Isode API Customer Documentation

examples
/*  Copyright (c) 2003-2013, Isode Limited, London, England.
 *  All rights reserved.
 *                                                                       
 *  Acquisition and use of this software and related materials for any      
 *  purpose requires a written licence agreement from Isode Limited,
 *  or a written licence from an organisation licenced by Isode Limited
 *  to grant such a licence.
 *
 */
 
/* 
 *
 * @VERSION@
 * Simple example program for receiving a message from a store.
 * The security environment is set up so that signed messages
 * will have the MOAC verified.
 *
 * Note that a valid Digital Identity is no longer required in order to 
 * perform verification. Instead the name of a directory containing trusted,
 * self signed certificates in DER form can be passed in.
 */
 
#include <stdio.h>
#include <stdlib.h>
#include <x400_msapi.h>
#include <seclabel_api.h> /* For security labels */
#include "example.h"
#include "ms_example.h"
 
int num_unsigned_rcvd;
int num_unverified_rcvd;
int num_verified_rcvd;
 
static char *optstr = "u37m:d:p:w:M:D:P:W:e:b:x:Y:U:";
 
static void usage(void);
 
 
static int get_msg(
    struct X400msSession *sp
);
 
static void setup_default_new_sec_env(
    struct X400msSession *sp, 
    char *sec_trusted_cert_dir
);
 
static void setup_default_old_sec_env(
    struct X400msSession *sp, 
    char *id, 
    char *dn, 
    char *pw    /* passphrase for private key in pkcs12 file */
);
 
static int report_moac_info(
    struct X400msMessage *mp 
);
 
static void show_4406_certificate (struct X400msMessage *mp);
static void show_certificate (struct X400msMessage *mp);
static int report_4406_info(
    struct X400msMessage *mp 
);
 
static void print_sec_label(
    char slab_buffer[],
    unsigned int length
);
 
int
main(
    int argc,
    char **argv)
{
    char buffer[BUFSIZ];
    char pa[BUFSIZ];
    char orn[BUFSIZ];
    int status;
    int nummsg;
    struct X400msSession *sp;
    int contype;
    char *def_oraddr;
    char *def_dn;
    char *def_pa;
 
    if (get_args(argc, argv, optstr)) {
        usage();
        exit(-1);
    }
 
    printf("Connection type (0 = P7, 1 = P3 submit only, 2 = P3 both directions) [%d]: ", x400_contype);
    contype = ic_fgetc(x400_contype, stdin);
    if (contype != 10)
        ic_fgetc(x400_contype, stdin);
 
    if ( contype < '0' || '2' < contype )
        contype = x400_contype;
    else
        contype -= '0';
 
    if (contype == 0) {
        def_oraddr = x400_ms_user_addr;
        def_dn = x400_ms_user_dn;
        def_pa = x400_ms_presentation_address;
    }
    else {
        def_oraddr = x400_mta_user_addr;
        def_dn = x400_mta_user_dn;
        def_pa = x400_mta_presentation_address;
    }
 
    printf("Your ORAddress [%s] > ", def_oraddr);
    ic_fgets(orn, sizeof orn, stdin);
 
    if (orn[strlen(orn) - 1] == '\n')
        orn[strlen(orn) - 1] = '\0';
 
    if (orn[0] == '\0')
        strcpy(orn, def_oraddr);
 
    /* Prompt for password; note: reflected. */
    printf("Password [%s]: ",
           contype == 0 ? x400_p7_password : x400_p3_password);
    if (ic_fgets(buffer, sizeof buffer, stdin) == NULL)
        exit(1);
 
    if (buffer[strlen(buffer) - 1] == '\n')
        buffer[strlen(buffer) - 1] = '\0';
    if (buffer[0] == '\0')
        strcpy(buffer, contype == 0 ? x400_p7_password : x400_p3_password);
 
    printf("Presentation Address [%s] > ", def_pa);
    ic_fgets(pa, sizeof pa, stdin);
 
    if (pa[strlen(pa) - 1] == '\n')
        pa[strlen(pa) - 1] = '\0';
 
    if (pa[0] == '\0')
        strcpy(pa, def_pa);
 
    status = X400msOpen(contype, orn, def_dn, buffer, pa, &nummsg, &sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in Open: %s\n", X400msError(status));
        exit(status);
    }
 
