Context Navigation

source: creddy/creddy.c @ 3ba7805

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 3ba7805 was 19be896, checked in by Mike Ryan <mikeryan@…>, 14 years ago
version everything to 0.1.0
Property mode set to `100644`
File size: 7.5 KB

Line
1	#include <assert.h>
2	#include <getopt.h>
3	#include <stdio.h>
4	#include <stdlib.h>
5	#include <string.h>
6
7	#include "creddy.h"
8
9	#define OPT_CN 1
10	#define OPT_VALIDITY 2
11	#define OPT_CERT 3
12	#define OPT_ISSUER 4
13	#define OPT_KEY 5
14	#define OPT_ROLE 6
15	#define OPT_SUBJECT_CERT 7
16	#define OPT_SUBJECT_ROLE 8
17	#define OPT_OUT 9 // the world oughta be opt-in only :(
18	#define OPT_ATTRCERT 10
19	#define OPT_SUBJECT_ID 11
20
21	int main(int argc, char **argv) {
22	int ret;
23	options_t options = { 0, };
24
25	struct option getopts[] = {
26	{ "help", 0, &options.help, 1 },
27	{ "generate", 0, &options.mode, MODE_GENERATE },
28	{ "verify", 0, &options.mode, MODE_VERIFY },
29	{ "keyid", 0, &options.mode, MODE_KEYID },
30	{ "attribute", 0, &options.mode, MODE_ATTRIBUTE },
31	{ "roles", 0, &options.mode, MODE_ROLES },
32	{ "version", 0, &options.mode, MODE_VERSION },
33
34	{ "cert", 1, 0, OPT_CERT },
35
36	// generate options
37	{ "cn", 1, 0, OPT_CN },
38	{ "validity", 1, 0, OPT_VALIDITY },
39
40	// attribute options
41	{ "issuer", 1, 0, OPT_ISSUER },
42	{ "key", 1, 0, OPT_KEY },
43	{ "role", 1, 0, OPT_ROLE },
44	{ "subject-cert", 1, 0, OPT_SUBJECT_CERT },
45	{ "subject-id", 1, 0, OPT_SUBJECT_ID },
46	{ "subject-role", 1, 0, OPT_SUBJECT_ROLE },
47	{ "out", 1, 0, OPT_OUT },
48
49	// verify option
50	{ "attrcert", 1, 0, OPT_ATTRCERT },
51
52	{ NULL },
53	};
54
55	for ( ; ; ) {
56	int c = getopt_long(argc, argv, "", getopts, NULL);
57	if (c < 0)
58	break;
59
60	switch (c) {
61	// set the option from the value in the getopts struct
62	case 0:
63	continue;
64
65	case OPT_CERT:
66	options.cert = xstrdup(optarg);
67	break;
68
69	// generate options
70	case OPT_CN:
71	options.cn = xstrdup(optarg);
72	break;
73	case OPT_VALIDITY: // also an attribute option
74	options.validity = atoi(optarg);
75	break;
76
77	// attribute options
78	case OPT_ISSUER:
79	options.issuer = xstrdup(optarg);
80	break;
81	case OPT_KEY:
82	options.key = xstrdup(optarg);
83	break;
84	case OPT_ROLE:
85	options.role = xstrdup(optarg);
86	break;
87	case OPT_SUBJECT_CERT:
88	options.subject_cert = xstrdup(optarg);
89	break;
90	case OPT_SUBJECT_ID:
91	options.subject_id = xstrdup(optarg);
92	break;
93	case OPT_SUBJECT_ROLE:
94	options.subject_role = xstrdup(optarg);
95	break;
96	case OPT_OUT:
97	options.out = xstrdup(optarg);
98	break;
99
100	// verify options
101	case OPT_ATTRCERT:
102	options.attrcert = xstrdup(optarg);
103	break;
104
105	case '?':
106	break;
107
108	default:
109	printf("wat\n");
110	return 45;
111	}
112	}
113
114	if (options.help \|\| optind < argc) {
115	if (optind > 0 && optind < argc)
116	printf("I don't understand %s\n", argv[optind]);
117	usage(&options);
118	}
119
120	// init libstrongswan
121	atexit(library_deinit);
122	dbg_default_set_level(-1);
123	ret = library_init(NULL);
124	if (!ret)
125	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
126	ret = lib->plugins->load(
127	lib->plugins,
128	NULL,
129	lib->settings->get_str(lib->settings, "", PLUGINS)
130	);
131	if (!ret)
132	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
133
134	// launch the sub command
135	switch (options.mode) {
136	case MODE_GENERATE:
