First cut of a CMS message example

svn path=/trunk/kdesupport/qca/; revision=525418
2025-05-10 09:49:33 +00:00 · 2006-04-02 00:09:59 +00:00 · 2006-04-02 00:09:59 +00:00 · 65a804dc0c
commit 65a804dc0c
parent b79efbe44d
5 changed files with 258 additions and 0 deletions
--- a/examples/cms/User.pem
+++ b/examples/cms/User.pem
@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBvMQswCQYDVQQGEwJkZTEg
+MB4GA1UEChMXSW5zZWN1cmVUZXN0Q2VydGlmaWNhdGUxFzAVBgNVBAMTDkZvciBU
+ZXN0cyBPbmx5MSUwIwYJKoZIhvcNAQkBFhZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJl
+MB4XDTAxMDgxNzA4MzIzOFoXDTA2MDgxNjA4MzIzOFoweDELMAkGA1UEBhMCZGUx
+IDAeBgNVBAoTF0luc2VjdXJlVGVzdENlcnRpZmljYXRlMSAwHgYDVQQDExdJbnNl
+Y3VyZSBVc2VyIFRlc3QgQ2VydDElMCMGCSqGSIb3DQEJARYWaW5zZWN1cmVAdGVz
+dC5pbnNlY3VyZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArCM8+V7VH46Y
+bMtgOaqFc8vCSBpSeL5hnHN3uwEH8/OqwKaO9hMP15lFpzEJOIPMVtOSLCg4dJy
+eS3azL3/B+4qDVqbCgKSXDMKhBDKKw0TvfhN4tgfmvy0rpgMHYApfyRdewnvKgV
+YkI+sDwupmZJo87kuvPM2JzbV/DNAyMCAwEAAaOCAYIwggF+MAsGA1UdDwQEAwIE
+8DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFIiefvcp
+cZ17KA82Gq5tANOd4arbMIGZBgNVHSMEgZEwgY6AFL9TQ4J40J7DgOUbZ8oFAN+5
+SIOloXOkcTBvMQswCQYDVQQGEwJkZTEgMB4GA1UEChMXSW5zZWN1cmVUZXN0Q2Vy
+dGlmaWNhdGUxFzAVBgNVBAMTDkZvciBUZXN0cyBPbmx5MSUwIwYJKoZIhvcNAQkB
+FhZpbnNlY3VyZUB0ZXN0Lmluc2VjdXJlggEAMCEGA1UdEQQaMBiBFmluc2VjdXJl
+QHRlc3QuaW5zZWN1cmUwIQYDVR0SBBowGIEWaW5zZWN1cmVAdGVzdC5pbnNlY3Vy
+ZTARBglghkgBhvhCAQEEBAMCBaAwPAYJYIZIAYb4QgENBC8WLVRoaXMgY2VydGlm
+aWNhdGUgd2FzIGlzc3VlZCBmb3IgdGVzdGluZyBvbmx5ITANBgkqhkiG9w0BAQQF
+AAOCAQEAeRBEcR/xp4pLH3VbQmTbZEGjVEBDxNAapsdIDrKB1ecA3JMhZDjweKc4
+MG5M+FQ5hcCT8kSi+6bL15BJRyyMB4727NRSC1i/2VkZmUGhhk3AR9UjsvrCC00D
+gPuHdQPrIxl9+CK26ypATizb5VapzmoBc2B/dWeVh+KJbEkgTudfFj98Dqn8kiUn
+bqbC3OMPa1uiez8oer8h6OAyOinmx0atjTqS5SOLI+2+p1lpMHMhodn4jgmd8Pms
+KQ0jMyA0ZQ1tozQXOw9VpRYegsm8LMq0emdfybxpwGbrCIIk7BXjBIDrhYbnb3GK
+blykzt4bqOeDtJuTgyBOS3Ldxqgfzg==
+-----END CERTIFICATE-----
--- a/examples/cms/Userkey.pem
+++ b/examples/cms/Userkey.pem
@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCsIzz5XtUfjpj5sy2A5qoVzy8JIGlJ4vmGcc3e7AQfz86rApo7
+2Ew/XmUWnMQk4g8xW05IsKDh0nL55LdrMvf8H7ioNWpsKApJcMwqEEMorDRO9+E3
+i2B+a/LSumAwdgCl/JF17Ce8qBViQj6wPC6mZkmjzuS688zYnNtX8M0DIwIDAQAB
+AoGAUmPrY1BIofoWri1csj21Wwr3cF7bBkplNDx0VSaSMse8G437VHmKxSnhKJmQ
+KDcrHmydY51m469e6MzYHa8fkfwFiqRhBE7rSw9n0K1sqzU6fJYXgpxdV+GOQcKw
+v+Lu+o6ej4BGQ7woJZXOiC3GDiWu3rC91UNC9eC74yCGuAECQQDhd36m/M9Bjw+C
+pNi55oFGdOCaiL+OT9I3Gt2+7MIo4d2YGvhl8Nr3PC6bEq1DzoWiaE+qxE3JFZdp
+J2+F0fCjAkEAw3LsfrqVZH5HW57csAapmhA+oiCTP3cDDObQ3pKNi3sfYKq8u+aK
+93XAbw3+sPaWlQbVnQF+2fNxOZB9TqFLgQJALVw+Fdhs1hKzGySRGa1/Oq6O9Wgn
+qbjzYPS9wgid812lmFFswg2X7/+inL5AL5EgH5F+3atKvvbiFFzDuheHowJAHwiS
+cJTjv68lWXDiDbkhGOtXZprRhpQ5EcVciNqwSuNj2g+CJDu4+Q3jXj7Un/indEY/
+iMyB/c1fvwooO2H1AQJAEmlUKcfUMdMKbsnqcBfUcge3POdb06pXDpZ/+X0g2OBE
+1fTIQgPgP6y+Ucp/WCW6l2pEJtt26KI5kEp31WSbHA==
+-----END RSA PRIVATE KEY-----
--- a/examples/cms/cms.pro
+++ b/examples/cms/cms.pro
@ -0,0 +1,7 @@
+TEMPLATE  = app
+CONFIG   += thread console
+TARGET    = cmsexample
+QT       -= gui
+
+SOURCES += cmsexample.cpp
+include(../examples.pri)
--- a/examples/cms/cmsexample.cpp
+++ b/examples/cms/cmsexample.cpp
@ -0,0 +1,209 @@
+/*
+ Copyright (C) 2003 Justin Karneges
+ Copyright (C) 2005-2006 Brad Hards <bradh@frogmouth.net>
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ 
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ 
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+ AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+ AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+
+#include <QtCore>
+
+#include <QtCrypto>
+
+int main(int argc, char** argv)
+{
+    // the Initializer object sets things up, and 
+    // also does cleanup when it goes out of scope
+    QCA::Initializer init;
+
+    QCoreApplication app(argc, argv);
+
+    // We need to ensure that we have certificate handling support
+    if ( !QCA::isSupported( "cert" ) ) {
+	qWarning() << "Sorry, no PKI certificate support";
+    	return 1;
+    }
+
+    // Read in a public key cert
+    // you could also build this using the fromPEMFile() method
+    QCA::Certificate pubCert( "User.pem" );
+    if ( pubCert.isNull() ) {
+	qWarning() << "Sorry, could not import public key certificate";
+	return 1;
+    }
+    // We are building the certificate into a SecureMessageKey object, via a 
+    // CertificateChain
+    QCA::SecureMessageKey secMsgKey;
+    QCA::CertificateChain chain;
+    chain += pubCert;
+    secMsgKey.setX509CertificateChain( chain );
+
+    // build up a SecureMessage object, based on our public key certificate
+    if ( !QCA::isSupported( "cms" ) ) {
+	qWarning() << "Sorry, no CMS support";
+    	return 1;
+    }
+    QCA::CMS cms;
+    QCA::SecureMessage msg(&cms);
+    msg.setRecipient(secMsgKey);
+
+    // Some plain text - we use the first comamnd line argument if provided
+    QByteArray plainText = (argc >= 2) ? argv[1] : "What do ya want for nuthin'";
+
+    // Now use the SecureMessage object to encrypt the plain text.
+    msg.startEncrypt();
+    msg.update(plainText);
+    msg.end();
+    // I think it is reasonable to wait for 1 second for this
+    msg.waitForFinished(1000);
+
+    // check to see if it worked
+    if(!msg.success())
+    {
+	qWarning() << "Error encrypting: " << msg.errorCode();
+	return 1;
+    }
+
+    // get the result
+    QByteArray cipherText = msg.read();
+    QCA::Base64 enc;
+    qDebug() << "'" << plainText.data() << "' encrypts to (in base 64): ";
+    qDebug() << enc.arrayToString( cipherText );
+    qDebug() << "Message uses" << msg.hashName() << "hashing algorithm";
+    qDebug();
+
+    // Show we can decrypt it with the private key
+
+    // Read in a private key
+    QCA::PrivateKey privKey;
+    QCA::ConvertResult convRes;
+    QSecureArray passPhrase = "start";
+    privKey = QCA::PrivateKey::fromPEMFile( "Userkey.pem", passPhrase, &convRes );
+    if ( convRes != QCA::ConvertGood ) {
+	qWarning() << "Sorry, could not import Private Key";
+	return 1;
+    }
+
+    QCA::SecureMessageKey secMsgKey2;
+    // needed?
+    secMsgKey2.setX509CertificateChain( chain );
+    secMsgKey2.setX509PrivateKey(privKey);
+    QCA::SecureMessageKeyList privKeyList;
+    privKeyList += secMsgKey2;
+
+    // build up a SecureMessage object, based on the private key
+    // you could re-use the existing QCA::CMS object (cms), but
+    // this example simulates encryption and one end, and decryption
+    // at the other
+    QCA::CMS anotherCms;
+    anotherCms.setPrivateKeys( privKeyList );
+
+    QCA::SecureMessage msg2( &anotherCms );
+    msg2.setRecipient( secMsgKey2 );
+
+    msg2.startDecrypt();
+    msg2.update( cipherText );
+    msg2.end();
+    
+    // I think it is reasonable to wait for 1 second for this
+    msg2.waitForFinished(1000);
+
+    // check to see if it worked
+    if(!msg2.success())
+    {
+	qWarning() << "Error encrypting: " << msg2.errorCode();
+	return 1;
+    }
+
+    QSecureArray plainTextResult = msg2.read();
+
+    qDebug() << enc.arrayToString( cipherText ) 
+	     << " (in base 64) decrypts to: "
+	     << plainTextResult.data();
+
+    if (msg2.wasSigned()) {
+	qDebug() << "Message was signed at "
+		 << msg2.signer().timestamp();
+    } else {
+	qDebug() << "Message was not signed";
+    }
+
+    qDebug() << "Message used" << msg2.hashName() << "hashing algorithm";
+
+    qDebug();
+
+    // Now we want to try a signature
+    QByteArray text("Got your message");
+
+    // Re-use the CMS and SecureMessageKeyList objects from the decrypt...
+    QCA::SecureMessage signing( &anotherCms );
+    signing.setSigners(privKeyList);
+
+    signing.startSign(QCA::SecureMessage::Clearsign);
+    signing.update(text);
+    signing.end();
+
+    // I think it is reasonable to wait for 1 second for this
+    signing.waitForFinished(1000);
+
+    // check to see if it worked
+    if(!signing.success())
+    {
+	qWarning() << "Error signing: " << signing.errorCode();
+	return 1;
+    }
+
+    // get the result
+    QByteArray signedMessage = signing.signature();
+
+    qDebug() << "'" << text.data() << "', when signed and converted to base 64, is: ";
+    qDebug() << enc.arrayToString( signedMessage );
+    qDebug() << "Message uses" << signing.hashName() << "hashing algorithm";
+    qDebug();
+
+
+    // Now we go back to the first CMS, and re-use that.
+    QCA::SecureMessage verifying( &cms );
+
+    verifying.startVerify();
+    verifying.update(signedMessage);
+    verifying.end();
+
+    verifying.waitForFinished(1000);
+
+    // check to see if it worked
+    if(!verifying.success())
+    {
+	qWarning() << "Error verifying: " << verifying.errorCode();
+	return 1;
+    }
+
+    QCA::SecureMessageSignature sign;
+    sign = verifying.signer();
+    // todo: dump some data out about the signer
+
+    if(verifying.verifySuccess())
+    {
+	qDebug() << "Message verified";
+    } else {
+	qDebug() << "Message failed to verify";
+    }
+
+    return 0;
+}
+
--- a/examples/examples.pro
+++ b/examples/examples.pro
@ -5,6 +5,7 @@ SUBDIRS += \
 	base64test \
 	certtest \
 	ciphertest \
+	cms \
 	hashtest \
 	hextest \
 	mactest \