github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/apps/simpleexample/SimpleClientCpp/gen_keys.cc (about) 1 // 2 // Copyright 2016, Google Corporation , All Rights Reserved. 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // or in the the file LICENSE-2.0.txt in the top level sourcedirectory 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License 14 // File: genkeys.cc 15 16 #include "gtest/gtest.h" 17 18 #include <gtest/gtest.h> 19 #include <gflags/gflags.h> 20 #include <stdio.h> 21 #include <string> 22 23 #include "ssl_helpers.h" 24 25 DEFINE_string(key_type, "ECC", "key type for generated keys"); 26 27 int main(int an, char** av) { 28 string path("/Domains/test_keys"); 29 string ca_cert_string; 30 string client_cert_string; 31 string server_cert_string; 32 string ca_key_string; 33 string client_key_string; 34 string server_key_string; 35 36 #ifdef __linux__ 37 gflags::ParseCommandLineFlags(&an, &av, true); 38 #else 39 google::ParseCommandLineFlags(&an, &av, true); 40 #endif 41 42 string key_type; 43 int key_size; 44 if(FLAGS_key_type == "ECC") { 45 key_type = "ECC"; 46 key_size = 256; 47 } else if (FLAGS_key_type == "RSA") { 48 key_type = "RSA"; 49 key_size = 2048; 50 } else { 51 printf("Invalid key type\n"); 52 return 1; 53 } 54 printf("Key type is %s\n", key_type.c_str()); 55 56 string ca_common_name("test_ca"); 57 string client_common_name("test_client"); 58 string server_common_name("test_server"); 59 string issuer("test_ca"); 60 string keyUsage("critical,keyAgreement,keyCertSign"); 61 string extendedKeyUsage("serverAuth,clientAuth"); 62 63 // CA cert 64 X509_REQ* ca_req = X509_REQ_new(); 65 X509* ca_cert = X509_new(); 66 EVP_PKEY* ca_key= GenerateKey(key_type, key_size); 67 if (!GenerateX509CertificateRequest(key_type, ca_common_name, ca_key, false, ca_req)) { 68 printf("Can't generate x509 request\n"); 69 return 1; 70 } 71 if (!SignX509Certificate(ca_key, true, true, issuer, keyUsage, 72 extendedKeyUsage, 365*86400, 73 ca_key, ca_req, false, ca_cert)) { 74 printf("Can't sign x509 ca request\n"); 75 return 1; 76 } 77 78 // Save cert and key. 79 byte ca_out[4096]; 80 byte* ca_ptr = ca_out; 81 int ca_der_size = i2d_X509(ca_cert, &ca_ptr); 82 if (ca_der_size <= 0) { 83 printf("Can't der encode ca cert\n"); 84 return 1; 85 } 86 ca_cert_string.assign((const char*) ca_out, ca_der_size); 87 if (!SerializePrivateKey(key_type, ca_key, &ca_key_string)) { 88 printf("Can't serialize ca key\n"); 89 return 1; 90 } 91 string ca_cert_file_name = path + "/ca_cert"; 92 if (!WriteFile(ca_cert_file_name, ca_cert_string)) { 93 printf("Can't write ca cert\n"); 94 return 1; 95 } 96 string ca_key_file_name = path + "/ca_key"; 97 if (!WriteFile(ca_key_file_name, ca_key_string)) { 98 printf("Can't write ca key\n"); 99 return 1; 100 } 101 102 // server cert 103 X509_REQ* server_req = X509_REQ_new(); 104 X509* server_cert = X509_new(); 105 EVP_PKEY* server_key= GenerateKey(key_type, key_size); 106 if (!GenerateX509CertificateRequest(key_type, server_common_name, server_key, false, server_req)) { 107 printf("Can't generate x509 request\n"); 108 return 1; 109 } 110 if (!SignX509Certificate(ca_key, true, true, issuer, keyUsage, 111 extendedKeyUsage, 365*86400, server_key, 112 server_req, false, server_cert)) { 113 printf("Can't sign x509 ca request\n"); 114 return 1; 115 } 116 117 // Save cert and key. 118 byte server_out[4096]; 119 byte* server_ptr = server_out; 120 int server_der_size = i2d_X509(server_cert, &server_ptr); 121 if (server_der_size <= 0) { 122 printf("Can't der encode server cert\n"); 123 return 1; 124 } 125 server_cert_string.assign((const char*) server_out, server_der_size); 126 if (!SerializePrivateKey(key_type, server_key, &server_key_string)) { 127 printf("Can't serialize server key\n"); 128 return 1; 129 } 130 string server_cert_file_name = path + "/server_cert"; 131 if (!WriteFile(server_cert_file_name, server_cert_string)) { 132 printf("Can't write server cert\n"); 133 return 1; 134 } 135 string server_key_file_name = path + "/server_key"; 136 if (!WriteFile(server_key_file_name, server_key_string)) { 137 printf("Can't write server key\n"); 138 return 1; 139 } 140 141 // client cert 142 X509_REQ* client_req = X509_REQ_new(); 143 X509* client_cert = X509_new(); 144 EVP_PKEY* client_key= GenerateKey(key_type, key_size); 145 if (!GenerateX509CertificateRequest(key_type, client_common_name, client_key, false, client_req)) { 146 printf("Can't generate x509 request\n"); 147 return 1; 148 } 149 if (!SignX509Certificate(ca_key, true, true, issuer, keyUsage, 150 extendedKeyUsage, 365*86400, 151 client_key, client_req, false, client_cert)) { 152 printf("Can't sign x509 ca request\n"); 153 return 1; 154 } 155 156 // Save cert and key. 157 byte client_out[4096]; 158 byte* client_ptr = client_out; 159 int client_der_size = i2d_X509(client_cert, &client_ptr); 160 if (client_der_size <= 0) { 161 printf("Can't der encode server cert\n"); 162 return 1; 163 } 164 client_cert_string.assign((const char*) client_out, client_der_size); 165 if (!SerializePrivateKey(key_type, client_key, &client_key_string)) { 166 printf("Can't serialize server key\n"); 167 return 1; 168 } 169 string client_cert_file_name = path + "/client_cert"; 170 if (!WriteFile(client_cert_file_name, client_cert_string)) { 171 printf("Can't write server cert\n"); 172 return 1; 173 } 174 string client_key_file_name = path + "/client_key"; 175 if (!WriteFile(client_key_file_name, client_key_string)) { 176 printf("Can't write server key\n"); 177 return 1; 178 } 179 180 return 0; 181 } 182