CrossCertificateParis Objects

From OpenCA::Wiki

[edit]

Getting a CrossCertificatePair from a URL

In this example we show how easy it is to get a list of crossCertificatePair objects from a URL: 

 #include <libpki/pki.h>
 
 int main () {
 
       PKI_X509_XPAIR_STACK *xp_sk = NULL;
       PKI_X509_XPAIR *xp = NULL;
       PKI_X509_CERT *x1, *x2;
 
       char *url = "ldap://ldap.dartmouth.edu:389/cn=Dartmouth CertAuth1, o=Dartmouth College, C=US, dc=dartmouth, dc=edu?crossCertificatePair;binary";
       // char *url = "ldap://fpkia.gsa.gov:389/ou=Entrust, ou=FBCA, o=U.S. Government, c=US?crossCertificatePair;binary";
 
       int i;
 
       printf("Grabbing : %s\n", url );
 
       if((xp_sk = PKI_X509_XPAIR_STACK_get ( url, NULL, NULL )) == NULL ) {
               printf("ERROR!\n");
               exit(1);
       }
 
       printf("Got %d Elements.\n", PKI_STACK_X509_XPAIR_elements (xp_sk ));
 
       for ( i=0; i < PKI_STACK_X509_XPAIR_elements( xp_sk ); i++ ) {
               xp = PKI_STACK_X509_XPAIR_get_num( xp_sk, i );
 
               PKI_X509_XPAIR_put ( xp, PKI_DATA_FORMAT_TXT, "fd://1",
                                                       NULL, NULL, NULL );
  
       }
  
       return 0;
 }


[edit]

Generate a new crossCertificatePair

In this example we show how to generate a new crossCertificatePair object starting from two certificate files (cert1.pem and cert2.pem) 

 #include <libpki/pki.h>
 
 int main () {
 
       PKI_X509_XPAIR *xp = NULL;
       PKI_X509_CERT *x1, *x2;
 
       PKI_init_all();
 
       PKI_log_init ( PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
               PKI_LOG_FLAGS_ENABLE_DEBUG, NULL );
 
       // Generate a new empty crossCertificatePair (XPAIR) object
       xp = PKI_X509_XPAIR_new_null();
 
       // Loads the two certificates
       if((x1 = PKI_X509_CERT_get ( "cert1.pem", NULL, NULL )) == NULL ) {
               PKI_log_err("ERROR, can not load cert1.pem");
       }
       if((x2 = PKI_X509_CERT_get ( "cert2.pem", NULL, NULL )) == NULL ) {
               PKI_log_err( "ERROR, can not load cert2.pem");
       }
       // Now assign the two certificates as forward and reverse
       if((PKI_X509_XPAIR_set_forward ( xp, x1 )) == PKI_ERR ) {
               PKI_log_err ("ERROR, can not set forward (x1)!");
       }
       if((PKI_X509_XPAIR_set_reverse ( xp, x2 )) == PKI_ERR ) {
               PKI_log_err ("ERROR, can not set reverse (x2)!");
       }
       // Prints out the XPAIR object in text format on stdout ("fd://1")
       PKI_X509_XPAIR_put ( xp, PKI_DATA_FORMAT_TXT, "fd://1",
                                       NULL, NULL, NULL );
       // Prints out the XPAIR object in PEM format on stdout ("fd://1")
       PKI_X509_XPAIR_put ( xp, PKI_DATA_FORMAT_PEM, "fd://1",
                                       NULL, NULL, NULL );
       return 0;
 }
Retrieved from "http://wiki.openca.org/wiki/index.php/CrossCertificateParis_Objects"