Context Navigation

source: creddy/creddy.c @ 9410b51

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 9410b51 was 9410b51, checked in by Mike Ryan <mikeryan@…>, 14 years ago
creddy roles sub command
Property mode set to `100644`
File size: 6.3 KB

Line
1	#include <assert.h>
2	#include <getopt.h>
3	#include <stdio.h>
4	#include <stdlib.h>
5	#include <string.h>
6
7	#include "creddy.h"
8
9	#define OPT_CN 1
10	#define OPT_VALIDITY 2
11	#define OPT_CERT 3
12	#define OPT_ISSUER 4
13	#define OPT_KEY 5
14	#define OPT_ROLE 6
15	#define OPT_SUBJECT 7
16	#define OPT_SUBJECT_ROLE 8
17	#define OPT_OUT 9 // the world oughta be opt-in only :(
18
19	int main(int argc, char **argv) {
20	int ret;
21	options_t options = { 0, };
22
23	struct option getopts[] = {
24	{ "help", 0, &options.help, 1 },
25	{ "generate", 0, &options.mode, MODE_GENERATE },
26	{ "verify", 0, &options.mode, MODE_VERIFY },
27	{ "keyid", 0, &options.mode, MODE_KEYID },
28	{ "attribute", 0, &options.mode, MODE_ATTRIBUTE },
29	{ "roles", 0, &options.mode, MODE_ROLES },
30
31	{ "cert", 1, 0, OPT_CERT },
32
33	// generate options
34	{ "cn", 1, 0, OPT_CN },
35	{ "validity", 1, 0, OPT_VALIDITY },
36
37	// attribute options
38	{ "issuer", 1, 0, OPT_ISSUER },
39	{ "key", 1, 0, OPT_KEY },
40	{ "role", 1, 0, OPT_ROLE },
41	{ "subject", 1, 0, OPT_SUBJECT },
42	{ "subject_role", 1, 0, OPT_SUBJECT_ROLE },
43	{ "out", 1, 0, OPT_OUT },
44
45	{ NULL },
46	};
47
48	for ( ; ; ) {
49	int c = getopt_long(argc, argv, "", getopts, NULL);
50	if (c < 0)
51	break;
52
53	switch (c) {
54	// set the option from the value in the getopts struct
55	case 0:
56	continue;
57
58	case OPT_CERT:
59	options.cert = xstrdup(optarg);
60	break;
61
62	// generate options
63	case OPT_CN:
64	options.cn = xstrdup(optarg);
65	break;
66	case OPT_VALIDITY: // also an attribute option
67	options.validity = atoi(optarg);
68	break;
69
70	// attribute options
71	case OPT_ISSUER:
72	options.issuer = xstrdup(optarg);
73	break;
74	case OPT_KEY:
75	options.key = xstrdup(optarg);
76	break;
77	case OPT_ROLE:
78	options.role = xstrdup(optarg);
79	break;
80	case OPT_SUBJECT:
81	options.subject = xstrdup(optarg);
82	break;
83	case OPT_SUBJECT_ROLE:
84	options.subject_role = xstrdup(optarg);
85	break;
86	case OPT_OUT:
87	options.out = xstrdup(optarg);
88	break;
89
90	case '?':
91	break;
92
93	default:
94	printf("wat\n");
95	return 45;
96	}
97	}
98
99	if (options.help \|\| optind < argc) {
100	if (optind > 0 && optind < argc)
101	printf("I don't understand %s\n", argv[optind]);
102	usage(&options);
103	}
104
105	// init libstrongswan
106	atexit(library_deinit);
107	dbg_default_set_level(-1);
108	ret = library_init(NULL);
109	if (!ret)
110	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
111	ret = lib->plugins->load(
112	lib->plugins,
113	NULL,
114	lib->settings->get_str(lib->settings, "", PLUGINS)
115	);
116	if (!ret)
117	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
118
119	// launch the sub command
120	switch (options.mode) {
121	case MODE_GENERATE:
122	if (options.validity == 0) options.validity = 1080;
123	generate_main(&options);
124	break;
125
126	case MODE_KEYID:
127	keyid_main(&options);
128	break;
129
130	case MODE_ATTRIBUTE:
131	if (options.validity == 0) options.validity = 365;
132	attribute_main(&options);
133	break;
134
135	case MODE_ROLES:
136	roles_main(&options);
137	break;
138
139	default:
140	usage(&options);
141	}
142
143	return 0;
144	}
145
146	void usage(options_t *opts) {
147	if (opts->mode == MODE_GENERATE)
148	printf(
149	"Usage: creddy --generate --cn <name> [ --validity <day> ]\n"
150	" cert will be in ${name}_ID.der, private key in ${name}_private.der\n"
151	" default validity: 1080 days\n"
152	);
153
154	else if (opts->mode == MODE_VERIFY)
155	printf(
156	"Usage: identity --verify --cert <cert> [ --attrcert <cert> ]\n"
157	" if attrcert is provided, verify that it was issued by cert\n"
158	);
159
160	else if (opts->mode == MODE_KEYID)
161	printf(
162	"Usage: identity --keyid --cert <cert>\n"
163	);
164
165	else if (opts->mode == MODE_ATTRIBUTE)
166	printf(
167	"Usage: identity --attribute \\\n"
168	" --issuer <cert> --key <key> --role <role> \\\n"
169	" --subject <cert> [ --subject-role <role> ] \\\n"
170	" [ --validity <days> ] --out <file>\n"
171	" default validity: 365 days\n"
172	);
173
174	else if (opts->mode == MODE_ROLES)
175	printf(
176	"Usage: identity --roles --cert <cert>\n"
177	);
178
179	else
180	printf(
181	"Usage: creddy [--<mode>] [--help]\n"
182	" --generate: generate X.509 identity cert and private key\n"
183	" --verify: check validity of X.509 ID or attribute cert\n"
184	" --keyid: get fingerprint from X.509 ID cert\n"
185	" --attribute: generate an X.509 attribute cert\n"
186	" --roles: list roles from an X.509 attribute cert\n"
187	);
188
189
190	exit(1);
191	}
192
193	void *xmalloc(size_t len) {
194	void *ret = malloc(len);
195	if (ret == NULL)
196	err(1, "couldn't malloc %d bytes\n", len);
197	return ret;
198	}
199
200	char xstrdup(char string) {
201	char *dup = strdup(string);
202	if (dup == NULL)
203	err(1, "Can't dup %s", string);
204	return dup;
205	}
206
207	int clean_name(char *string) {
208	int i;
209
210	assert(string != NULL);
211
212	// must start with a letter
213	if (!isalpha(string[0]))
214	return 0;
215
216	// rest must be alphanumeric or _
217	for (i = 1; string[i] != '\0'; ++i)
218	if (!isalnum(string[i]) && string[i] != '_')
219	return 0;
220
221	return 1;
222	}
223
224	// load an ID cert from file
225	certificate_t cert_from_file(char filename) {
226	certificate_t *cert = lib->creds->create(lib->creds,
227	CRED_CERTIFICATE, CERT_X509,
228	BUILD_FROM_FILE, filename,
229	BUILD_X509_FLAG, X509_AA,
230	BUILD_END
231	);
232
233	if (cert == NULL)
234	errx(1, "Can't open cert from %s", filename);
235
236	return cert;
237	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: