "Testing %s read from key file...\n", certTypeName );
/* Open the file keyset */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
TEST_PRIVKEY_FILE, CRYPT_KEYOPT_READONLY );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Read the certificate from the file and make sure it really is a cert */
status = cryptGetPublicKey( cryptKeyset, &cryptCert, CRYPT_KEYID_NAME,
( certType == CRYPT_CERTTYPE_CERTIFICATE ) ? \
RSA_PRIVKEY_LABEL : USER_PRIVKEY_LABEL );
if( cryptStatusError( status ) )
{
printf( "cryptGetPublicKey() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptGetAttribute( cryptCert, CRYPT_CERTINFO_CERTTYPE, &value );
if( cryptStatusError( status ) || value != certType )
{
printf( "Returned object isn't a %s.\n", certTypeName );
return( FALSE );
}
/* Close the keyset */
status = cryptKeysetClose( cryptKeyset );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetClose() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
cryptDestroyCert( cryptCert );
printf( "Read of %s from key file succeeded.\n\n", certTypeName );
return( TRUE );
}
int testReadFileCert( void )
{
return( readCert( "certificate", CRYPT_CERTTYPE_CERTIFICATE ) );
}
int testReadFileCertChain( void )
{
return( readCert( "cert chain", CRYPT_CERTTYPE_CERTCHAIN ) );
}
/* Update a keyset to contain a certificate */
int testAddTrustedCert( void )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE trustedCert;
int status;
puts( "Testing trusted certificate add to key file..." );
/* Read the CA root cert and make it trusted */
status = importCertFromTemplate( &trustedCert, CERT_FILE_TEMPLATE, 1 );
if( cryptStatusError( status ) )
{
puts( "Couldn't read certificate from file, skipping test of trusted "
"cert write..." );
return( TRUE );
}
cryptSetAttribute( trustedCert, CRYPT_CERTINFO_TRUSTED_IMPLICIT, TRUE );
/* Open the keyset, update it with the trusted certificate, and close it */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
TEST_PRIVKEY_FILE, CRYPT_KEYOPT_NONE );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptAddPublicKey( cryptKeyset, trustedCert );
if( cryptStatusError( status ) )
{
printf( "cryptAddPublicKey() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
cryptDestroyCert( trustedCert );
status = cryptKeysetClose( cryptKeyset );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetClose() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
puts( "Trusted certificate add to key file succeeded.\n" );
return( TRUE );
}
int testAddGloballyTrustedCert( void )
{
CRYPT_CERTIFICATE trustedCert;
int status;
puts( "Testing globally trusted certificate add..." );
/* Read the CA root cert and make it trusted */
status = importCertFromTemplate( &trustedCert, CERT_FILE_TEMPLATE, 1 );
if( cryptStatusError( status ) )
{
puts( "Couldn't read certificate from file, skipping test of trusted "
"cert write..." );
return( TRUE );
}
cryptSetAttribute( trustedCert, CRYPT_CERTINFO_TRUSTED_IMPLICIT, TRUE );
/* Update the config file with the globally trusted cert */
status = cryptSetAttribute( CRYPT_UNUSED, CRYPT_OPTION_CONFIGCHANGED,
FALSE );
if( cryptStatusError( status ) )
{
printf( "Globally trusted certificate add failed with error code "
"%d.\n", status );
return( FALSE );
}
/* Make the cert untrusted and update the config again */
cryptSetAttribute( trustedCert, CRYPT_CERTINFO_TRUSTED_IMPLICIT, FALSE );
status = cryptSetAttribute( CRYPT_UNUSED, CRYPT_OPTION_CONFIGCHANGED,
FALSE );
if( cryptStatusError( status ) )
{
printf( "Globally trusted certificate delete failed with error code "
"%d.\n", status );
return( FALSE );
}
puts( "Globally trusted certificate add succeeded.\n" );
return( TRUE );
}
static const CERT_DATA cACertData[] = {
/* Identification information. Note the non-heirarchical order of the
components to test the automatic arranging of the DN */
{ CRYPT_CERTINFO_ORGANIZATIONNAME, IS_STRING, 0, "Dave's Wetaburgers and CA" },
{ CRYPT_CERTINFO_COMMONNAME, IS_STRING, 0, "Dave Himself" },
{ CRYPT_CERTINFO_ORGANIZATIONALUNITNAME, IS_STRING, 0, "Certification Division" },
{ CRYPT_CERTINFO_COUNTRYNAME, IS_STRING, 0, "NZ" },
/* Self-signed X.509v3 certificate */
{ CRYPT_CERTINFO_SELFSIGNED, IS_NUMERIC, TRUE },
/* CA extensions. Policies are very much CA-specific and currently
undefined, so we use a dummy OID for a nonexistant private org for
now */
{ CRYPT_CERTINFO_KEYUSAGE, IS_NUMERIC,
CRYPT_KEYUSAGE_KEYCERTSIGN | CRYPT_KEYUSAGE_CRLSIGN },
{ CRYPT_CERTINFO_CA, IS_NUMERIC, TRUE },
/* Extensions for various special-case usages such as OCSP and CMP */
{ CRYPT_CERTINFO_AUTHORITYINFO_OCSP, IS_NUMERIC, CRYPT_UNUSED },
{ CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER, IS_STRING, 0, "http://localhost" },
{ CRYPT_ATTRIBUTE_NONE, IS_VOID }
};
int testUpdateFileCert( void )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE cryptCert;
CRYPT_CONTEXT publicKeyContext, privateKeyContext;
int status;
puts( "Testing certificate update to key file ..." );
/* Create a self-signed CA certificate using the in-memory key (which is
the same as the one in the keyset) */
if( !loadRSAContexts( CRYPT_UNUSED, &publicKeyContext, &privateKeyContext ) )
return( FALSE );
status = cryptCreateCert( &cryptCert, CRYPT_UNUSED,
CRYPT_CERTTYPE_CERTIFICATE );
if( cryptStatusError( status ) )
{
printf( "cryptCreateCert() failed with error code %d.\n", status );
return( FALSE );
}
status = cryptSetAttribute( cryptCert,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, publicKeyContext );
if( cryptStatusOK( status ) && !addCertFields( cryptCert, cACertData ) )
return( FALSE );
if( cryptStatusOK( status ) )
status = cryptSignCert( cryptCert, privateKeyContext );
destroyContexts( CRYPT_UNUSED, publicKeyContext, privateKeyContext );
if( cryptStatusError( status ) )
{
printf( "Certificate creation failed with error code %d.\n", status );
cryptDestroyCert( status );
return( FALSE );
}
/* Open the keyset, update it with the certificate, and close it */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
TEST_PRIVKEY_FILE, CRYPT_KEYOPT_NONE );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptAddPublicKey( cryptKeyset, cryptCert );
if( cryptStatusError( status ) )
{
printf( "cryptAddPublicKey() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
cryptDestroyCert( cryptCert );
status = cryptKeysetClose( cryptKeyset );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetClose() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
puts( "Certificate update to key file succeeded.\n" );
return( TRUE );
}
/* Update a keyset to contain a cert chain */
static const CERT_DATA certRequestData[] = {
/* Identification information */
{ CRYPT_CERTINFO_COUNTRYNAME, IS_STRING, 0, "NZ" },
{ CRYPT_CERTINFO_ORGANIZATIONNAME, IS_STRING, 0, "Dave's Wetaburgers" },
{ CRYPT_CERTINFO_ORGANIZATIONALUNITNAME, IS_STRING, 0, "Procurement" },
{ CRYPT_CERTINFO_COMMONNAME, IS_STRING, 0, "Dave Smith" },
{ CRYPT_CERTINFO_EMAIL, IS_STRING, 0, "dave@wetaburgers.com" },
{ CRYPT_ATTRIBUTE_NONE, 0, 0, NULL }
};
int testWriteFileCertChain( void )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE cryptCertChain;
CRYPT_CONTEXT cryptCAKey, cryptKey;
int status;
puts( "Testing cert chain write to key file ..." );
/* Generate a key to certify. We can't just reuse the built-in test key
because this has already been used as the CA key and the keyset code
won't allow it to be added to a keyset as both a CA key and user key,
so we have to generate a new one */
status = cryptCreateContext( &cryptKey, CRYPT_UNUSED, CRYPT_ALGO_RSA );
if( cryptStatusOK( status ) )
status = cryptSetAttributeString( cryptKey, CRYPT_CTXINFO_LABEL,
USER_PRIVKEY_LABEL,
strlen( USER_PRIVKEY_LABEL ) );
if( cryptStatusOK( status ) )
{
cryptSetAttribute( cryptKey, CRYPT_CTXINFO_KEYSIZE, 64 );
status = cryptGenerateKey( cryptKey );
}
if( cryptStatusError( status ) )
{
printf( "Test key generation failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Get the CA's key */
status = getPrivateKey( &cryptCAKey, CA_PRIVKEY_FILE,
CA_PRIVKEY_LABEL, TEST_PRIVKEY_PASSWORD );
if( cryptStatusError( status ) )
{
printf( "CA private key read failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Create the keyset and cert chain containing the new key */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
TEST_PRIVKEY_FILE, CRYPT_KEYOPT_CREATE );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -