source: creddy/verify.c @ f89b991

mei_rt2
Last change on this file since f89b991 was e3c7769, checked in by Mei <mei@…>, 12 years ago

1) wrap up java interface with swig/jni/abac linkup
2) java regression tests
3) update doc related to new java implmentation
  • Property mode set to 100644
File size: 1.9 KB
RevLine 
[2efdff5]1/***
2   verify.c
[ba6027a]3
4   to verify attribute credential to see if the issuer is valid,
5   validity time is still within range and signature is valid
[240206f]6   if attrcert is supplied, it will do signature verification, if
7   both attrcert and cert are of the same, then a self-signing
8   signature verification is done implicitly
[2efdff5]9***/
[04f5da1]10
[2efdff5]11#include "creddy_internal.h"
[04f5da1]12
[dfe6b61]13extern certificate_t *abac_attribute_cert_from_file(char *filename);
[784a398]14
15void verify_main(options_t *opts) {
16    certificate_t *subject_cert = NULL;
17
18    if (opts->cert == NULL)
19        usage(opts);
20
[2efdff5]21    abac_id_t *issuer = abac_id_from_file(opts->cert);
[592f3e2]22    if (issuer == NULL)
23        errx(1, "Can't load issuer cert from %s", opts->cert);
[ba6027a]24    certificate_t *cert = abac_id_cert(issuer); 
[784a398]25
[ba75224]26    if (opts->attrcert != NULL) {
[dfe6b61]27        subject_cert = abac_attribute_cert_from_file(opts->attrcert);
[ba75224]28        if(subject_cert == NULL)
29           errx(1, "Can't load attribute cert from %s", opts->cert);
[240206f]30    }
[784a398]31
32    int good = 0;
[240206f]33    if(subject_cert == NULL ) {
34        if (cert->get_validity(cert, NULL, NULL, NULL)) {
35            puts("certificates valid");
36            good=1;
37        } else puts("certificate not valid now");
38        } else {
[e3c7769]39/** XXX 5.0.1
40            if (subject_cert->issued_by(subject_cert, cert, NULL)) {
41*/
[240206f]42            if (subject_cert->issued_by(subject_cert, cert)) {
43                if (subject_cert->get_validity(subject_cert, NULL, NULL, NULL)) {
44                    if (cert->get_validity(cert, NULL, NULL, NULL)) {
45                        puts("signature good, certificates valid");
46                        good = 1;
47                    } else puts("signature good, issuer cert not valid now");
48                } else puts("signature good, cert not valid now");
49            } else puts("signature invalid");
50    }
51
52    if (subject_cert != NULL)
[784a398]53        DESTROY_IF(subject_cert);
[2efdff5]54    abac_id_free(issuer);
[784a398]55
[9335cfa]56    exit(good ? 0 : 1);
[784a398]57}
Note: See TracBrowser for help on using the repository browser.