x400_msrcv_msg_tok_sign.c

/*  Copyright (c) 2009-2025, Isode Limited, London, England.
 *  All rights reserved.
 *                                                                       
 *  Acquisition and use of this software and related materials for any      
 *  purpose requires a written licence agreement from Isode Limited,
 *  or a written licence from an organisation licenced by Isode Limited
 *  to grant such a licence.
 *
 */
 
/* 
 *
 * @VERSION@
 *
 * Simple example program for receiving a message from a store.
 * The security environment is set up so that signed messages
 * will have per message MOAC signatures and recipient Message Token 
 * signatures verified.
 *
 * Note that a valid Digital Identity is no longer required in order to 
 * perform verification. Instead the name of a directory containing trusted,
 * self signed certificates in DER form can be passed in.
 */
 
#include "example.h"
#include "ms_example.h"
 
#include <isode/base/compat.h>
 
#include <seclabel_api.h> /* For security labels */
#include <stdio.h>
#include <stdlib.h>
#include <x400_msapi.h>
 
#define XML_BUFSIZE 1024
 
int num_unsigned_rcvd;
int num_unverified_rcvd;
int num_verified_rcvd;
int num_messages_rcvd;
int num_reports_rcvd;
int num_ipns_rcvd;
 
static char *optstr = "u37m:d:p:w:M:D:P:W:e:b:x:EY:U:I";
 
static void usage(void);
 
static int get_msg(struct X400msSession *sp);
 
static void setup_default_new_sec_env(struct X400msSession *sp, char *sec_trusted_cert_dir);
 
static void setup_default_old_sec_env(struct X400msSession *sp, char *id, char *dn, char *pw /* passphrase for private key in pkcs12 file */
);
 
static void report_msg_token_info(struct X400Recipient *rp);
 
static int get_sec_label(struct X400msMessage *mp);
 
static void print_sec_label(unsigned char slab_buffer[], unsigned int length);
 
static int get_cic(struct X400Recipient *rp);
 
static int get_4406_info(struct X400msMessage *mp);
 
static void show_recip_certificate(struct X400Recipient *rp, int certtype, const char *tag);
 
static void show_message_certificate(struct X400msMessage *mp, const char *tag);
 
static void show_certificate(struct X400Certificate *cert, const char *tag);
 
static int handle_ipn(struct X400msMessage *mp);
 
static int handle_msg(struct X400msSession *sp, struct X400msMessage *mp);
 
static int send_ipn(struct X400msSession *sp, struct X400msMessage *mp, struct X400msMessage **ipn);
 
static int do_report(struct X400msSession *sp, struct X400msMessage *mp);
 
int main(int argc, char **argv) {
    char buffer[BUFSIZ];
    char pa[BUFSIZ];
    char orn[BUFSIZ];
    int status;
    int nummsg;
    struct X400msSession *sp;
    int contype;
    char *def_oraddr;
    char *def_dn;
    char *def_pa;
 
    if (get_args(argc, argv, optstr)) {
        usage();
        exit(-1);
    }
 
    printf("Connection type (0 = P7, 1 = P3 submit only, 2 = P3 both directions) [%d]: ", x400_contype);
    contype = ic_fgetc(x400_contype, stdin);
    if (contype != 10) {
        ic_fgetc(x400_contype, stdin);
    }
 
    if (contype < '0' || '2' < contype) {
        contype = x400_contype;
    }
    else {
        contype -= '0';
    }
 
    if (contype == 0) {
        def_oraddr = x400_ms_user_addr;
        def_dn = x400_ms_user_dn;
        def_pa = x400_ms_presentation_address;
    }
    else {
        def_oraddr = x400_mta_user_addr;
        def_dn = x400_mta_user_dn;
        def_pa = x400_mta_presentation_address;
    }
 
    printf("Your ORAddress [%s] > ", def_oraddr);
    ic_fgets(orn, sizeof orn, stdin);
 
    if (orn[strlen(orn) - 1] == '\n') {
        orn[strlen(orn) - 1] = '\0';
    }
 
    if (orn[0] == '\0') {
        strcpy(orn, def_oraddr);
    }
 
    /* Prompt for password; note: reflected. */
    printf("Password [%s]: ", contype == 0 ? x400_p7_password : x400_p3_password);
    if (ic_fgets(buffer, sizeof buffer, stdin) == NULL) {
        exit(1);
    }
 
    if (buffer[strlen(buffer) - 1] == '\n') {
        buffer[strlen(buffer) - 1] = '\0';
    }
    if (buffer[0] == '\0') {
        strcpy(buffer, contype == 0 ? x400_p7_password : x400_p3_password);
    }
 
    printf("Presentation Address [%s] > ", def_pa);
    ic_fgets(pa, sizeof pa, stdin);
 
    if (pa[strlen(pa) - 1] == '\n') {
        pa[strlen(pa) - 1] = '\0';
    }
 
    if (pa[0] == '\0') {
        strcpy(pa, def_pa);
    }
 
    status = X400msOpen(contype, orn, def_dn, buffer, pa, &nummsg, &sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in Open: %s\n", X400msError(status));
        exit(status);
    }
 
    /* setup logging from $(ETCDIR)x400api.xml or $(SHAREDIR)x400api.xml */
    X400msSetStrDefault(sp, X400_S_LOG_CONFIGURATION_FILE, "x400api.xml", 0);
 
    if (nummsg == 0) {
        printf("no messages - waiting for a message to be delivered.....\n");
    }
    else {
        printf("%d messages waiting\n", nummsg);
    }
 
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n", X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got first\n");
 
    do {
        fprintf(stderr, "================================================\n");
        status = get_msg(sp);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error in getting msg: %s\n", X400msError(status));
            exit(status);
        }
    } while (until_no_more_msgs);
 
    status = X400msClose(sp);
    printf("%d num_messages_rcvd\n", num_messages_rcvd);
    printf("%d num_reports_rcvd\n", num_reports_rcvd);
    printf("%d num_unsigned_rcvd\n", num_unsigned_rcvd);
    printf("%d num_unverified_rcvd\n", num_unverified_rcvd);
    printf("%d num_verified_rcvd\n", num_verified_rcvd);
    printf("%d num_ipns_rcvd\n", num_ipns_rcvd);
    return (status);
}
 
static int get_msg(struct X400msSession *sp) {
    int status;
    int nummsg;
    int type;
    int seqn;
    struct X400msMessage *mp;
    int intparam;
 
    printf("Waiting for new messages for 10 seconds\n");
    status = X400msWait(sp, 10, &nummsg);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from Wait: %s\n", X400msError(status));
        // Tidily close the session.
        status = X400msClose(sp);
        printf("%d num_messagese_rcvd\n", num_messages_rcvd);
        printf("%d num_reports_rcvd\n", num_reports_rcvd);
        printf("%d num_unsigned_rcvd\n", num_unsigned_rcvd);
        printf("%d num_unverified_rcvd\n", num_unverified_rcvd);
        printf("%d num_verified_rcvd\n", num_verified_rcvd);
        exit(status);
    }
 
    /* Set up the security environment.
     *
     * In R15.0 this need only be the name of a trusted certificate directory.
     *
     * Prior to R15.0, the ID is specified as a pathname, in which the 
     * subdirectory "x509" is expected to contain one or more PKCS12
     * files. The appropriate Digital Identity is determined from the 
     * DN of the subject, and the passphrase is used to decrypt the
     * private key. NB even though we're not going to use our cert,
     * (as we're going to use the cert in the message to check the MOAC
     * we need to do this due to a limitation in the underlying X.509
     * layer. 
     */
    if (use_new_sec_env) {
        setup_default_new_sec_env(sp, trusted_ca_certs_dir);
    }
    else {
        setup_default_old_sec_env(sp, security_id, identity_dn, passphrase);
    }
 
    /* Turn off legacy bahaviour in which  MOAC verification failure 
     * returns X400_E_NOERROR.
     * We will now get X400_E_X509_VERIFY_FAILURE from MsgGet
     * if/when the verification fails 
     */
    X400msSetIntDefault(sp, X400_B_RETURN_VERIFICATION_ERRORS, 1);
 
    printf("Getting message\n");
 
    status = X400msMsgGet(sp, 0, &mp, &type, &seqn);
    switch (status) {
        case X400_E_NOERROR:
            fprintf(stderr, "MsgGet successfully got message\n");
            break;
        default:
            fprintf(stderr, "Error from MsgGet: %s\n", X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
            break;
    }
 
    if (type != X400_MSG_MESSAGE) {
        /**********************************/
        /* Report on the received Report */
        /**********************************/
        status = do_report(sp, mp);
        return (status);
    }
 
    /**********************************/
    /* Report on the received Message */
    /**********************************/
 
    status = X400msMsgGetIntParam(mp, X400_N_IS_IPN, &intparam);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetIntParam (X400_N_IS_IPN): %s\n", X400msError(status));
    }
    else {
        printf("Type of Message: %d\n", intparam);
        if (intparam != 0) {
            /**********************************/
            /* Report on the received IPN */
            /**********************************/
            printf("Received an IPN\n");
            num_ipns_rcvd++;
            handle_ipn(mp);
            status = X400msMsgDelete(mp, 0);
            return status;
        }
    }
    /* we have received a message */
    num_messages_rcvd++;
    status = handle_msg(sp, mp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from handle_msg: %s\n", X400msError(status));
        return status;
    }
    if (gen_ipn) {
        struct X400msMessage *ipn;
        status = send_ipn(sp, mp, &ipn);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from send_ipn: %s\n", X400msError(status));
        }
        // Deletes message in message store as well as internal copy.
        status = X400msMsgDelete(mp, 0);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from X400msMsgDelete (subject message)%s\n", X400msError(status));
        }
 
        status = X400msMsgDelete(ipn, 0);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from X400msMsgDelete (IPN)%s\n", X400msError(status));
        }
        return status;
    }
    else {
        // Deletes message in message store as well as internal copy.
        status = X400msMsgDelete(mp, 0);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from X400msMsgDelete (IPN)%s\n", X400msError(status));
        }
        return status;
    }
    return X400_E_NOERROR;
}
 
static int do_report(struct X400msSession *sp, struct X400msMessage *mp) {
    char buffer[BUFSIZ];
    size_t length;
    int intparam;
    char recipient_str[BUFSIZ];
    int status;
    int n;
    struct X400Recipient *rp;
 
    /**********************************/
    /* Report on the received Report */
    /**********************************/
    num_reports_rcvd++;
    fprintf(stderr, "Got a report (printing only some attributes)\n");
 
    // Get the Message Identifier of the Subject message.
    status = X400msMsgGetStrParam(mp, X400_S_SUBJECT_IDENTIFIER, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam: %s\n", X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
    }
    printf("Subject Identifier: %.*s\n", (int)length, buffer);
 
    /* Get the primary recipients */
    for (n = 1;; n++) {
        status = X400msRecipGet(mp, X400_RECIP_REPORT, n, &rp);
        if (status == X400_E_NO_RECIP) {
            break;
        }
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from RecipGet: %s\n", X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
 
        /* Note: recipient may not actually have an O/R address */
        status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS, recipient_str, sizeof recipient_str, &length);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from RecipGetStrParam: %s\n", X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
        /* print out the O/R Address of the report */
        printf("Delivery Report for recipient %d: %.*s\n", n, (int)length, recipient_str);
 
        /* The original message delivery time, if this attribute exists, 
         * then the report is a positive Delivery Report */
        status = X400msRecipGetStrParam(rp, X400_S_MESSAGE_DELIVERY_TIME, buffer, sizeof buffer, &length);
 
        if (status == X400_E_NOERROR) {
            /* Positive Delivery Report */
            printf("Delivery Time: %.*s\n", (int)length, buffer);
        }
        else {
            /* Negative Delivery Report */
            printf("Negative Delivery Report for recipient %d: %.*s\n", n, (int)length, recipient_str);
 
            /* Supplementary Info to the report */
            status = X400msRecipGetStrParam(rp, X400_S_SUPPLEMENTARY_INFO, buffer, sizeof buffer, &length);
            if (status != X400_E_NOERROR) {
                fprintf(stderr, "Error from RecipGetStrParam: %s\n", X400msError(status));
                buffer[0] = '\0';
            }
            printf("Supplementary Info: %.*s\n", (int)length, buffer);
 
            /* The reason why the message was not delivered */
            status = X400msRecipGetIntParam(rp, X400_N_NON_DELIVERY_REASON, &intparam);
            if (status != X400_E_NOERROR) {
                fprintf(stderr, "Error from RecipGetIntParam: %s\n", X400msError(status));
            }
            printf("Non-Delivery Reason: %d\n", intparam);
 
            /* The diagnostics of the report for this recipient */
            status = X400msRecipGetIntParam(rp, X400_N_NON_DELIVERY_DIAGNOSTIC, &intparam);
            if (status != X400_E_NOERROR) {
                fprintf(stderr, "Error from RecipGetIntParam: %s\n", X400msError(status));
            }
            printf("Non-Delivery Diagnostic: %d\n", intparam);
        }
    }
 
    status = X400msMsgDelete(mp, 0);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from X400msMsgDelete: %s\n", X400msError(status));
    }
    return status;
}
 
static int handle_ipn(struct X400msMessage *mp) {
    struct X400Recipient *rp;
    int status;
    char buffer[BUFSIZ];
    size_t length;
    int intparam;
 
    /* The X400_S_OR_ADDRESS in the message is the IPN originator */
    /* not clear why X400_ORIGINATOR doesn;t work */
    status = X400msMsgGetStrParam(mp, X400_S_OR_ADDRESS, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_OR_ADDRESS): %s\n", X400msError(status));
    }
    else {
        printf("IPN Originator: %.*s\n", (int)length, buffer);
    }
 
    /* Obtain the envelope recipient address */
    status = X400msRecipGet(mp, X400_RECIP_ENVELOPE, 1, &rp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from X400msRecipGet (X400_RECIP_ENVELOPE): %s\n", X400msError(status));
    }
    else {
        status = X400RecipGetStrParam(rp, X400_S_OR_ADDRESS, buffer, sizeof buffer, &length);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from X400RecipGetStrParam (X400_S_OR_ADDRESS): %s\n", X400msError(status));
        }
        else {
 
            buffer[length] = '\0';
            printf("IPN Recipient: %.*s\n", (int)length, buffer);
        }
    }
 
    /* The subject message identifier */
    status = X400msMsgGetStrParam(mp, X400_S_SUBJECT_IPM, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_SUBJECT_IPM): %s\n", X400msError(status));
    }
    else {
        printf("Subject Message Identifier: %.*s\n", (int)length, buffer);
    }
 
    /* The conversion EITs */
    status = X400msMsgGetStrParam(mp, X400_S_CONVERSION_EITS, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_CONVERSION_EITS): %s\n", X400msError(status));
    }
    else {
        printf("conversion EITs: %.*s\n", (int)length, buffer);
    }
 
    /* non-receipt reason */
    status = X400msMsgGetIntParam(mp, X400_N_NON_RECEIPT_REASON, &intparam);
    if (status == X400_E_NOERROR) {
        printf(" non-receipt reason: %d\n", intparam);
    }
    else {
        fprintf(stderr, "Error getting non-receipt reason: %s\n", X400msError(status));
    }
 
    /* discard reason */
    status = X400msMsgGetIntParam(mp, X400_N_DISCARD_REASON, &intparam);
    if (status == X400_E_NOERROR) {
        printf("discard reason: %d\n", intparam);
    }
    else {
        fprintf(stderr, "Error getting discard reason: %s\n", X400msError(status));
    }
 
    /* Autoforward comment */
    status = X400msMsgGetStrParam(mp, X400_S_AUTOFORWARD_COMMENT, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_AUTOFORWARD_COMMENT): %s\n", X400msError(status));
    }
    else {
        printf("autoforward comment: %.*s\n", (int)length, buffer);
    }
 
    /* Time of receipt: UTCTime format */
    status = X400msMsgGetStrParam(mp, X400_S_RECEIPT_TIME, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam(X400_S_RECEIPT_TIME): %s\n", X400msError(status));
    }
    else {
        printf(" Time of receipt: (UTCTime format): %.*s\n", (int)length, buffer);
    }
 
    /*  Acknowledgement mode: 0 - manual; 1 -automatic */
    status = X400msMsgGetIntParam(mp, X400_N_ACK_MODE, &intparam);
    if (status == X400_E_NOERROR) {
        printf(" Acknowledgement mode: (0 - manual; 1 -automatic): %d\n", intparam);
    }
    else {
        fprintf(stderr, "Error getting Acknowledgement mode: %s\n", X400msError(status));
    }
 
    /* Supplementary information associated with IPN */
    status = X400msMsgGetStrParam(mp, X400_S_SUPP_RECEIPT_INFO, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_SUPP_RECEIPT_INFO): %s\n", X400msError(status));
        /* tidily close the session */
        /* status = X400msClose(sp);
        exit(status);
        */
    }
    else {
        printf("  Supplementary information: %.*s\n", (int)length, buffer);
    }
    status = X400msMsgGetIntParam(mp, X400_N_CONTENT_TYPE, &intparam);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetIntParam (X400_N_CONTENT_TYPE,): %s\n", X400msError(status));
    }
    else {
        printf("Content Type: %d\n", intparam);
    }
 
    return X400_E_NOERROR;
}
 
static int handle_msg(struct X400msSession *sp, struct X400msMessage *mp) {
    int status;
    int intparam;
    size_t length;
    char buffer[BUFSIZ];
    struct X400Recipient *rp;
    int n;
 
    /* Size */
    status = X400msMsgGetIntParam(mp, X400_N_CONTENT_LENGTH, &intparam);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetIntParam: %s\n", X400msError(status));
    }
    printf("Size of Message: %d\n", intparam);
 
    /* content type */
    status = X400msMsgGetIntParam(mp, X400_N_CONTENT_TYPE, &intparam);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetIntParam (X400_N_CONTENT_TYPE,): %s\n", X400msError(status));
    }
    else {
        printf("Content Type: %d\n", intparam);
    }
 
    /* The external content type */
    status = X400msMsgGetStrParam(mp, X400_S_EXTERNAL_CONTENT_TYPE, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_EXTERNAL_CONTENT_TYPE): %s\n", X400msError(status));
    }
    else {
        printf("External Content Type: %.*s\n", (int)length, buffer);
    }
 
    /* The message identifier */
    status = X400msMsgGetStrParam(mp, X400_S_MESSAGE_IDENTIFIER, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam: %s\n", X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
    }
    printf("Message Identifier: %.*s\n", (int)length, buffer);
 
    /* display any PCT info available */
    get_4406_info(mp);
 
    /* The ORADDRESS in the message is the (envelope) originator */
    status = X400msMsgGetStrParam(mp, X400_S_OR_ADDRESS, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam: %s\n", X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
    }
    printf("Originator: %.*s\n", (int)length, buffer);
 
    /* Get the envelope recipients */
    for (n = 1;; n++) {
        status = X400msRecipGet(mp, X400_RECIP_ENVELOPE, n, &rp);
        if (status == X400_E_NO_RECIP) {
            break;
        }
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from RecipGet (envelope): %s\n", X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
 
        /* Note: recipient may not actually have an O/R address */
        status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS, buffer, sizeof buffer, &length);
        if (status == X400_E_NOERROR) {
            printf("Env Recipient %d: %.*s\n", n, (int)length, buffer);
        }
 
        // Get back status of the Proof Of Del Request in the recipient.
        status = X400msRecipGetIntParam(rp, X400_N_PROOF_OF_DEL_REQ, &intparam);
        if (status == X400_E_NOERROR) {
            printf("Recipient proof of delivery request is %d\n", intparam);
        }
        else {
            fprintf(stderr, "Error getting proof of delivery request: %s\n", X400msError(status));
        }
 
        /* report content integrity check info if available */
        get_cic(rp);
 
        /* return MessageToken info if available */
        report_msg_token_info(rp);
 
        /* get and display the seccurity label if available */
        get_sec_label(mp);
    }
 
    /* Get the primary recipients */
    for (n = 1;; n++) {
        status = X400msRecipGet(mp, X400_RECIP_PRIMARY, n, &rp);
        if (status == X400_E_NO_RECIP) {
            break;
        }
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from RecipGet (primary): %s\n", X400msError(status));
            /* This is allowed, so continue reading the message */
            break;
        }
 
        /* Note: recipient may not actually have an O/R address */
        status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS, buffer, sizeof buffer, &length);
        if (status == X400_E_NOERROR) {
            printf("Primary Recipient %d: %.*s\n", n, (int)length, buffer);
        }
 
        status = X400msRecipGetIntParam(rp, X400_N_PRECEDENCE, &intparam);
        if (status == X400_E_NOERROR) {
            printf("Primary Recipient Precedence %d\n", intparam);
        }
        else {
            fprintf(stderr, "Error getting Primary Recipient Precedence : %s\n", X400msError(status));
        }
    }
 
    /* Subject is optional */
    status = X400msMsgGetStrParam(mp, X400_S_SUBJECT, buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR) {
        printf("Subject: %.*s\n", (int)length, buffer);
    }
 
    /* And message text (or it could be another type) */
    status = X400msMsgGetStrParam(mp, X400_T_IA5TEXT, buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR) {
        printf("Text:\n%.*s\n", (int)length, buffer);
    }
    else {
        printf("No IA5 Text content (%d: %s)\n", status, X400msError(status));
    }
 
    /* get all the attachments */
    printf("Getting body parts\n");
    get_body_parts(mp);
 
    return X400_E_NOERROR;
}
 
static int send_ipn(struct X400msSession *sp, struct X400msMessage *mp, struct X400msMessage **ipn) {
    int status;
    status = X400msMsgNew(sp, X400_MSG_MESSAGE, ipn);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "x400msMsgNew returned error: %s\n", X400msError(status));
        return (status);
    }
 
    status = X400msMakeIPN(mp, -1, ipn);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from X400msMakeIPN: %s\n", X400msError(status));
        return status;
    }
 
    /* submit */
    status = X400msMsgSend(*ipn);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "x400msMsgSend returned error: %s\n", X400msError(status));
        return (status);
    }
    else {
        printf("IPN submitted successfully\n");
    }
 
    return status;
}
/*
 * Recommended function to setup security env for verification.
 * No digitial ID required - just a directory which contains 
 * trust anchors which are read as DER file (certificate.crt).
 *
 * The certificate (containing public key) is obtained from the message
 * which is referenced in the message.
 */
 
static void setup_default_new_sec_env(struct X400msSession *sp, char *local_trusted_ca_certs_dir) {
    int status;
 
    /* Directory containing trusted CA Certificates */
    printf(" Adding %s as trusted CA cert dir\n", trusted_ca_certs_dir);
    status = X400msSetStrDefault(sp, X400_S_SEC_TRUSTED_CERTS_DIR, local_trusted_ca_certs_dir, -1);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "X400msSetStrDefault returned error: %s\n", X400msError(status));
        exit(status);
    }
 
    return;
}
 
/*
 * Obsolete function to use to set up the security environment. This provides a
 * directory in which PKCS12 files are checked to find one whose subject DN
 * matches that of this client.
 *
 * Any self signed certificates found in the directory are treated as 
 * trusted.
 */
 
static void setup_default_old_sec_env(struct X400msSession *sp, char *id, char *dn, char *pw /* passphrase for private key in pkcs12 file */
) {
    int status;
 
    /* first set a default security identity. This passes in the name of a
     * directory, which contains an x509 subdirectory in which all Identities
     * are held */
    /* X400msSetStrDefault(sp, X400_S_SEC_IDENTITY, "/var/isode/dsa-db/", -1);
     * */
    X400msSetStrDefault(sp, X400_S_SEC_IDENTITY, id, -1);
 
    /* select by DN which Identity is to be used (if there are several) 
     * Currently these must be PKCS12 files */
    status = X400msSetStrDefault(sp, X400_S_SEC_IDENTITY_DN, dn, -1);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "X400msSetStrDefault returned error: %s\n", X400msError(status));
        exit(status);
    }
 
    /* passphrase used to open the Identity */
    status = X400msSetStrDefault(sp, X400_S_SEC_IDENTITY_PASSPHRASE, pw, -1);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "X400msSetStrDefault returned error: %s\n", X400msError(status));
        exit(status);
    }
    return;
}
 
static void report_msg_token_info(struct X400Recipient *rp) {
    char buffer[BUFSIZ];
    int status;
    int param;
    size_t length;
 
    status = X400msRecipGetIntParam(rp, X400_N_MSGTOK_STATUS, &param);
    if (status == X400_E_NO_VALUE) {
        fprintf(stderr, "No MessageToken present in recipient\n");
        /* no further information available */
        return;
    }
    else if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetIntParam: %s (%d)\n", X400msError(status), X400_N_MSGTOK_STATUS);
        fprintf(stderr, "Message Token status not available\n");
    }
    else {
        fprintf(stderr, "Message Token status %d \n", param);
    }
 
