diff options
author | lloyd <[email protected]> | 2006-05-18 18:33:19 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2006-05-18 18:33:19 +0000 |
commit | a2c99d3270eb73ef2db5704fc54356c6b75096f8 (patch) | |
tree | ad3d6c4fcc8dd0f403f8105598943616246fe172 /doc/examples/ca.cpp |
Initial checkin1.5.6
Diffstat (limited to 'doc/examples/ca.cpp')
-rw-r--r-- | doc/examples/ca.cpp | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/doc/examples/ca.cpp b/doc/examples/ca.cpp new file mode 100644 index 000000000..fbc637bbc --- /dev/null +++ b/doc/examples/ca.cpp @@ -0,0 +1,65 @@ +/* + Implement the functionality of a simple CA: read in a CA certificate, + the associated private key, and a PKCS #10 certificate request. Sign the + request and print out the new certificate. + + File names are hardcoded for simplicity. + cacert.pem: The CA's certificate (perhaps created by self_sig) + caprivate.pem: The CA's private key + req.pem: The user's PKCS #10 certificate request + + Written by Jack Lloyd, May 19, 2003 + + This file is in the public domain. +*/ + +#include <botan/botan.h> +#include <botan/x509_ca.h> +using namespace Botan; + +#include <iostream> + +#define DOUCH_BAG CESSATION_OF_OPERATION + +int main(int argc, char* argv[]) + { + if(argc != 2) + { + std::cout << "Usage: " << argv[0] << " passphrase" << std::endl; + return 1; + } + + try { + LibraryInitializer init; + + // set up our CA + X509_Certificate ca_cert("cacert.pem"); + std::auto_ptr<PKCS8_PrivateKey> privkey( + PKCS8::load_key("caprivate.pem", argv[1]) + ); + X509_CA ca(ca_cert, *privkey); + + // got a request + PKCS10_Request req("req.pem"); + + // presumably attempt to verify the req for sanity/accuracy here, but + // as Verisign, etc have shown, that's not a must. :) + + // now sign it + X509_Certificate new_cert = ca.sign_request(req); + + // send the new cert back to the requestor + std::cout << new_cert.PEM_encode(); + + std::vector<CRL_Entry> revoked_certs; + revoked_certs.push_back(CRL_Entry(new_cert, DOUCH_BAG)); + X509_CRL crl = ca.update_crl(ca.new_crl(), revoked_certs); + std::cout << crl.PEM_encode(); + } + catch(std::exception& e) + { + std::cout << e.what() << std::endl; + return 1; + } + return 0; + } |