[01044ac] | 1 | #define GNU_SOURCE |
---|
[085f159] | 2 | |
---|
[aa33ad9] | 3 | #include <err.h> |
---|
[01044ac] | 4 | #include <termios.h> |
---|
| 5 | |
---|
[aa33ad9] | 6 | #include <credentials/keys/private_key.h> |
---|
| 7 | |
---|
| 8 | #include "creddy.h" |
---|
| 9 | #include "libcreddy.h" |
---|
[01044ac] | 10 | |
---|
[085f159] | 11 | void attribute_main(options_t *opts) { |
---|
[002b25a] | 12 | int i, ret, role_len = 1; |
---|
[ee5afdd] | 13 | |
---|
[085f159] | 14 | if ( |
---|
| 15 | opts->issuer == NULL || |
---|
| 16 | opts->key == NULL || |
---|
| 17 | opts->role == NULL || |
---|
| 18 | opts->out == NULL |
---|
| 19 | ) |
---|
| 20 | usage(opts); |
---|
| 21 | |
---|
[ee5afdd] | 22 | |
---|
[aa33ad9] | 23 | // issuer |
---|
| 24 | creddy_id_t *issuer = creddy_id_from_file(opts->issuer); |
---|
| 25 | if (issuer == NULL) |
---|
| 26 | errx(1, "Can't load cert from %s", opts->issuer); |
---|
[980a7b6] | 27 | |
---|
[aa33ad9] | 28 | // private key |
---|
| 29 | ret = creddy_id_load_privkey(issuer, opts->key); |
---|
| 30 | if (!ret) |
---|
| 31 | errx(1, "Can't load private key from %s", opts->key); |
---|
[980a7b6] | 32 | |
---|
[aa33ad9] | 33 | creddy_attribute_t *attr = NULL; |
---|
| 34 | ret = creddy_attribute_create(&attr, issuer, opts->role, opts->validity); |
---|
| 35 | if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY) |
---|
| 36 | abort(); // should never happen |
---|
| 37 | if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE) |
---|
| 38 | errx(1, "Invalid role name: %s", opts->role); |
---|
| 39 | if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY) |
---|
| 40 | errx(1, "Invalid validity: must be >= 1 day"); |
---|
[ee5afdd] | 41 | |
---|
[aa33ad9] | 42 | for (i = 0; i < opts->num_subjects; ++i) { |
---|
| 43 | subject_t *cur = &opts->subjects[i]; |
---|
[ee5afdd] | 44 | |
---|
[aa33ad9] | 45 | // if we have a cert we need to get its ID |
---|
| 46 | if (cur->cert) { |
---|
[002b25a] | 47 | creddy_id_t *subject = creddy_id_from_file(cur->cert); |
---|
| 48 | if (subject == NULL) |
---|
| 49 | errx(1, "Can't load subject cert from %s", cur->cert); |
---|
| 50 | cur->id = xstrdup(creddy_id_keyid(subject)); |
---|
| 51 | creddy_id_free(subject); |
---|
[ee5afdd] | 52 | } |
---|
| 53 | |
---|
[aa33ad9] | 54 | // just a principal, add it |
---|
| 55 | if (!cur->role) { |
---|
| 56 | ret = creddy_attribute_principal(attr, cur->id); |
---|
| 57 | if (!ret) |
---|
| 58 | errx(1, "Invalid principal: %s", cur->id); |
---|
| 59 | } |
---|
[085f159] | 60 | |
---|
[aa33ad9] | 61 | // either role or linking role |
---|
| 62 | else { |
---|
[980a7b6] | 63 | char *role = cur->role; |
---|
| 64 | char *start[3]; |
---|
| 65 | int name_parts = 0, j; |
---|
[085f159] | 66 | |
---|
[980a7b6] | 67 | start[name_parts++] = role; |
---|
[085f159] | 68 | |
---|
[aa33ad9] | 69 | // split the role string up into name parts (turn . into \0) |
---|
[980a7b6] | 70 | for (j = 0; role[j] != '\0'; ++j) |
---|
| 71 | if (role[j] == '.') { |
---|
| 72 | if (name_parts == 3) { |
---|
| 73 | printf("bad subject role name (too many dots)\n"); |
---|
| 74 | usage(opts); |
---|
| 75 | } |
---|
| 76 | start[name_parts++] = &role[j+1]; |
---|
| 77 | role[j] = 0; |
---|
| 78 | } |
---|
| 79 | |
---|
[aa33ad9] | 80 | // role |
---|
| 81 | if (name_parts == 1) { |
---|
| 82 | ret = creddy_attribute_role(attr, cur->id, start[0]); |
---|
| 83 | if (!ret) |
---|
| 84 | errx(1, "Invalid role: %s.%s", cur->id, start[0]); |
---|
| 85 | } |
---|
[085f159] | 86 | |
---|
[aa33ad9] | 87 | // linking role |
---|
| 88 | else { |
---|
| 89 | ret = creddy_attribute_linking_role(attr, cur->id, start[0], start[1]); |
---|
| 90 | if (!ret) |
---|
| 91 | errx(1, "Invalid linking role: %s.%s.%s", cur->id, start[0], start[1]); |
---|
| 92 | } |
---|
[980a7b6] | 93 | } |
---|
[085f159] | 94 | } |
---|
| 95 | |
---|
[aa33ad9] | 96 | ret = creddy_attribute_bake(attr); |
---|
[002b25a] | 97 | if (!ret) |
---|
[aa33ad9] | 98 | errx(1, "Couldn't bake attribute cert"); |
---|
[085f159] | 99 | |
---|
| 100 | FILE *out = fopen(opts->out, "w"); |
---|
| 101 | if (out == NULL) |
---|
[aa33ad9] | 102 | err(1, "Couldn't open attr cert file %s for writing", opts->out); |
---|
| 103 | |
---|
| 104 | creddy_attribute_write(attr, out); |
---|
| 105 | |
---|
[085f159] | 106 | fclose(out); |
---|
| 107 | |
---|
[aa33ad9] | 108 | creddy_attribute_free(attr); |
---|
[085f159] | 109 | } |
---|