/* Implement the functionality of a simple CA: read in a CA certificate, the associated private key, and a PKCS #10 certificate request. Sign the request and print out the new certificate. File names are hardcoded for simplicity. cacert.pem: The CA's certificate (perhaps created by self_sig) caprivate.pem: The CA's private key req.pem: The user's PKCS #10 certificate request Written by Jack Lloyd, May 19, 2003 This file is in the public domain. */ #include #include using namespace Botan; #include #define DOUCH_BAG CESSATION_OF_OPERATION int main(int argc, char* argv[]) { if(argc != 2) { std::cout << "Usage: " << argv[0] << " passphrase" << std::endl; return 1; } try { LibraryInitializer init; // set up our CA X509_Certificate ca_cert("cacert.pem"); std::auto_ptr privkey( PKCS8::load_key("caprivate.pem", argv[1]) ); X509_CA ca(ca_cert, *privkey); // got a request PKCS10_Request req("req.pem"); // presumably attempt to verify the req for sanity/accuracy here, but // as Verisign, etc have shown, that's not a must. :) // now sign it X509_Certificate new_cert = ca.sign_request(req); // send the new cert back to the requestor std::cout << new_cert.PEM_encode(); std::vector revoked_certs; revoked_certs.push_back(CRL_Entry(new_cert, DOUCH_BAG)); X509_CRL crl = ca.update_crl(ca.new_crl(), revoked_certs); std::cout << crl.PEM_encode(); } catch(std::exception& e) { std::cout << e.what() << std::endl; return 1; } return 0; }