    switch (param) {
        case X400_E_NOERROR:
            fprintf(stderr, "Token OK (%d)\n", param);
            break;
        case X400_E_X509_ENV:
        case X400_E_X509_INIT:
            fprintf(stderr, "Message Token validation cannot take place because the security environment is invalid (%d):\n", param);
            /* other values will not be available */
            return;
        case X400_E_X509_VERIFY_FAIL_NO_CERT:
        case X400_E_X509_VERIFY_FAIL_NO_PUBKEY:
        case X400_E_X509_VERIFY_FAIL_INCOMPAT_ALG:
        case X400_E_X509_VERIFY_FAIL_UNSUPPORTED_ALG:
        case X400_E_X509_VERIFY_FAIL:
        case X400_E_X509_CERT_INVALID:
        case X400_E_X509_ITEM_INVALID:
            fprintf(stderr, "Message Token validation failed (%d): %s\n", param, X400msError(param));
            break;
        default:
            fprintf(stderr, "Unexpected Message Token validation result (%d): %s\n", param, X400msError(param));
            break;
    }
 
    //show_certificate (rp, X400_N_CERT_MSGTOK, "message-token");
    show_recip_certificate(rp, X400_N_CERT_MSGTOK, "message-token");
 
    status = X400msRecipGetStrParam(rp, X400_S_MSGTOK_RECIP, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s\n", X400msError(status));
 
        fprintf(stderr, "recipient in token not available\n");
    }
    else {
        fprintf(stderr, "Message Token(%u): recipient in Token '%.*s'\n", (unsigned)length, (int)length, buffer);
    }
 
    status = X400msRecipGetStrParam(rp, X400_S_MSGTOK_DER, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_S_MSGTOK_DER);
        fprintf(stderr, "Message Token DER not available\n");
    }
    else {
        fprintf(stderr, "Message Token DER available (%u bytes)\n", (unsigned)length);
    }
 
    status = X400msRecipGetIntParam(rp, X400_N_MSGTOK_SEQ_NUM, &param);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_N_MSGTOK_STATUS);
        fprintf(stderr, "Message Token seq num not available\n");
    }
    else {
        fprintf(stderr, "Message Token seq num %d \n", param);
    }
 
    status = X400msRecipGetStrParam(rp, X400_S_MSGTOK_SEC_LAB, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_S_MSGTOK_SEC_LAB);
        fprintf(stderr, "Message Token Security Label DER not available\n");
    }
    else {
        fprintf(stderr, "Message Token Security Label DER available (%u bytes)\n", (unsigned)length);
        fprintf(stderr, "Security Label from Message Token is:\n");
        print_sec_label((unsigned char *)buffer, length);
    }
 
    /* get back status of the Content Integrity Check in the message token */
    status = X400msRecipGetIntParam(rp, X400_N_MSGTOK_CIC_STATUS, &param);
    if (status == X400_E_NO_VALUE) {
        printf("No Content Integrity Check in token\n");
    }
    else if (status != X400_E_NOERROR) {
        printf("Error from RecipGetIntParam: %s\n", X400msError(status));
    }
    else {
 
        /* report CIC information */
        switch (param) {
            case X400_E_NOERROR:
                printf("Content Integrity Check in token succeeded\n");
                break;
            default:
                printf("Content Integrity Check in token error (%d): %s\n", param, X400msError(param));
                break;
        }
 
        status = X400msRecipGetStrParam(rp, X400_S_MSGTOK_CIC, buffer, sizeof buffer, &length);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_S_MSGTOK_CIC);
            fprintf(stderr, "Message Token Content Integrity Check DER not available\n");
        }
        else {
            fprintf(stderr, "Message Token Content Integrity Check DER available (%u bytes)\n", (unsigned)length);
        }
 
        //show_certificate (rp, X400_N_CERT_MSGTOK_CIC, "token CIC");
        show_recip_certificate(rp, X400_N_CERT_MSGTOK_CIC, "token CIC");
    }
 
    status = X400msRecipGetIntParam(rp, X400_N_MSGTOK_PODR_STATUS, &param);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_N_MSGTOK_PODR_STATUS);
        fprintf(stderr, "Message Token proof of delivery status not available\n");
    }
    else {
        fprintf(stderr, "Message Token proof of delivery status %d \n", param);
    }
 
    status = X400msRecipGetIntParam(rp, X400_N_MSGTOK_SEC_LAB_STATUS, &param);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_N_MSGTOK_SEC_LAB_STATUS);
        fprintf(stderr, "Message Token security label status not available\n");
    }
    else {
        fprintf(stderr, "Message Token security label status %d \n", param);
    }
 
    status = X400msRecipGetIntParam(rp, X400_N_MSGTOK_RECIP_STATUS, &param);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from RecipGetStrParam: %s (%d)\n", X400msError(status), X400_N_MSGTOK_RECIP_STATUS);
        fprintf(stderr, "Message Token recip status not available\n");
    }
    else {
        fprintf(stderr, "Message Token recip status %d \n", param);
    }
 
    return;
}
 
static int get_sec_label(struct X400msMessage *mp) {
    unsigned char slab_buffer[XML_BUFSIZE];
    int status;
    size_t length;
 
    status = X400msMsgGetStrParam(mp, X400_S_SECURITY_LABEL, (char *)slab_buffer, XML_BUFSIZE, &length);
    if (status == X400_E_NO_VALUE) {
        printf("No security label\n");
    }
    else if (status != X400_E_NOERROR) {
        fprintf(stderr, "Failed to fetch security label: %d", status);
        return (status);
    }
    else {
        fprintf(stderr, "Security Label from envelope is:\n");
        print_sec_label(slab_buffer, length);
    }
    return X400_E_NOERROR;
}
 
static void print_sec_label(unsigned char slab_buffer[], unsigned int length) {
 
    char xml_buffer[XML_BUFSIZE];
    int status;
 
    status = SecLabelInit("Example program");
    if (status != SECLABEL_E_NOERROR) {
        fprintf(stderr, "SecLabelInit returned error %d\n", status);
        return;
    }
 
    status = SecLabelPrint(slab_buffer, length, xml_buffer, XML_BUFSIZE);
 
    if (status != SECLABEL_E_NOERROR) {
        fprintf(stderr, "SecLabelParse returned error %d\n", status);
        return;
    }
 
    /* You could now write out the XML file, or parse it in memory..*/
    printf("Got security label:%s\n", xml_buffer);
    return;
}
 
static int get_cic(struct X400Recipient *rp) {
    char buffer[BUFSIZ];
    int status, cic_status;
    int intparam;
    size_t length;
 
    /* get back status of the Content Integrity Check in the recipient */
    cic_status = X400msRecipGetIntParam(rp, X400_N_RECIP_CIC_STATUS, &intparam);
    if (cic_status == X400_E_NO_VALUE) {
        printf("No Content Integrity Check in recipient\n");
        return X400_E_NOERROR;
    }
    else if (cic_status != X400_E_NOERROR) {
        printf("Error from RecipGetIntParam: %s\n", X400msError(cic_status));
        return cic_status;
    }
 
    /* report CIC information */
    switch (intparam) {
        case X400_E_NOERROR:
            printf("Content Integrity Check succeeded\n");
            break;
        default:
            printf("Content Integrity Check error (%d): %s\n", intparam, X400msError(intparam));
            break;
    }
 
    /* Return the Content Integrity Check */
    status = X400msRecipGetStrParam(rp, X400_S_RECIP_CIC, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting recipient cic: %s\n", X400msError(status));
    }
    else {
        printf("Content Integrity Check found in recipient (%d)\n", (int)length);
    }
 
    //show_certificate (rp, X400_N_CERT_RECIP_CIC, "recipient CIC");
    show_recip_certificate(rp, X400_N_CERT_RECIP_CIC, "recipient CIC");
 
    return X400_E_NOERROR;
}
 
static int get_4406_info(struct X400msMessage *mp) {
    int status;
    int intparam;
    size_t length;
    char buffer[BUFSIZ];
 
    /* get the 4406 status which tells us if it's PCT or not */
    status = X400msMsgGetIntParam(mp, X400_N_S4406_STATUS, &intparam);
    if (status == X400_E_NO_VALUE) {
        printf("4406 Status (X400_N_S4406_STATUS) absent so not PCT: %s\n", X400msError(status));
        return X400_E_NOERROR;
    }
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetIntParam (X400_N_S4406_STATUS): %s\n", X400msError(status));
    }
    else {
        printf("4406 Status(X400_N_S4406_STATUS): %d\n", intparam);
    }
 
    /* get the 4406 security elements */
    status = X400msMsgGetIntParam(mp, X400_N_S4406, &intparam);
    if (status == X400_E_NO_VALUE) {
        printf("4406 absent: %s\n", X400msError(status));
    }
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetIntParam (X400_N_S4406): %s\n", X400msError(status));
    }
    else {
        printf("4406 (X400_N_S4406): %d\n", intparam);
    }
 
    /* Get the Message Identifier of the Subject message */
    status = X400msMsgGetStrParam(mp, X400_S_S4406_STATUS_DETAIL, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam (X400_S_S4406_STATUS_DETAIL): %s\n", X400msError(status));
        return (status);
    }
    printf("S4406 Status Detail (X400_S_S4406_STATUS_DETAIL): %.*s\n", (int)length, buffer);
 
    show_message_certificate(mp, "S4406");
 
    return X400_E_NOERROR;
}
 
static void show_message_certificate(struct X400msMessage *mp, const char *tag ARGNOTUSED) {
    int status;
    struct X400Certificate *cert;
 
    status = X400msMsgGetCert(mp, X400_N_S4406_CERTIFICATE, &cert);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting S4406 certificate: %s\n", X400msError(status));
        return;
    }
    show_certificate(cert, "X400_N_S4406_CERTIFICATE");
    return;
}
 
static void show_recip_certificate(struct X400Recipient *rp, int certtype, const char *tag) {
    int status;
    struct X400Certificate *cert;
 
    status = X400RecipGetCert(rp, certtype, &cert);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting %s certificate: %s\n", tag, X400msError(status));
        return;
    }
    show_certificate(cert, tag);
    return;
}
 
static void show_certificate(struct X400Certificate *cert, const char *tag) {
    int status;
    char buffer[BUFSIZ];
    size_t length;
    int paramval;
 
