* STEP 2a
* Start by creating a Toolkit context. */ ctxt = Vtk_CtxtNew(); assert(ctxt != NULL); /*
* STEP 2b
* Set appropriate validation mechanism for the context. * By default, the context is setup with Global Validation * Authority Service (GVAS) using the CRT protocol. * If asked to do OCSP, need to change the default protocol. */ if (mech == VTK_VM_OCSP) { ret = Vtk_CtxtSetDefaultVa(ctxt, VTK_GVAS_URL, VTK_VM_OCSP); if (ret != VTK_OK) { showError("Vtk_CtxtSetDefaultVa", ret); goto done; } } /*
* STEP 3
* Create a Validation structure. * Validation structures encapsulate validation operation to a VA * using any of the Toolkit supported validation protocols. */ q = Vtk_ValidationNew(ctxt); assert(q); /*
* STEP 4a
* Load passed in user and CA certificates. */ userCert = Vtk_CertNew(ctxt); assert(userCert); issuerCert = Vtk_CertNew(ctxt); assert(issuerCert);
* STEP 4b
* Populate the certificates with information from specified * file. */ if ((ret = Vtk_CertLoadFromFile(ctxt, userCert, argv[0], VTK_DF_BASE64)) != VTK_OK) { showError("Vtk_CertLoadFromFile", ret); goto done; } if ((ret = Vtk_CertLoadFromFile(ctxt, issuerCert, argv[1], VTK_DF_BASE64)) != VTK_OK) { showError("Vtk_CertLoadFromFile", ret); goto done; } /*
* STEP 5
* Add the passed in certificate to the validation structure. * For each certificate to be validated the Toolkit requires the * CA certificate along with the certificate to be validated. * This operation can be repeated to add other certificates to be * validated. Refer to Vtk_ValidationAddCertRaw for alternative * method of suppling the certificate data. */ ret = Vtk_ValidationAddCert(ctxt, q, userCert, issuerCert, NULL); if (ret != VTK_OK) { showError("Vtk_ValidationAddCert", ret); goto done; }
* The VA specified in the context will be queried
* for the certificate(s) status. */ ret = Vtk_ValidationValidate(ctxt, q, &status); /* * Display validation values. */ if (ret == VTK_OK) { fprintf(stdout, "\n\nValidation succeeded."); /* * Display the certificate(s) status. */ if (status & VTK_STATUS_OK) fprintf(stdout, "\nCertificate is valid."); else fprintf(stdout, "\nCertificate is not valid."); /* * Display detailed information about the performed * validation. */ showStatus(status); } else { fprintf(stdout, "\n\nValidation failed."); showError("Vtk_ValidationValidate", ret); } done: