#include <stdio.h>
#include <stdlib.h>
#include <memory>
#include "p6sax2contenthandler.h"
#include "cconsolestream.h"
using namespace P6R;
namespace {
class CKmipExample9
{
public:
CKmipExample9()
: m_port(0), m_compatMask(0), m_pHostName(NULL)
{ }
~CKmipExample9()
{
if (NULL != m_pHostName) m_cpStr->wstrfree( m_pHostName );
if (NULL != m_cpStoreInit) m_cpStoreInit->close();
}
protected:
};
{
{
if (
P6SUCCEEDED( err = cpKeyInit->initialize( P6CKF_NONE, m_cpRandom )))
{
{
}
}
}
return err;
}
{
*ppGenKeys = NULL;
{
if (
P6SUCCEEDED( err = cpGenKeys->initialize( P6GENKEY_NOFLAGS, m_cpRandom )))
{
}
}
return err;
}
{
*ppIface = NULL;
{
err = (*ppIface)->initialize( P6GENCERTS_NOFLAGS );
{
(*ppIface)->release();
*ppIface = NULL;
}
}
return err;
}
{
if (!pKeystore || !pszCertificateFile) return eInvalidArg;
if (
P6FAILED( err = m_cpStr->wstrlcat( certPath,
P6CNTOF(certPath), pszCertificateFile, NULL )))
return err;
err = cpSSLHelp->importTrustedRootCertFromPEMFile( certPath, NULL );
}
return err;
}
{
if (!pKeystore || !pszHostname || !pszPrivateKeyFile || !pszCertificateFile ) return eInvalidArg;
if (
P6FAILED( err = m_cpStr->wstrlcat( keyPath,
P6CNTOF(keyPath), pszPrivateKeyFile, NULL )))
return err;
if (
P6FAILED( err = m_cpStr->wstrlcat( certPath,
P6CNTOF(certPath), pszCertificateFile, NULL )))
return err;
err = cpSSLHelp->importCredentialsPEM(
P6TRUE, pszHostname, keyPath, certPath, NULL, NULL );
}
return err;
}
{
*ppInit = NULL;
*ppKeystore = NULL;
if (
P6FAILED( err = (*ppInit)->initialize( P6KEYSTORE_NOFLAGS, m_cpCrypto,
SH_SHA256, m_cpSignKey )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->release();
(*ppKeystore) = NULL;
(*ppInit)->release();
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = (*ppInit)->openSigned( NULL, pKeystoreName )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->release();
(*ppKeystore) = NULL;
(*ppInit)->release();
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = keystoreAddRootCertFromFile( (*ppKeystore), rootPEM )))
return err;
if (
P6FAILED( err = keystoreAddClientCertFromFile( (*ppKeystore), m_pHostName, privPEM, certPEM )))
return err;
return eOk;
}
{
{
if (
P6SUCCEEDED( err = cpSource->initialize( P6ENTROPY_HIGH )))
{
{
if (
P6SUCCEEDED( err = cpInit->initialize( P6RAND_NOFLAGS, cpSource ))) {
}
}
}
}
return err;
}
{
if (
P6FAILED( err = cpDir->initialize()))
return err;
if (
P6FAILED( err = getRNG( m_cpRandom.addressof())))
return err;
m_port = 5696;
m_compatMask = 0;
if (
P6FAILED( err = m_cpStr->wstrdup(
P6TEXT(
"fqdn.com"), &m_pHostName )))
return err;
{
err = cpGenKey->genSymmetricKey( m_cpSignKey.addressof(), 256,
P6FALSE );
}
}
if (
P6SUCCEEDED( err )) err = m_cpCrypto->setKey( cpKey );
if (
P6FAILED( err = m_cpStr->wstrlcat( dbPath,
P6CNTOF(dbPath),
P6TEXT(
"/db/KMIP12_keystore"), NULL )))
return err;
cpDir->unlink( dbPath );
if (
P6FAILED( err = m_cpStr->wstrlcat( dbPath,
P6CNTOF(dbPath),
P6TEXT(
"/db/KMIP12_keystore.sig"), NULL )))
return err;
cpDir->unlink( dbPath );
return createKeystore(
P6TEXT(
"KMIP12_keystore"),
P6TEXT(
"RootCert.pem"),
P6TEXT(
"ClientCert.pem"),
P6TEXT(
"ClientPrivate.pem"), m_cpStoreInit.addressof(), m_cpKeystore.addressof());
}
{
return eOk;
}
{
if (
P6FAILED( err = pClient->
setSSLOptions( NULL, (P6SSF_METHOD_TLS1 | P6SSF_SECURE_CLIENT | P6SSF_SECURE_CLIENT_AUTH | P6SSF_LOG_X509SUBJECTLOOKUPS | P6SSF_VRFY_DISABLEHOSTMATCH))))
return err;
return pClient->
open( m_pHostName, m_port, (bWithCredentials ? &credential : NULL));
}
{
err = pEnum->
next( &buffer );
{
if (NULL == (pGUID =
new (std::nothrow)
P6CHAR[buffer.
length + 2]))
return eNoMemory;
pGUID[0] = 0;
}
else err = eFail;
return err;
}
{
if (NULL != pUniqueId)
{
if (
P6FAILED( err = extractUniqueId( pUniqueId, &enumStr )))
return P6FALSE;
if (enumStr.
length ==
id.length)
{
err = m_cpStr->strcmp( enumStr.
pString,
id.pString,
id.length, &match );
}
}
return (0 == match);
}
{
{
err = pClient->
destroyObject( objectId, NULL, &pUniqueId, &resultCodes );
printf("\ncall to destroyObject has failed %x\n", err );
}
printf("\nKMIP server returned an error - destroy object\n");
}
if (NULL != pUniqueId)
{
bMatch = isEqualId( pUniqueId, objectId );
if (!bMatch) {
printf("\nKMIP server to destroy object with wrong object uniqueId\n");
}
if (bFree)
delete [] objectId.
pString;
}
if (KMIP_RESULT_SUCCESS != resultCodes.
resultStatus)
return eFail;
}
return err;
}
{
*pKey = NULL;
err = pClient->
getObject( getParams, &managedObj, &resultCodes );
printf("\ncall to getObject has failed %x\n", err );
return err;
}
printf("\nKMIP server returned an error - get object\n");
return eFail;
}
{
pubOrPriv = managedObj.
type;
switch ( pubOrPriv ) {
case KMIP_OBJECT_PUBLICKEY:
break;
case KMIP_OBJECT_PRIVATEKEY:
break;
default:
err = eNotImplemented;
break;
}
}
return err;
}
{
*pCert = NULL;
printf("\ncall to createKeyPairObjects has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
{
if ( KMIP_OBJECT_CERTIFICATE == managedObj.
type )
else err = eInvalidHandle;
}
else err = eNotFound;
return err;
}
{
attribNames[0].
pString =
"Certificate Identifier";
attribNames[1].
pString =
"Certificate Issuer";
attribNames[2].
pString =
"Certificate Subject";
attribNames[3].
pString =
"Certificate Type";
attribNames[4].
pString =
"Digital Signature Algorithm";
attribNames[5].
pString =
"Cryptographic Length";
attribNames[6].
pString =
"Certificate Length";
attribNames[7].
pString =
"X.509 Certificate Identifier";
attribNames[8].
pString =
"X.509 Certificate Issuer";
attribNames[9].
pString =
"X.509 Certificate Subject";
printf("\ncall to getAttributes has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
{
{
switch( attribType ) {
case KMIP_ATTRIB_CERTIFICATEIDENTIFIER:
break;
case KMIP_ATTRIB_CERTIFICATEISSUER:
{
}
}
if (NULL != pName) { delete [] pName; pName = NULL; }
break;
case KMIP_ATTRIB_CERTIFICATESUBJECT:
break;
case KMIP_ATTRIB_CERTIFICATETYPE:
break;
case KMIP_ATTRIB_CRYPTOLENGTH:
break;
case KMIP_ATTRIB_CERTIFICATELENGTH:
break;
case KMIP_ATTRIB_DIGITALSIGALG:
break;
case KMIP_ATTRIB_X509CERTIFICATEIDENTIFIER:
break;
case KMIP_ATTRIB_X509CERTIFICATESUBJECT:
break;
case KMIP_ATTRIB_X509CERTIFICATEISSUER:
break;
default:
break;
}
}
}
return err;
}
{
{ 0x30,0x82,0x02,0x81,0x30,0x82,0x01,0x69,0x02,0x01,0x00,0x30,0x3C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0D,0x30,0x0B,0x06,0x03,0x55,0x04,0x0A,0x13,0x04,0x41,0x43,0x4D,0x45,0x31,0x0D,0x30,0x0B,0x06,0x03,0x55,
0x04,0x0B,0x13,0x04,0x4B,0x4D,0x49,0x50,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x03,0x13,0x06,0x43,0x6C,0x69,0x65,0x6E,0x74,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,
0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xAB,0x7F,0x16,0x1C,0x00,0x42,0x49,0x6C,0xCD,0x6C,0x6D,0x4D,0xAD,0xB9,0x19,0x97,0x34,0x35,0x35,0x77,0x76,0x00,0x3A,0xCF,0x54,0xB7,0xAF,0x1E,0x44,0x0A,0xFB,0x80,0xB6,0x4A,0x87,0x55,0xF8,0x00,0x2C,
0xFE,0xBA,0x6B,0x18,0x45,0x40,0xA2,0xD6,0x60,0x86,0xD7,0x46,0x48,0x34,0x6D,0x75,0xB8,0xD7,0x18,0x12,0xB2,0x05,0x38,0x7C,0x0F,0x65,0x83,0xBC,0x4D,0x7D,0xC7,0xEC,0x11,0x4F,0x3B,0x17,0x6B,0x79,0x57,0xC4,0x22,0xE7,0xD0,0x3F,0xC6,0x26,0x7F,0xA2,0xA6,
0xF8,0x9B,0x9B,0xEE,0x9E,0x60,0xA1,0xD7,0xC2,0xD8,0x33,0xE5,0xA5,0xF4,0xBB,0x0B,0x14,0x34,0xF4,0xE7,0x95,0xA4,0x11,0x00,0xF8,0xAA,0x21,0x49,0x00,0xDF,0x8B,0x65,0x08,0x9F,0x98,0x13,0x5B,0x1C,0x67,0xB7,0x01,0x67,0x5A,0xBD,0xBC,0x7D,0x57,0x21,
0xAA,0xC9,0xD1,0x4A,0x7F,0x08,0x1F,0xCE,0xC8,0x0B,0x64,0xE8,0xA0,0xEC,0xC8,0x29,0x53,0x53,0xC7,0x95,0x32,0x8A,0xBF,0x70,0xE1,0xB4,0x2E,0x7B,0xB8,0xB7,0xF4,0xE8,0xAC,0x8C,0x81,0x0C,0xDB,0x66,0xE3,0xD2,0x11,0x26,0xEB,0xA8,0xDA,0x7D,0x0C,0xA3,0x41,
0x42,0xCB,0x76,0xF9,0x1F,0x01,0x3D,0xA8,0x09,0xE9,0xC1,0xB7,0xAE,0x64,0xC5,0x41,0x30,0xFB,0xC2,0x1D,0x80,0xE9,0xC2,0xCB,0x06,0xC5,0xC8,0xD7,0xCC,0xE8,0x94,0x6A,0x9A,0xC9,0x9B,0x1C,0x28,0x15,0xC3,0x61,0x2A,0x29,0xA8,0x2D,0x73,0xA1,0xF9,0x93,
0x74,0xFE,0x30,0xE5,0x49,0x51,0x66,0x2A,0x6E,0xDA,0x29,0xC6,0xFC,0x41,0x13,0x35,0xD5,0xDC,0x74,0x26,0xB0,0xF6,0x05,0x02,0x03,0x01,0x00,0x01,0xA0,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,
0x00,0x2D,0x90,0xF5,0x49,0x2C,0x3D,0xF1,0x77,0x1D,0xF4,0xE8,0x7E,0x10,0x87,0xCB,0x95,0x21,0x97,0x31,0x9A,0x96,0x96,0xE2,0xD5,0x88,0xEF,0xDA,0x58,0x0D,0x8D,0x33,0x04,0x42,0x7B,0x99,0x7C,0xD9,0x21,0xAD,0x7C,0x67,0x4A,0xEA,0x41,0x3F,0xBA,0x85,
0xFD,0x61,0xE6,0xA4,0x81,0xDE,0x9A,0xB2,0xE8,0xA4,0xFF,0x43,0xC0,0x26,0x55,0x01,0x5D,0x34,0x37,0xF7,0x83,0xFE,0x0C,0x78,0x15,0x19,0xCD,0x08,0xFF,0xD3,0xC0,0x07,0xC7,0xFA,0xDE,0x96,0x32,0xFE,0x56,0x59,0xE2,0xCA,0xC3,0x5B,0xD6,0xAA,0xF3,0xE1,0x3D,
0xC1,0x80,0x97,0xD9,0x96,0xDF,0x01,0xB6,0x6F,0xC5,0xE2,0x6C,0xA1,0x09,0x38,0x08,0x63,0xA2,0x09,0x12,0x5C,0xC0,0xFD,0x79,0x53,0x3F,0x32,0x7F,0xA1,0xCA,0xD4,0x44,0xD8,0x9D,0x3F,0xF8,0x1B,0x92,0xA9,0x14,0x28,0xC4,0x69,0xC8,0x46,0x09,0x0F,0xD1,
