MS X.400 API

examples/x400_msrcv_sign.c

This is an example program which can receive a message either from a P7 Message Store or directly from the MTA's P3 channel.

/* Copyright (c) 2003-2013, Isode Limited, London, England.
* All rights reserved.
*
* Acquisition and use of this software and related materials for any
* purpose requires a written licence agreement from Isode Limited,
* or a written licence from an organisation licenced by Isode Limited
* to grant such a licence.
*
*/
/*
*
* @VERSION@
* Simple example program for receiving a message from a store.
* The security environment is set up so that signed messages
* will have the MOAC verified.
*
* Note that a valid Digital Identity is no longer required in order to
* perform verification. Instead the name of a directory containing trusted,
* self signed certificates in DER form can be passed in.
*/
#include <stdio.h>
#include <stdlib.h>
#include <x400_msapi.h>
#include <seclabel_api.h> /* For security labels */
#include "example.h"
#include "ms_example.h"
int num_unsigned_rcvd;
int num_unverified_rcvd;
int num_verified_rcvd;
static char *optstr = "u37m:d:p:w:M:D:P:W:e:b:x:Y:U:";
static void usage(void);
static int get_msg(
struct X400msSession *sp
);
static void setup_default_new_sec_env(
struct X400msSession *sp,
char *sec_trusted_cert_dir
);
static void setup_default_old_sec_env(
struct X400msSession *sp,
char *id,
char *dn,
char *pw /* passphrase for private key in pkcs12 file */
);
static int report_moac_info(
struct X400msMessage *mp
);
static void show_4406_certificate (struct X400msMessage *mp);
static void show_certificate (struct X400msMessage *mp);
static int report_4406_info(
struct X400msMessage *mp
);
static void print_sec_label(
char slab_buffer[],
unsigned int length
);
int
main(
int argc,
char **argv)
{
char buffer[BUFSIZ];
char pa[BUFSIZ];
char orn[BUFSIZ];
int status;
int nummsg;
struct X400msSession *sp;
int contype;
char *def_oraddr;
char *def_dn;
char *def_pa;
if (get_args(argc, argv, optstr)) {
usage();
exit(-1);
}
printf("Connection type (0 = P7, 1 = P3 submit only, 2 = P3 both directions) [%d]: ", x400_contype);
contype = ic_fgetc(x400_contype, stdin);
if (contype != 10)
ic_fgetc(x400_contype, stdin);
if ( contype < '0' || '2' < contype )
contype = x400_contype;
else
contype -= '0';
if (contype == 0) {
def_oraddr = x400_ms_user_addr;
def_dn = x400_ms_user_dn;
def_pa = x400_ms_presentation_address;
}
else {
def_oraddr = x400_mta_user_addr;
def_dn = x400_mta_user_dn;
def_pa = x400_mta_presentation_address;
}
printf("Your ORAddress [%s] > ", def_oraddr);
ic_fgets(orn, sizeof orn, stdin);
if (orn[strlen(orn) - 1] == '\n')
orn[strlen(orn) - 1] = '\0';
if (orn[0] == '\0')
strcpy(orn, def_oraddr);
/* Prompt for password; note: reflected. */
printf("Password [%s]: ",
contype == 0 ? x400_p7_password : x400_p3_password);
if (ic_fgets(buffer, sizeof buffer, stdin) == NULL)
exit(1);
if (buffer[strlen(buffer) - 1] == '\n')
buffer[strlen(buffer) - 1] = '\0';
if (buffer[0] == '\0')
strcpy(buffer, contype == 0 ? x400_p7_password : x400_p3_password);
printf("Presentation Address [%s] > ", def_pa);
ic_fgets(pa, sizeof pa, stdin);
if (pa[strlen(pa) - 1] == '\n')
pa[strlen(pa) - 1] = '\0';
if (pa[0] == '\0')
strcpy(pa, def_pa);
status = X400msOpen(contype, orn, def_dn, buffer, pa, &nummsg, &sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in Open: %s\n", X400msError(status));
exit(status);
}
#ifdef USING_ALERTS
/* If we register the alert auto-action, we will get an alert indication
when a message is delivered. So there is no need to poll at
short intervals within X400ms_Wait - we can do a slow background
poll and rely on the Alert indication to wake the code up instead */
X400msSetIntDefault(sp, X400_N_WAIT_INTERVAL, 1000);
#endif
/* setup logging from $(ETCDIR)x400api.xml or $(SHAREDIR)x400api.xml */
X400msSetStrDefault(sp, X400_S_LOG_CONFIGURATION_FILE, "x400api.xml", 0);
if (contype == 0) {
#ifdef WANT_AUTOFORWARDING
struct X400msAutoActionParameter *aa_param;
/* Register an Autoforwarding Autoaction. */
aa_param = X400msNewAutoActionParameter();
/* Add mandatory things to AutoAction parameter for auto-forwarding:
i.e. recipient address */
X400RecipNew(0, &rp);
X400RecipAddStrParam(rp, X400_S_OR_ADDRESS, def_oraddr,
strlen(def_oraddr));
X400msAutoActionParameterAddRecip(aa_param, X400_RECIP_STANDARD, rp);
X400msAutoActionParameterAddStrParam(aa_param,
X400_S_CONTENT_IDENTIFIER,
"AF contentid", -1);
X400msAutoActionParameterAddIntParam(aa_param, X400_N_DISCLOSURE, 1);
X400msAutoActionParameterAddIntParam(aa_param,
X400_N_IMPLICIT_CONVERSION_PROHIBITED,
1);
X400msAutoActionParameterAddIntParam(aa_param,
X400_N_ALTERNATE_RECIPIENT_ALLOWED,
1);
X400msAutoActionParameterAddIntParam(aa_param,
X400_N_CONTENT_RETURN_REQUEST,
1);
X400msAutoActionParameterAddIntParam(aa_param, X400_N_PRIORITY, 2);
X400msAutoActionParameterAddStrParam(aa_param,
X400_S_AUTO_FORWARDING_COMMENT,
"This message was autoforwarded",
-1);
X400msAutoActionParameterAddStrParam(aa_param,
X400_S_COVER_NOTE,
"This is a cover note", -1);
X400msAutoActionParameterAddStrParam(aa_param,
X400_S_THIS_IPM_PREFIX,
"AutoForwarded:", -1);
status = X400msRegisterAutoAction(sp, X400_AUTO_FORWARDING,
4, aa_param);
if (status != X400_E_NOERROR) {
fprintf(stderr,
"Error in RegisterAutoAction: %s\n", X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Registered AutoForwarding autoaction (id = 4) OK\n");
X400msFreeAutoActionParameter(aa_param);
#endif
#ifdef USING_ALERTS
/* No parameter needed for Alert autoaction - we do not support
configuration of requested-attributes in this API yet. */
status = X400msRegisterAutoAction(sp, X400_AUTO_ALERT, 9, NULL);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in RegisterAutoAction: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Registered AutoAlert autoaction (id = 9) OK\n");
#endif
/* Just test the register and deregister functions */
status = X400msRegisterAutoAction(sp, X400_AUTO_ALERT, 10, NULL);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in RegisterAutoAction: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Registered AutoAlert autoaction (id = 10) OK\n");
/* Lets do a deregistration of the action we just registered */
status = X400msDeregisterAutoAction(sp, X400_AUTO_ALERT, 10);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in DeregisterAutoAction: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Deregistered AutoAlert autoaction (id = 10) OK\n");
}
if (nummsg == 0) {
printf ("no messages - waiting 60 seconds for a message to be delivered.....\n");
}
else {
printf("%d messages waiting\n", nummsg);
}
status = get_msg(sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in getting msg: %s\n",
X400msError(status));
exit(status);
}
fprintf(stderr, "got first\n");
status = get_msg(sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in getting msg: %s\n",
X400msError(status));
exit(status);
}
fprintf(stderr, "got second\n");
status = get_msg(sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in getting msg: %s\n",
X400msError(status));
exit(status);
}
fprintf(stderr, "got third\n");
status = get_msg(sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in getting msg: %s\n",
X400msError(status));
exit(status);
}
fprintf(stderr, "got third\n");
status = get_msg(sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in getting msg: %s\n",
X400msError(status));
exit(status);
}
fprintf(stderr, "got third\n");
status = get_msg(sp);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error in getting msg: %s\n",
X400msError(status));
exit(status);
}
fprintf(stderr, "got third\n");
status = X400msClose(sp);
printf("%d num_unsigned_rcvd\n", num_unsigned_rcvd);
printf("%d num_unverified_rcvd\n", num_unverified_rcvd);
printf("%d num_verified_rcvd\n", num_verified_rcvd);
return(status);
}
static int get_msg(
struct X400msSession *sp
)
{
char buffer[BUFSIZ];
int status, sig_status;
int nummsg;
int type;
int seqn;
struct X400msMessage *mp;
struct X400Recipient *rp;
int n;
size_t length;
int intparam;
char recipient_str[BUFSIZ];
printf("Waiting for new messages for 10 seconds\n");
status = X400msWait(sp, 10, &nummsg);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from Wait: %s\n", X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("------------- New Message ----------------\n");
/* Set up the security environment.
*
* In R15.0 this need only be the name of a trusted certificate directory.
*
* Prior to R15.0, the ID is specified as a pathname, in which the
* subdirectory "x509" is expected to contain one or more PKCS12
* files. The appropriate Digital Identity is determined from the
* DN of the subject, and the passphrase is used to decrypt the
* private key. NB even though we're not going to use our cert,
* (as we're going to use the cert in the message to check the MOAC
* we need to do this due to a limitation in the underlying X.509
* layer.
*/
if (use_new_sec_env) {
setup_default_new_sec_env(sp, trusted_ca_certs_dir);
} else {
setup_default_old_sec_env(sp, security_id, identity_dn, passphrase);
}
/* Turn off legacy bahaviour in which MOAC verification failure
* returns X400_E_NOERROR.
* We will now get X400_E_X509_VERIFY_FAILURE from MsgGet
* if/when the verification fails
*/
X400msSetIntDefault(sp, X400_B_RETURN_VERIFICATION_ERRORS, 1);
if (x400_default_recipient != NULL)
printf("Getting message\n");
status = X400msMsgGet(sp, 0, &mp, &type, &seqn);
switch (status) {
case X400_E_NOERROR:
fprintf(stderr, "MsgGet successfully got message\n");
break;
default :
fprintf(stderr, "Error from MsgGet: %s\n", X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
break;
}
if (type != X400_MSG_MESSAGE) {
fprintf(stderr, "Got a report (printing only some attributes)\n");
/* The ORADDRESS in the message is the (envelope) originator */
status = X400msMsgGetStrParam(mp, X400_S_SUBJECT_IDENTIFIER,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from MsgGetStrParam: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Subject Identifier: %.*s\n", (int)length, buffer);
/* Get the primary recipients */
for (n = 1;; n++) {
status = X400msRecipGet(mp, X400_RECIP_REPORT, n, &rp);
if (status == X400_E_NO_RECIP)
break;
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from RecipGet: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
/* Note: recipient may not actually have an O/R address */
status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS,
recipient_str,
sizeof recipient_str, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from RecipGetStrParam: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
/* print out the O/R Address of the report */
printf("Positive Delivery Report for recipient %d: %.*s\n", n,
(int)length, recipient_str);
/* The original message delivery time, if this attribute exists,
* then the report is a positive Delivery Report */
status = X400msRecipGetStrParam(rp, X400_S_MESSAGE_DELIVERY_TIME,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR) {
/* Positive Delivery Report */
printf("Delivery Time: %.*s\n", (int)length, buffer);
}
else {
/* Negative Delivery Report */
printf("Negative Delivery Report for recipient %d: %s\n", n,
recipient_str);
/* Supplementary Info to the report */
status = X400msRecipGetStrParam(rp, X400_S_SUPPLEMENTARY_INFO,
buffer, sizeof buffer,
&length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from RecipGetStrParam: %s\n",
X400msError(status));
buffer[0] = '\0';
}
printf("Supplementary Info: %.*s\n", (int)length, buffer);
/* The reason why the message was not delivered */
status =
X400msRecipGetIntParam(rp, X400_N_NON_DELIVERY_REASON,
&intparam);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from MsgGetIntParam: %s\n",
X400msError(status));
}
printf("Non-Delivery Reason: %d\n", intparam);
/* The diagnostics of the report for this recipient */
status =
X400msRecipGetIntParam(rp, X400_N_NON_DELIVERY_DIAGNOSTIC,