    // Return the subject DN from Orig cert.
    status = X400CertGetStrParam(cert, X400_S_CERT_SUBJECT_DN, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting subject of cert used for %s: %s\n", tag, X400msError(status));
    }
    else {
        printf("Subject of Cert used to verify %s (%.*s)\n", tag, (int)length, buffer);
    }
 
    // Return the issuer DN from Orig cert.
    status = X400CertGetStrParam(cert, X400_S_CERT_ISSUER_DN, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting issuer of cert used for %s: %s\n", tag, X400msError(status));
    }
    else {
        printf("Issuer of Cert used to verify %s (%.*s)\n", tag, (int)length, buffer);
    }
 
    // Return the serial number from Orig cert used to verify the Content Integrity Check.
    status = X400CertGetStrParam(cert, X400_S_CERT_SERIAL_NUM, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting serial num of cert used for %s: %s\n", tag, X400msError(status));
    }
    else {
        printf("Serial Num of Cert used to verify %s (%.*s)\n", tag, (int)length, buffer);
    }
 
    // Return the Orig cert used to verify the Content Integrity Check.
    status = X400CertGetStrParam(cert, X400_S_CERT_BER, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error getting certificate BER used for %s: %s\n", tag, X400msError(status));
    }
    else {
        printf("Returned certificate used to verify %s (%d)\n", tag, (int)length);
    }
 
    // Find any ORaddress SAN.
    status = X400CertGetStrParam(cert, X400_S_OR_ADDRESS, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        if (status == X400_E_NO_VALUE) {
            fprintf(stderr, "No ORaddress SAN\n");
        }
        else {
            fprintf(stderr, "Error from CertGetStrParam: %s\n", X400msError(status));
            return;
        }
    }
    else {
        fprintf(stderr, "ORaddress SAN: '%.*s'\n", (int)length, buffer);
    }
 
    // Find any MTAname SAN MTA and GDI parts.
    status = X400CertGetStrParam(cert, X400_S_CERT_MTA_NAME, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        if (status == X400_E_NO_VALUE) {
            fprintf(stderr, "No MTAname SAN (MTA)\n");
        }
        else {
            fprintf(stderr, "Error from CertGetStrParam: %s\n", X400msError(status));
            return;
        }
    }
    else {
        fprintf(stderr, "MTAname SAN MTA: '%.*s'\n", (int)length, buffer);
    }
    status = X400CertGetStrParam(cert, X400_S_CERT_GDI_NAME, buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        if (status == X400_E_NO_VALUE) {
            fprintf(stderr, "No MTAname SAN (GDI)\n");
        }
        else {
            fprintf(stderr, "Error from CertGetStrParam: %s\n", X400msError(status));
            return;
        }
    }
    else {
        fprintf(stderr, "MTAname SAN GDI: '%.*s'\n", (int)length, buffer);
    }
 
    // Check if the ORaddress matches.
    status = X400CertGetIntParam(cert, X400_N_CERT_ORADDRESS_STATUS, &paramval);
    // If we don't have an ORaddress, check the MTAname.
    if (status != X400_E_NOERROR || paramval == X400_E_NO_VALUE) {
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from ORaddress CertGetStrParam: %s\n", X400msError(status));
        }
        else {
            fprintf(stderr, "ORaddress SAN status: %s\n", X400msError(paramval));
        }
        // Check  if this is server signed.
        status = X400CertGetIntParam(cert, X400_N_CERT_MTANAME_STATUS, &paramval);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from MTAname CertGetStrParam: %s\n", X400msError(status));
        }
        else {
            fprintf(stderr, "MTAname SAN status: %s\n", X400msError(paramval));
        }
    }
    else {
        fprintf(stderr, "ORaddress SAN status: %s\n", X400msError(paramval));
    }
}
 
static void usage(void) {
    printf("usage: %s\n", optstr);
    printf("\t where:\n");
    printf("\t -u : Don't prompt to override defaults \n");
    printf("\t -3 : Use P3 connection \n");
    printf("\t -7 : Use P7 connection \n");
    printf("\t -m : OR Address in P7 bind arg \n");
    printf("\t -d : DN in P7 bind arg \n");
    printf("\t -p : Presentation Address of P7 Store \n");
    printf("\t -w : P7 password of P7 user \n");
    printf("\t -M : OR Address in P3 bind arg \n");
    printf("\t -D : DN in P3 bind arg \n");
    printf("\t -P : Presentation Address of P3 server\n");
    printf("\t -W : P3 password of P3 user \n");
    printf("\t -e : Security Environment (dir with x509 subdir): obsolete, use -Y <p12file>\n");
    printf("\t -x : DN of X.509 Digital Identity\n");
    printf("\t -b : Passphrase for private key in PKCS12 file\n");
    printf("\t -E : Fetch messages until all read\n");
    printf("\t -Y : Filename of PKCS12 file containing Digital Identity\n");
    printf("\t -U : Directory containing trust anchors\n");
    printf("\t -I : Generate IPN from message received\n");
    return;
}