Context Navigation

source: creddy/attribute.c @ aa33ad9

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since aa33ad9 was aa33ad9, checked in by Mike Ryan <mikeryan@…>, 14 years ago
pull out attribute object
Property mode set to `100644`
File size: 3.2 KB

Rev	Line
[01044ac]	1	#define GNU_SOURCE
[085f159]	2
[aa33ad9]	3	#include <err.h>
[01044ac]	4	#include <termios.h>
	5
[aa33ad9]	6	#include <credentials/keys/private_key.h>
	7
	8	#include "creddy.h"
	9	#include "libcreddy.h"
[01044ac]	10
[085f159]	11	void attribute_main(options_t *opts) {
[002b25a]	12	int i, ret, role_len = 1;
[ee5afdd]	13
[085f159]	14	if (
	15	opts->issuer == NULL \|\|
	16	opts->key == NULL \|\|
	17	opts->role == NULL \|\|
	18	opts->out == NULL
	19	)
	20	usage(opts);
	21
[ee5afdd]	22
[aa33ad9]	23	// issuer
	24	creddy_id_t *issuer = creddy_id_from_file(opts->issuer);
	25	if (issuer == NULL)
	26	errx(1, "Can't load cert from %s", opts->issuer);
[980a7b6]	27
[aa33ad9]	28	// private key
	29	ret = creddy_id_load_privkey(issuer, opts->key);
	30	if (!ret)
	31	errx(1, "Can't load private key from %s", opts->key);
[980a7b6]	32
[aa33ad9]	33	creddy_attribute_t *attr = NULL;
	34	ret = creddy_attribute_create(&attr, issuer, opts->role, opts->validity);
	35	if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY)
	36	abort(); // should never happen
	37	if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE)
	38	errx(1, "Invalid role name: %s", opts->role);
	39	if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY)
	40	errx(1, "Invalid validity: must be >= 1 day");
[ee5afdd]	41
[aa33ad9]	42	for (i = 0; i < opts->num_subjects; ++i) {
	43	subject_t *cur = &opts->subjects[i];
[ee5afdd]	44
[aa33ad9]	45	// if we have a cert we need to get its ID
	46	if (cur->cert) {
[002b25a]	47	creddy_id_t *subject = creddy_id_from_file(cur->cert);
	48	if (subject == NULL)
	49	errx(1, "Can't load subject cert from %s", cur->cert);
	50	cur->id = xstrdup(creddy_id_keyid(subject));
	51	creddy_id_free(subject);
[ee5afdd]	52	}
	53
[aa33ad9]	54	// just a principal, add it
	55	if (!cur->role) {
	56	ret = creddy_attribute_principal(attr, cur->id);
	57	if (!ret)
	58	errx(1, "Invalid principal: %s", cur->id);
	59	}
[085f159]	60
[aa33ad9]	61	// either role or linking role
	62	else {
[980a7b6]	63	char *role = cur->role;
	64	char *start[3];
	65	int name_parts = 0, j;
[085f159]	66
[980a7b6]	67	start[name_parts++] = role;
[085f159]	68
[aa33ad9]	69	// split the role string up into name parts (turn . into \0)
[980a7b6]	70	for (j = 0; role[j] != '\0'; ++j)
	71	if (role[j] == '.') {
	72	if (name_parts == 3) {
	73	printf("bad subject role name (too many dots)\n");
	74	usage(opts);
	75	}
	76	start[name_parts++] = &role[j+1];
	77	role[j] = 0;
	78	}
	79
[aa33ad9]	80	// role
	81	if (name_parts == 1) {
	82	ret = creddy_attribute_role(attr, cur->id, start[0]);
	83	if (!ret)
	84	errx(1, "Invalid role: %s.%s", cur->id, start[0]);
	85	}
[085f159]	86
[aa33ad9]	87	// linking role
	88	else {
	89	ret = creddy_attribute_linking_role(attr, cur->id, start[0], start[1]);
	90	if (!ret)
	91	errx(1, "Invalid linking role: %s.%s.%s", cur->id, start[0], start[1]);
	92	}
[980a7b6]	93	}
[085f159]	94	}
	95
[aa33ad9]	96	ret = creddy_attribute_bake(attr);
[002b25a]	97	if (!ret)
[aa33ad9]	98	errx(1, "Couldn't bake attribute cert");
[085f159]	99
	100	FILE *out = fopen(opts->out, "w");
	101	if (out == NULL)
[aa33ad9]	102	err(1, "Couldn't open attr cert file %s for writing", opts->out);
	103
	104	creddy_attribute_write(attr, out);
	105
[085f159]	106	fclose(out);
	107
[aa33ad9]	108	creddy_attribute_free(attr);
[085f159]	109	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: