1 files changed, 199 insertions, 0 deletions

diff --git a/src/libkmip/demo_destroy.c b/src/libkmip/demo_destroy.c
new file mode 100644
index 000000000..f97f5e6ae
--- /dev/null
+++ b/src/libkmip/demo_destroy.c
@@ -0,0 +1,199 @@
+/* Copyright (c) 2018 The Johns Hopkins University/Applied Physics Laboratory
+ * All Rights Reserved.
+ *
+ * This file is dual licensed under the terms of the Apache 2.0 License and
+ * the BSD 3-Clause License. See the LICENSE file in the root of this
+ * repository for more information.
+ */
+
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include "kmip.h"
+#include "kmip_bio.h"
+
+void
+print_help(const char *app)
+{
+    printf("Usage: %s [flag value | flag] ...\n\n", app);
+    printf("Flags:\n");
+    printf("-a addr : the IP address of the KMIP server\n");
+    printf("-c path : path to client certificate file\n");
+    printf("-h      : print this help info\n");
+    printf("-i id   : the ID of the symmetric key to destroy\n");
+    printf("-k path : path to client key file\n");
+    printf("-p port : the port number of the KMIP server\n");
+    printf("-r path : path to CA certificate file\n");
+}
+
+int
+parse_arguments(int argc, char **argv,
+                char **server_address, char **server_port,
+                char **client_certificate, char **client_key, char **ca_certificate,
+                char **id,
+                int *print_usage)
+{
+    if(argc <= 1)
+    {
+        print_help(argv[0]);
+        return(-1);
+    }
+    
+    for(int i = 1; i < argc; i++)
+    {
+        if(strncmp(argv[i], "-a", 2) == 0)
+        {
+            *server_address = argv[++i];
+        }
+        else if(strncmp(argv[i], "-c", 2) == 0)
+        {
+            *client_certificate = argv[++i];
+        }
+        else if(strncmp(argv[i], "-h", 2) == 0)
+        {
+            *print_usage = 1;
+        }
+        else if(strncmp(argv[i], "-i", 2) == 0)
+        {
+            *id = argv[++i];
+        }
+        else if(strncmp(argv[i], "-k", 2) == 0)
+        {
+            *client_key = argv[++i];
+        }
+        else if(strncmp(argv[i], "-p", 2) == 0)
+        {
+            *server_port = argv[++i];
+        }
+        else if(strncmp(argv[i], "-r", 2) == 0)
+        {
+            *ca_certificate = argv[++i];
+        }
+        else
+        {
+            printf("Invalid option: '%s'\n", argv[i]);
+            print_help(argv[0]);
+            return(-1);
+        }
+    }
+    
+    return(0);
+}
+
+int
+use_high_level_api(const char *server_address,
+                   const char *server_port,
+                   const char *client_certificate,
+                   const char *client_key,
+                   const char *ca_certificate,
+                   char *id)
+{
+    /* Set up the TLS connection to the KMIP server. */
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    OPENSSL_init_ssl(0, NULL);
+    ctx = SSL_CTX_new(TLS_client_method());
+    
+    printf("\n");
+    printf("Loading the client certificate: %s\n", client_certificate);
+    if(SSL_CTX_use_certificate_file(ctx, client_certificate, SSL_FILETYPE_PEM) != 1)
+    {
+        fprintf(stderr, "Loading the client certificate failed\n");
+        ERR_print_errors_fp(stderr);
+        SSL_CTX_free(ctx);
+        return(-1);
+    }
+    
+    printf("Loading the client key: %s\n", client_key);
+    if(SSL_CTX_use_PrivateKey_file(ctx, client_key, SSL_FILETYPE_PEM) != 1)
+    {
+        fprintf(stderr, "Loading the client key failed\n");
+        ERR_print_errors_fp(stderr);
+        SSL_CTX_free(ctx);
+        return(-1);
+    }
+    
+    printf("Loading the CA certificate: %s\n", ca_certificate);
+    if(SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) != 1)
+    {
+        fprintf(stderr, "Loading the CA file failed\n");
+        ERR_print_errors_fp(stderr);
+        SSL_CTX_free(ctx);
+        return(-1);
+    }
+    
+    BIO *bio = NULL;
+    bio = BIO_new_ssl_connect(ctx);
+    if(bio == NULL)
+    {
+        fprintf(stderr, "BIO_new_ssl_connect failed\n");
+        ERR_print_errors_fp(stderr);
+        SSL_CTX_free(ctx);
+        return(-1);
+    }
+    
+    BIO_get_ssl(bio, &ssl);
+    SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+    BIO_set_conn_hostname(bio, server_address);
+    BIO_set_conn_port(bio, server_port);
+    if(BIO_do_connect(bio) != 1)
+    {
+        fprintf(stderr, "BIO_do_connect failed\n");
+        ERR_print_errors_fp(stderr);
+        BIO_free_all(bio);
+        SSL_CTX_free(ctx);
+        return(-1);
+    }
+    
+    /* Send the request message. */
+    int result = kmip_bio_destroy_symmetric_key(bio, id, kmip_strnlen_s(id, 50));
+    
+    BIO_free_all(bio);
+    SSL_CTX_free(ctx);
+    
+    /* Handle the response results. */
+    printf("\n");
+    if(result < 0)
+    {
+        printf("An error occurred while deleting object: %s\n", id);
+        printf("Error Code: %d\n", result);
+    }
+    else
+    {
+        printf("The KMIP operation was executed with no errors.\n");
+        printf("Result: ");
+        kmip_print_result_status_enum(result);
+        printf(" (%d)\n", result);
+    }
+    
+    return(result);
+}
+
+int
+main(int argc, char **argv)
+{
+    char *server_address = NULL;
+    char *server_port = NULL;
+    char *client_certificate = NULL;
+    char *client_key = NULL;
+    char *ca_certificate = NULL;
+    char *id = NULL;
+    int help = 0;
+    
+    int error = parse_arguments(argc, argv, &server_address, &server_port, &client_certificate, &client_key, &ca_certificate, &id, &help);
+    if(error)
+    {
+        return(error);
+    }
+    if(help)
+    {
+        print_help(argv[0]);
+        return(0);
+    }
+    
+    int result = use_high_level_api(server_address, server_port, client_certificate, client_key, ca_certificate, id);
+    return(result);
+}