ProxyCertificates

From OpenCA::Wiki

This code shows how to generate a proxy certificate from an existing PKI_TOKEN. After loading the token from a PKCS#12 file, this code simply generates a new token ('proxy') and saves its content to another P12 file.

  include <libpki/pki.h>
  
  int main (int argc, char *argv[] ) {
 
       PKI_X509_CERT *cert = NULL;
       PKI_TOKEN *tk = NULL;
       PKI_TOKEN *proxy = NULL;
       PKI_CRED cred;
 
       PKI_init_all();
 
       if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
                       PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR ) {
               exit(1);
       }
  
       // Sets the password to use while loading the .p12 file
       cred.password = "mySecurePassword";
 
       // Loads the PKI_TOKEN from a .p12 file
       if((tk = PKI_TOKEN_new_p12( argv[1], NULL, &cred )) == NULL ) {
               printf("ERROR, can not load TOKEN (%s)\n", argv[1]);
               exit(1);
       }
       PKI_TOKEN_add_profile( tk, prof );
   
       // Generates a new Token with the Proxy Certificate
       proxy = PKI_TOKEN_issue_proxy ( tk, NULL, NULL, 60*60, NULL, NULL );
       if( !proxy ) {
               PKI_log_err ("ERROR::Can not generate proxy TOKEN!");
       } else {
               PKI_log_debug("OK, Proxy token generated!");
       }
   
       // Sets the password for the new token with the Proxy Certificate
       cred.password = "mySecurePasswordForProxyCertificate";
   
       // Exports (saves) the proxy certificate token to "proxyId.p12" file
       PKI_TOKEN_export_p12 ( proxy, PKI_DATA_FORMAT_ASN1, "proxyId.p12", &cred );
  
       exit(0);
  }

Retrieved from "http://wiki.openca.org/wiki/index.php/ProxyCertificates"

ProxyCertificates

From OpenCA::Wiki

Views

Personal tools

Navigation

Search

Toolbox