&intparam);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from MsgGetIntParam: %s\n",
X400msError(status));
}
printf("Non-Delivery Diagnostic: %d\n", intparam);
}
}
num_unsigned_rcvd++ ;
status = X400msMsgDelete(mp, 0);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from X400msMsgDelete: %s\n",
X400msError(status));
}
return (status);
}
/* report information about the MOAC in the message */
(void) report_moac_info(mp);
/* report information about the 4406 in the message */
sig_status = report_4406_info(mp);
/* X.411 security label */
status = X400msMsgGetStrParam(mp, X400_S_SECURITY_LABEL,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR) {
printf("X.411 Security Label returned OK (%d chars)\n", (int)length);
print_sec_label(buffer, length);
} else {
printf("X.411 Security Label not returned (%d) (%s)\n", status,
X400msError(status));
}
/* content type */
status = X400msMsgGetIntParam(mp, X400_N_CONTENT_TYPE, &intparam);
if (status == X400_E_NOERROR) {
printf ("Content type : P%d\n", intparam);
} else {
fprintf(stderr, "No content type: Error from MsgGetStrParam: %s\n",
X400msError(status));
}
/* external content type */
status = X400msMsgGetStrParam(mp, X400_S_EXTERNAL_CONTENT_TYPE,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR) {
printf("External Content Type: %.*s\n", (int)length, buffer);
} else {
fprintf(stderr, "No content type: Error from MsgGetStrParam: %s\n",
X400msError(status));
}
/* The message identifier */
status = X400msMsgGetStrParam(mp, X400_S_MESSAGE_IDENTIFIER,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from MsgGetStrParam: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Message Identifier: %.*s\n", (int)length, buffer);
/* The ORADDRESS in the message is the (envelope) originator */
status = X400msMsgGetStrParam(mp, X400_S_OR_ADDRESS,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from MsgGetStrParam: %s\n",
X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
printf("Originator: %.*s\n", (int)length, buffer);
if (sig_status == X400_E_S4406_TRIPLE_WRAPPED) {
/* can't do much more with an encrypted message ... */
printf("Deleting triple wrapped message\n");
/* Deletes message in message store as well as internal copy */
status = X400msMsgDelete(mp, 0);
return status;
}
/* Get the primary recipients */
for (n = 1;; n++) {
status = X400msRecipGet(mp, X400_RECIP_PRIMARY, n, &rp);
if (status == X400_E_NO_RECIP)
break;
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from RecipGet: %s\n", X400msError(status));
/* tidily close the session */
status = X400msClose(sp);
exit(status);
}
/* Note: recipient may not actually have an O/R address */
status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR) {
printf("Recipient %d: %.*s\n", n, (int)length, buffer);
}
status = X400msRecipGetIntParam(rp, X400_N_PRECEDENCE, &intparam);
if (status == X400_E_NOERROR) {
printf("Primary Recipient Precedence %d\n", intparam);
} else {
fprintf(stderr, "Error from RecipGet: %s\n", X400msError(status));
}
}
/* Subject is optional */
status = X400msMsgGetStrParam(mp, X400_S_SUBJECT,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR)
printf("Subject: %.*s\n", (int)length, buffer);
/* external content type */
status = X400msMsgGetStrParam(mp, X400_S_EXTERNAL_CONTENT_TYPE,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR)
printf("External Content Type: %.*s\n", (int)length, buffer);
/* And message text (or it could be another type) */
status = X400msMsgGetStrParam(mp, X400_T_IA5TEXT,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR) {
printf("\nIA5 Text:\n%.*s\n\n", (int)length, buffer);
} else {
fprintf (stderr, "No IA5 text in message");
fprintf (stderr, "X400msMsgGetStrParam returned error: %s\n",
X400msError (status));
}
/* get all the attachments */
printf("Getting body parts\n");
get_body_parts(mp);
/* Deletes message in message store as well as internal copy */
status = X400msMsgDelete(mp, 0);
return status;
}
/*
* Recommended function to setup security env for verification.
* No digitial ID required - just a directory which contains
* trust anchors which are read as DER file (certificate.crt).
*
* The certificate (containing public key) is obtained from the message
* which is referenced in the message.
*/
static void setup_default_new_sec_env(
struct X400msSession *sp,
char *trusted_ca_certs_directory
)
{
int status;
/* Directory containing trusted CA Certificates */
printf("Adding %s as trusted CA cert dir\n", trusted_ca_certs_directory);
status = X400msSetStrDefault (sp, X400_S_SEC_TRUSTED_CERTS_DIR,
trusted_ca_certs_directory, -1);
if ( status != X400_E_NOERROR ) {
fprintf (stderr, "X400msSetStrDefault returned error: %s\n",
X400msError (status));
exit (status);
}
return;
}
/*
* Obsolete function to use to set up the security environment. This provides a
* directory in which PKCS12 files are checked to find one whose subject DN
* matches that of this client.
*
* Any self signed certificates found in the directory are treated as
* trusted.
*/
static void setup_default_old_sec_env(
struct X400msSession *sp,
char *id,
char *dn,
char *pw /* passphrase for private key in pkcs12 file */
)
{
int status;
/* first set a default security identity. This passes in the name of a
* directory, which contains an x509 subdirectory in which all Identities
* are held */
/* X400msSetStrDefault(sp, X400_S_SEC_IDENTITY, "/var/isode/dsa-db/", -1);
* */
X400msSetStrDefault(sp, X400_S_SEC_IDENTITY, id, -1);
/* select by DN which Identity is to be used (if there are several)
* Currently these must be PKCS12 files */
status = X400msSetStrDefault (sp, X400_S_SEC_IDENTITY_DN, dn, -1);
if ( status != X400_E_NOERROR ) {
fprintf (stderr, "X400msSetStrDefault returned error: %s\n",
X400msError (status));
exit (status);
}
/* passphrase used to open the Identity */
status = X400msSetStrDefault (sp, X400_S_SEC_IDENTITY_PASSPHRASE, pw, -1);
if ( status != X400_E_NOERROR ) {
fprintf (stderr, "X400msSetStrDefault returned error: %s\n",
X400msError (status));
exit (status);
}
return;
}
static int report_moac_info(
struct X400msMessage *mp
)
{
int status;
int intparam;
/* Check the MOAC */
status = X400msMsgGetIntParam(mp, X400_N_MOAC_STATUS, &intparam);
switch ( status ) {
case X400_E_NO_VALUE:
num_unverified_rcvd++ ;
fprintf (stderr, "No MOAC in message\n");
break;
default:
num_unverified_rcvd++ ;
fprintf (stderr, "Unexpected error getting MOAC status: %s\n",
X400msError (status));
break;
case X400_E_NOERROR:
fprintf (stderr, "Have MOAC in message (%d)\n", intparam);
switch (intparam) {
case X400_E_NOERROR:
fprintf(stderr,
"MsgGet successfully verified signature in message\n");
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_verified_rcvd++ ;
break;
case X400_E_SIGN_NO_IDENTITY:
fprintf(stderr,
"MOAC validation cannot take place because the security environment is invalid (%d):\n",
intparam);
/* other values will not be available */
break;
case X400_E_X509_INIT:
case X400_E_X509_ENV:
fprintf(stderr,
"MOAC validation cannot take place because the security environment is invalid (%d):\n",
intparam);
/* other values will not be available */
break;
case X400_E_X509_VERIFY_FAIL:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_NO_CERT:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_NO_PUBKEY:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_INCOMPAT_ALG:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_UNSUPPORTED_ALG:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_CERT_INVALID:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_ITEM_INVALID:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
default :
fprintf(stderr,
"Unexpected verification error from MsgGet(%d): %s\n",
intparam,
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
}
}
return X400_E_NOERROR;
}
static int report_4406_info(
struct X400msMessage *mp
)
{
int status;
int intparam;
size_t length;
char buffer[BUFSIZ];
/* Check the 4406 signatures */
status = X400msMsgGetIntParam(mp, X400_N_S4406_STATUS, &intparam);
switch ( status ) {
case X400_E_NO_VALUE:
num_unverified_rcvd++ ;
fprintf (stderr, "No 4406 signature in message\n");
return X400_E_NOERROR;
default:
num_unverified_rcvd++ ;
fprintf (stderr, "Unexpected error getting 4406 signature status: %s\n",
X400msError (status));
break;
case X400_E_NOERROR:
fprintf (stderr, "Have 4406 signature in message (%d)\n", intparam);
switch (intparam) {
case X400_E_NOERROR:
fprintf(stderr,
"MsgGet successfully verified signature in message\n");
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_verified_rcvd++ ;
break;
case X400_E_SIGN_NO_IDENTITY:
fprintf(stderr,
"4406 signature validation cannot take place because the security environment is invalid (%d):\n",
intparam);
/* other values will not be available */
break;
case X400_E_X509_INIT:
case X400_E_X509_ENV:
fprintf(stderr,
"4406 signature validation cannot take place because the security environment is invalid (%d):\n",
intparam);
/* other values will not be available */
break;
case X400_E_X509_VERIFY_FAIL:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_NO_CERT:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_NO_PUBKEY:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_INCOMPAT_ALG:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_VERIFY_FAIL_UNSUPPORTED_ALG:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_CERT_INVALID:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_X509_ITEM_INVALID:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
case X400_E_S4406_TRIPLE_WRAPPED:
fprintf(stderr, "Verification Error from MsgGet: %s\n",
X400msError(intparam));
show_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
return X400_E_S4406_TRIPLE_WRAPPED;
default :
fprintf(stderr, "Unexpected verification error from MsgGet: %s\n",
X400msError(intparam));
show_4406_certificate (mp);
fprintf(stderr, "continuing ...\n");
num_unverified_rcvd++ ;
break;
}
}
/* 4406 security label */
printf("------------- 4406 Info ----------------\n");
status = X400msMsgGetStrParam(mp, X400_S_S4406_SECURITY_LABEL,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR) {
printf("4406 Security Label returned OK (%d chars)\n", (int)length);
print_sec_label(buffer, length);
} else {
printf("4406 Security Label not returned (%d) (%s)\n", status,
X400msError(status));
}
/* 4406 signing time */
status = X400msMsgGetStrParam(mp, X400_S_S4406_SIGNING_TIME,
buffer, sizeof buffer, &length);
if (status == X400_E_NOERROR)
printf("4406 signing time returned OK\n%.*s\n", (int)length, buffer);
else
printf("4406 signing time not returned (%d) (%s)\n", status,
X400msError(status));
printf("------------ End 4406 Info -----------\n");
return X400_E_NOERROR;
}
static void show_certificate (struct X400msMessage *mp)
{
int status;
struct X400Certificate *cert;
char buffer[BUFSIZ];
size_t length;
int paramval;
status = X400msMsgGetCert (mp, X400_N_CERT_MOAC, &cert);
if ( status != X400_E_NOERROR ) {
fprintf (stderr, "Error getting MOAC certificate: %s\n",
X400msError (status));
return;
}
status = X400CertGetStrParam(cert, X400_S_CERT_SUBJECT_DN,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
fprintf(stderr,
"subject DN of originator certificate '%.*s'\n", (int)length, buffer);
status = X400CertGetStrParam(cert, X400_S_CERT_ISSUER_DN,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
fprintf(stderr,
"issuer DN of originator certificate '%.*s'\n", (int)length, buffer);
status = X400CertGetStrParam(cert, X400_S_OR_ADDRESS,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
if ( status == X400_E_NO_VALUE ) {
fprintf(stderr, "No ORaddress subject alt. name\n");
} else {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
} else {
fprintf(stderr, "ORaddress subject alt name: '%.*s'\n", (int)length, buffer);
}
status = X400CertGetIntParam(cert, X400_N_CERT_ORADDRESS_STATUS, &paramval);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
fprintf(stderr, "ORaddress subject alt name status: %s\n",
X400msError (paramval));
}
static void show_4406_certificate (struct X400msMessage *mp)
{
int status;
struct X400Certificate *cert;
char buffer[BUFSIZ];
size_t length;
int paramval;
status = X400msMsgGetCert (mp, X400_N_S4406_CERTIFICATE, &cert);
if ( status != X400_E_NOERROR ) {
fprintf (stderr, "Error getting 4406 certificate: %s\n",
X400msError (status));
return;
}
status = X400CertGetStrParam(cert, X400_S_CERT_SUBJECT_DN,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
fprintf(stderr, "subject DN of originator certificate '%.*s'\n",
(int)length, buffer);
status = X400CertGetStrParam(cert, X400_S_CERT_ISSUER_DN,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
fprintf(stderr, "issuer DN of originator certificate '%.*s'\n",
(int)length, buffer);
status = X400CertGetStrParam(cert, X400_S_OR_ADDRESS,
buffer, sizeof buffer, &length);
if (status != X400_E_NOERROR) {
if ( status == X400_E_NO_VALUE ) {
fprintf(stderr, "No ORaddress subject alt. name\n");
} else {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
} else {
fprintf(stderr, "ORaddress subject alt name: '%.*s'\n",
(int)length, buffer);
}
status = X400CertGetIntParam(cert, X400_N_CERT_ORADDRESS_STATUS, &paramval);
if (status != X400_E_NOERROR) {
fprintf(stderr, "Error from CertGetStrParam: %s\n",
X400msError(status));
return;
}
fprintf(stderr, "ORaddress subject alt name status: %s\n",
X400msError (paramval));
return;
}
static void print_sec_label(
char slab_buffer[],
unsigned int length
)
{
#define XML_BUFSIZE 1024
char xml_buffer[XML_BUFSIZE];
int status;
status = SecLabelInit("Example program");
if (status != SECLABEL_E_NOERROR) {
fprintf(stderr, "SecLabelInit returned error %d\n", status);
return ;
}
status = SecLabelPrint((const unsigned char *) slab_buffer,
length,
xml_buffer,
XML_BUFSIZE);
if (status != SECLABEL_E_NOERROR) {
fprintf(stderr, "SecLabelParse returned error %d\n", status);
return ;
}
/* You could now write out the XML file, or parse it in memory..*/
printf("Got security label:\n%s\n", xml_buffer);
return;
}
static void usage(void) {
printf("usage: %s\n", optstr);
printf("\t where:\n");
printf("\t -u : Don't prompt to override defaults \n");
printf("\t -3 : Use P3 connection \n");
printf("\t -7 : Use P7 connection \n");
printf("\t -m : OR Address in P7 bind arg \n");
printf("\t -d : DN in P7 bind arg \n");
printf("\t -p : Presentation Address of P7 Store \n");
printf("\t -w : P7 password of P7 user \n");
printf("\t -M : OR Address in P3 bind arg \n");
printf("\t -D : DN in P3 bind arg \n");
printf("\t -P : Presentation Address of P3 server\n");
printf("\t -W : P3 password of P3 user \n");
printf("\t -e : Security Environment (dir with x509 subdir): obsolete, use -Y <p12file>\n");
printf("\t -x : DN of X.509 Digital Identity\n");
printf("\t -b : Passphrase for private key in PKCS12 file\n");
printf("\t -Y : Filename of PKCS12 file containing Digital Identity\n");
return;
}