#ifdef USING_ALERTS
    /* If we register the alert auto-action, we will get an alert indication
       when a message is delivered. So there is no need to poll at
       short intervals within X400ms_Wait - we can do a slow background
       poll and rely on the Alert indication to wake the code up instead */
    X400msSetIntDefault(sp, X400_N_WAIT_INTERVAL, 1000);
#endif
 
    /* setup logging from $(ETCDIR)x400api.xml or $(SHAREDIR)x400api.xml */
    X400msSetStrDefault(sp, X400_S_LOG_CONFIGURATION_FILE, "x400api.xml", 0);
 
    if (contype == 0) {
#ifdef WANT_AUTOFORWARDING
        struct X400msAutoActionParameter *aa_param;
 
        /* Register an Autoforwarding Autoaction. */
        aa_param = X400msNewAutoActionParameter();
 
        /* Add mandatory things to AutoAction parameter for auto-forwarding:
           i.e. recipient address */
        X400RecipNew(0, &rp);
 
        X400RecipAddStrParam(rp, X400_S_OR_ADDRESS, def_oraddr,
                             strlen(def_oraddr));
 
        X400msAutoActionParameterAddRecip(aa_param, X400_RECIP_STANDARD, rp);
 
        X400msAutoActionParameterAddStrParam(aa_param,
                                             X400_S_CONTENT_IDENTIFIER,
                                             "AF contentid", -1);
 
        X400msAutoActionParameterAddIntParam(aa_param, X400_N_DISCLOSURE, 1);
 
        X400msAutoActionParameterAddIntParam(aa_param,
                                             X400_N_IMPLICIT_CONVERSION_PROHIBITED,
                                             1);
 
        X400msAutoActionParameterAddIntParam(aa_param,
                                             X400_N_ALTERNATE_RECIPIENT_ALLOWED,
                                             1);
 
        X400msAutoActionParameterAddIntParam(aa_param,
                                             X400_N_CONTENT_RETURN_REQUEST,
                                             1);
 
        X400msAutoActionParameterAddIntParam(aa_param, X400_N_PRIORITY, 2);
 
        X400msAutoActionParameterAddStrParam(aa_param,
                                             X400_S_AUTO_FORWARDING_COMMENT,
                                             "This message was autoforwarded",
                                             -1);
 
        X400msAutoActionParameterAddStrParam(aa_param,
                                             X400_S_COVER_NOTE,
                                             "This is a cover note", -1);
 
        X400msAutoActionParameterAddStrParam(aa_param,
                                             X400_S_THIS_IPM_PREFIX,
                                             "AutoForwarded:", -1);
 
        status = X400msRegisterAutoAction(sp, X400_AUTO_FORWARDING,
                                          4, aa_param);
        if (status != X400_E_NOERROR) {
            fprintf(stderr,
                    "Error in RegisterAutoAction: %s\n", X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
        printf("Registered AutoForwarding autoaction (id = 4) OK\n");
        X400msFreeAutoActionParameter(aa_param);
#endif
 
#ifdef USING_ALERTS
        /* No parameter needed for Alert autoaction - we do not support 
           configuration of requested-attributes in this API yet. */
        status = X400msRegisterAutoAction(sp, X400_AUTO_ALERT, 9, NULL);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error in RegisterAutoAction: %s\n",
                    X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
        printf("Registered AutoAlert autoaction (id = 9) OK\n");
#endif
 
        /* Just test the register and deregister functions */
        status = X400msRegisterAutoAction(sp, X400_AUTO_ALERT, 10, NULL);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error in RegisterAutoAction: %s\n",
                    X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
        printf("Registered AutoAlert autoaction (id = 10) OK\n");
 
