1 | |
---|
2 | /* generate.c */ |
---|
3 | |
---|
4 | #include <unistd.h> |
---|
5 | #include <fcntl.h> |
---|
6 | #include <err.h> |
---|
7 | |
---|
8 | #include "libabac_common.h" |
---|
9 | #include "creddy_common.h" |
---|
10 | |
---|
11 | void generate_main(options_t *opts) { |
---|
12 | int ret, fd; |
---|
13 | abac_id_t *id; |
---|
14 | char *filename; |
---|
15 | FILE *out; |
---|
16 | |
---|
17 | // make sure we have at least a CN |
---|
18 | if (opts->cn == NULL) |
---|
19 | usage(opts); |
---|
20 | |
---|
21 | // if we have an outdir, chdir there |
---|
22 | if (opts->out) { |
---|
23 | ret = chdir(opts->out); |
---|
24 | if (ret < 0) |
---|
25 | err(1, "can't open output directory '%s'", opts->out); |
---|
26 | } |
---|
27 | |
---|
28 | printf("Generating key, this will take a while. Create entropy!\n"); |
---|
29 | printf(" - move the mouse\n"); |
---|
30 | printf(" - generate disk activity (run find)\n"); |
---|
31 | |
---|
32 | |
---|
33 | ret = abac_id_generate(&id, opts->cn, opts->validity); |
---|
34 | |
---|
35 | if (ret == ABAC_GENERATE_INVALID_CN) { |
---|
36 | printf("Invalid CN: must start with a letter and be alphanumeric\n"); |
---|
37 | usage(opts); |
---|
38 | } |
---|
39 | if (ret == ABAC_GENERATE_INVALID_VALIDITY) { |
---|
40 | printf("Validity must be >= 1 day\n"); |
---|
41 | usage(opts); |
---|
42 | } |
---|
43 | // in both above cases: usage(opts) exits |
---|
44 | |
---|
45 | // |
---|
46 | // success! |
---|
47 | // |
---|
48 | |
---|
49 | // write the cert |
---|
50 | filename = abac_id_cert_filename(id); |
---|
51 | out = fopen(filename, "w"); |
---|
52 | if (out == NULL) |
---|
53 | err(1, "Can't open cert file %s", filename); |
---|
54 | abac_id_write_cert(id, out); |
---|
55 | fclose(out); |
---|
56 | free(filename); |
---|
57 | |
---|
58 | // write the key |
---|
59 | filename = abac_id_privkey_filename(id); |
---|
60 | fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); // mode 600 |
---|
61 | if (fd < 0) |
---|
62 | err(1, "Can't open private key file %s", filename); |
---|
63 | out = fdopen(fd, "w"); |
---|
64 | abac_id_write_privkey(id, out); |
---|
65 | fclose(out); |
---|
66 | |
---|
67 | abac_id_free(id); |
---|
68 | } |
---|