#include <stdio.h>
#include <stdlib.h>
#include <memory>
#include "p6sax2contenthandler.h"
#include "cconsolestream.h"
#include "cwalkmessage.h"
using namespace P6R;
namespace {
class CKmipExample13
{
public:
CKmipExample13(): m_pResponse( NULL ),
m_pWalk( NULL ),
m_port( 0 ),
m_pHostName( NULL )
{ }
~CKmipExample13()
{
if (NULL != m_pHostName ) m_cpStr->wstrfree( m_pHostName );
if (NULL != m_cpStoreInit) m_cpStoreInit->close();
if (NULL != m_pResponse ) m_pResponse->release();
if (NULL != m_pWalk ) delete m_pWalk;
}
protected:
CWalkMessage* m_pWalk;
};
{
{
if (
P6SUCCEEDED( err = cpKeyInit->initialize( P6CKF_NONE, m_cpRandom )))
{
{
}
}
}
return err;
}
{
*ppGenKeys = NULL;
{
if (
P6SUCCEEDED( err = cpGenKeys->initialize( P6GENKEY_NOFLAGS, m_cpRandom )))
{
}
}
return err;
}
{
*ppIface = NULL;
{
err = (*ppIface)->initialize( P6GENCERTS_NOFLAGS );
{
(*ppIface)->release();
*ppIface = NULL;
}
}
return err;
}
{
if (!pKeystore || !pszCertificateFile) return eInvalidArg;
if (
P6FAILED( err = m_cpStr->wstrlcat( certPath,
P6CNTOF(certPath), pszCertificateFile, NULL )))
return err;
err = cpSSLHelp->importTrustedRootCertFromPEMFile( certPath, NULL );
}
return err;
}
{
if (!pKeystore || !pszHostname || !pszPrivateKeyFile || !pszCertificateFile ) return eInvalidArg;
if (
P6FAILED( err = m_cpStr->wstrlcat( keyPath,
P6CNTOF(keyPath), pszPrivateKeyFile, NULL )))
return err;
if (
P6FAILED( err = m_cpStr->wstrlcat( certPath,
P6CNTOF(certPath), pszCertificateFile, NULL )))
return err;
err = cpSSLHelp->importCredentialsPEM(
P6TRUE, pszHostname, keyPath, certPath, NULL, NULL );
}
return err;
}
{
*ppInit = NULL;
*ppKeystore = NULL;
if (
P6FAILED( err = (*ppInit)->initialize( P6KEYSTORE_NOFLAGS, m_cpCrypto,
SH_SHA256, m_cpSignKey )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->release();
(*ppKeystore) = NULL;
(*ppInit)->release();
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = (*ppInit)->openSigned( NULL, pKeystoreName )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->release();
(*ppKeystore) = NULL;
(*ppInit)->release();
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = keystoreAddRootCertFromFile( (*ppKeystore), rootPEM )))
return err;
if (
P6FAILED( err = keystoreAddClientCertFromFile( (*ppKeystore), m_pHostName, privPEM, certPEM )))
return err;
return eOk;
}
{
{
if (
P6SUCCEEDED( err = cpSource->initialize( P6ENTROPY_HIGH )))
{
{
if (
P6SUCCEEDED( err = cpInit->initialize( P6RAND_NOFLAGS, cpSource ))) {
}
}
}
}
return err;
}
{
if (
P6FAILED( err = pRequest->
getBufPtr( &pRawBuffer, &dontCare, &bytesLeft )))
return err;
{
err = pSocket->
send( &pRawBuffer[offset], bytesLeft, &bytesSent, tTimeout );
bytesLeft -= bytesSent;
offset += bytesSent;
bytesSent = 0;
}
cBytesSent = offset;
return err;
}
{
m_port = 5696;
if (
P6FAILED( err = m_cpStr->wstrdup(
P6TEXT(
"fqdn.com"), &m_pHostName )))
return err;
if (
P6FAILED( err = cpDir->initialize()))
return err;
if (
P6FAILED( err = getRNG( m_cpRandom.addressof())))
return err;
{
err = cpGenKey->genSymmetricKey( m_cpSignKey.addressof(), 256,
P6FALSE );
}
}
if (
P6SUCCEEDED( err )) err = m_cpCrypto->setKey( cpKey );
if (
P6FAILED( err = m_cpStr->wstrlcat( dbPath,
P6CNTOF(dbPath),
P6TEXT(
"/db/KMIP12_keystore"), NULL )))
return err;
cpDir->unlink( dbPath );
if (
P6FAILED( err = m_cpStr->wstrlcat( dbPath,
P6CNTOF(dbPath),
P6TEXT(
"/db/KMIP12_keystore.sig"), NULL )))
return err;
cpDir->unlink( dbPath );
err = createKeystore(
P6TEXT(
"KMIP12_keystore"),
P6TEXT(
"RootCert.pem"),
P6TEXT(
"ClientCert.pem"),
P6TEXT(
"ClientPrivate.pem"), m_cpStoreInit.addressof(), m_cpKeystore.addressof());
if (
P6FAILED( err = m_cpIT->initialize()))
return err;
if (
P6FAILED( err = m_cpPool->initialize(
P6CTEXT(
"Buffer pool"), 8192, 2, 3, P6IOBF_NOFLAGS )))
return err;
if (
P6FAILED( err = m_cpPool->alloc( &m_pResponse )))
return err;
if (
P6FAILED( err = m_cpEncoder->initialize( P6KMIPENCODER_NOFLAGS, P6KMIP_VERSION_12, m_cpPool, &encodePrefs )))
return err;
if (
P6FAILED( err = m_cpDecoder->initialize( P6KMIPDECODER_NOFLAGS )))
return err;
if (NULL == (m_pWalk = new (std::nothrow) CWalkMessage())) return eNoMemory;
if (
P6FAILED( err = m_pWalk->initialize( m_cpDecoder )))
return err;
return err;
}
{
P6NETADDR netAddress;
P6NETADDR hostAddr;
P6INTERVAL tTimeout = 0;
if (
P6FAILED( err = cpNetdb->initialize()))
return err;
if (
P6FAILED( err = cpNetdb->getHostByNameW( m_pHostName, &hostAddr )))
return err;
if (
P6FAILED( err = cpNetHelper->netAddrToWStr( &hostAddr, iphostName,
P6CNTOF(iphostName), NULL,
P6FALSE )))
return err;
pAddr = iphostName;
if (
P6FAILED( err = m_cpSocket->initialize( P6AF_INET, P6SF_SECURESSL )))
return err;
err = cpInitSSL->initSecureSocket( m_cpKeystore, m_cpPool, m_pHostName, NULL, (P6SSF_METHOD_NEGOTIATE | P6SSF_SECURE_CLIENT | P6SSF_SECURE_CLIENT_AUTH | P6SSF_LOG_X509SUBJECTLOOKUPS | P6SSF_SECURE_CLIENT | P6SF_SECURESSL));
ipPlusPort[0] = 0;
err = m_cpStr->wstrlcat( ipPlusPort, 100,
P6CTEXT(
"0.0.0.0:0"), NULL );
if (
P6FAILED( err = cpNetHelper->wStrToNetAddr( ipPlusPort, &netAddress )))
return err;
if (
P6FAILED( err = m_cpSocket->bind( &netAddress )))
return err;
if (
P6FAILED( err = m_cpStr->formatStringW( ipPlusPort,
P6CNTOF(ipPlusPort), NULL,
P6CTEXT(
"%1$:%2$"), args, 2 )))
return err;
if (
P6FAILED( err = cpNetHelper->wStrToNetAddr( ipPlusPort, &netAddress )))
return err;
m_cpIT->milliSecondsToInterval( 10000, &tTimeout );
return m_cpSocket->connect( &netAddress, tTimeout );
}
{
KMIPMSG_RESULT result = { 0, 0, {NULL, 0 }};
P6INTERVAL tTimeout = 0;
if (NULL == pUniqueId->
pString)
return eFail;
if (
P6FAILED( err = m_cpRequest->startRequestMsg( params )))
return err;
if (
P6FAILED( err = m_cpRequest->addDestroyRequest( *pUniqueId, NULL )))
return err;
if (
P6FAILED( err = m_cpRequest->endRequestMsg()))
return err;
if (
P6FAILED( err = m_cpEncoder->getBufPtr( &pReqBuf )))
return err;
m_cpIT->milliSecondsToInterval( 10000, &tTimeout );
err = sendMessage( pReqBuf, m_cpSocket, tTimeout, cBytesSent );
pReqBuf = NULL;
{
if (
P6SUCCEEDED( err = m_pResponse->getBufPtr( &pBuffer, &bufSize, &bufUsed )))
{
if (
P6SUCCEEDED( err = m_cpSocket->recv( pBuffer, bufSize, &cBytesRead, tTimeout )))
{
if (
P6SUCCEEDED( err = m_pResponse->setUsed( cBytesRead )))
{
err = m_pWalk->getResponseResult( m_pResponse, KMIP_OP_DESTROY, &result );
}
}
}
if (KMIP_RESULT_SUCCESS != result.resultStatus) return eFail;
}
}
return err;
}
{
KMIPMSG_RESULT result = { 0, 0, {NULL, 0 }};
P6INTERVAL tTimeout = 0;
if (NULL == pUniqueId->
pString)
return eFail;
if (
P6FAILED( err = m_cpRequest->startRequestMsg( params )))
return err;
if (
P6FAILED( err = m_cpRequest->addGetRequest( *pUniqueId, NULL, NULL, NULL, NULL )))
return err;
if (
P6FAILED( err = m_cpRequest->endRequestMsg()))
return err;
if (
P6FAILED( err = m_cpEncoder->getBufPtr( &pReqBuf )))
return err;
m_cpIT->milliSecondsToInterval( 10000, &tTimeout );
err = sendMessage( pReqBuf, m_cpSocket, tTimeout, cBytesSent );
pReqBuf = NULL;
{
if (
P6SUCCEEDED( err = m_pResponse->getBufPtr( &pBuffer, &bufSize, &bufUsed )))
{
if (
P6SUCCEEDED( err = m_cpSocket->recv( pBuffer, bufSize, &cBytesRead, tTimeout )))
{
if (
P6SUCCEEDED( err = m_pResponse->setUsed( cBytesRead )))
{
err = m_pWalk->getResponseKeyMaterial( m_pResponse, &objId, pKeyMaterial, &result );
}
}
}
if (KMIP_RESULT_SUCCESS != result.resultStatus) return eFail;
}
}
return err;
}
{
KMIPMSG_RESULT result = { 0, 0, {NULL, 0 }};
P6INTERVAL tTimeout = 0;
if (NULL == secretData.
pString)
return eFail;
if (
P6FAILED( err = m_cpRequest->startRequestMsg( params )))
return err;
if (
P6FAILED( err = m_cpRequest->addRegisterSecretDataRequest( KMIP_SECRET_SEED, secretData, NULL, attributes, NULL )))
return err;
if (
P6FAILED( err = m_cpRequest->endRequestMsg()))
return err;
if (
P6FAILED( err = m_cpEncoder->getBufPtr( &pReqBuf )))
return err;
m_cpIT->milliSecondsToInterval( 10000, &tTimeout );
err = sendMessage( pReqBuf, m_cpSocket, tTimeout, cBytesSent );
pReqBuf = NULL;
{
if (
P6SUCCEEDED( err = m_pResponse->getBufPtr( &pBuffer, &bufSize, &bufUsed )))
{
if (
P6SUCCEEDED( err = m_cpSocket->recv( pBuffer, bufSize, &cBytesRead, tTimeout )))
{
if (
P6SUCCEEDED( err = m_pResponse->setUsed( cBytesRead )))
{
err = m_pWalk->getResponseUniqueId( m_pResponse, KMIP_OP_REGISTER, pUniqueId, &result );
}
}
}
if (KMIP_RESULT_SUCCESS != result.resultStatus) return eFail;
}
}
return err;
}
{
P6BSTR keyMaterial = { NULL, 0 };
const P6UCHAR fakeSecretData[] = { 0x53,0x65,0x63,0x72,0x65,0x82,0x74,0x50,0x02,0x61,0x73,0x73,0x77,0x6F,0x72,0x64 };
if (
P6FAILED( err = createTLSSession()))
return err;
secretData.
pString = fakeSecretData;
secretData.
length =
sizeof( fakeSecretData );
if (
P6FAILED( err = registerSecretData( secretData, &uniqueId ))) {
printf( "\nFailed to store secret data on KMIP server %x\n", err );
return err;
}
else printf(
"\nSecret Data's unique identifer [%s] %ld\n", uniqueId.
pString, (
P6ULONG)uniqueId.
length );
if (
P6SUCCEEDED( err = getSecretData( &uniqueId, &keyMaterial )))
{
if ( keyMaterial.
length !=
sizeof( fakeSecretData )) {
printf(
"\nSecret data size mismatch %d %ld\n", (
P6UINT32)
sizeof(fakeSecretData), (
P6ULONG)keyMaterial.
length );
}
else
{
if (fakeSecretData[i] != keyMaterial.
pString[i]) {
printf("\nSecret data value mismatch offset: %d\n", i );
break;
}
}
}
}
else printf( "\nFailed to Get Secret data from the server %x\n", err );
if (
P6FAILED( err = destroyObject( &uniqueId ))) {
printf( "\nFailed to Destroy Secret data off the server %x\n", err );
}
return err;
}
{
CKmipExample13 example;
err = example.run( pDataStream );
}
}
}
int main(int argc,char *argv[])
{
{
{
KMIP_SecretData( cpDataStream );
}
else printf("ERROR: Failed to initialize the loader [ %x ]\n", err );
}
else printf( "ERROR: Failed to create CConsoleStream [ %x ]\n", err );
return err;
}