/* This example code is placed in the public domain. */

#ifdef HAVE_CONFIG_H

#include <config.h>

#endif

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <gnutls/gnutls.h>

#include <gnutls/x509.h>

#include <gnutls/abstract.h>

#include <time.h>

/* This example will generate a private key and a certificate

 * request.

 */

int main(void)

{

        gnutls_x509_crq_t crq;

        gnutls_x509_privkey_t key;

        unsigned char buffer[10 * 1024];

        size_t buffer_size = sizeof(buffer);

        unsigned int bits;

        gnutls_global_init();

        /* Initialize an empty certificate request, and

         * an empty private key.

         */

        gnutls_x509_crq_init(&crq;;

        gnutls_x509_privkey_init(&key);

        /* Generate an RSA key of moderate security.

         */

        bits =

            gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA,

                                        GNUTLS_SEC_PARAM_MEDIUM);

        gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0);

        /* Add stuff to the distinguished name

         */

        gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME,

                                      0, "GR", 2);

        gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME,

                                      0, "Nikos", strlen("Nikos"));

        /* Set the request version.

         */

        gnutls_x509_crq_set_version(crq, 1);

        /* Set a challenge password.

         */

        gnutls_x509_crq_set_challenge_password(crq,

                                               "something to remember here");

        /* Associate the request with the private key

         */

        gnutls_x509_crq_set_key(crq, key);

        /* Self sign the certificate request.

         */

        gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0);

        /* Export the PEM encoded certificate request, and

         * display it.

         */

        gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer,

                               &buffer_size);

        printf("Certificate Request: \n%s", buffer);

        /* Export the PEM encoded private key, and

         * display it.

         */

        buffer_size = sizeof(buffer);

        gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer,

                                   &buffer_size);

        printf("\n\nPrivate key: \n%s", buffer);

        gnutls_x509_crq_deinit(crq);

        gnutls_x509_privkey_deinit(key);

        return 0;

}