daniele-athome/ConvertPEM.java

## cert.pem
-----BEGIN CERTIFICATE-----
MIIJWDCCCECgAwIBAgIBATANBgkqhkiG9w0BAQUFADBuMSAwHgYDVQQKDBdPcGVu
UEdQIHRvIFguNTA5IEJyaWRnZTFKMEgGA1UEAwxBdGVzdCA8NGJkZDRmOTI5ZjNh
MTA2MjI1M2U0ZTQ5NmJhZmJhMGJkZmI1ZGI3NUBwcmltZS5rb250YWxrLm5ldD4w
HhcNMTUwNjA3MTkzMjQxWhcNMTUwNjA3MTkzMjQxWjBuMSAwHgYDVQQKDBdPcGVu
UEdQIHRvIFguNTA5IEJyaWRnZTFKMEgGA1UEAwxBdGVzdCA8NGJkZDRmOTI5ZjNh
MTA2MjI1M2U0ZTQ5NmJhZmJhMGJkZmI1ZGI3NUBwcmltZS5rb250YWxrLm5ldD4w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrvwImcBxpVYTsA6G7I8vo
+vGDCqPt+yqcmCd4R3mU22Ec0HPMF+kmdmuGt7PrRND63dDAt5lCKM61JRF4zWn6
6/frDbFiahWgqMO4zcgWHdwUkKYSvQiMjtN7za4Q2bDSzas3I5a53qfE1fgBGHCM
QAMABcGQYxeGDaJYb0Ri1fGMaZFJz80tcGhuP3o7KrIN8l8wH2tW3cNDFdBqmRgr
dpEoaOb9NALeTiPEm64tDijNd2UP5j+HG6re0RYaHU8VOLT49W3sRtHEAC5BxZvK
vwX6Zf9RYyS4HnmX22VfHL0x5lfmFYERuYmwlUOnGn8GRv2iIo0HUcxMTtqP7N1n
AgMBAAGjggX/MIIF+zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIC7DAR
BglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFGAH2v2pCQwrsXchg8CYqbPE9rUd
MB8GA1UdIwQYMBaAFGAH2v2pCQwrsXchg8CYqbPE9rUdMIIFgwYTacnooqiNy+DH
x4nLwICqrteKGwSCBWoDggVmAJkBDQRVdJxZAQgAq78CJnAcaVWE7AOhuyPL6Prx
gwqj7fsqnJgneEd5lNthHNBzzBfpJnZrhrez60TQ+t3QwLeZQijOtSUReM1p+uv3
6w2xYmoVoKjDuM3IFh3cFJCmEr0IjI7Te82uENmw0s2rNyOWud6nxNX4ARhwjEAD
AAXBkGMXhg2iWG9EYtXxjGmRSc/NLXBobj96OyqyDfJfMB9rVt3DQxXQapkYK3aR
KGjm/TQC3k4jxJuuLQ4ozXdlD+Y/hxuq3tEWGh1PFTi0+PVt7EbRxAAuQcWbyr8F
+mX/UWMkuB55l9tlXxy9MeZX5hWBEbmJsJVDpxp/Bkb9oiKNB1HMTE7aj+zdZwAR
AQABtEF0ZXN0IDw0YmRkNGY5MjlmM2ExMDYyMjUzZTRlNDk2YmFmYmEwYmRmYjVk
Yjc1QHByaW1lLmtvbnRhbGsubmV0PokBHwQTAQIACQUCVXSj7AIbIQAKCRAbzoG4
O1XtxQSLB/43Aq4X591KRKK1xmwCgQFMHFuZH8cktPRi4MZc1BcwZmhjpK2OpB/i
oQFwpS/OH/bKw4JMdcfwuc6Y5GHSn5/D8NL5Ll+ZFEYPsWQjhNZqNXD19JJp53nP
giv85GWdo1xsZAegUIMkFKi5gIfw1z/XiXKiKbQ95aiN/gdEwU0SL16TZhMeDR8M
HcGH+Kf7iMGWGqxnJTozT1QOion0Lfc1zC3FNLAzHRaurH4qqd29VCGQA8cBy4UE
helXJRBVwY8Es1QJg6BMQPJjaFL5WHiagdz1OB9QzUNTzq04P77/P+v5vYmf71oy
3jH29AG/eTaDPmHTjvSdHj4FWRE9+aELuFIEVXScXxMIKoZIzj0DAQcCAwTbhR/+
kfv+5UeHXwZepCph9C9dV48O8yOfrjMo4Z/S+89x6R2uxFPEE/kkVXREwp2X+sYg
sUb6Mn733hT68NZIiQEfBBgBAgAJBQJVdKPtAhsCAAoJEBvOgbg7Ve3FUboIAKLU
QJrWjrpYrLEidegfTBoonO6clvWWUBTJcCMPI2QuyDPFhjIrlN9NxR1+dYCF/40K
KoaIMgIfIF1ziFjKx8J0Nmr5NEW4DDEfKyjk/UHFTxHaXe48lywBW83faZtzPyS9
+H9NADhYXKdHjfOGIWQGNEIXqi8FrvuJphVpaCbSsxKaxuXshcOzz6xFaVeohyOr
UQfooZlzXRCDA4wLG4Iey/4j+weLpCeWkiktZfTYE9pwGEobAomeJW1Blz2szN2r
MKoxMn77BjRavCfTMVMlBj1ykRpdPO2iBMVNS0wATtsCS/NuCJycXNjDdUm17WoF
AcbXC/il19ui6OtILPm4VgRVdJxcEggqhkjOPQMBBwIDBPw1BPM1BPHetE8crupf
i7NFm2gdJxxA9kaoJaT8vpbnvFOroUpOJMfwPKdsT2q/nb0/CmDlOxCmAS8V7R7E
74YDAQgHiQEfBBgBAgAJBQJVdKPuAhsEAAoJEBvOgbg7Ve3FYqAH/ja6h/TXhtTn
7YNjov+hDAvObpKP7R7eZFUlhAPfA9YoCZ2ChGOLCUgVOG4rCJ6qkqRZv28gBY4J
0lUfRwxtWJwAS5j3Hh4/dYD3zB8HSShFJUv6osEykP99bJETmpOcjXzSjx+BUvPB
CL3NPvGaRcDLZH0+j29Is0CsPAATdOoBQCjJxUZcDc95aoszK8QSLpWr0WUtEm2M
rVDqIMisI7JxyLbBRW8ndo1fzZEiYzkv3r/hmPXO3YBcIK4Bfu2R6dXbR+y7wx7V
3RWfJpmEchO3nPc4tEbRWAo2cV+HPshCNnZt6C5dV2HAjifaciRKPS/Jg+OXuFJ2
wKSXemasi0kwDQYJKoZIhvcNAQEFBQADggEBAAleNtzlAxwYnLNPEmPkqSbiEV+h
hvoAqHBiYIyXrtrOZzV9BgrKCORC1wDVCxjf9yf0P1HWxyoA7/4QV3OcpGvTLs5c
oSf6DgC/G+jRvXxxMuF0whb4lFOS8aqCCbqcCOW/FYpQVBcMiLBh1OyFc/XBOQ8i
L2l+0GPeGEax8QLUoPAx5QOEvMnHWqG1dj6svMqo4dIHyWsgXMY9j800s4OfQu1L
w7qs3ilNxpY+PydclHCXp36rpSLQH8yg0tQlKdkhYqbaDT+EkiIDOiW5YMYjCghi
SeljWWpqevqji00Mdv/VfAOZX/RYlnpScsAZjwO/GJyGx1T/9RdcRgnXWnE=
-----END CERTIFICATE-----

## ConvertPEM.java

import java.io.*;
import java.security.cert.*;

import org.bouncycastle.openssl.*;


public class ConvertPEM {

    public static void main(String[] args) throws Exception {
        // load certificate
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(new FileInputStream(args[0]));

        OutputStream certificateOS = new FileOutputStream("cert.converted.pem");
        PEMWriter certificateWriter = new PEMWriter(new OutputStreamWriter(certificateOS));
        certificateWriter.writeObject(certificate);
        certificateWriter.close();
    }
}

## load-certificate.c

#include <stdio.h>
#include <stdlib.h>

#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>

static BIO *fileToMemBuf(const char* filename) {
    FILE* f = fopen(filename, "rb");
    if (f != NULL) {
        fseek(f, 0, SEEK_END);
        long size = ftell(f);
        rewind(f);
        char* contents = malloc(size * (sizeof(char)) + 1);
        memset(contents, 0, size * (sizeof(char)) + 1);
        fread(contents, sizeof(char), size, f);
        fclose(f);

        BIO *result = BIO_new(BIO_s_mem());
        BIO_puts(result, contents);
        return result;
    }
    return NULL;
}


int main(int argc, char** argv)
{
    SSL_CTX* ssl_ctx;

    printf("Initializing OpenSSL\n");
    SSL_load_error_strings();
    ERR_load_crypto_strings();
    SSL_library_init();
    OpenSSL_add_all_algorithms();

    printf("Creating context\n");
    ssl_ctx = SSL_CTX_new(SSLv23_client_method());

    // Note: We explicitly do not allow SSLv2 to be used. It
    printf("Setting options\n");
    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);

    /* Java code in class OpenSSLSocketImpl does the verification. Meaning of
     * SSL_VERIFY_NONE flag in client mode: if not using an anonymous cipher
     * (by default disabled), the server will send a certificate which will
     * be checked. The result of the certificate verification process can be
     * checked after the TLS/SSL handshake using the SSL_get_verify_result(3)
     * function. The handshake will be continued regardless of the
     * verification result.
     */
    printf("Setting verify\n");
    SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);

    printf("Loading certificate data from: %s\n", argv[1]);
    BIO* certificatesbio = fileToMemBuf(argv[1]);

    printf("Certificate loaded: %p\n", certificatesbio);
    if (certificatesbio != NULL) {
        X509* certificatesx509 =
            PEM_read_bio_X509(certificatesbio, NULL, 0, NULL);
        BIO_free(certificatesbio);

        if (certificatesx509 == NULL) {
            printf("Error parsing the certificates\n");
            SSL_CTX_free(ssl_ctx);
            return;
        }

        int ret = SSL_CTX_use_certificate(ssl_ctx, certificatesx509);
        if (ret != 1) {
            printf("Error setting the certificates\n");
            X509_free(certificatesx509);
            SSL_CTX_free(ssl_ctx);
            return;
        }
    }

    SSL_CTX_free(ssl_ctx);

    return EXIT_SUCCESS;
}

## Makefile

PKG_CONFIG_PATH := /opt/ssltest/lib/pkgconfig

all: load-certificate ConvertPEM.class

ConvertPEM.class: ConvertPEM.java
	javac -cp /usr/share/java/\* $<

load-certificate: load-certificate.c
	$(CC) `pkg-config --libs --cflags openssl` -o $@ $<

run: all
	java -cp /usr/share/java/bcpkix.jar:. ConvertPEM cert.cer
	LD_LIBRARY_PATH=/opt/ssltest/lib ./load-certificate cert.pem
	-----BEGIN CERTIFICATE-----
	MIIJWDCCCECgAwIBAgIBATANBgkqhkiG9w0BAQUFADBuMSAwHgYDVQQKDBdPcGVu
	UEdQIHRvIFguNTA5IEJyaWRnZTFKMEgGA1UEAwxBdGVzdCA8NGJkZDRmOTI5ZjNh
	MTA2MjI1M2U0ZTQ5NmJhZmJhMGJkZmI1ZGI3NUBwcmltZS5rb250YWxrLm5ldD4w
	HhcNMTUwNjA3MTkzMjQxWhcNMTUwNjA3MTkzMjQxWjBuMSAwHgYDVQQKDBdPcGVu
	UEdQIHRvIFguNTA5IEJyaWRnZTFKMEgGA1UEAwxBdGVzdCA8NGJkZDRmOTI5ZjNh
	MTA2MjI1M2U0ZTQ5NmJhZmJhMGJkZmI1ZGI3NUBwcmltZS5rb250YWxrLm5ldD4w
	ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrvwImcBxpVYTsA6G7I8vo
	+vGDCqPt+yqcmCd4R3mU22Ec0HPMF+kmdmuGt7PrRND63dDAt5lCKM61JRF4zWn6
	6/frDbFiahWgqMO4zcgWHdwUkKYSvQiMjtN7za4Q2bDSzas3I5a53qfE1fgBGHCM
	QAMABcGQYxeGDaJYb0Ri1fGMaZFJz80tcGhuP3o7KrIN8l8wH2tW3cNDFdBqmRgr
	dpEoaOb9NALeTiPEm64tDijNd2UP5j+HG6re0RYaHU8VOLT49W3sRtHEAC5BxZvK
	vwX6Zf9RYyS4HnmX22VfHL0x5lfmFYERuYmwlUOnGn8GRv2iIo0HUcxMTtqP7N1n
	AgMBAAGjggX/MIIF+zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIC7DAR
	BglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFGAH2v2pCQwrsXchg8CYqbPE9rUd
	MB8GA1UdIwQYMBaAFGAH2v2pCQwrsXchg8CYqbPE9rUdMIIFgwYTacnooqiNy+DH
	x4nLwICqrteKGwSCBWoDggVmAJkBDQRVdJxZAQgAq78CJnAcaVWE7AOhuyPL6Prx
	gwqj7fsqnJgneEd5lNthHNBzzBfpJnZrhrez60TQ+t3QwLeZQijOtSUReM1p+uv3
	6w2xYmoVoKjDuM3IFh3cFJCmEr0IjI7Te82uENmw0s2rNyOWud6nxNX4ARhwjEAD
	AAXBkGMXhg2iWG9EYtXxjGmRSc/NLXBobj96OyqyDfJfMB9rVt3DQxXQapkYK3aR
	KGjm/TQC3k4jxJuuLQ4ozXdlD+Y/hxuq3tEWGh1PFTi0+PVt7EbRxAAuQcWbyr8F
	+mX/UWMkuB55l9tlXxy9MeZX5hWBEbmJsJVDpxp/Bkb9oiKNB1HMTE7aj+zdZwAR
	AQABtEF0ZXN0IDw0YmRkNGY5MjlmM2ExMDYyMjUzZTRlNDk2YmFmYmEwYmRmYjVk
	Yjc1QHByaW1lLmtvbnRhbGsubmV0PokBHwQTAQIACQUCVXSj7AIbIQAKCRAbzoG4
	O1XtxQSLB/43Aq4X591KRKK1xmwCgQFMHFuZH8cktPRi4MZc1BcwZmhjpK2OpB/i
	oQFwpS/OH/bKw4JMdcfwuc6Y5GHSn5/D8NL5Ll+ZFEYPsWQjhNZqNXD19JJp53nP
	giv85GWdo1xsZAegUIMkFKi5gIfw1z/XiXKiKbQ95aiN/gdEwU0SL16TZhMeDR8M
	HcGH+Kf7iMGWGqxnJTozT1QOion0Lfc1zC3FNLAzHRaurH4qqd29VCGQA8cBy4UE
	helXJRBVwY8Es1QJg6BMQPJjaFL5WHiagdz1OB9QzUNTzq04P77/P+v5vYmf71oy
	3jH29AG/eTaDPmHTjvSdHj4FWRE9+aELuFIEVXScXxMIKoZIzj0DAQcCAwTbhR/+
	kfv+5UeHXwZepCph9C9dV48O8yOfrjMo4Z/S+89x6R2uxFPEE/kkVXREwp2X+sYg
	sUb6Mn733hT68NZIiQEfBBgBAgAJBQJVdKPtAhsCAAoJEBvOgbg7Ve3FUboIAKLU
	QJrWjrpYrLEidegfTBoonO6clvWWUBTJcCMPI2QuyDPFhjIrlN9NxR1+dYCF/40K
	KoaIMgIfIF1ziFjKx8J0Nmr5NEW4DDEfKyjk/UHFTxHaXe48lywBW83faZtzPyS9
	+H9NADhYXKdHjfOGIWQGNEIXqi8FrvuJphVpaCbSsxKaxuXshcOzz6xFaVeohyOr
	UQfooZlzXRCDA4wLG4Iey/4j+weLpCeWkiktZfTYE9pwGEobAomeJW1Blz2szN2r
	MKoxMn77BjRavCfTMVMlBj1ykRpdPO2iBMVNS0wATtsCS/NuCJycXNjDdUm17WoF
	AcbXC/il19ui6OtILPm4VgRVdJxcEggqhkjOPQMBBwIDBPw1BPM1BPHetE8crupf
	i7NFm2gdJxxA9kaoJaT8vpbnvFOroUpOJMfwPKdsT2q/nb0/CmDlOxCmAS8V7R7E
	74YDAQgHiQEfBBgBAgAJBQJVdKPuAhsEAAoJEBvOgbg7Ve3FYqAH/ja6h/TXhtTn
	7YNjov+hDAvObpKP7R7eZFUlhAPfA9YoCZ2ChGOLCUgVOG4rCJ6qkqRZv28gBY4J
	0lUfRwxtWJwAS5j3Hh4/dYD3zB8HSShFJUv6osEykP99bJETmpOcjXzSjx+BUvPB
	CL3NPvGaRcDLZH0+j29Is0CsPAATdOoBQCjJxUZcDc95aoszK8QSLpWr0WUtEm2M
	rVDqIMisI7JxyLbBRW8ndo1fzZEiYzkv3r/hmPXO3YBcIK4Bfu2R6dXbR+y7wx7V
	3RWfJpmEchO3nPc4tEbRWAo2cV+HPshCNnZt6C5dV2HAjifaciRKPS/Jg+OXuFJ2
	wKSXemasi0kwDQYJKoZIhvcNAQEFBQADggEBAAleNtzlAxwYnLNPEmPkqSbiEV+h
	hvoAqHBiYIyXrtrOZzV9BgrKCORC1wDVCxjf9yf0P1HWxyoA7/4QV3OcpGvTLs5c
	oSf6DgC/G+jRvXxxMuF0whb4lFOS8aqCCbqcCOW/FYpQVBcMiLBh1OyFc/XBOQ8i
	L2l+0GPeGEax8QLUoPAx5QOEvMnHWqG1dj6svMqo4dIHyWsgXMY9j800s4OfQu1L
	w7qs3ilNxpY+PydclHCXp36rpSLQH8yg0tQlKdkhYqbaDT+EkiIDOiW5YMYjCghi
	SeljWWpqevqji00Mdv/VfAOZX/RYlnpScsAZjwO/GJyGx1T/9RdcRgnXWnE=
	-----END CERTIFICATE-----

	import java.io.*;
	import java.security.cert.*;

	import org.bouncycastle.openssl.*;


	public class ConvertPEM {

	public static void main(String[] args) throws Exception {
	// load certificate
	CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
	X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(new FileInputStream(args[0]));

	OutputStream certificateOS = new FileOutputStream("cert.converted.pem");
	PEMWriter certificateWriter = new PEMWriter(new OutputStreamWriter(certificateOS));
	certificateWriter.writeObject(certificate);
	certificateWriter.close();
	}
	}

	#include <stdio.h>
	#include <stdlib.h>

	#include <openssl/err.h>
	#include <openssl/rand.h>
	#include <openssl/ssl.h>

	static BIO fileToMemBuf(const char filename) {
	FILE* f = fopen(filename, "rb");
	if (f != NULL) {
	fseek(f, 0, SEEK_END);
	long size = ftell(f);
	rewind(f);
	char* contents = malloc(size * (sizeof(char)) + 1);
	memset(contents, 0, size * (sizeof(char)) + 1);
	fread(contents, sizeof(char), size, f);
	fclose(f);

	BIO *result = BIO_new(BIO_s_mem());
	BIO_puts(result, contents);
	return result;
	}
	return NULL;
	}


	int main(int argc, char** argv)
	{
	SSL_CTX* ssl_ctx;

	printf("Initializing OpenSSL\n");
	SSL_load_error_strings();
	ERR_load_crypto_strings();
	SSL_library_init();
	OpenSSL_add_all_algorithms();

	printf("Creating context\n");
	ssl_ctx = SSL_CTX_new(SSLv23_client_method());

	// Note: We explicitly do not allow SSLv2 to be used. It
	printf("Setting options\n");
	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL \| SSL_OP_NO_SSLv2);

	/* Java code in class OpenSSLSocketImpl does the verification. Meaning of
	* SSL_VERIFY_NONE flag in client mode: if not using an anonymous cipher
	* (by default disabled), the server will send a certificate which will
	* be checked. The result of the certificate verification process can be
	* checked after the TLS/SSL handshake using the SSL_get_verify_result(3)
	* function. The handshake will be continued regardless of the
	* verification result.
	*/
	printf("Setting verify\n");
	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);

	printf("Loading certificate data from: %s\n", argv[1]);
	BIO* certificatesbio = fileToMemBuf(argv[1]);

	printf("Certificate loaded: %p\n", certificatesbio);
	if (certificatesbio != NULL) {
	X509* certificatesx509 =
	PEM_read_bio_X509(certificatesbio, NULL, 0, NULL);
	BIO_free(certificatesbio);

	if (certificatesx509 == NULL) {
	printf("Error parsing the certificates\n");
	SSL_CTX_free(ssl_ctx);
	return;
	}

	int ret = SSL_CTX_use_certificate(ssl_ctx, certificatesx509);
	if (ret != 1) {
	printf("Error setting the certificates\n");
	X509_free(certificatesx509);
	SSL_CTX_free(ssl_ctx);
	return;
	}
	}

	SSL_CTX_free(ssl_ctx);

	return EXIT_SUCCESS;
	}

	PKG_CONFIG_PATH := /opt/ssltest/lib/pkgconfig

	all: load-certificate ConvertPEM.class

	ConvertPEM.class: ConvertPEM.java
	javac -cp /usr/share/java/\* $<

	load-certificate: load-certificate.c
	$(CC) `pkg-config --libs --cflags openssl` -o $@ $<

	run: all
	java -cp /usr/share/java/bcpkix.jar:. ConvertPEM cert.cer
	LD_LIBRARY_PATH=/opt/ssltest/lib ./load-certificate cert.pem