Context Navigation

source: creddy/creddy.c @ 784a398

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 784a398 was 784a398, checked in by Mike Ryan <mikeryan@…>, 14 years ago
creddy verify, all creddy commands done
Property mode set to `100644`
File size: 7.0 KB

Line
1	#include <assert.h>
2	#include <getopt.h>
3	#include <stdio.h>
4	#include <stdlib.h>
5	#include <string.h>
6
7	#include "creddy.h"
8
9	#define OPT_CN 1
10	#define OPT_VALIDITY 2
11	#define OPT_CERT 3
12	#define OPT_ISSUER 4
13	#define OPT_KEY 5
14	#define OPT_ROLE 6
15	#define OPT_SUBJECT 7
16	#define OPT_SUBJECT_ROLE 8
17	#define OPT_OUT 9 // the world oughta be opt-in only :(
18	#define OPT_ATTRCERT 10
19
20	int main(int argc, char **argv) {
21	int ret;
22	options_t options = { 0, };
23
24	struct option getopts[] = {
25	{ "help", 0, &options.help, 1 },
26	{ "generate", 0, &options.mode, MODE_GENERATE },
27	{ "verify", 0, &options.mode, MODE_VERIFY },
28	{ "keyid", 0, &options.mode, MODE_KEYID },
29	{ "attribute", 0, &options.mode, MODE_ATTRIBUTE },
30	{ "roles", 0, &options.mode, MODE_ROLES },
31
32	{ "cert", 1, 0, OPT_CERT },
33
34	// generate options
35	{ "cn", 1, 0, OPT_CN },
36	{ "validity", 1, 0, OPT_VALIDITY },
37
38	// attribute options
39	{ "issuer", 1, 0, OPT_ISSUER },
40	{ "key", 1, 0, OPT_KEY },
41	{ "role", 1, 0, OPT_ROLE },
42	{ "subject", 1, 0, OPT_SUBJECT },
43	{ "subject_role", 1, 0, OPT_SUBJECT_ROLE },
44	{ "out", 1, 0, OPT_OUT },
45
46	// verify option
47	{ "attrcert", 1, 0, OPT_ATTRCERT },
48
49	{ NULL },
50	};
51
52	for ( ; ; ) {
53	int c = getopt_long(argc, argv, "", getopts, NULL);
54	if (c < 0)
55	break;
56
57	switch (c) {
58	// set the option from the value in the getopts struct
59	case 0:
60	continue;
61
62	case OPT_CERT:
63	options.cert = xstrdup(optarg);
64	break;
65
66	// generate options
67	case OPT_CN:
68	options.cn = xstrdup(optarg);
69	break;
70	case OPT_VALIDITY: // also an attribute option
71	options.validity = atoi(optarg);
72	break;
73
74	// attribute options
75	case OPT_ISSUER:
76	options.issuer = xstrdup(optarg);
77	break;
78	case OPT_KEY:
79	options.key = xstrdup(optarg);
80	break;
81	case OPT_ROLE:
82	options.role = xstrdup(optarg);
83	break;
84	case OPT_SUBJECT:
85	options.subject = xstrdup(optarg);
86	break;
87	case OPT_SUBJECT_ROLE:
88	options.subject_role = xstrdup(optarg);
89	break;
90	case OPT_OUT:
91	options.out = xstrdup(optarg);
92	break;
93
94	// verify options
95	case OPT_ATTRCERT:
96	options.attrcert = xstrdup(optarg);
97	break;
98
99	case '?':
100	break;
101
102	default:
103	printf("wat\n");
104	return 45;
105	}
106	}
107
108	if (options.help \|\| optind < argc) {
109	if (optind > 0 && optind < argc)
110	printf("I don't understand %s\n", argv[optind]);
111	usage(&options);
112	}
113
114	// init libstrongswan
115	atexit(library_deinit);
116	dbg_default_set_level(-1);
117	ret = library_init(NULL);
118	if (!ret)
119	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
120	ret = lib->plugins->load(
121	lib->plugins,
122	NULL,
123	lib->settings->get_str(lib->settings, "", PLUGINS)
124	);
125	if (!ret)
126	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
127
128	// launch the sub command
129	switch (options.mode) {
130	case MODE_GENERATE:
131	if (options.validity == 0) options.validity = 1080;
132	generate_main(&options);
133	break;
134
135	case MODE_KEYID:
136	keyid_main(&options);
137	break;
138
139	case MODE_ATTRIBUTE:
140	if (options.validity == 0) options.validity = 365;
141	attribute_main(&options);
142	break;
143
144	case MODE_ROLES:
145	roles_main(&options);
146	break;
147
148	case MODE_VERIFY:
149	verify_main(&options);
150	break;
151
152	default:
153	usage(&options);
154	}
155
156	return 0;
157	}
158
159	void usage(options_t *opts) {
160	if (opts->mode == MODE_GENERATE)
161	printf(
162	"Usage: creddy --generate --cn <name> [ --validity <day> ]\n"
163	" cert will be in ${name}_ID.der, private key in ${name}_private.der\n"
164	" default validity: 1080 days\n"
165	);
166
167	else if (opts->mode == MODE_VERIFY)
168	printf(
169	"Usage: identity --verify --cert <cert> [ --attrcert <cert> ]\n"
170	" if attrcert is provided, verify that it was issued by cert\n"
171	);
172
173	else if (opts->mode == MODE_KEYID)
174	printf(
175	"Usage: identity --keyid --cert <cert>\n"
176	);
177
178	else if (opts->mode == MODE_ATTRIBUTE)
179	printf(
180	"Usage: identity --attribute \\\n"
181	" --issuer <cert> --key <key> --role <role> \\\n"
182	" --subject <cert> [ --subject-role <role> ] \\\n"
183	" [ --validity <days> ] --out <file>\n"
184	" default validity: 365 days\n"
185	);
186
187	else if (opts->mode == MODE_ROLES)
188	printf(
189	"Usage: identity --roles --cert <cert>\n"
190	);
191
192	else
193	printf(
194	"Usage: creddy [--<mode>] [--help]\n"
195	" --generate: generate X.509 identity cert and private key\n"
196	" --verify: check validity of X.509 ID or attribute cert\n"
197	" --keyid: get fingerprint from X.509 ID cert\n"
198	" --attribute: generate an X.509 attribute cert\n"
199	" --roles: list roles from an X.509 attribute cert\n"
200	);
201
202
203	exit(1);
204	}
205
206	void *xmalloc(size_t len) {
207	void *ret = malloc(len);
208	if (ret == NULL)
209	err(1, "couldn't malloc %d bytes\n", len);
210	return ret;
211	}
212
213	char xstrdup(char string) {
214	char *dup = strdup(string);
215	if (dup == NULL)
216	err(1, "Can't dup %s", string);
217	return dup;
218	}
219
220	int clean_name(char *string) {
221	int i;
222
223	assert(string != NULL);
224
225	// must start with a letter
226	if (!isalpha(string[0]))
227	return 0;
228
229	// rest must be alphanumeric or _
230	for (i = 1; string[i] != '\0'; ++i)
231	if (!isalnum(string[i]) && string[i] != '_')
232	return 0;
233
234	return 1;
235	}
236
237	// load an ID cert from file
238	certificate_t cert_from_file(char filename) {
239	certificate_t *cert = lib->creds->create(lib->creds,
240	CRED_CERTIFICATE, CERT_X509,
241	BUILD_FROM_FILE, filename,
242	BUILD_X509_FLAG, X509_AA,
243	BUILD_END
244	);
245
246	if (cert == NULL)
247	errx(1, "Can't open cert from %s", filename);
248
249	return cert;
250	}
251
252	certificate_t attr_cert_from_file(char filename) {
253	certificate_t *cert = lib->creds->create(lib->creds,
254	CRED_CERTIFICATE, CERT_X509_AC,
255	BUILD_FROM_FILE, filename,
256	BUILD_END
257	);
258	if (cert == NULL)
259	errx(1, "Couldn't load attribute cert %s", filename);
260
261	return cert;
262	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: