#include <stdio.h>
#include <stdlib.h>
#include <memory>
#include "p6sax2contenthandler.h"
#include "cconsolestream.h"
using namespace P6R;
namespace {
#define ONEYEAR (60*60*24*365) // seconds in one year
class CKmipExample11
{
public:
CKmipExample11()
: m_port(0), m_compatMask(0), m_pHostName(NULL)
{ }
~CKmipExample11()
{
if (NULL != m_pHostName) m_cpStr->wstrfree( m_pHostName );
if (NULL != m_cpStoreInit) m_cpStoreInit->close();
}
protected:
};
{
{
if (
P6SUCCEEDED( err = cpKeyInit->initialize( P6CKF_NONE, m_cpRandom )))
{
{
}
}
}
return err;
}
{
*ppGenKeys = NULL;
{
if (
P6SUCCEEDED( err = cpGenKeys->initialize( P6GENKEY_NOFLAGS, m_cpRandom )))
{
}
}
return err;
}
{
*ppIface = NULL;
{
err = (*ppIface)->initialize( P6GENCERTS_NOFLAGS );
{
(*ppIface)->release();
*ppIface = NULL;
}
}
return err;
}
{
if (!pKeystore || !pszCertificateFile) return eInvalidArg;
if (
P6FAILED( err = m_cpStr->wstrlcat( certPath,
P6CNTOF(certPath), pszCertificateFile, NULL )))
return err;
err = cpSSLHelp->importTrustedRootCertFromPEMFile( certPath, NULL );
}
return err;
}
{
if (!pKeystore || !pszHostname || !pszPrivateKeyFile || !pszCertificateFile ) return eInvalidArg;
if (
P6FAILED( err = m_cpStr->wstrlcat( keyPath,
P6CNTOF(keyPath), pszPrivateKeyFile, NULL )))
return err;
if (
P6FAILED( err = m_cpStr->wstrlcat( certPath,
P6CNTOF(certPath), pszCertificateFile, NULL )))
return err;
err = cpSSLHelp->importCredentialsPEM(
P6TRUE, pszHostname, keyPath, certPath, NULL, NULL );
}
return err;
}
{
*ppInit = NULL;
*ppKeystore = NULL;
if (
P6FAILED( err = (*ppInit)->initialize( P6KEYSTORE_NOFLAGS, m_cpCrypto,
SH_SHA256, m_cpSignKey )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->release();
(*ppKeystore) = NULL;
(*ppInit)->release();
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = (*ppInit)->openSigned( NULL, pKeystoreName )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->release();
(*ppKeystore) = NULL;
(*ppInit)->release();
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = keystoreAddRootCertFromFile( (*ppKeystore), rootPEM )))
return err;
if (
P6FAILED( err = keystoreAddClientCertFromFile( (*ppKeystore), m_pHostName, privPEM, certPEM )))
return err;
return eOk;
}
{
{
if (
P6SUCCEEDED( err = cpSource->initialize( P6ENTROPY_HIGH )))
{
{
if (
P6SUCCEEDED( err = cpInit->initialize( P6RAND_NOFLAGS, cpSource ))) {
}
}
}
}
return err;
}
{
if (
P6FAILED( err = cpDir->initialize()))
return err;
if (
P6FAILED( err = getRNG( m_cpRandom.addressof())))
return err;
m_port = 5696;
m_compatMask = 0;
if (
P6FAILED( err = m_cpStr->wstrdup(
P6TEXT(
"fqdn.com"), &m_pHostName )))
return err;
{
err = cpGenKey->genSymmetricKey( m_cpSignKey.addressof(), 256,
P6FALSE );
}
}
if (
P6SUCCEEDED( err )) err = m_cpCrypto->setKey( cpKey );
if (
P6FAILED( err = m_cpStr->wstrlcat( dbPath,
P6CNTOF(dbPath),
P6TEXT(
"/db/KMIP12_keystore"), NULL )))
return err;
cpDir->unlink( dbPath );
if (
P6FAILED( err = m_cpStr->wstrlcat( dbPath,
P6CNTOF(dbPath),
P6TEXT(
"/db/KMIP12_keystore.sig"), NULL )))
return err;
cpDir->unlink( dbPath );
return createKeystore(
P6TEXT(
"KMIP12_keystore"),
P6TEXT(
"RootCert.pem"),
P6TEXT(
"ClientCert.pem"),
P6TEXT(
"ClientPrivate.pem"), m_cpStoreInit.addressof(), m_cpKeystore.addressof());
}
{
return eOk;
}
{
if (
P6FAILED( err = pClient->
setSSLOptions( NULL, (P6SSF_METHOD_TLS1 | P6SSF_SECURE_CLIENT | P6SSF_SECURE_CLIENT_AUTH | P6SSF_LOG_X509SUBJECTLOOKUPS | P6SSF_VRFY_DISABLEHOSTMATCH))))
return err;
return pClient->
open( m_pHostName, m_port, NULL );
}
{
err = pEnum->
next( &buffer );
{
if (NULL == (pGUID =
new (std::nothrow)
P6CHAR[buffer.
length + 2]))
return eNoMemory;
pGUID[0] = 0;
}
else err = eFail;
return err;
}
{
if (NULL != pUniqueId)
{
if (
P6FAILED( err = extractUniqueId( pUniqueId, &enumStr )))
return P6FALSE;
if (enumStr.
length ==
id.length)
{
err = m_cpStr->strcmp( enumStr.
pString,
id.pString,
id.length, &match );
}
}
return (0 == match);
}
{
{
err = pClient->
destroyObject( objectId, NULL, &pUniqueId, &resultCodes );
printf("\ncall to destroyObject has failed %x\n", err );
}
printf("\nKMIP server returned an error - destroy object\n");
}
bMatch = isEqualId( pUniqueId, objectId );
if (!bMatch) {
printf("\nKMIP server to destroy object with wrong object uniqueId\n");
}
if (bFree)
delete [] objectId.
pString;
if (KMIP_RESULT_SUCCESS != resultCodes.
resultStatus)
return eFail;
}
return err;
}
{
printf("\ncall to getAttributeList has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
{
{
}
}
return err;
}
{
printf("\ncall to getAttributes has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
{
number = 0;
{
printf( "\nlist the types of attributes returned: %d\n", attribType );
}
}
return err;
}
{
attribNames[0].
pString =
"Certificate Identifier";
attribNames[1].
pString =
"Certificate Issuer";
attribNames[2].
pString =
"Certificate Subject";
attribNames[3].
pString =
"Certificate Type";
attribNames[4].
pString =
"Digital Signature Algorithm";
attribNames[5].
pString =
"Cryptographic Length";
attribNames[6].
pString =
"Certificate Length";
attribNames[7].
pString =
"X.509 Certificate Identifier";
attribNames[8].
pString =
"X.509 Certificate Issuer";
attribNames[9].
pString =
"X.509 Certificate Subject";
printf("\ncall to getAttributes has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
{
{
switch( attribType ) {
case KMIP_ATTRIB_CERTIFICATEIDENTIFIER:
break;
case KMIP_ATTRIB_CERTIFICATEISSUER:
{
}
}
if (NULL != pName) { delete [] pName; pName = NULL; }
break;
case KMIP_ATTRIB_CERTIFICATESUBJECT:
break;
case KMIP_ATTRIB_CERTIFICATETYPE:
break;
case KMIP_ATTRIB_CRYPTOLENGTH:
break;
case KMIP_ATTRIB_CERTIFICATELENGTH:
break;
case KMIP_ATTRIB_DIGITALSIGALG:
break;
case KMIP_ATTRIB_X509CERTIFICATEIDENTIFIER:
break;
case KMIP_ATTRIB_X509CERTIFICATESUBJECT:
break;
case KMIP_ATTRIB_X509CERTIFICATEISSUER:
break;
default:
break;
}
}
}
return err;
}
{
setPreferences( &preferences,
P6TEXT(
"ENUMERATOR_1"), 0, 0, 0, 0, 60000, 30000, 30000, 120000, 2, 2 );
err = cpClient->initialize( (P6KMIPFLG_TRACE_MSGS | P6KMIPFLG_TRACE_FORMATKMIPXML), m_cpKeystore, preferences );
if (
P6FAILED( err = createSession( cpClient )))
return err;
if (
P6FAILED( err = getGenCerts( &pGenCerts )))
return err;
{
}
if (
P6FAILED( err = pGenCerts->
genCertificate( gKMIP_11_Issuer, 6, pPubKey, pPrvKey, NULL, ONEYEAR, NULL, 0, &pSelfCert ))) {
return err;
}
attributeList[0].
type = KMIP_ATTRIB_CRYPTOUSAGEMASK;
attributeList[0].
index = 0;
attributeList[1].
type = KMIP_ATTRIB_EXTENSION;
attributeList[1].
index = 0;
if (
P6FAILED( err = cpClient->registerCertificateObject( certParams, &certObj, &resultCodes ))) {
printf("\ncall to registerCertificateObject for cert has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
err = extractUniqueId( certObj.
pUniqueId, &certId );
}
if (
P6FAILED( err = getAttributeList( cpClient, certId ))) {
printf("\ncall to getAttributeList for cert has failed %x\n", err );
}
if (
P6FAILED( err = getServerCertAttributes( cpClient, certId ))) {
printf("\ncall to getServerCert Attributes for cert has failed %x\n", err );
}
if (
P6FAILED( err = getAllAttributes( cpClient, certId ))) {
printf("\ncall to get All Attributes for cert has failed %x\n", err );
}
destroyObject( cpClient, certId,
P6TRUE );
err = cpClient->close();
return err;
}
{
CKmipExample11 example;
err = example.run(pDataStream);
}
}
}
int main(int argc,char *argv[])
{
{
{
KMIP_Attributes( cpDataStream );
}
else printf("ERROR: Failed to initialize the loader [ %x ]\n", err );
}
else printf( "ERROR: Failed to create CConsoleStream [ %x ]\n", err );
return err;
}