Context Navigation

source: creddy/attribute.c @ 8f58012

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 8f58012 was 00d21a1, checked in by Mike Ryan <mikeryan@…>, 13 years ago

finer granularity over validity periods

API: ID and attr certs take seconds for validity period
command line: validity option takes a suffix for time period

fixes #20

this is an API-breaking change, so a bump to 0.2.0 is necessary

Property mode set to 100644

File size: 3.2 KB

Rev	Line
[01044ac]	1	#define GNU_SOURCE
[085f159]	2
[aa33ad9]	3	#include <err.h>
[01044ac]	4	#include <termios.h>
	5
[aa33ad9]	6	#include <credentials/keys/private_key.h>
	7
[04f5da1]	8	#include <creddy.h>
	9
	10	#include "creddy_common.h"
[01044ac]	11
[085f159]	12	void attribute_main(options_t *opts) {
[002b25a]	13	int i, ret, role_len = 1;
[ee5afdd]	14
[085f159]	15	if (
	16	opts->issuer == NULL \|\|
	17	opts->key == NULL \|\|
	18	opts->role == NULL \|\|
	19	opts->out == NULL
	20	)
	21	usage(opts);
	22
[ee5afdd]	23
[aa33ad9]	24	// issuer
	25	creddy_id_t *issuer = creddy_id_from_file(opts->issuer);
	26	if (issuer == NULL)
	27	errx(1, "Can't load cert from %s", opts->issuer);
[980a7b6]	28
[aa33ad9]	29	// private key
	30	ret = creddy_id_load_privkey(issuer, opts->key);
	31	if (!ret)
	32	errx(1, "Can't load private key from %s", opts->key);
[980a7b6]	33
[aa33ad9]	34	creddy_attribute_t *attr = NULL;
	35	ret = creddy_attribute_create(&attr, issuer, opts->role, opts->validity);
	36	if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY)
	37	abort(); // should never happen
	38	if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE)
	39	errx(1, "Invalid role name: %s", opts->role);
	40	if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY)
[00d21a1]	41	errx(1, "Invalid validity: must be >= 1 second");
[ee5afdd]	42
[aa33ad9]	43	for (i = 0; i < opts->num_subjects; ++i) {
	44	subject_t *cur = &opts->subjects[i];
[ee5afdd]	45
[aa33ad9]	46	// if we have a cert we need to get its ID
	47	if (cur->cert) {
[002b25a]	48	creddy_id_t *subject = creddy_id_from_file(cur->cert);
	49	if (subject == NULL)
	50	errx(1, "Can't load subject cert from %s", cur->cert);
	51	cur->id = xstrdup(creddy_id_keyid(subject));
	52	creddy_id_free(subject);
[ee5afdd]	53	}
	54
[aa33ad9]	55	// just a principal, add it
	56	if (!cur->role) {
	57	ret = creddy_attribute_principal(attr, cur->id);
	58	if (!ret)
	59	errx(1, "Invalid principal: %s", cur->id);
	60	}
[085f159]	61
[aa33ad9]	62	// either role or linking role
	63	else {
[980a7b6]	64	char *role = cur->role;
	65	char *start[3];
	66	int name_parts = 0, j;
[085f159]	67
[980a7b6]	68	start[name_parts++] = role;
[085f159]	69
[aa33ad9]	70	// split the role string up into name parts (turn . into \0)
[980a7b6]	71	for (j = 0; role[j] != '\0'; ++j)
	72	if (role[j] == '.') {
	73	if (name_parts == 3) {
	74	printf("bad subject role name (too many dots)\n");
	75	usage(opts);
	76	}
	77	start[name_parts++] = &role[j+1];
	78	role[j] = 0;
	79	}
	80
[aa33ad9]	81	// role
	82	if (name_parts == 1) {
	83	ret = creddy_attribute_role(attr, cur->id, start[0]);
	84	if (!ret)
	85	errx(1, "Invalid role: %s.%s", cur->id, start[0]);
	86	}
[085f159]	87
[aa33ad9]	88	// linking role
	89	else {
	90	ret = creddy_attribute_linking_role(attr, cur->id, start[0], start[1]);
	91	if (!ret)
	92	errx(1, "Invalid linking role: %s.%s.%s", cur->id, start[0], start[1]);
	93	}
[980a7b6]	94	}
[085f159]	95	}
	96
[aa33ad9]	97	ret = creddy_attribute_bake(attr);
[002b25a]	98	if (!ret)
[aa33ad9]	99	errx(1, "Couldn't bake attribute cert");
[085f159]	100
	101	FILE *out = fopen(opts->out, "w");
	102	if (out == NULL)
[aa33ad9]	103	err(1, "Couldn't open attr cert file %s for writing", opts->out);
	104
	105	creddy_attribute_write(attr, out);
	106
[085f159]	107	fclose(out);
	108
[aa33ad9]	109	creddy_attribute_free(attr);
[085f159]	110	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: creddy/attribute.c @ 8f58012

Download in other formats: