source: creddy/generate.c @ 461541a

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 461541a was 461541a, checked in by Mei <mei@…>, 11 years ago

1) updated original rt0 to remove libstrongswan dependency

a) identity credential being made/accessed with openssl api calls

(X509/EVP_PKEY pem)

b) attribute credential being made/access via xmlsec1 (custom XML

structure)

2) refactored libcreddy into libabac and now one ABAC namespace for

libabac

3) added attribute_rule suboption to creddy's attribute as another way

to insert access rule

4) added some regression tests into example directory
5) updated some docs.
  • Property mode set to 100644
File size: 1.6 KB
Line 
1
2/* generate.c */
3
4#include <unistd.h>
5#include <fcntl.h>
6#include <err.h>
7
8#include <abac.h>
9#include "creddy_common.h"
10
11void generate_main(options_t *opts) {
12    int ret, fd;
13    abac_id_t *id;
14    char *filename;
15    FILE *out;
16
17    // make sure we have at least a CN
18    if (opts->cn == NULL)
19        usage(opts);
20
21    // if we have an outdir, chdir there
22    if (opts->out) {
23        ret = chdir(opts->out);
24        if (ret < 0)
25            err(1, "can't open output directory '%s'", opts->out);
26    }
27
28    printf("Generating key, this will take a while. Create entropy!\n");
29    printf("    - move the mouse\n");
30    printf("    - generate disk activity (run find)\n");
31
32
33    ret = abac_id_generate(&id, opts->cn, opts->validity);
34
35    if (ret == ABAC_GENERATE_INVALID_CN) {
36        printf("Invalid CN: must start with a letter and be alphanumeric\n");
37        usage(opts);
38    }
39    if (ret == ABAC_GENERATE_INVALID_VALIDITY) {
40        printf("Validity must be >= 1 day\n");
41        usage(opts);
42    }
43    // in both above cases: usage(opts) exits
44
45    //
46    // success!
47    //
48
49    // write the cert
50    filename = abac_id_cert_filename(id);
51    out = fopen(filename, "w");
52    if (out == NULL)
53        err(1, "Can't open cert file %s", filename);
54    abac_id_write_cert(id, out);
55    fclose(out);
56    free(filename);
57
58    // write the key
59    filename = abac_id_privkey_filename(id);
60    fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); // mode 600
61    if (fd < 0)
62        err(1, "Can't open private key file %s", filename);
63    out = fdopen(fd, "w");
64    abac_id_write_privkey(id, out);
65    fclose(out);
66
67    abac_id_free(id);
68}
Note: See TracBrowser for help on using the repository browser.