11 #if defined( __MVS__ ) || defined( __VMCMS__ )
13 #pragma convlit( suspend )
15 #if defined( __ILEC400__ )
19 #if defined( TEST_SESSION ) || defined( TEST_SESSION_LOOPBACK )
59 {
"cryptlib",
TEXT(
"http://localhost/pkiclient.exe" ), NULL, NULL, NULL },
64 {
"SSH",
TEXT(
"http://pki.ssh.com:8080/scep/pkiclient.exe" ),
66 TEXT(
"http://pki.ssh.com:8080/scep/pkiclient.exe?operation=GetCACert&message=test-ca1.ssh.com" ) },
67 {
"OpenSCEP",
TEXT(
"http://openscep.othello.ch/pkiclient.exe" ),
68 TEXT(
"????" ),
TEXT(
"????" ), NULL },
69 {
"Entrust",
TEXT(
"http://vpncerts.entrust.com/pkiclient.exe" ),
70 TEXT(
"????" ),
TEXT(
"????" ), NULL },
71 {
"EJBCA",
TEXT(
"http://q-rl-xp:8080/ejbca/publicweb/apply/scep/pkiclient.exe" ),
73 TEXT(
"http://q-rl-xp:8080/ejbca/publicweb/webdist/certdist?cmd=nscacert&issuer=O=Test&+level=1" ) },
74 {
"SSH",
TEXT(
"http://pki.certificate.fi:8082/scep/" ),
75 NULL,
TEXT(
"scep" ), NULL },
76 {
"Microsoft NDES",
TEXT(
"http://qa4-mdm3.qa4.imdmdemo.com" ),
77 TEXT(
"cryptlibtest" ),
TEXT(
"password!1" ),
78 TEXT(
"http://qa4-mdm3.qa4.imdmdemo.com/certsrv/mscep/?operation=GetCACert&message=qa" ) }
121 static int addPKIUser(
const CRYPT_KEYSET cryptCertStore,
124 const BOOLEAN testErrorChecking )
131 puts(
"-- Adding new PKI user information --" );
139 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
157 userIdentifier, &length );
161 userIdentifier, &length );
165 userIdentifier, &length );
168 status, __LINE__ ) );
169 #ifdef UNICODE_STRINGS
182 puts(
"PKI user information is already present from a previous "
183 "run, reusing existing\n PKI user data..." );
191 puts(
"PKI user information is already present from a previous "
192 "run, deleting existing\n PKI user data..." );
196 return(
extErrorExit( cryptCertStore,
"cryptCADeleteItem()",
197 status, __LINE__ ) );
202 return(
extErrorExit( cryptCertStore,
"cryptCAAdd/GetItem()", status,
213 #ifdef UNICODE_STRINGS
223 #ifdef UNICODE_STRINGS
230 return(
attrErrorExit( cryptPKIUser,
"cryptGetAttribute()", status,
233 puts(
"-- New PKI user information ends --\n" );
237 if( !testErrorChecking )
251 if( userID[ 2 ] >=
TEXT(
'A' ) && userID[ 2 ] <
TEXT(
'Z' ) )
254 userID[ 2 ] =
TEXT(
'A' );
255 if( issuePW[ 8 ] >=
TEXT(
'A' ) && issuePW[ 8 ] <
TEXT(
'Z' ) )
258 issuePW[ 8 ] =
TEXT(
'A' );
266 puts(
"Integrity check of user ID and password failed to catch "
267 "errors in the data.\n(This check isn't foolproof and is "
268 "intended only to catch typing errors when\nentering the "
269 "data. Try running the test again to see if the problem "
283 const C_STR userName )
301 puts(
"No certificate store available, aborting CMP test.\n" );
306 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
318 extErrorExit( cryptCertStore,
"cryptCAGetItem()", status, __LINE__ );
359 printf(
"Using user name %s, password %s.\n", userID, issuePW );
369 const CERT_DATA *pkiUserCAData,
const char *protocolName )
385 printf(
"SVR: No certificate store available, aborting %s server "
386 "test.\n\n", protocolName );
395 printf(
"SVR: cryptKeysetOpen() failed with error code %d, line "
396 "%d.\n", status, __LINE__ );
404 printf(
"SVR: CA certificate store cleanup failed with error code %d, "
405 "line %d.\n", status, __LINE__ );
410 puts(
"Creating PKI user..." );
411 if( !addPKIUser( *cryptCertStore, pkiUserData, isSCEP, !isSCEP ) )
413 if( pkiUserAltData != NULL && \
414 !addPKIUser( *cryptCertStore, pkiUserAltData, isSCEP,
FALSE ) )
416 if( pkiUserCAData != NULL && \
417 !addPKIUser( *cryptCertStore, pkiUserCAData, isSCEP,
FALSE ) )
425 printf(
"SVR: CA private key read failed with error code %d, "
426 "line %d.\n", status, __LINE__ );
441 static int getScepCACert(
const C_STR caCertUrl,
456 return(
extErrorExit( cryptKeyset,
"cryptGetPublicKey()",
457 status, __LINE__ ) );
464 static int connectSCEP(
const BOOLEAN localSession,
465 const BOOLEAN userSuppliesCACert )
473 const C_STR passwordPtr;
475 const C_STR userPtr = scepInfo[ SCEP_NO ].user;
476 const C_STR passwordPtr = scepInfo[ SCEP_NO ].password;
483 printf(
"Testing %s SCEP session%s...\n", scepInfo[ SCEP_NO ].
name,
484 userSuppliesCACert ?
"" :
" with CA certificate read" );
489 printf(
"Timed out waiting for server to initialise, line %d.\n",
500 puts(
"CA certificate store doesn't contain the PKI user "
501 "information needed to\nauthenticate certificate issue "
502 "operations, can't perform SCEP test.\n" );
517 if( userSuppliesCACert )
519 if( scepInfo[ SCEP_NO ].caCertUrl != NULL )
521 if( !getScepCACert( scepInfo[ SCEP_NO ].caCertUrl,
531 printf(
"Couldn't get SCEP CA certificate, status = %d, "
532 "line %d.\n", status, __LINE__ );
543 TEXT(
"Test SCEP PKI user" ) );
546 if( userSuppliesCACert )
564 printf(
"cryptCreateSession() failed with error code %d, line %d.\n",
578 printf(
"Addition of invalid SCEP user information wasn't detected, "
579 "line %d.\n", __LINE__ );
594 scepInfo[ SCEP_NO ].url,
596 if( userSuppliesCACert )
606 printf(
"Addition of SCEP user/server information failed with error "
607 "code %d, line %d.\n", status, __LINE__ );
640 printf(
"Creation of PKCS #10 request failed with error code %d, "
641 "line %d.\n", status, __LINE__ );
655 printf(
"cryptSetAttribute() failed with error code %d, line %d.\n",
662 printExtError( cryptSession,
"Attempt to activate SCEP client "
663 "session", status, __LINE__ );
670 puts(
" (Server could be down, faking it and continuing...)\n" );
694 printf(
"cryptGetAttribute() failed with error code %d, line %d.\n",
699 puts(
"Returned certificate details are:" );
701 if( !userSuppliesCACert )
703 puts(
"Returned CA certificate details are:" );
710 if( !userSuppliesCACert )
712 puts(
"SCEP client session succeeded.\n" );
726 static int scepServer(
void )
736 puts(
"SVR: Testing SCEP server session ..." );
746 printf(
"SVR: cryptCreateSession() failed with error code %d, "
747 "line %d.\n", status, __LINE__ );
763 printf(
"SVR: cryptCreateSession() failed with error code %d, line "
764 "%d.\n", status, __LINE__ );
773 return(
attrErrorExit( cryptSession,
"SVR: cryptSetAttribute()",
774 status, __LINE__ ) );
785 return(
extErrorExit( cryptSession,
"SVR: Attempt to activate SCEP "
786 "server session", status, __LINE__ ) );
794 puts(
"SVR: SCEP session succeeded.\n" );
803 status = scepServer();
811 #ifdef WINDOWS_THREADS
813 unsigned __stdcall scepServerThread(
void *
dummy )
830 puts(
"Error: The local SCEP session test only works with SCEP_NO == 1." );
836 hThread = (
HANDLE ) _beginthreadex( NULL, 0, scepServerThread,
837 NULL, 0, &threadID );
857 puts(
"Error: The local SCEP session test only works with SCEP_NO == 1." );
868 hThread = (
HANDLE ) _beginthreadex( NULL, 0, scepServerThread,
869 NULL, 0, &threadID );
891 puts(
"Error: The local SCEP session test only works with SCEP_NO == 1." );
897 hThread = (
HANDLE ) _beginthreadex( NULL, 0, scepServerThread,
898 NULL, 0, &threadID );