Context Navigation

source: creddy/creddy.c @ 085f159

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 085f159 was 085f159, checked in by Mike Ryan <mikeryan@…>, 14 years ago
creddy attribute cert generator
Property mode set to `100644`
File size: 6.2 KB

Line
1	#include <assert.h>
2	#include <getopt.h>
3	#include <stdio.h>
4	#include <stdlib.h>
5	#include <string.h>
6
7	#include "creddy.h"
8
9	#define OPT_CN 1
10	#define OPT_VALIDITY 2
11	#define OPT_CERT 3
12	#define OPT_ISSUER 4
13	#define OPT_KEY 5
14	#define OPT_ROLE 6
15	#define OPT_SUBJECT 7
16	#define OPT_SUBJECT_ROLE 8
17	#define OPT_OUT 9 // the world oughta be opt-in only :(
18
19	int main(int argc, char **argv) {
20	int ret;
21	options_t options = { 0, };
22
23	struct option getopts[] = {
24	{ "help", 0, &options.help, 1 },
25	{ "generate", 0, &options.mode, MODE_GENERATE },
26	{ "verify", 0, &options.mode, MODE_VERIFY },
27	{ "keyid", 0, &options.mode, MODE_KEYID },
28	{ "attribute", 0, &options.mode, MODE_ATTRIBUTE },
29	{ "roles", 0, &options.mode, MODE_ROLES },
30
31	{ "cert", 1, 0, OPT_CERT },
32
33	// generate options
34	{ "cn", 1, 0, OPT_CN },
35	{ "validity", 1, 0, OPT_VALIDITY },
36
37	// attribute options
38	{ "issuer", 1, 0, OPT_ISSUER },
39	{ "key", 1, 0, OPT_KEY },
40	{ "role", 1, 0, OPT_ROLE },
41	{ "subject", 1, 0, OPT_SUBJECT },
42	{ "subject_role", 1, 0, OPT_SUBJECT_ROLE },
43	{ "out", 1, 0, OPT_OUT },
44
45	{ NULL },
46	};
47
48	for ( ; ; ) {
49	int c = getopt_long(argc, argv, "", getopts, NULL);
50	if (c < 0)
51	break;
52
53	switch (c) {
54	// set the option from the value in the getopts struct
55	case 0:
56	continue;
57
58	case OPT_CERT:
59	options.cert = xstrdup(optarg);
60	break;
61
62	// generate options
63	case OPT_CN:
64	options.cn = xstrdup(optarg);
65	break;
66	case OPT_VALIDITY: // also an attribute option
67	options.validity = atoi(optarg);
68	break;
69
70	// attribute options
71	case OPT_ISSUER:
72	options.issuer = xstrdup(optarg);
73	break;
74	case OPT_KEY:
75	options.key = xstrdup(optarg);
76	break;
77	case OPT_ROLE:
78	options.role = xstrdup(optarg);
79	break;
80	case OPT_SUBJECT:
81	options.subject = xstrdup(optarg);
82	break;
83	case OPT_SUBJECT_ROLE:
84	options.subject_role = xstrdup(optarg);
85	break;
86	case OPT_OUT:
87	options.out = xstrdup(optarg);
88	break;
89
90	case '?':
91	break;
92
93	default:
94	printf("wat\n");
95	return 45;
96	}
97	}
98
99	if (options.help \|\| optind < argc) {
100	if (optind > 0 && optind < argc)
101	printf("I don't understand %s\n", argv[optind]);
102	usage(&options);
103	}
104
105	// init libstrongswan
106	atexit(library_deinit);
107	dbg_default_set_level(-1);
108	ret = library_init(NULL);
109	if (!ret)
110	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
111	ret = lib->plugins->load(
112	lib->plugins,
113	NULL,
114	lib->settings->get_str(lib->settings, "", PLUGINS)
115	);
116	if (!ret)
117	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
118
119	switch (options.mode) {
120	case MODE_GENERATE:
121	if (options.validity == 0) options.validity = 1080;
122	generate_main(&options);
123	break;
124
125	case MODE_KEYID:
126	keyid_main(&options);
127	break;
128
129	case MODE_ATTRIBUTE:
130	if (options.validity == 0) options.validity = 365;
131	attribute_main(&options);
132	break;
133
134	default:
135	usage(&options);
136	}
137
138	return 0;
139	}
140
141	void usage(options_t *opts) {
142	if (opts->mode == MODE_GENERATE)
143	printf(
144	"Usage: creddy --generate --cn <name> [ --validity <day> ]\n"
145	" cert will be in ${name}_ID.der, private key in ${name}_private.der\n"
146	" default validity: 1080 days\n"
147	);
148
149	else if (opts->mode == MODE_VERIFY)
150	printf(
151	"Usage: identity --verify --cert <cert> [ --attrcert <cert> ]\n"
152	" if attrcert is provided, verify that it was issued by cert\n"
153	);
154
155	else if (opts->mode == MODE_KEYID)
156	printf(
157	"Usage: identity --keyid --cert <cert>\n"
158	);
159
160	else if (opts->mode == MODE_ATTRIBUTE)
161	printf(
162	"Usage: identity --attribute \\\n"
163	" --issuer <cert> --key <key> --role <role> \\\n"
164	" --subject <cert> [ --subject-role <role> ] \\\n"
165	" [ --validity <days> ] --out <file>\n"
166	" default validity: 365 days\n"
167	);
168
169	else if (opts->mode == MODE_ROLES)
170	printf(
171	"Usage: identity --roles --cert <cert>\n"
172	);
173
174	else
175	printf(
176	"Usage: creddy [--<mode>] [--help]\n"
177	" --generate: generate X.509 identity cert and private key\n"
178	" --verify: check validity of X.509 ID or attribute cert\n"
179	" --keyid: get fingerprint from X.509 ID cert\n"
180	" --attribute: generate an X.509 attribute cert\n"
181	" --roles: list roles from an X.509 attribute cert\n"
182	);
183
184
185	exit(1);
186	}
187
188	void *xmalloc(size_t len) {
189	void *ret = malloc(len);
190	if (ret == NULL)
191	err(1, "couldn't malloc %d bytes\n", len);
192	return ret;
193	}
194
195	char xstrdup(char string) {
196	char *dup = strdup(string);
197	if (dup == NULL)
198	err(1, "Can't dup %s", string);
199	return dup;
200	}
201
202	int clean_name(char *string) {
203	int i;
204
205	assert(string != NULL);
206
207	// must start with a letter
208	if (!isalpha(string[0]))
209	return 0;
210
211	// rest must be alphanumeric or _
212	for (i = 1; string[i] != '\0'; ++i)
213	if (!isalnum(string[i]) && string[i] != '_')
214	return 0;
215
216	return 1;
217	}
218
219	// load an ID cert from file
220	certificate_t cert_from_file(char filename) {
221	certificate_t *cert = lib->creds->create(lib->creds,
222	CRED_CERTIFICATE, CERT_X509,
223	BUILD_FROM_FILE, filename,
224	BUILD_X509_FLAG, X509_AA,
225	BUILD_END
226	);
227
228	if (cert == NULL)
229	errx(1, "Can't open cert from %s", filename);
230
231	return cert;
232	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: