<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> <title>pkcs11-helper: test-certificate.c</title> <link href="tabs.css" rel="stylesheet" type="text/css"/> <link href="doxygen.css" rel="stylesheet" type="text/css"/> </head> <body> <!-- Generated by Doxygen 1.6.0 --> <div class="navigation" id="top"> <div class="tabs"> <ul> <li><a href="index.html"><span>Main Page</span></a></li> <li><a href="pages.html"><span>Related Pages</span></a></li> <li><a href="modules.html"><span>Modules</span></a></li> <li><a href="annotated.html"><span>Classes</span></a></li> <li><a href="files.html"><span>Files</span></a></li> <li><a href="examples.html"><span>Examples</span></a></li> </ul> </div> </div> <div class="contents"> <h1>test-certificate.c</h1><p>The following example shows some basic usage of the certificate interface.</p> <div class="fragment"><pre class="fragment"><span class="preprocessor">#include "../../config.h"</span> <span class="preprocessor">#include <stdio.h></span> <span class="preprocessor">#include <stdlib.h></span> <span class="preprocessor">#include <string.h></span> <span class="preprocessor">#if defined(_WIN32)</span> <span class="preprocessor"></span><span class="preprocessor">#include <conio.h></span> <span class="preprocessor">#else</span> <span class="preprocessor"></span><span class="preprocessor">#include <unistd.h></span> <span class="preprocessor">#endif</span> <span class="preprocessor"></span> <span class="preprocessor">#if !(defined(ENABLE_PKCS11H_CERTIFICATE) && (defined(ENABLE_PKCS11H_ENGINE_OPENSSL) || defined (ENABLE_PKCS11H_ENGINE_GNUTLS) || defined(ENABLE_PKCS11H_ENGINE_WIN32)))</span> <span class="preprocessor"></span><span class="keywordtype">int</span> main () { printf (<span class="stringliteral">"!win32, certificate, enum and crypto engine interfaces should be enabled for this test"</span>); exit (0); <span class="keywordflow">return</span> 0; } <span class="preprocessor">#else</span> <span class="preprocessor"></span> <span class="preprocessor">#include <<a class="code" href="pkcs11h-certificate_8h.html" title="pkcs11-helper certificate functions.">pkcs11-helper-1.0/pkcs11h-certificate.h</a>></span> <span class="preprocessor">#include <unistd.h></span> <span class="keyword">static</span> <span class="keywordtype">void</span> fatal (<span class="keyword">const</span> <span class="keywordtype">char</span> * <span class="keyword">const</span> m, CK_RV rv) { fprintf (stderr, <span class="stringliteral">"%s - %lu - %s\n"</span>, m, rv, <a name="a0"></a><a class="code" href="group__pkcs11h__core.html#ga9aebf44a24ec0312cbf42a1024bbf290" title="Get message by return value.">pkcs11h_getMessage</a> (rv)); exit (1); } <span class="keyword">static</span> <span class="keywordtype">void</span> mypause (<span class="keyword">const</span> <span class="keywordtype">char</span> * <span class="keyword">const</span> m) { <span class="keywordtype">char</span> temp[10]; fprintf (stdout, <span class="stringliteral">"%s"</span>, m); fflush (stdout); fgets (temp, <span class="keyword">sizeof</span> (temp), stdin); } <span class="keyword">static</span> <span class="keywordtype">void</span> _pkcs11h_hooks_log ( IN <span class="keywordtype">void</span> * <span class="keyword">const</span> global_data, IN <span class="keywordtype">unsigned</span> flags, IN <span class="keyword">const</span> <span class="keywordtype">char</span> * <span class="keyword">const</span> format, IN va_list args ) { vfprintf (stdout, format, args); fprintf (stdout, <span class="stringliteral">"\n"</span>); fflush (stdout); } <span class="keyword">static</span> PKCS11H_BOOL _pkcs11h_hooks_token_prompt ( IN <span class="keywordtype">void</span> * <span class="keyword">const</span> global_data, IN <span class="keywordtype">void</span> * <span class="keyword">const</span> user_data, IN <span class="keyword">const</span> <a name="_a1"></a><a class="code" href="structpkcs11h__token__id__s.html" title="Token identifier.">pkcs11h_token_id_t</a> token, IN <span class="keyword">const</span> <span class="keywordtype">unsigned</span> retry ) { <span class="keywordtype">char</span> buf[1024]; PKCS11H_BOOL fValidInput = FALSE; PKCS11H_BOOL fRet = FALSE; <span class="keywordflow">while</span> (!fValidInput) { fprintf (stderr, <span class="stringliteral">"Please insert token '%s' 'ok' or 'cancel': "</span>, token->display); fgets (buf, <span class="keyword">sizeof</span> (buf), stdin); buf[<span class="keyword">sizeof</span> (buf)-1] = <span class="charliteral">'\0'</span>; fflush (stdin); <span class="keywordflow">if</span> (buf[strlen (buf)-1] == <span class="charliteral">'\n'</span>) { buf[strlen (buf)-1] = <span class="charliteral">'\0'</span>; } <span class="keywordflow">if</span> (buf[strlen (buf)-1] == <span class="charliteral">'\r'</span>) { buf[strlen (buf)-1] = <span class="charliteral">'\0'</span>; } <span class="keywordflow">if</span> (!strcmp (buf, <span class="stringliteral">"ok"</span>)) { fValidInput = TRUE; fRet = TRUE; } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!strcmp (buf, <span class="stringliteral">"cancel"</span>)) { fValidInput = TRUE; } } <span class="keywordflow">return</span> fRet; } <span class="keyword">static</span> PKCS11H_BOOL _pkcs11h_hooks_pin_prompt ( IN <span class="keywordtype">void</span> * <span class="keyword">const</span> global_data, IN <span class="keywordtype">void</span> * <span class="keyword">const</span> user_data, IN <span class="keyword">const</span> <a class="code" href="structpkcs11h__token__id__s.html" title="Token identifier.">pkcs11h_token_id_t</a> token, IN <span class="keyword">const</span> <span class="keywordtype">unsigned</span> retry, OUT <span class="keywordtype">char</span> * <span class="keyword">const</span> pin, IN <span class="keyword">const</span> <span class="keywordtype">size_t</span> pin_max ) { <span class="keywordtype">char</span> prompt[1024]; <span class="keywordtype">char</span> *p = NULL; snprintf (prompt, <span class="keyword">sizeof</span> (prompt), <span class="stringliteral">"Please enter '%s' PIN or 'cancel': "</span>, token->display); <span class="preprocessor">#if defined(_WIN32)</span> <span class="preprocessor"></span> { <span class="keywordtype">size_t</span> i = 0; <span class="keywordtype">char</span> c; <span class="keywordflow">while</span> (i < pin_max && (c = getch ()) != <span class="charliteral">'\r'</span>) { pin[i++] = c; } } fprintf (stderr, <span class="stringliteral">"\n"</span>); <span class="preprocessor">#else</span> <span class="preprocessor"></span> p = getpass (prompt); <span class="preprocessor">#endif</span> <span class="preprocessor"></span> strncpy (pin, p, pin_max); pin[pin_max-1] = <span class="charliteral">'\0'</span>; <span class="keywordflow">return</span> strcmp (pin, <span class="stringliteral">"cancel"</span>) != 0; } <span class="keywordtype">void</span> sign_test (<span class="keyword">const</span> <a name="a2"></a><a class="code" href="group__pkcs11h__certificate.html#ga7cb08e46261d4454b2330c7173db88b6" title="Certificate object.">pkcs11h_certificate_t</a> cert) { <span class="keyword">static</span> <span class="keywordtype">unsigned</span> <span class="keyword">const</span> <span class="keywordtype">char</span> sha1_data[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, <span class="comment">/* 1.3.14.3.2.26 */</span> 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, <span class="comment">/* dummy data */</span> 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14 }; CK_RV rv; <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *blob; <span class="keywordtype">size_t</span> blob_size; <span class="keywordflow">if</span> ( (rv = <a name="a3"></a><a class="code" href="group__pkcs11h__certificate.html#ga29e0a4ec9ec5b65f2dd5f9418ce44d01" title="Sign data mechanism determined by key attributes.">pkcs11h_certificate_signAny</a> ( cert, CKM_RSA_PKCS, sha1_data, <span class="keyword">sizeof</span> (sha1_data), NULL, &blob_size )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_sign(1) failed"</span>, rv); } blob = (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *)malloc (blob_size); <span class="keywordflow">if</span> ( (rv = <a class="code" href="group__pkcs11h__certificate.html#ga29e0a4ec9ec5b65f2dd5f9418ce44d01" title="Sign data mechanism determined by key attributes.">pkcs11h_certificate_signAny</a> ( cert, CKM_RSA_PKCS, sha1_data, <span class="keyword">sizeof</span> (sha1_data), blob, &blob_size )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_sign(1) failed"</span>, rv); } free (blob); } <span class="keywordtype">int</span> main () { <a name="_a4"></a><a class="code" href="structpkcs11h__certificate__id__list__s.html" title="Certificate id list.">pkcs11h_certificate_id_list_t</a> issuers, certs, temp; <a class="code" href="group__pkcs11h__certificate.html#ga7cb08e46261d4454b2330c7173db88b6" title="Certificate object.">pkcs11h_certificate_t</a> cert; CK_RV rv; printf (<span class="stringliteral">"Initializing pkcs11-helper\n"</span>); <span class="keywordflow">if</span> ((rv = <a name="a5"></a><a class="code" href="group__pkcs11h__core.html#gadf09a7c486742188b8ceedf84a5c5db6" title="Inititalize helper interface.">pkcs11h_initialize</a> ()) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_initialize failed"</span>, rv); } printf (<span class="stringliteral">"Registering pkcs11-helper hooks\n"</span>); <span class="keywordflow">if</span> ((rv = <a name="a6"></a><a class="code" href="group__pkcs11h__core.html#gaf5dcc671471e326942f5ad9615840e8b" title="Set a log callback.">pkcs11h_setLogHook</a> (_pkcs11h_hooks_log, NULL)) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_setLogHook failed"</span>, rv); } <a name="a7"></a><a class="code" href="group__pkcs11h__core.html#gad4b64d348be65a44012d7f2160cf27b2" title="Set current log level of the helper.">pkcs11h_setLogLevel</a> (TEST_LOG_LEVEL); <span class="keywordflow">if</span> ((rv = <a name="a8"></a><a class="code" href="group__pkcs11h__core.html#ga27d9588bcea712bef33a03b51851ec27" title="Set a token prompt callback.">pkcs11h_setTokenPromptHook</a> (_pkcs11h_hooks_token_prompt, NULL)) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_setTokenPromptHook failed"</span>, rv); } <span class="keywordflow">if</span> ((rv = <a name="a9"></a><a class="code" href="group__pkcs11h__core.html#gad5098da620784c242596dcb69e122b5b" title="Set a pin prompt callback.">pkcs11h_setPINPromptHook</a> (_pkcs11h_hooks_pin_prompt, NULL)) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_setPINPromptHook failed"</span>, rv); } printf (<span class="stringliteral">"Adding provider '%s'\n"</span>, TEST_PROVIDER); <span class="keywordflow">if</span> ( (rv = <a name="a10"></a><a class="code" href="group__pkcs11h__core.html#gafa48a26cc3c2662a87eef3eaa9523e23" title="Add a PKCS#11 provider.">pkcs11h_addProvider</a> ( TEST_PROVIDER, TEST_PROVIDER, FALSE, <a name="a11"></a><a class="code" href="group__PKCS11H__PRIVATEMODE__MASK.html#gafae49935ec998dabe7fd40b2ce7180dd">PKCS11H_PRIVATEMODE_MASK_AUTO</a>, PKCS11H_SLOTEVENT_METHOD_AUTO, 0, FALSE )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_addProvider failed"</span>, rv); } mypause (<span class="stringliteral">"Please remove all tokens, press <Enter>: "</span>); printf (<span class="stringliteral">"Enumerating token certificate (list should be empty, no prompt)\n"</span>); <span class="keywordflow">if</span> ( (rv = <a name="a12"></a><a class="code" href="group__pkcs11h__certificate.html#ga201b7a5e7d223dbc8a92f7fa9740f7bd" title="Enumerate available certificates.">pkcs11h_certificate_enumCertificateIds</a> ( <a name="a13"></a><a class="code" href="group__PKCS11H__ENUM__METHOD.html#gad5f4180fd158a4c377004be72041a7bc">PKCS11H_ENUM_METHOD_CACHE</a>, NULL, <a name="a14"></a><a class="code" href="group__PKCS11H__PROMPT__MASK.html#ga8d14e9d7962fb1595aff5a445347f999">PKCS11H_PROMPT_MASK_ALLOW_ALL</a>, &issuers, &certs )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_enumCertificateIds failed"</span>, rv); } <span class="keywordflow">if</span> (issuers != NULL || certs != NULL) { fatal (<span class="stringliteral">"No certificates should be found"</span>, rv); } mypause (<span class="stringliteral">"Please insert token, press <Enter>: "</span>); printf (<span class="stringliteral">"Getting certificate cache, should be available certificates\n"</span>); <span class="keywordflow">if</span> ( (rv = <a class="code" href="group__pkcs11h__certificate.html#ga201b7a5e7d223dbc8a92f7fa9740f7bd" title="Enumerate available certificates.">pkcs11h_certificate_enumCertificateIds</a> ( <a class="code" href="group__PKCS11H__ENUM__METHOD.html#gad5f4180fd158a4c377004be72041a7bc">PKCS11H_ENUM_METHOD_CACHE</a>, NULL, <a class="code" href="group__PKCS11H__PROMPT__MASK.html#ga8d14e9d7962fb1595aff5a445347f999">PKCS11H_PROMPT_MASK_ALLOW_ALL</a>, &issuers, &certs )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_enumCertificateIds failed"</span>, rv); } <span class="keywordflow">for</span> (temp = issuers;temp != NULL;temp = temp-><a name="a15"></a><a class="code" href="structpkcs11h__certificate__id__list__s.html#a0888d51da64bb2c1e8294e172a7c6ae2">next</a>) { printf (<span class="stringliteral">"Issuer: %s\n"</span>, temp-><a name="a16"></a><a class="code" href="structpkcs11h__certificate__id__list__s.html#aa2300aa280361671c9d951b669415e7e">certificate_id</a>-><a name="a17"></a><a class="code" href="structpkcs11h__certificate__id__s.html#a1ac177f82bd643444be011aa8a63d293">displayName</a>); } <span class="keywordflow">for</span> (temp = certs;temp != NULL;temp = temp-><a class="code" href="structpkcs11h__certificate__id__list__s.html#a0888d51da64bb2c1e8294e172a7c6ae2">next</a>) { printf (<span class="stringliteral">"Certificate: %s\n"</span>, temp-><a class="code" href="structpkcs11h__certificate__id__list__s.html#aa2300aa280361671c9d951b669415e7e">certificate_id</a>-><a class="code" href="structpkcs11h__certificate__id__s.html#a1ac177f82bd643444be011aa8a63d293">displayName</a>); } <span class="keywordflow">if</span> (certs == NULL) { fatal (<span class="stringliteral">"No certificates found"</span>, rv); } <a name="a18"></a><a class="code" href="group__pkcs11h__certificate.html#ga636c90a50362697fdff26c6f7dcb12d7" title="Free certificate_id list.">pkcs11h_certificate_freeCertificateIdList</a> (issuers); <a class="code" href="group__pkcs11h__certificate.html#ga636c90a50362697fdff26c6f7dcb12d7" title="Free certificate_id list.">pkcs11h_certificate_freeCertificateIdList</a> (certs); mypause (<span class="stringliteral">"Please remove token, press <Enter>: "</span>); printf (<span class="stringliteral">"Getting certificate cache, should be similar to last\n"</span>); <span class="keywordflow">if</span> ( (rv = <a class="code" href="group__pkcs11h__certificate.html#ga201b7a5e7d223dbc8a92f7fa9740f7bd" title="Enumerate available certificates.">pkcs11h_certificate_enumCertificateIds</a> ( <a class="code" href="group__PKCS11H__ENUM__METHOD.html#gad5f4180fd158a4c377004be72041a7bc">PKCS11H_ENUM_METHOD_CACHE</a>, NULL, <a class="code" href="group__PKCS11H__PROMPT__MASK.html#ga8d14e9d7962fb1595aff5a445347f999">PKCS11H_PROMPT_MASK_ALLOW_ALL</a>, &issuers, &certs )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_enumCertificateIds failed"</span>, rv); } <span class="keywordflow">for</span> (temp = issuers;temp != NULL;temp = temp-><a class="code" href="structpkcs11h__certificate__id__list__s.html#a0888d51da64bb2c1e8294e172a7c6ae2">next</a>) { printf (<span class="stringliteral">"Issuer: %s\n"</span>, temp-><a class="code" href="structpkcs11h__certificate__id__list__s.html#aa2300aa280361671c9d951b669415e7e">certificate_id</a>-><a class="code" href="structpkcs11h__certificate__id__s.html#a1ac177f82bd643444be011aa8a63d293">displayName</a>); } <span class="keywordflow">for</span> (temp = certs;temp != NULL;temp = temp-><a class="code" href="structpkcs11h__certificate__id__list__s.html#a0888d51da64bb2c1e8294e172a7c6ae2">next</a>) { printf (<span class="stringliteral">"Certificate: %s\n"</span>, temp-><a class="code" href="structpkcs11h__certificate__id__list__s.html#aa2300aa280361671c9d951b669415e7e">certificate_id</a>-><a class="code" href="structpkcs11h__certificate__id__s.html#a1ac177f82bd643444be011aa8a63d293">displayName</a>); } <span class="keywordflow">if</span> (certs == NULL) { fatal (<span class="stringliteral">"No certificates found"</span>, rv); } printf (<span class="stringliteral">"Creating certificate context\n"</span>); <span class="keywordflow">if</span> ( (rv = <a name="a19"></a><a class="code" href="group__pkcs11h__certificate.html#ga822d9d402b27c6e4218d90c3b0645936" title="Create a certificate object out of certificate_id.">pkcs11h_certificate_create</a> ( certs-><a class="code" href="structpkcs11h__certificate__id__list__s.html#aa2300aa280361671c9d951b669415e7e">certificate_id</a>, NULL, <a class="code" href="group__PKCS11H__PROMPT__MASK.html#ga8d14e9d7962fb1595aff5a445347f999">PKCS11H_PROMPT_MASK_ALLOW_ALL</a>, <a name="a20"></a><a class="code" href="group__pkcs11h__core.html#gaf2e69452539380c208ba5cdf3977ab4d">PKCS11H_PIN_CACHE_INFINITE</a>, &cert )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_create failed"</span>, rv); } printf (<span class="stringliteral">"Perforing signature #1 (you should be prompt for token and PIN)\n"</span>); sign_test (cert); printf (<span class="stringliteral">"Perforing signature #2 (you should NOT be prompt for anything)\n"</span>); sign_test (cert); mypause (<span class="stringliteral">"Please remove and insert token, press <Enter>: "</span>); printf (<span class="stringliteral">"Perforing signature #3 (you should be prompt only for PIN)\n"</span>); sign_test (cert); printf (<span class="stringliteral">"Perforing signature #4 (you should NOT be prompt for anything)\n"</span>); <span class="keywordflow">if</span> ((rv = <a name="a21"></a><a class="code" href="group__pkcs11h__certificate.html#gad75e25a67234b34e0101ba0d21206820" title="Free certificate object.">pkcs11h_certificate_freeCertificate</a> (cert)) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_certificate_free failed"</span>, rv); } <span class="keywordflow">if</span> ( (rv = <a class="code" href="group__pkcs11h__certificate.html#ga822d9d402b27c6e4218d90c3b0645936" title="Create a certificate object out of certificate_id.">pkcs11h_certificate_create</a> ( certs-><a class="code" href="structpkcs11h__certificate__id__list__s.html#aa2300aa280361671c9d951b669415e7e">certificate_id</a>, NULL, <a class="code" href="group__PKCS11H__PROMPT__MASK.html#ga8d14e9d7962fb1595aff5a445347f999">PKCS11H_PROMPT_MASK_ALLOW_ALL</a>, <a class="code" href="group__pkcs11h__core.html#gaf2e69452539380c208ba5cdf3977ab4d">PKCS11H_PIN_CACHE_INFINITE</a>, &cert )) != CKR_OK ) { fatal (<span class="stringliteral">"pkcs11h_certificate_create failed"</span>, rv); } sign_test (cert); printf (<span class="stringliteral">"Terminating pkcs11-helper\n"</span>); <span class="keywordflow">if</span> ((rv = <a class="code" href="group__pkcs11h__certificate.html#gad75e25a67234b34e0101ba0d21206820" title="Free certificate object.">pkcs11h_certificate_freeCertificate</a> (cert)) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_certificate_free failed"</span>, rv); } <a class="code" href="group__pkcs11h__certificate.html#ga636c90a50362697fdff26c6f7dcb12d7" title="Free certificate_id list.">pkcs11h_certificate_freeCertificateIdList</a> (issuers); <a class="code" href="group__pkcs11h__certificate.html#ga636c90a50362697fdff26c6f7dcb12d7" title="Free certificate_id list.">pkcs11h_certificate_freeCertificateIdList</a> (certs); <span class="keywordflow">if</span> ((rv = <a name="a22"></a><a class="code" href="group__pkcs11h__core.html#gac8464931fa412eb69a118fe12c1778fe" title="Terminate helper interface.">pkcs11h_terminate</a> ()) != CKR_OK) { fatal (<span class="stringliteral">"pkcs11h_terminate failed"</span>, rv); } exit (0); <span class="keywordflow">return</span> 0; } <span class="preprocessor">#endif</span> </pre></div> </div> <hr> <table width="100%"><tr><td>pkcs11-helper, Copyright (C) Alon Bar-Lev <alon.barlev@gmail.com></td><td align="right"><a href="http://www.opensc-project.org"><img src="opensc-logo.gif" alt="OpenSC-Project.org Logo" border="0"/></a></td></tr></table>