137	if (options.validity == 0) options.validity = 1080;
138	generate_main(&options);
139	break;
140
141	case MODE_KEYID:
142	keyid_main(&options);
143	break;
144
145	case MODE_ATTRIBUTE:
146	if (options.validity == 0) options.validity = 365;
147	attribute_main(&options);
148	break;
149
150	case MODE_ROLES:
151	roles_main(&options);
152	break;
153
154	case MODE_VERIFY:
155	verify_main(&options);
156	break;
157
158	case MODE_VERSION:
159	printf("ABAC/creddy " ABAC_VERSION "\n");
160	break;
161
162	default:
163	usage(&options);
164	}
165
166	return 0;
167	}
168
169	void usage(options_t *opts) {
170	if (opts->mode == MODE_GENERATE)
171	printf(
172	"Usage: creddy --generate --cn <name> [ --validity <days> ]\n"
173	" cert will be in ${name}_ID.der, private key in ${name}_private.pem\n"
174	" default validity: 1080 days\n"
175	);
176
177	else if (opts->mode == MODE_VERIFY)
178	printf(
179	"Usage: identity --verify --cert <cert> [ --attrcert <cert> ]\n"
180	" if attrcert is provided, verify that it was issued by cert\n"
181	);
182
183	else if (opts->mode == MODE_KEYID)
184	printf(
185	"Usage: identity --keyid --cert <cert>\n"
186	);
187
188	else if (opts->mode == MODE_ATTRIBUTE)
189	printf(
190	"Usage: identity --attribute \\\n"
191	" --issuer <cert> --key <key> --role <role> \\\n"
192	" --subject-cert <cert> \| --subject-id <sha1> \\\n"
193	" [ --subject-role <role> ] \\\n"
194	" [ --validity <days> ] --out <file>\n"
195	" default validity: 365 days\n"
196	" provide exactly one of --subject-cert / --subject-id\n"
197	);
198
199	else if (opts->mode == MODE_ROLES)
200	printf(
201	"Usage: identity --roles --cert <cert>\n"
202	);
203
204	else
205	printf(
206	"Usage: creddy [ --<mode> ] [ --help ]\n"
207	" --generate: generate X.509 identity cert and private key\n"
208	" --verify: check validity of X.509 ID or attribute cert\n"
209	" --keyid: get fingerprint from X.509 ID cert\n"
210	" --attribute: generate an X.509 attribute cert\n"
211	" --roles: list roles from an X.509 attribute cert\n"
212	" --version: display ABAC version\n"
213	);
214
215
216	exit(1);
217	}
218
219	void *xmalloc(size_t len) {
220	void *ret = malloc(len);
221	if (ret == NULL)
222	err(1, "couldn't malloc %d bytes\n", len);
223	return ret;
224	}
225
226	char xstrdup(char string) {
227	char *dup = strdup(string);
228	if (dup == NULL)
229	err(1, "Can't dup %s", string);
230	return dup;
231	}
232
233	int clean_name(char *string) {
234	int i;
235
236	assert(string != NULL);
237
238	// must start with a letter
239	if (!isalpha(string[0]))
240	return 0;
241
242	// rest must be alphanumeric or _
243	for (i = 1; string[i] != '\0'; ++i)
244	if (!isalnum(string[i]) && string[i] != '_')
245	return 0;
246
247	return 1;
248	}
249
250	// load an ID cert from file
251	certificate_t cert_from_file(char filename) {
252	certificate_t *cert = lib->creds->create(lib->creds,
253	CRED_CERTIFICATE, CERT_X509,
254	BUILD_FROM_FILE, filename,
255	BUILD_X509_FLAG, X509_AA,
256	BUILD_END
257	);
258
259	if (cert == NULL)
260	errx(1, "Can't open cert from %s", filename);
261
262	return cert;
263	}
264
265	certificate_t attr_cert_from_file(char filename) {
266	certificate_t *cert = lib->creds->create(lib->creds,
267	CRED_CERTIFICATE, CERT_X509_AC,
268	BUILD_FROM_FILE, filename,
269	BUILD_END
270	);
271	if (cert == NULL)
272	errx(1, "Couldn't load attribute cert %s", filename);
273
274	return cert;
275	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: