[abd7c25] | 1 | |
---|
[461541a] | 2 | /* generate.c */ |
---|
[abd7c25] | 3 | |
---|
[461541a] | 4 | #include <unistd.h> |
---|
| 5 | #include <fcntl.h> |
---|
| 6 | #include <err.h> |
---|
[04f5da1] | 7 | |
---|
[4721618] | 8 | #include "libabac_common.h" |
---|
[04f5da1] | 9 | #include "creddy_common.h" |
---|
[abd7c25] | 10 | |
---|
| 11 | void generate_main(options_t *opts) { |
---|
[39fed7c] | 12 | int ret, fd; |
---|
[461541a] | 13 | abac_id_t *id; |
---|
[39fed7c] | 14 | char *filename; |
---|
| 15 | FILE *out; |
---|
| 16 | |
---|
[595a885] | 17 | // make sure we have at least a CN |
---|
| 18 | if (opts->cn == NULL) |
---|
| 19 | usage(opts); |
---|
| 20 | |
---|
[8231b92] | 21 | // if we have an outdir, chdir there |
---|
| 22 | if (opts->out) { |
---|
| 23 | ret = chdir(opts->out); |
---|
| 24 | if (ret < 0) |
---|
| 25 | err(1, "can't open output directory '%s'", opts->out); |
---|
| 26 | } |
---|
| 27 | |
---|
[9e063cb] | 28 | if(opts->key) { |
---|
| 29 | ret = abac_id_generate_with_key(&id, opts->cn, opts->validity, opts->key); |
---|
| 30 | } else { |
---|
| 31 | printf("Generating key, this will take a while. Create entropy!\n"); |
---|
| 32 | printf(" - move the mouse\n"); |
---|
| 33 | printf(" - generate disk activity (run find)\n"); |
---|
| 34 | ret = abac_id_generate(&id, opts->cn, opts->validity); |
---|
| 35 | } |
---|
[461541a] | 36 | |
---|
| 37 | if (ret == ABAC_GENERATE_INVALID_CN) { |
---|
[abd7c25] | 38 | printf("Invalid CN: must start with a letter and be alphanumeric\n"); |
---|
| 39 | usage(opts); |
---|
| 40 | } |
---|
[461541a] | 41 | if (ret == ABAC_GENERATE_INVALID_VALIDITY) { |
---|
[abd7c25] | 42 | printf("Validity must be >= 1 day\n"); |
---|
| 43 | usage(opts); |
---|
| 44 | } |
---|
[39fed7c] | 45 | // in both above cases: usage(opts) exits |
---|
[a0772a2] | 46 | |
---|
[39fed7c] | 47 | // |
---|
| 48 | // success! |
---|
| 49 | // |
---|
[abd7c25] | 50 | |
---|
[39fed7c] | 51 | // write the cert |
---|
[461541a] | 52 | filename = abac_id_cert_filename(id); |
---|
[39fed7c] | 53 | out = fopen(filename, "w"); |
---|
[bcf4c03] | 54 | if (out == NULL) |
---|
| 55 | err(1, "Can't open cert file %s", filename); |
---|
[461541a] | 56 | abac_id_write_cert(id, out); |
---|
[39fed7c] | 57 | fclose(out); |
---|
[abd7c25] | 58 | free(filename); |
---|
| 59 | |
---|
[9e063cb] | 60 | // write the key if not supplied |
---|
| 61 | if(!opts->key) { |
---|
| 62 | filename = abac_id_privkey_filename(id); |
---|
| 63 | fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); // mode 600 |
---|
| 64 | if (fd < 0) |
---|
| 65 | err(1, "Can't open private key file %s", filename); |
---|
| 66 | out = fdopen(fd, "w"); |
---|
| 67 | abac_id_write_privkey(id, out); |
---|
| 68 | fclose(out); |
---|
| 69 | } |
---|
[abd7c25] | 70 | |
---|
[461541a] | 71 | abac_id_free(id); |
---|
[abd7c25] | 72 | } |
---|