[01044ac] | 1 | #define GNU_SOURCE |
---|
[085f159] | 2 | |
---|
[aa33ad9] | 3 | #include <err.h> |
---|
[01044ac] | 4 | #include <termios.h> |
---|
| 5 | |
---|
[aa33ad9] | 6 | #include <credentials/keys/private_key.h> |
---|
| 7 | |
---|
[04f5da1] | 8 | #include <creddy.h> |
---|
| 9 | |
---|
| 10 | #include "creddy_common.h" |
---|
[01044ac] | 11 | |
---|
[085f159] | 12 | void attribute_main(options_t *opts) { |
---|
[002b25a] | 13 | int i, ret, role_len = 1; |
---|
[ee5afdd] | 14 | |
---|
[085f159] | 15 | if ( |
---|
| 16 | opts->issuer == NULL || |
---|
| 17 | opts->key == NULL || |
---|
| 18 | opts->role == NULL || |
---|
| 19 | opts->out == NULL |
---|
| 20 | ) |
---|
| 21 | usage(opts); |
---|
| 22 | |
---|
[ee5afdd] | 23 | |
---|
[aa33ad9] | 24 | // issuer |
---|
| 25 | creddy_id_t *issuer = creddy_id_from_file(opts->issuer); |
---|
| 26 | if (issuer == NULL) |
---|
| 27 | errx(1, "Can't load cert from %s", opts->issuer); |
---|
[980a7b6] | 28 | |
---|
[aa33ad9] | 29 | // private key |
---|
| 30 | ret = creddy_id_load_privkey(issuer, opts->key); |
---|
| 31 | if (!ret) |
---|
| 32 | errx(1, "Can't load private key from %s", opts->key); |
---|
[980a7b6] | 33 | |
---|
[aa33ad9] | 34 | creddy_attribute_t *attr = NULL; |
---|
| 35 | ret = creddy_attribute_create(&attr, issuer, opts->role, opts->validity); |
---|
| 36 | if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY) |
---|
| 37 | abort(); // should never happen |
---|
| 38 | if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE) |
---|
| 39 | errx(1, "Invalid role name: %s", opts->role); |
---|
| 40 | if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY) |
---|
| 41 | errx(1, "Invalid validity: must be >= 1 day"); |
---|
[ee5afdd] | 42 | |
---|
[aa33ad9] | 43 | for (i = 0; i < opts->num_subjects; ++i) { |
---|
| 44 | subject_t *cur = &opts->subjects[i]; |
---|
[ee5afdd] | 45 | |
---|
[aa33ad9] | 46 | // if we have a cert we need to get its ID |
---|
| 47 | if (cur->cert) { |
---|
[002b25a] | 48 | creddy_id_t *subject = creddy_id_from_file(cur->cert); |
---|
| 49 | if (subject == NULL) |
---|
| 50 | errx(1, "Can't load subject cert from %s", cur->cert); |
---|
| 51 | cur->id = xstrdup(creddy_id_keyid(subject)); |
---|
| 52 | creddy_id_free(subject); |
---|
[ee5afdd] | 53 | } |
---|
| 54 | |
---|
[aa33ad9] | 55 | // just a principal, add it |
---|
| 56 | if (!cur->role) { |
---|
| 57 | ret = creddy_attribute_principal(attr, cur->id); |
---|
| 58 | if (!ret) |
---|
| 59 | errx(1, "Invalid principal: %s", cur->id); |
---|
| 60 | } |
---|
[085f159] | 61 | |
---|
[aa33ad9] | 62 | // either role or linking role |
---|
| 63 | else { |
---|
[980a7b6] | 64 | char *role = cur->role; |
---|
| 65 | char *start[3]; |
---|
| 66 | int name_parts = 0, j; |
---|
[085f159] | 67 | |
---|
[980a7b6] | 68 | start[name_parts++] = role; |
---|
[085f159] | 69 | |
---|
[aa33ad9] | 70 | // split the role string up into name parts (turn . into \0) |
---|
[980a7b6] | 71 | for (j = 0; role[j] != '\0'; ++j) |
---|
| 72 | if (role[j] == '.') { |
---|
| 73 | if (name_parts == 3) { |
---|
| 74 | printf("bad subject role name (too many dots)\n"); |
---|
| 75 | usage(opts); |
---|
| 76 | } |
---|
| 77 | start[name_parts++] = &role[j+1]; |
---|
| 78 | role[j] = 0; |
---|
| 79 | } |
---|
| 80 | |
---|
[aa33ad9] | 81 | // role |
---|
| 82 | if (name_parts == 1) { |
---|
| 83 | ret = creddy_attribute_role(attr, cur->id, start[0]); |
---|
| 84 | if (!ret) |
---|
| 85 | errx(1, "Invalid role: %s.%s", cur->id, start[0]); |
---|
| 86 | } |
---|
[085f159] | 87 | |
---|
[aa33ad9] | 88 | // linking role |
---|
| 89 | else { |
---|
| 90 | ret = creddy_attribute_linking_role(attr, cur->id, start[0], start[1]); |
---|
| 91 | if (!ret) |
---|
| 92 | errx(1, "Invalid linking role: %s.%s.%s", cur->id, start[0], start[1]); |
---|
| 93 | } |
---|
[980a7b6] | 94 | } |
---|
[085f159] | 95 | } |
---|
| 96 | |
---|
[aa33ad9] | 97 | ret = creddy_attribute_bake(attr); |
---|
[002b25a] | 98 | if (!ret) |
---|
[aa33ad9] | 99 | errx(1, "Couldn't bake attribute cert"); |
---|
[085f159] | 100 | |
---|
| 101 | FILE *out = fopen(opts->out, "w"); |
---|
| 102 | if (out == NULL) |
---|
[aa33ad9] | 103 | err(1, "Couldn't open attr cert file %s for writing", opts->out); |
---|
| 104 | |
---|
| 105 | creddy_attribute_write(attr, out); |
---|
| 106 | |
---|
[085f159] | 107 | fclose(out); |
---|
| 108 | |
---|
[aa33ad9] | 109 | creddy_attribute_free(attr); |
---|
[085f159] | 110 | } |
---|