        /* Lets do a deregistration of the action we just registered */
        status = X400msDeregisterAutoAction(sp, X400_AUTO_ALERT, 10);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error in DeregisterAutoAction: %s\n",
                    X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
        printf("Deregistered AutoAlert autoaction (id = 10) OK\n");
    }
 
    if (nummsg == 0) {
        printf ("no messages - waiting 60 seconds for a message to be delivered.....\n");
    }
    else {
        printf("%d messages waiting\n", nummsg);
    }
 
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n",
                X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got first\n");
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n",
                X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got second\n");
 
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n",
                X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got third\n");
 
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n",
                X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got third\n");
 
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n",
                X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got third\n");
 
    status = get_msg(sp);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error in getting msg: %s\n",
                X400msError(status));
        exit(status);
    }
    fprintf(stderr, "got third\n");
 
    status = X400msClose(sp);
    printf("%d num_unsigned_rcvd\n", num_unsigned_rcvd);
    printf("%d num_unverified_rcvd\n", num_unverified_rcvd);
    printf("%d num_verified_rcvd\n", num_verified_rcvd);
    return(status);
}
 
 
static int get_msg(
    struct X400msSession *sp
)
{
    char buffer[BUFSIZ];
    int status, sig_status;
    int nummsg;
    int type;
    int seqn;
    struct X400msMessage *mp;
    struct X400Recipient *rp;
    int n;
    size_t length;
    int intparam;
    char recipient_str[BUFSIZ];
 
    printf("Waiting for new messages for 10 seconds\n");
    status = X400msWait(sp, 10, &nummsg);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from Wait: %s\n", X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
    }
    printf("------------- New Message ----------------\n");
 
    /* Set up the security environment.
     *
     * In R15.0 this need only be the name of a trusted certificate directory.
     *
     * Prior to R15.0, the ID is specified as a pathname, in which the 
     * subdirectory "x509" is expected to contain one or more PKCS12
     * files. The appropriate Digital Identity is determined from the 
     * DN of the subject, and the passphrase is used to decrypt the
     * private key. NB even though we're not going to use our cert,
     * (as we're going to use the cert in the message to check the MOAC
     * we need to do this due to a limitation in the underlying X.509
     * layer. 
     */
    if (use_new_sec_env) {
        setup_default_new_sec_env(sp, trusted_ca_certs_dir);
    } else {
        setup_default_old_sec_env(sp, security_id, identity_dn, passphrase);
    }
 
 
    /* Turn off legacy bahaviour in which  MOAC verification failure 
     * returns X400_E_NOERROR.
     * We will now get X400_E_X509_VERIFY_FAILURE from MsgGet
     * if/when the verification fails 
     */
    X400msSetIntDefault(sp, X400_B_RETURN_VERIFICATION_ERRORS, 1); 
 
    if (x400_default_recipient != NULL) 
    printf("Getting message\n");
    status = X400msMsgGet(sp, 0, &mp, &type, &seqn);
    switch (status) {
    case X400_E_NOERROR:
        fprintf(stderr, "MsgGet successfully got message\n");
        break;
    default :
        fprintf(stderr, "Error from MsgGet: %s\n", X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
        break;
    }
 
    if (type != X400_MSG_MESSAGE) {
        fprintf(stderr, "Got a report (printing only some attributes)\n");
 
        /* The ORADDRESS in the message is the (envelope) originator */
        status = X400msMsgGetStrParam(mp, X400_S_SUBJECT_IDENTIFIER,
                                      buffer, sizeof buffer, &length);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from MsgGetStrParam: %s\n",
                    X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
        printf("Subject Identifier: %.*s\n", (int)length, buffer);
 
        /* Get the primary recipients */
        for (n = 1;; n++) {
            status = X400msRecipGet(mp, X400_RECIP_REPORT, n, &rp);
            if (status == X400_E_NO_RECIP)
                break;
            if (status != X400_E_NOERROR) {
                fprintf(stderr, "Error from RecipGet: %s\n",
                        X400msError(status));
                /* tidily close the session */
                status = X400msClose(sp);
                exit(status);
            }
 
