[0aaa651] | 1 | |
---|
[461541a] | 2 | /* display.c */ |
---|
| 3 | |
---|
| 4 | #include <time.h> |
---|
| 5 | #include <string.h> |
---|
| 6 | #include <err.h> |
---|
| 7 | |
---|
[4721618] | 8 | #include "libabac_common.h" |
---|
[0aaa651] | 9 | #include "creddy_common.h" |
---|
[756011e] | 10 | #include "abac.h" |
---|
| 11 | #include "abac_verifier.h" |
---|
[0aaa651] | 12 | |
---|
[405bba3] | 13 | // helper |
---|
[461541a] | 14 | void _print_validity(struct tm not_before, struct tm not_after); |
---|
| 15 | void _print_info(abac_attribute_t *attr, int show_issuer, int show_subject, int show_validity, int show_roles, char*); |
---|
[405bba3] | 16 | |
---|
[0aaa651] | 17 | void display_main(options_t *opts) { |
---|
| 18 | if (opts->cert == NULL) |
---|
| 19 | usage(opts); |
---|
| 20 | |
---|
| 21 | char *show = opts->show; |
---|
| 22 | if (show == NULL) |
---|
| 23 | usage(opts); |
---|
| 24 | |
---|
| 25 | int show_issuer = 0; |
---|
[b19d1f0] | 26 | int show_subject = 0; |
---|
[405bba3] | 27 | int show_validity = 0; |
---|
[08e7235] | 28 | int show_roles = 0; |
---|
[0aaa651] | 29 | char *opt; |
---|
| 30 | |
---|
| 31 | while ((opt = strsep(&show, ",")) != NULL) { |
---|
| 32 | if (strcmp(opt, "issuer") == 0) |
---|
| 33 | show_issuer = 1; |
---|
[b19d1f0] | 34 | else if (strcmp(opt, "subject") == 0) |
---|
| 35 | show_subject = 1; |
---|
[405bba3] | 36 | else if (strcmp(opt, "validity") == 0) |
---|
| 37 | show_validity = 1; |
---|
[08e7235] | 38 | else if (strcmp(opt, "roles") == 0) |
---|
| 39 | show_roles = 1; |
---|
[0aaa651] | 40 | else if (strcmp(opt, "all") == 0) { |
---|
| 41 | show_issuer = 1; |
---|
[b19d1f0] | 42 | show_subject = 1; |
---|
[405bba3] | 43 | show_validity = 1; |
---|
[08e7235] | 44 | show_roles = 1; |
---|
[0aaa651] | 45 | } |
---|
| 46 | else { |
---|
| 47 | printf("Error: Unknown option to --show: %s\n", opt); |
---|
| 48 | usage(opts); |
---|
| 49 | } |
---|
| 50 | } |
---|
| 51 | |
---|
| 52 | // first try ID cert |
---|
[461541a] | 53 | abac_id_t *id = abac_id_from_file(opts->cert); |
---|
[0aaa651] | 54 | if (id != NULL) { |
---|
| 55 | if (show_issuer) { |
---|
[461541a] | 56 | char *issuer = abac_id_issuer(id); |
---|
[405bba3] | 57 | printf("Issuer: %s\n", issuer); |
---|
| 58 | free(issuer); |
---|
| 59 | } |
---|
| 60 | |
---|
[b19d1f0] | 61 | if (show_subject) { |
---|
[461541a] | 62 | char *subject = abac_id_subject(id); |
---|
[b19d1f0] | 63 | printf("Subject: %s\n", subject); |
---|
| 64 | free(subject); |
---|
| 65 | } |
---|
| 66 | |
---|
[405bba3] | 67 | if (show_validity) { |
---|
[461541a] | 68 | struct tm not_before, not_after; |
---|
| 69 | abac_id_validity(id, ¬_before, ¬_after); |
---|
[405bba3] | 70 | _print_validity(not_before, not_after); |
---|
[0aaa651] | 71 | } |
---|
| 72 | |
---|
[461541a] | 73 | abac_id_free(id); |
---|
[0aaa651] | 74 | return; |
---|
| 75 | } |
---|
| 76 | |
---|
| 77 | // then try attribute cert |
---|
[461541a] | 78 | abac_attribute_t *attr; |
---|
[6d3fc40] | 79 | abac_list_t *dummy_cert_list=abac_list_new(); |
---|
| 80 | abac_list_t *attr_list = abac_attribute_certs_from_file(dummy_cert_list,opts->cert); |
---|
[461541a] | 81 | int sz=abac_list_size(attr_list); |
---|
| 82 | abac_list_foreach(attr_list, attr, |
---|
| 83 | _print_info(attr,show_issuer,show_subject,show_validity,show_roles, opts->cert); |
---|
| 84 | abac_attribute_free(attr); |
---|
[0aaa651] | 85 | ); |
---|
[461541a] | 86 | abac_list_free(attr_list); |
---|
[6d3fc40] | 87 | abac_id_cert_t *cert; |
---|
| 88 | abac_list_foreach(dummy_cert_list, cert, |
---|
| 89 | abac_id_cert_free(cert); |
---|
| 90 | ); |
---|
| 91 | abac_list_free(dummy_cert_list); |
---|
[405bba3] | 92 | |
---|
[461541a] | 93 | // give up if neither works |
---|
| 94 | if(sz==0) |
---|
[6d3fc40] | 95 | errx(1, "Couldn't load %s as an ID or attribute", opts->cert); |
---|
[461541a] | 96 | } |
---|
[b19d1f0] | 97 | |
---|
[461541a] | 98 | void _print_info(abac_attribute_t *attr, int show_issuer, int show_subject, int show_validity, int show_roles, char *fname) |
---|
| 99 | { |
---|
| 100 | if (attr != NULL) { |
---|
| 101 | abac_id_t *issuer_id=abac_attribute_issuer_id(attr); |
---|
| 102 | if (show_issuer && issuer_id) { |
---|
| 103 | char *issuer = abac_id_issuer(issuer_id); |
---|
| 104 | printf("Issuer: %s\n", issuer); |
---|
| 105 | free(issuer); |
---|
| 106 | } |
---|
| 107 | if (show_subject && issuer_id) { |
---|
| 108 | char *subject = abac_id_subject(issuer_id); |
---|
| 109 | printf("Subject: %s\n", subject); |
---|
| 110 | free(subject); |
---|
| 111 | } |
---|
[405bba3] | 112 | if (show_validity) { |
---|
[461541a] | 113 | struct tm not_before, not_after; |
---|
| 114 | abac_attribute_validity(attr, ¬_before, ¬_after); |
---|
[405bba3] | 115 | _print_validity(not_before, not_after); |
---|
| 116 | } |
---|
[08e7235] | 117 | if (show_roles) { |
---|
[461541a] | 118 | char *role_string = abac_attribute_role_string(attr); |
---|
| 119 | if (role_string == NULL) errx(1, "Couldn't get attributes from %s", fname ); |
---|
| 120 | printf("Roles: %s\n", role_string); |
---|
| 121 | free(role_string); |
---|
[08e7235] | 122 | } |
---|
[0aaa651] | 123 | } |
---|
| 124 | } |
---|
[405bba3] | 125 | |
---|
| 126 | // display the validity period of a cert |
---|
[461541a] | 127 | void _print_validity(struct tm not_before, struct tm not_after) { |
---|
[405bba3] | 128 | char buf[256]; |
---|
| 129 | printf("Validity:\n"); |
---|
| 130 | |
---|
[461541a] | 131 | strftime(buf, sizeof(buf), "%F %T %Z", ¬_before); |
---|
| 132 | printf(" Not before: %s [%lld]\n", buf, (long long) mktime(¬_before)); |
---|
[405bba3] | 133 | |
---|
[461541a] | 134 | strftime(buf, sizeof(buf), "%F %T %Z", ¬_after); |
---|
| 135 | printf(" Not after: %s [%lld]\n", buf, (long long) mktime(¬_after)); |
---|
[405bba3] | 136 | } |
---|