Sample Basic Application
Using the Toolkit

prevnext

Sample Basic Application

The following is a sample application using the Toolkit API to perform an OCSP or CRT query to the Global VA Service.


/*
* Copyright 2000 ValiCert Inc. All Rights Reserved.
*
*
*
* ValiCert Validator Toolkit Sample Program.
*
* This file demonstrates performing common operations with the
* ValiCert Validator Toolkit.
*/

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <assert.h>
#include <string.h>
#include <memory.h>

/*
* Toolkit includes.
*/
#include "vtk_defs.h"
#include "vtk_cert.h"
#include "vtk_error.h"
#include "vtk_ctxt.h"
#include "vtk_valid.h"


/*
*
* Local function prototypes
*
*/
/*
* showError
*
* Displays a textual representation of the Validator Toolkit error
*/
void showError(const char *funcName, Vtk_uint32 code);

/*
* showStatus
*
* Displays textual representation of the passed in validation
* status code.
*/
static void showStatus(Vtk_uint32 status);

/*
* simpleValidation
*
* Performs a simple OCSP or CRT validation check.
*/
static void
simpleValidation(enum Vtk_ValidationMech mech, int argc,
char **argv);


/**************************************************************
*
* Main - Toolkit sample
* ***************************************************************
*/
int main(int argc, char *argv[])
{
Vtk_uint32 retCode;
enum Vtk_ValidationMech valMech;

/*
* Check command line arguments
* usage: vtsample OCSP | CRT userCertFile caCertFile
*/
if (argc < 4)
{
fprintf(stdout, "\nUsage:\t%s OCSP | CRT userCertFile
caCertFile\n", argv[0]);
exit(-1);
}

if (strcmp(argv[1], "OCSP") == 0)
valMech = VTK_VM_OCSP;
else if (strcmp(argv[1], "CRT") == 0)
valMech = VTK_VM_CRT;
else
{
fprintf(stdout, "\nUnsupported validation mechanism.");
fprintf(stdout,
"\nUsage:\t%s OCSP | CRT userCertFile caCertFile\n",
argv[0]);
exit(-1);
}

/*
* Skip over the application name and validation mechanism
* parameters.
*/
argc--;
argc--;
argv++;
argv++;


/*
* STEP 1 * Initialize the Toolkit library.
*/
retCode = Vtk_Init(); assert(retCode == VTK_OK);


simpleValidation(valMech, argc, argv);


/*
* STEP 8 * Release Toolkit resources.
*/
Vtk_Finish();

return 0;
} /* main */


/*
* simpleValidation
*
* Performs a simple OCSP or CRT validation check.
*/
static void
simpleValidation(enum Vtk_ValidationMech mech, int argc, char **argv)
{
Vtk_Ctxt *ctxt;
Vtk_Cert *userCert = NULL, *issuerCert = NULL;
Vtk_Validation *q;
Vtk_uint32 ret, status;


fprintf(stdout, "\n\nPerforming certificate validation using
%s...",
(mech == VTK_VM_OCSP ? "OCSP" : "CRT"));


/*
* STEP 2a * Start by creating a Toolkit context.
*/
ctxt = Vtk_CtxtNew(); assert(ctxt != NULL);


/*
* STEP 2b * Set appropriate validation mechanism for the context.
* By default, the context is setup with Global Validation
* Authority Service (GVAS) using the CRT protocol.
* If asked to do OCSP, need to change the default protocol.
*/
if (mech == VTK_VM_OCSP)
{
ret = Vtk_CtxtSetDefaultVa(ctxt, VTK_GVAS_URL, VTK_VM_OCSP);
if (ret != VTK_OK)
{
showError("Vtk_CtxtSetDefaultVa", ret);
goto done;
}
}


/*
* STEP 3 * Create a Validation structure.
* Validation structures encapsulate validation operation to a VA
* using any of the Toolkit supported validation protocols.
*/
q = Vtk_ValidationNew(ctxt); assert(q);


/*
* STEP 4a * Load passed in user and CA certificates.
*/
userCert = Vtk_CertNew(ctxt); assert(userCert);
issuerCert = Vtk_CertNew(ctxt); assert(issuerCert);

/*
* STEP 4b * Populate the certificates with information from specified
* file.
*/
if ((ret = Vtk_CertLoadFromFile(ctxt, userCert, argv[0],
VTK_DF_BASE64)) != VTK_OK)
{
showError("Vtk_CertLoadFromFile", ret);
goto done;
}

if ((ret = Vtk_CertLoadFromFile(ctxt, issuerCert, argv[1],
VTK_DF_BASE64)) != VTK_OK)
{
showError("Vtk_CertLoadFromFile", ret);
goto done;
}

/*
* STEP 5 * Add the passed in certificate to the validation structure.
* For each certificate to be validated the Toolkit requires the
* CA certificate along with the certificate to be validated.
* This operation can be repeated to add other certificates to be
* validated. Refer to Vtk_ValidationAddCertRaw for alternative
* method of suppling the certificate data.
*/
ret = Vtk_ValidationAddCert(ctxt, q, userCert, issuerCert,
NULL);
if (ret != VTK_OK)
{
showError("Vtk_ValidationAddCert", ret);
goto done;
}


/*
* STEP 6
* Perform the certificate validation.
* The VA specified in the context will be queried * for the certificate(s) status.
*/
ret = Vtk_ValidationValidate(ctxt, q, &status);


/*
* Display validation values.
*/
if (ret == VTK_OK)
{
fprintf(stdout, "\n\nValidation succeeded.");

/*
* Display the certificate(s) status.
*/
if (status & VTK_STATUS_OK)
fprintf(stdout, "\nCertificate is valid.");
else
fprintf(stdout, "\nCertificate is not valid.");


/*
* Display detailed information about the performed
* validation.
*/
showStatus(status);

}
else
{
fprintf(stdout, "\n\nValidation failed.");
showError("Vtk_ValidationValidate", ret);
}


done:

/*
* STEP 7 * Cleanup memory
*/ if (q)
Vtk_ValidationDelete(q);

if (userCert)
Vtk_CertDelete(userCert);

if (issuerCert)
Vtk_CertDelete(issuerCert);

if (ctxt)
Vtk_CtxtDelete(ctxt);
} /* simpleValidation */


/*
* showError
*
* Displays a textual representation of the Validator Toolkit error
*/
static void showError(const char *funcName, Vtk_uint32 code)
{

fprintf(stdout, "\n\n**ERROR** in %s - 0x%X (%s)\n\n",
funcName, code, Vtk_ErrorToString(code));
} /* showError */


/*
* showStatus
*
* Displays textual representation of the passed in validation
* status code.
*/
static void showStatus(Vtk_uint32 status)
{
char ** statusStrings;

statusStrings = Vtk_StatusToStrings(status);

/*
* Ensure Vtk_StatusToStrings worked.
*/
if (statusStrings)
{
char **temp = statusStrings;

fprintf(stdout, "\nValidation Status:");

/*
* Walk through the array of strings returned, printing each
* string, until the end of array is reached - NULL entry.
*/
while (*temp)
fprintf(stdout, "\n\t%s", *temp++);

/*
* Release status array.
*/
Vtk_StatusStringsDelete(statusStrings);
}
else
fprintf(stdout,
"\n\n**ERROR - Vtk_StatusToStrings - no status strings returned\n\n");

} /* showStatus */

prevnext


ValiCert, Inc.
http://www.valicert.com
Voice: +1.650.567.5469
Fax: (+1.650.254.2148
support@valicert.com