            /* Note: recipient may not actually have an O/R address */
            status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS,
                                            recipient_str,
                                            sizeof recipient_str, &length);
            if (status != X400_E_NOERROR) {
                fprintf(stderr, "Error from RecipGetStrParam: %s\n",
                        X400msError(status));
                /* tidily close the session */
                status = X400msClose(sp);
                exit(status);
            }
            /* print out the O/R Address of the report */
            printf("Positive Delivery Report for recipient %d: %.*s\n", n,
                   (int)length, recipient_str);
 
            /* The original message delivery time, if this attribute exists, 
             * then the report is a positive Delivery Report */
            status = X400msRecipGetStrParam(rp, X400_S_MESSAGE_DELIVERY_TIME,
                                            buffer, sizeof buffer, &length);
            if (status == X400_E_NOERROR) {
                /* Positive Delivery Report */
                printf("Delivery Time: %.*s\n", (int)length, buffer);
            }
            else {
                /* Negative Delivery Report */
                printf("Negative Delivery Report for recipient %d: %s\n", n,
                       recipient_str);
 
                /* Supplementary Info to the report */
                status = X400msRecipGetStrParam(rp, X400_S_SUPPLEMENTARY_INFO,
                                                buffer, sizeof buffer,
                                                &length);
                if (status != X400_E_NOERROR) {
                    fprintf(stderr, "Error from RecipGetStrParam: %s\n",
                            X400msError(status));
                    buffer[0] = '\0';
                }
                printf("Supplementary Info: %.*s\n", (int)length, buffer);
 
                /* The reason why the message was not delivered */
                status =
                    X400msRecipGetIntParam(rp, X400_N_NON_DELIVERY_REASON,
                                           &intparam);
                if (status != X400_E_NOERROR) {
                    fprintf(stderr, "Error from MsgGetIntParam: %s\n",
                            X400msError(status));
                }
                printf("Non-Delivery Reason: %d\n", intparam);
 
                /* The diagnostics of the report for this recipient */
                status =
                    X400msRecipGetIntParam(rp, X400_N_NON_DELIVERY_DIAGNOSTIC,
                                           &intparam);
                if (status != X400_E_NOERROR) {
                    fprintf(stderr, "Error from MsgGetIntParam: %s\n",
                            X400msError(status));
                }
                printf("Non-Delivery Diagnostic: %d\n", intparam);
            }
        }
 
        num_unsigned_rcvd++ ;
        status = X400msMsgDelete(mp, 0);
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from X400msMsgDelete: %s\n",
                    X400msError(status));
        }
        return (status);
    }
 
    /* report information about the MOAC in the message */
    (void) report_moac_info(mp);
 
    /* report information about the 4406 in the message */
    sig_status = report_4406_info(mp);
 
    /* X.411 security label */
    status = X400msMsgGetStrParam(mp, X400_S_SECURITY_LABEL,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR) {
        printf("X.411 Security Label returned OK (%d chars)\n", (int)length);
        print_sec_label(buffer, length);
    } else {
        printf("X.411 Security Label not returned (%d) (%s)\n", status,
            X400msError(status));
    }
 
    /* content type */
    status = X400msMsgGetIntParam(mp, X400_N_CONTENT_TYPE, &intparam);
    if (status == X400_E_NOERROR) {
        printf ("Content type : P%d\n", intparam);
    } else {
        fprintf(stderr, "No content type: Error from MsgGetStrParam: %s\n",
                X400msError(status));
    }
 
    /* external content type */
    status = X400msMsgGetStrParam(mp, X400_S_EXTERNAL_CONTENT_TYPE,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR) {
        printf("External Content Type: %.*s\n", (int)length, buffer);
    } else {
        fprintf(stderr, "No content type: Error from MsgGetStrParam: %s\n",
                X400msError(status));
    }
 
 
    /* The message identifier */
    status = X400msMsgGetStrParam(mp, X400_S_MESSAGE_IDENTIFIER,
                                  buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam: %s\n",
                X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
    }
    printf("Message Identifier: %.*s\n", (int)length, buffer);
 
    /* The ORADDRESS in the message is the (envelope) originator */
    status = X400msMsgGetStrParam(mp, X400_S_OR_ADDRESS,
                                  buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from MsgGetStrParam: %s\n",
                X400msError(status));
        /* tidily close the session */
        status = X400msClose(sp);
        exit(status);
    }
    printf("Originator: %.*s\n", (int)length, buffer);
 
    if (sig_status == X400_E_S4406_TRIPLE_WRAPPED) {
        /* can't do much more with an encrypted message ... */
        printf("Deleting triple wrapped message\n");
 
        /* Deletes message in message store as well as internal copy */
        status = X400msMsgDelete(mp, 0);
        return status;
    }
 
    /* Get the primary recipients */
    for (n = 1;; n++) {
        status = X400msRecipGet(mp, X400_RECIP_PRIMARY, n, &rp);
        if (status == X400_E_NO_RECIP)
            break;
        if (status != X400_E_NOERROR) {
            fprintf(stderr, "Error from RecipGet: %s\n", X400msError(status));
            /* tidily close the session */
            status = X400msClose(sp);
            exit(status);
        }
 
        /* Note: recipient may not actually have an O/R address */
        status = X400msRecipGetStrParam(rp, X400_S_OR_ADDRESS,
                                        buffer, sizeof buffer, &length);
        if (status == X400_E_NOERROR) {
            printf("Recipient %d: %.*s\n", n, (int)length, buffer);
        }
 
        status = X400msRecipGetIntParam(rp, X400_N_PRECEDENCE, &intparam);
        if (status == X400_E_NOERROR) {
            printf("Primary Recipient Precedence %d\n", intparam);
        } else {
            fprintf(stderr, "Error from RecipGet: %s\n", X400msError(status));
        }
 
    }
 
    /* Subject is optional */
    status = X400msMsgGetStrParam(mp, X400_S_SUBJECT,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR)
        printf("Subject: %.*s\n", (int)length, buffer);
 
    /* external content type */
    status = X400msMsgGetStrParam(mp, X400_S_EXTERNAL_CONTENT_TYPE,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR)
        printf("External Content Type: %.*s\n", (int)length, buffer);
 
    /* And message text (or it could be another type) */
    status = X400msMsgGetStrParam(mp, X400_T_IA5TEXT,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR) {
        printf("\nIA5 Text:\n%.*s\n\n", (int)length, buffer);
    } else {
        fprintf (stderr, "No IA5 text in message");
        fprintf (stderr, "X400msMsgGetStrParam returned error: %s\n", 
            X400msError (status));
    }
 
    /* get all the attachments */
    printf("Getting body parts\n");
    get_body_parts(mp);
 
    /* Deletes message in message store as well as internal copy */
    status = X400msMsgDelete(mp, 0);
 
    return status;
}
 
/*
 * Recommended function to setup security env for verification.
 * No digitial ID required - just a directory which contains 
 * trust anchors which are read as DER file (certificate.crt).
 *
 * The certificate (containing public key) is obtained from the message
 * which is referenced in the message.
 */
 
static void setup_default_new_sec_env(
    struct X400msSession *sp, 
    char *trusted_ca_certs_directory
)
{
    int status;
 
    /* Directory containing trusted CA Certificates */
    printf("Adding %s as trusted CA cert dir\n", trusted_ca_certs_directory);
    status = X400msSetStrDefault (sp, X400_S_SEC_TRUSTED_CERTS_DIR, 
            trusted_ca_certs_directory, -1);
    if ( status != X400_E_NOERROR ) {
        fprintf (stderr, "X400msSetStrDefault returned error: %s\n", 
            X400msError (status));
        exit (status);
    }
 
    return;
}
 
/*
 * Obsolete function to use to set up the security environment. This provides a
 * directory in which PKCS12 files are checked to find one whose subject DN
 * matches that of this client.
 *
 * Any self signed certificates found in the directory are treated as 
 * trusted.
 */
 
static void setup_default_old_sec_env(
    struct X400msSession *sp, 
    char *id, 
    char *dn, 
    char *pw    /* passphrase for private key in pkcs12 file */
)
{
    int status;
 
    /* first set a default security identity. This passes in the name of a
     * directory, which contains an x509 subdirectory in which all Identities
     * are held */
    /* X400msSetStrDefault(sp, X400_S_SEC_IDENTITY, "/var/isode/dsa-db/", -1);
     * */
    X400msSetStrDefault(sp, X400_S_SEC_IDENTITY, id, -1); 
 
    /* select by DN which Identity is to be used (if there are several) 
     * Currently these must be PKCS12 files */
    status = X400msSetStrDefault (sp, X400_S_SEC_IDENTITY_DN, dn, -1);
    if ( status != X400_E_NOERROR ) {
        fprintf (stderr, "X400msSetStrDefault returned error: %s\n", 
            X400msError (status));
        exit (status);
    }
 
    /* passphrase used to open the Identity */
    status = X400msSetStrDefault (sp, X400_S_SEC_IDENTITY_PASSPHRASE, pw, -1);
    if ( status != X400_E_NOERROR ) {
        fprintf (stderr, "X400msSetStrDefault returned error: %s\n", 
            X400msError (status));
        exit (status);
    }
    return;
}
 
 
static int report_moac_info(
    struct X400msMessage *mp 
)
{
    int status;
    int intparam;
 
    /* Check the MOAC */
    status = X400msMsgGetIntParam(mp, X400_N_MOAC_STATUS, &intparam);
    switch ( status ) {
    case X400_E_NO_VALUE:
        num_unverified_rcvd++ ;
        fprintf (stderr, "No MOAC in message\n");
        break;
 
    default:
        num_unverified_rcvd++ ;
        fprintf (stderr, "Unexpected error getting MOAC status: %s\n",
                 X400msError (status));
        break;
 
    case X400_E_NOERROR:
        fprintf (stderr, "Have MOAC in message (%d)\n", intparam);
        switch (intparam) {
        case X400_E_NOERROR:
            fprintf(stderr, 
                    "MsgGet successfully verified signature in message\n");
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_verified_rcvd++ ;
            break;
        case X400_E_SIGN_NO_IDENTITY:
            fprintf(stderr, 
                "MOAC validation cannot take place because the security environment is invalid (%d):\n", 
                intparam);
            /* other values will not be available */
            break;
        case X400_E_X509_INIT:
        case X400_E_X509_ENV:
            fprintf(stderr, 
                "MOAC validation cannot take place because the security environment is invalid (%d):\n", 
                intparam);
            /* other values will not be available */
            break;
        case X400_E_X509_VERIFY_FAIL:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_NO_CERT:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_NO_PUBKEY:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_INCOMPAT_ALG:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_UNSUPPORTED_ALG:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_CERT_INVALID:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_ITEM_INVALID:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        default :
            fprintf(stderr, 
                    "Unexpected verification error from MsgGet(%d): %s\n", 
                intparam,
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        }
    }
    return X400_E_NOERROR;
}
 
 
static int report_4406_info(
    struct X400msMessage *mp 
)
{
    int         status;
    int         intparam;
    size_t      length;
    char        buffer[BUFSIZ];
 
    /* Check the 4406 signatures */
    status = X400msMsgGetIntParam(mp, X400_N_S4406_STATUS, &intparam);
    switch ( status ) {
    case X400_E_NO_VALUE:
        num_unverified_rcvd++ ;
        fprintf (stderr, "No 4406 signature in message\n");
        return X400_E_NOERROR;
 
    default:
        num_unverified_rcvd++ ;
        fprintf (stderr, "Unexpected error getting 4406 signature status: %s\n",
                 X400msError (status));
        break;
 
