#ifdef WIN32
# include <windows.h>
#endif
#include <stdio.h>
#include "npki.h"
#include "pkierr.h"
#define SECONDS_IN_YEARS 365 * 24 * 60 * 60
NWRCODE SignCSR(void)
{
NWRCODE ccode = PKI_SUCCESS;
NPKIContext myPKI = NPKI_INVALID_CONTEXT;
unicode const *organizationalCADN;
unicode const *signingServerDN;
nuint32 caOperational;
nuint8 const *certificate;
nuint32 certificateSize;
nuint32 maxValidFromTime;
nuint32 maxValidToTime;
nuint32 currentServerTime;
nuint32 signatureAlgorithms = 0;
nuint8 *CSR = NULL;
nuint32 CSRSize = 0;
unicode myTree[] = {'T','E','S','T',0};
unicode myUser[] = {'A','d','m','i','n','.','n','o','v','e','l','l',0};
char password[] = {'t','e','s','t',0};
char* startIPAddress = "192.168.0.2";
NPKI_Extension NovellAttr = {PKI_EXTENSION_DONT_INCLUDE,0};
{
FILE *stream = NULL;
size_t size = 0;
stream = fopen("serverCSR.b64", "rb");
if (stream != NULL)
{
fseek(stream, 0L, SEEK_END);
size = ftell(stream);
fseek(stream, 0L, SEEK_SET);
if ((CSR = (nuint8 *)malloc(size)) == NULL)
{
ccode = PKI_E_INSUFFICIENT_MEMORY;
goto ERR_EXIT;
}
CSRSize = fread(CSR, sizeof(char), size, stream);
fclose(stream);
}
else
{
ccode = PKI_E_FILE_OPEN;
goto ERR_EXIT;
}
}
ccode = NPKICreateContext(&myPKI);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKISetTreeName(myPKI, myTree);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKIConnectToIPAddress(myPKI, 0, 0, startIPAddress, NULL, NULL);
ccode = NPKIDSLogin(myPKI, myUser, password);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKIFindOrganizationalCA(myPKI, &organizationalCADN);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKIGetHostServerDN(myPKI, organizationalCADN, &signingServerDN);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKIGetServerUTCTime
(
myPKI,
signingServerDN,
¤tServerTime
);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKIGetServerInfo
(
myPKI,
signingServerDN,
PKI_USER_INFO,
NULL,
&signatureAlgorithms,
&maxValidFromTime,
&maxValidToTime,
&caOperational,
NULL,
NULL,
NULL,
NULL
);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
if (!(signatureAlgorithms & PKI_SIGN_WITH_RSA_AND_SHA1))
{
ccode = PKI_E_ALGORITHM_NOT_SUPPORTED;
goto ERR_EXIT;
}
if (caOperational != PKI_ORGANIZATIONAL_CA)
{
ccode = PKI_E_CA_NOT_OPERATIONAL;
goto ERR_EXIT;
}
if (maxValidFromTime < currentServerTime)
maxValidFromTime = currentServerTime;
if (maxValidToTime > currentServerTime + (2 * SECONDS_IN_YEARS))
maxValidToTime = currentServerTime + (2 * SECONDS_IN_YEARS);
ccode = NPKIGenerateCertificateFromCSR
(
myPKI,
signingServerDN,
CSR,
CSRSize,
NULL,
PKI_SIGN_WITH_RSA_AND_SHA1,
DEFAULT_YEAR_ENCODING,
maxValidFromTime,
maxValidToTime,
NULL,
NULL,
NULL,
&NovellAttr,
NULL,
NULL,
NULL
);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
ccode = NPKICertInfo
(
myPKI,
&certificateSize,
&certificate
);
if (ccode != PKI_SUCCESS)
{
goto ERR_EXIT;
}
{
FILE *stream = NULL;
size_t size = 0;
stream = fopen("ExternalCert.cer", "wb");
if (stream != NULL)
{
size = fwrite(certificate, sizeof(char), certificateSize, stream);
fclose(stream);
}
}
ERR_EXIT:
if (CSR != NULL)
{
free(CSR);
}
NPKIDSLogout(myPKI);
if (myPKI != NPKI_INVALID_CONTEXT)
NPKIFreeContext(myPKI);
return ccode;
}