1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
/* Copyright (c) 2018 The Johns Hopkins University/Applied Physics Laboratory
* All Rights Reserved.
*
* This file is dual licensed under the terms of the Apache 2.0 License and
* the BSD 3-Clause License. See the LICENSE file in the root of this
* repository for more information.
*/
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "kmip.h"
#include "kmip_bio.h"
void
print_help(const char *app)
{
printf("Usage: %s [flag value | flag] ...\n\n", app);
printf("Flags:\n");
printf("-a addr : the IP address of the KMIP server\n");
printf("-c path : path to client certificate file\n");
printf("-h : print this help info\n");
printf("-i id : the ID of the symmetric key to destroy\n");
printf("-k path : path to client key file\n");
printf("-p port : the port number of the KMIP server\n");
printf("-r path : path to CA certificate file\n");
}
int
parse_arguments(int argc, char **argv,
char **server_address, char **server_port,
char **client_certificate, char **client_key, char **ca_certificate,
char **id,
int *print_usage)
{
if(argc <= 1)
{
print_help(argv[0]);
return(-1);
}
for(int i = 1; i < argc; i++)
{
if(strncmp(argv[i], "-a", 2) == 0)
{
*server_address = argv[++i];
}
else if(strncmp(argv[i], "-c", 2) == 0)
{
*client_certificate = argv[++i];
}
else if(strncmp(argv[i], "-h", 2) == 0)
{
*print_usage = 1;
}
else if(strncmp(argv[i], "-i", 2) == 0)
{
*id = argv[++i];
}
else if(strncmp(argv[i], "-k", 2) == 0)
{
*client_key = argv[++i];
}
else if(strncmp(argv[i], "-p", 2) == 0)
{
*server_port = argv[++i];
}
else if(strncmp(argv[i], "-r", 2) == 0)
{
*ca_certificate = argv[++i];
}
else
{
printf("Invalid option: '%s'\n", argv[i]);
print_help(argv[0]);
return(-1);
}
}
return(0);
}
int
use_high_level_api(const char *server_address,
const char *server_port,
const char *client_certificate,
const char *client_key,
const char *ca_certificate,
char *id)
{
/* Set up the TLS connection to the KMIP server. */
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
OPENSSL_init_ssl(0, NULL);
ctx = SSL_CTX_new(TLS_client_method());
printf("\n");
printf("Loading the client certificate: %s\n", client_certificate);
if(SSL_CTX_use_certificate_file(ctx, client_certificate, SSL_FILETYPE_PEM) != 1)
{
fprintf(stderr, "Loading the client certificate failed\n");
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
return(-1);
}
printf("Loading the client key: %s\n", client_key);
if(SSL_CTX_use_PrivateKey_file(ctx, client_key, SSL_FILETYPE_PEM) != 1)
{
fprintf(stderr, "Loading the client key failed\n");
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
return(-1);
}
printf("Loading the CA certificate: %s\n", ca_certificate);
if(SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) != 1)
{
fprintf(stderr, "Loading the CA file failed\n");
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
return(-1);
}
BIO *bio = NULL;
bio = BIO_new_ssl_connect(ctx);
if(bio == NULL)
{
fprintf(stderr, "BIO_new_ssl_connect failed\n");
ERR_print_errors_fp(stderr);
SSL_CTX_free(ctx);
return(-1);
}
BIO_get_ssl(bio, &ssl);
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(bio, server_address);
BIO_set_conn_port(bio, server_port);
if(BIO_do_connect(bio) != 1)
{
fprintf(stderr, "BIO_do_connect failed\n");
ERR_print_errors_fp(stderr);
BIO_free_all(bio);
SSL_CTX_free(ctx);
return(-1);
}
/* Send the request message. */
int result = kmip_bio_destroy_symmetric_key(bio, id, kmip_strnlen_s(id, 50));
BIO_free_all(bio);
SSL_CTX_free(ctx);
/* Handle the response results. */
printf("\n");
if(result < 0)
{
printf("An error occurred while deleting object: %s\n", id);
printf("Error Code: %d\n", result);
}
else
{
printf("The KMIP operation was executed with no errors.\n");
printf("Result: ");
kmip_print_result_status_enum(result);
printf(" (%d)\n", result);
}
return(result);
}
int
main(int argc, char **argv)
{
char *server_address = NULL;
char *server_port = NULL;
char *client_certificate = NULL;
char *client_key = NULL;
char *ca_certificate = NULL;
char *id = NULL;
int help = 0;
int error = parse_arguments(argc, argv, &server_address, &server_port, &client_certificate, &client_key, &ca_certificate, &id, &help);
if(error)
{
return(error);
}
if(help)
{
print_help(argv[0]);
return(0);
}
int result = use_high_level_api(server_address, server_port, client_certificate, client_key, ca_certificate, id);
return(result);
}
|