    case X400_E_NOERROR:
        fprintf (stderr, "Have 4406 signature in message (%d)\n", intparam);
        switch (intparam) {
        case X400_E_NOERROR:
            fprintf(stderr, 
                    "MsgGet successfully verified signature in message\n");
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_verified_rcvd++ ;
            break;
        case X400_E_SIGN_NO_IDENTITY:
            fprintf(stderr, 
                "4406 signature validation cannot take place because the security environment is invalid (%d):\n", 
                intparam);
            /* other values will not be available */
            break;
        case X400_E_X509_INIT:
        case X400_E_X509_ENV:
            fprintf(stderr, 
                "4406 signature validation cannot take place because the security environment is invalid (%d):\n", 
                intparam);
            /* other values will not be available */
            break;
        case X400_E_X509_VERIFY_FAIL:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_NO_CERT:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_NO_PUBKEY:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_INCOMPAT_ALG:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_VERIFY_FAIL_UNSUPPORTED_ALG:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_CERT_INVALID:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_X509_ITEM_INVALID:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        case X400_E_S4406_TRIPLE_WRAPPED:
            fprintf(stderr, "Verification Error from MsgGet: %s\n", 
                X400msError(intparam));
            show_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            return X400_E_S4406_TRIPLE_WRAPPED;
        default :
            fprintf(stderr, "Unexpected verification error from MsgGet: %s\n", 
                X400msError(intparam));
            show_4406_certificate (mp);
            fprintf(stderr, "continuing ...\n");
            num_unverified_rcvd++ ;
            break;
        }
    }
 
    /* 4406 security label */
    printf("------------- 4406 Info ----------------\n");
    status = X400msMsgGetStrParam(mp, X400_S_S4406_SECURITY_LABEL,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR) {
        printf("4406 Security Label returned OK (%d chars)\n", (int)length);
        print_sec_label(buffer, length);
    } else {
        printf("4406 Security Label not returned (%d) (%s)\n", status,
            X400msError(status));
    }
 
    /* 4406 signing time */
    status = X400msMsgGetStrParam(mp, X400_S_S4406_SIGNING_TIME,
                                  buffer, sizeof buffer, &length);
    if (status == X400_E_NOERROR)
        printf("4406 signing time returned OK\n%.*s\n", (int)length, buffer);
    else 
        printf("4406 signing time not returned (%d) (%s)\n", status,
            X400msError(status));
 
    printf("------------ End 4406 Info -----------\n");
    return X400_E_NOERROR;
}
 
static void show_certificate (struct X400msMessage *mp)
{
    int status;
    struct X400Certificate *cert;
    char buffer[BUFSIZ];
    size_t length;
    int paramval;
 
    status = X400msMsgGetCert (mp, X400_N_CERT_MOAC, &cert);
    if ( status != X400_E_NOERROR ) {
        fprintf (stderr, "Error getting MOAC certificate: %s\n",
                 X400msError (status));
        return;
    }
 
    status = X400CertGetStrParam(cert, X400_S_CERT_SUBJECT_DN,
                                 buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from CertGetStrParam: %s\n",
                X400msError(status));
        return;
    }
    fprintf(stderr, 
            "subject DN of originator certificate '%.*s'\n", (int)length, buffer);
    status = X400CertGetStrParam(cert, X400_S_CERT_ISSUER_DN,
                                 buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from CertGetStrParam: %s\n",
                X400msError(status));
        return;
    }
    fprintf(stderr, 
            "issuer DN of originator certificate '%.*s'\n", (int)length, buffer);
 
    status = X400CertGetStrParam(cert, X400_S_OR_ADDRESS,
                                 buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        if ( status == X400_E_NO_VALUE ) {
            fprintf(stderr, "No ORaddress subject alt. name\n");
        } else {
            fprintf(stderr, "Error from CertGetStrParam: %s\n",
                    X400msError(status));
            return;
        }
    } else {
        fprintf(stderr, "ORaddress subject alt name: '%.*s'\n", (int)length, buffer);
    }
 
    status = X400CertGetIntParam(cert, X400_N_CERT_ORADDRESS_STATUS, &paramval);
    
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from CertGetStrParam: %s\n",
                    X400msError(status));
        return;
    }
 
    fprintf(stderr, "ORaddress subject alt name status: %s\n",
            X400msError (paramval));
}
 
 
static void show_4406_certificate (struct X400msMessage *mp)
{
    int status;
    struct X400Certificate *cert;
    char buffer[BUFSIZ];
    size_t length;
    int paramval;
 
    status = X400msMsgGetCert (mp, X400_N_S4406_CERTIFICATE, &cert);
    if ( status != X400_E_NOERROR ) {
        fprintf (stderr, "Error getting 4406 certificate: %s\n",
                 X400msError (status));
        return;
    }
 
    status = X400CertGetStrParam(cert, X400_S_CERT_SUBJECT_DN,
                                 buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from CertGetStrParam: %s\n",
                X400msError(status));
        return;
    }
    fprintf(stderr, "subject DN of originator certificate '%.*s'\n", 
        (int)length, buffer);
    status = X400CertGetStrParam(cert, X400_S_CERT_ISSUER_DN,
                                 buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from CertGetStrParam: %s\n",
                X400msError(status));
        return;
    }
    fprintf(stderr, "issuer DN of originator certificate '%.*s'\n", 
        (int)length, buffer);
 
    status = X400CertGetStrParam(cert, X400_S_OR_ADDRESS,
                                 buffer, sizeof buffer, &length);
    if (status != X400_E_NOERROR) {
        if ( status == X400_E_NO_VALUE ) {
            fprintf(stderr, "No ORaddress subject alt. name\n");
        } else {
            fprintf(stderr, "Error from CertGetStrParam: %s\n",
                    X400msError(status));
            return;
        }
    } else {
        fprintf(stderr, "ORaddress subject alt name: '%.*s'\n", 
            (int)length, buffer);
    }
 
    status = X400CertGetIntParam(cert, X400_N_CERT_ORADDRESS_STATUS, &paramval);
    
    if (status != X400_E_NOERROR) {
        fprintf(stderr, "Error from CertGetStrParam: %s\n",
                    X400msError(status));
        return;
    }
 
    fprintf(stderr, "ORaddress subject alt name status: %s\n",
            X400msError (paramval));
    return;
}
 
 
static void print_sec_label(
    char slab_buffer[],
    unsigned int length
)
{
 
#define XML_BUFSIZE 1024
 
    char  xml_buffer[XML_BUFSIZE];
    int status;
    
    status = SecLabelInit("Example program");
    if (status != SECLABEL_E_NOERROR) {
        fprintf(stderr, "SecLabelInit returned error %d\n", status);
        return ;
    }
 
    status =  SecLabelPrint((const unsigned char *) slab_buffer,
                            length,
                            xml_buffer,
                            XML_BUFSIZE);
    
    if (status != SECLABEL_E_NOERROR) {
        fprintf(stderr, "SecLabelParse returned error %d\n", status);
        return ;
    }
    
    /* You could now write out the XML file, or parse it in memory..*/
    printf("Got security label:\n%s\n", xml_buffer);
    return;
}
 
 
static void usage(void) {
    printf("usage: %s\n", optstr);
    printf("\t where:\n");
    printf("\t -u : Don't prompt to override defaults \n");
    printf("\t -3 : Use P3 connection \n");
    printf("\t -7 : Use P7 connection \n");
    printf("\t -m : OR Address in P7 bind arg \n");
    printf("\t -d : DN in P7 bind arg \n");
    printf("\t -p : Presentation Address of P7 Store \n");
    printf("\t -w : P7 password of P7 user \n");
    printf("\t -M : OR Address in P3 bind arg \n");
    printf("\t -D : DN in P3 bind arg \n");
    printf("\t -P : Presentation Address of P3 server\n");
    printf("\t -W : P3 password of P3 user \n");
    printf("\t -e : Security Environment (dir with x509 subdir): obsolete, use -Y <p12file>\n");
    printf("\t -x : DN of X.509 Digital Identity\n");
    printf("\t -b : Passphrase for private key in PKCS12 file\n");
    printf("\t -Y : Filename of PKCS12 file containing Digital Identity\n");
    return;
}