diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
commit | 19fcec84d8d7d21e796c7624e521b60d28ee21ed (patch) | |
tree | 42d26aa27d1e3f7c0b8bd3fd14e7d7082f5008dc /src/libkmip/demo_destroy.c | |
parent | Initial commit. (diff) | |
download | ceph-19fcec84d8d7d21e796c7624e521b60d28ee21ed.tar.xz ceph-19fcec84d8d7d21e796c7624e521b60d28ee21ed.zip |
Adding upstream version 16.2.11+ds.upstream/16.2.11+dsupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/libkmip/demo_destroy.c')
-rw-r--r-- | src/libkmip/demo_destroy.c | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/src/libkmip/demo_destroy.c b/src/libkmip/demo_destroy.c new file mode 100644 index 000000000..f97f5e6ae --- /dev/null +++ b/src/libkmip/demo_destroy.c @@ -0,0 +1,199 @@ +/* Copyright (c) 2018 The Johns Hopkins University/Applied Physics Laboratory + * All Rights Reserved. + * + * This file is dual licensed under the terms of the Apache 2.0 License and + * the BSD 3-Clause License. See the LICENSE file in the root of this + * repository for more information. + */ + +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <stdio.h> +#include <string.h> +#include <time.h> + +#include "kmip.h" +#include "kmip_bio.h" + +void +print_help(const char *app) +{ + printf("Usage: %s [flag value | flag] ...\n\n", app); + printf("Flags:\n"); + printf("-a addr : the IP address of the KMIP server\n"); + printf("-c path : path to client certificate file\n"); + printf("-h : print this help info\n"); + printf("-i id : the ID of the symmetric key to destroy\n"); + printf("-k path : path to client key file\n"); + printf("-p port : the port number of the KMIP server\n"); + printf("-r path : path to CA certificate file\n"); +} + +int +parse_arguments(int argc, char **argv, + char **server_address, char **server_port, + char **client_certificate, char **client_key, char **ca_certificate, + char **id, + int *print_usage) +{ + if(argc <= 1) + { + print_help(argv[0]); + return(-1); + } + + for(int i = 1; i < argc; i++) + { + if(strncmp(argv[i], "-a", 2) == 0) + { + *server_address = argv[++i]; + } + else if(strncmp(argv[i], "-c", 2) == 0) + { + *client_certificate = argv[++i]; + } + else if(strncmp(argv[i], "-h", 2) == 0) + { + *print_usage = 1; + } + else if(strncmp(argv[i], "-i", 2) == 0) + { + *id = argv[++i]; + } + else if(strncmp(argv[i], "-k", 2) == 0) + { + *client_key = argv[++i]; + } + else if(strncmp(argv[i], "-p", 2) == 0) + { + *server_port = argv[++i]; + } + else if(strncmp(argv[i], "-r", 2) == 0) + { + *ca_certificate = argv[++i]; + } + else + { + printf("Invalid option: '%s'\n", argv[i]); + print_help(argv[0]); + return(-1); + } + } + + return(0); +} + +int +use_high_level_api(const char *server_address, + const char *server_port, + const char *client_certificate, + const char *client_key, + const char *ca_certificate, + char *id) +{ + /* Set up the TLS connection to the KMIP server. */ + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + OPENSSL_init_ssl(0, NULL); + ctx = SSL_CTX_new(TLS_client_method()); + + printf("\n"); + printf("Loading the client certificate: %s\n", client_certificate); + if(SSL_CTX_use_certificate_file(ctx, client_certificate, SSL_FILETYPE_PEM) != 1) + { + fprintf(stderr, "Loading the client certificate failed\n"); + ERR_print_errors_fp(stderr); + SSL_CTX_free(ctx); + return(-1); + } + + printf("Loading the client key: %s\n", client_key); + if(SSL_CTX_use_PrivateKey_file(ctx, client_key, SSL_FILETYPE_PEM) != 1) + { + fprintf(stderr, "Loading the client key failed\n"); + ERR_print_errors_fp(stderr); + SSL_CTX_free(ctx); + return(-1); + } + + printf("Loading the CA certificate: %s\n", ca_certificate); + if(SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) != 1) + { + fprintf(stderr, "Loading the CA file failed\n"); + ERR_print_errors_fp(stderr); + SSL_CTX_free(ctx); + return(-1); + } + + BIO *bio = NULL; + bio = BIO_new_ssl_connect(ctx); + if(bio == NULL) + { + fprintf(stderr, "BIO_new_ssl_connect failed\n"); + ERR_print_errors_fp(stderr); + SSL_CTX_free(ctx); + return(-1); + } + + BIO_get_ssl(bio, &ssl); + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + BIO_set_conn_hostname(bio, server_address); + BIO_set_conn_port(bio, server_port); + if(BIO_do_connect(bio) != 1) + { + fprintf(stderr, "BIO_do_connect failed\n"); + ERR_print_errors_fp(stderr); + BIO_free_all(bio); + SSL_CTX_free(ctx); + return(-1); + } + + /* Send the request message. */ + int result = kmip_bio_destroy_symmetric_key(bio, id, kmip_strnlen_s(id, 50)); + + BIO_free_all(bio); + SSL_CTX_free(ctx); + + /* Handle the response results. */ + printf("\n"); + if(result < 0) + { + printf("An error occurred while deleting object: %s\n", id); + printf("Error Code: %d\n", result); + } + else + { + printf("The KMIP operation was executed with no errors.\n"); + printf("Result: "); + kmip_print_result_status_enum(result); + printf(" (%d)\n", result); + } + + return(result); +} + +int +main(int argc, char **argv) +{ + char *server_address = NULL; + char *server_port = NULL; + char *client_certificate = NULL; + char *client_key = NULL; + char *ca_certificate = NULL; + char *id = NULL; + int help = 0; + + int error = parse_arguments(argc, argv, &server_address, &server_port, &client_certificate, &client_key, &ca_certificate, &id, &help); + if(error) + { + return(error); + } + if(help) + { + print_help(argv[0]); + return(0); + } + + int result = use_high_level_api(server_address, server_port, client_certificate, client_key, ca_certificate, id); + return(result); +} |