0x32,0x48,0x46,0xE1,0x2D,0x01,0x67,0x19,0x62,0xC3,0x32,0xA7,0x82,0x61,0x52,0xDA,0xAF,0x48,0x6C,0xC8,0x67,0x18,0x5C,0x2E,0x27,0xCA,0xF2,0xF0,0x09,0x89,0x8D,0xB0,0x7F,0xE4,0xB4,0x5C,0x51,0x81,0x92,0xAA,0x49,0x3D,0x8F,0x8C,0x01,0x98,0xDB,0x67,0xF9,
0x06,0x72,0xAB,0x6D,0xE0,0x5A,0x08,0x03,0x29,0x41,0x37,0x7F,0x47,0x3D,0x80,0x71,0x6D,0x85,0xAD,0xC6,0x18,0x20,0x03,0xAB,0x34,0x94,0x23,0x02,0x21,0x4E,0xB3,0x89,0x5F,0x15,0x40,0x3F,0x26,0x16,0xAD,0xFD,0x6B,0xB5,0xE6,0xAA,0x47,0xFA,0x38,0xC9,
0xDF,0xC7,0x3F,0x4D,0xE8,0x0D,0xDB,0x91,0xBD,0xB0,0x4D,0x21,0xC8,0x2B,0xA6 };
setPreferences( &preferences,
P6TEXT(
"TC_134_12"), 0, 0, 0, 0, 60000, 30000, 30000, 120000, 2, 2 );
err = cpClient->initialize( (P6KMIPFLG_TRACE_MSGS | P6KMIPFLG_TRACE_FORMATKMIPXML), m_cpKeystore, preferences );
commonList[0].
type = KMIP_ATTRIB_CRYPTOALGORITHM;
commonList[1].
type = KMIP_ATTRIB_CRYPTOLENGTH;
privateList[0].
type = KMIP_ATTRIB_NAME;
privateList[0].
index = 0;
privateList[1].
type = KMIP_ATTRIB_CRYPTOUSAGEMASK;
privateList[1].
index = 0;
publicList[0].
type = KMIP_ATTRIB_NAME;
publicList[1].
type = KMIP_ATTRIB_CRYPTOUSAGEMASK;
if (
P6FAILED( err = cpClient->createKeyPairObjects( keyParams, &privKey, &pubKey, &resultCodes ))) {
printf("\ncall to createKeyPairObjects has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
err = extractUniqueId( privKey.
pUniqueId, &privId );
}
err = extractUniqueId( pubKey.
pUniqueId, &pubId );
}
err = getAsymmetricKey( cpClient, pubId, pubOrPriv, &pKey1 );
err = getAsymmetricKey( cpClient, privId, pubOrPriv, &pKey2 );
attributeList[0].
type = KMIP_ATTRIB_CRYPTOUSAGEMASK;
attributeList[0].
index = 0;
attributeList[1].
type = KMIP_ATTRIB_NAME;
attributeList[1].
index = 0;
if (
P6FAILED( err = cpClient->certifyObject( certifyParams, &certObj, &resultCodes ))) {
printf("\ncall to certifyObject has failed %x\n", err );
}
printf("\nKMIP server returned an error\n");
}
{
err = extractUniqueId( certObj.
pUniqueId, &certId );
}
err = getCertificate( cpClient, certId, &pCertServer );
err = getServerCertAttributes( cpClient, certId );
destroyObject( cpClient, privId,
P6TRUE );
destroyObject( cpClient, pubId,
P6TRUE );
destroyObject( cpClient, certId,
P6TRUE );
err = cpClient->close();
if (pCertServer) pCertServer->
release();
return err;
}
{
CKmipExample9 example;
err = example.run(pDataStream);
}
}
}
int main(int argc,char *argv[])
{
{
{
KMIP_TC_134_12( cpDataStream );
}
else printf("ERROR: Failed to initialize the loader [ %x ]\n", err );
}
else printf( "ERROR: Failed to create CConsoleStream [ %x ]\n", err );
return err;
}