aboutsummaryrefslogtreecommitdiffstats
path: root/doc/examples/ca.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2006-05-18 18:33:19 +0000
committerlloyd <[email protected]>2006-05-18 18:33:19 +0000
commita2c99d3270eb73ef2db5704fc54356c6b75096f8 (patch)
treead3d6c4fcc8dd0f403f8105598943616246fe172 /doc/examples/ca.cpp
Initial checkin1.5.6
Diffstat (limited to 'doc/examples/ca.cpp')
-rw-r--r--doc/examples/ca.cpp65
1 files changed, 65 insertions, 0 deletions
diff --git a/doc/examples/ca.cpp b/doc/examples/ca.cpp
new file mode 100644
index 000000000..fbc637bbc
--- /dev/null
+++ b/doc/examples/ca.cpp
@@ -0,0 +1,65 @@
+/*
+ Implement the functionality of a simple CA: read in a CA certificate,
+ the associated private key, and a PKCS #10 certificate request. Sign the
+ request and print out the new certificate.
+
+ File names are hardcoded for simplicity.
+ cacert.pem: The CA's certificate (perhaps created by self_sig)
+ caprivate.pem: The CA's private key
+ req.pem: The user's PKCS #10 certificate request
+
+ Written by Jack Lloyd, May 19, 2003
+
+ This file is in the public domain.
+*/
+
+#include <botan/botan.h>
+#include <botan/x509_ca.h>
+using namespace Botan;
+
+#include <iostream>
+
+#define DOUCH_BAG CESSATION_OF_OPERATION
+
+int main(int argc, char* argv[])
+ {
+ if(argc != 2)
+ {
+ std::cout << "Usage: " << argv[0] << " passphrase" << std::endl;
+ return 1;
+ }
+
+ try {
+ LibraryInitializer init;
+
+ // set up our CA
+ X509_Certificate ca_cert("cacert.pem");
+ std::auto_ptr<PKCS8_PrivateKey> privkey(
+ PKCS8::load_key("caprivate.pem", argv[1])
+ );
+ X509_CA ca(ca_cert, *privkey);
+
+ // got a request
+ PKCS10_Request req("req.pem");
+
+ // presumably attempt to verify the req for sanity/accuracy here, but
+ // as Verisign, etc have shown, that's not a must. :)
+
+ // now sign it
+ X509_Certificate new_cert = ca.sign_request(req);
+
+ // send the new cert back to the requestor
+ std::cout << new_cert.PEM_encode();
+
+ std::vector<CRL_Entry> revoked_certs;
+ revoked_certs.push_back(CRL_Entry(new_cert, DOUCH_BAG));
+ X509_CRL crl = ca.update_crl(ca.new_crl(), revoked_certs);
+ std::cout << crl.PEM_encode();
+ }
+ catch(std::exception& e)
+ {
+ std::cout << e.what() << std::endl;
+ return 1;
+ }
+ return 0;
+ }