[2efdff5] | 1 | /*** |
---|
| 2 | verify.c |
---|
[ba6027a] | 3 | |
---|
| 4 | to verify attribute credential to see if the issuer is valid, |
---|
| 5 | validity time is still within range and signature is valid |
---|
[240206f] | 6 | if attrcert is supplied, it will do signature verification, if |
---|
| 7 | both attrcert and cert are of the same, then a self-signing |
---|
| 8 | signature verification is done implicitly |
---|
[2efdff5] | 9 | ***/ |
---|
[04f5da1] | 10 | |
---|
[2efdff5] | 11 | #include "creddy_internal.h" |
---|
[04f5da1] | 12 | |
---|
[dfe6b61] | 13 | extern certificate_t *abac_attribute_cert_from_file(char *filename); |
---|
[784a398] | 14 | |
---|
| 15 | void verify_main(options_t *opts) { |
---|
| 16 | certificate_t *subject_cert = NULL; |
---|
| 17 | |
---|
| 18 | if (opts->cert == NULL) |
---|
| 19 | usage(opts); |
---|
| 20 | |
---|
[2efdff5] | 21 | abac_id_t *issuer = abac_id_from_file(opts->cert); |
---|
[592f3e2] | 22 | if (issuer == NULL) |
---|
| 23 | errx(1, "Can't load issuer cert from %s", opts->cert); |
---|
[ba6027a] | 24 | certificate_t *cert = abac_id_cert(issuer); |
---|
[784a398] | 25 | |
---|
[ba75224] | 26 | if (opts->attrcert != NULL) { |
---|
[dfe6b61] | 27 | subject_cert = abac_attribute_cert_from_file(opts->attrcert); |
---|
[ba75224] | 28 | if(subject_cert == NULL) |
---|
| 29 | errx(1, "Can't load attribute cert from %s", opts->cert); |
---|
[240206f] | 30 | } |
---|
[784a398] | 31 | |
---|
| 32 | int good = 0; |
---|
[240206f] | 33 | if(subject_cert == NULL ) { |
---|
| 34 | if (cert->get_validity(cert, NULL, NULL, NULL)) { |
---|
| 35 | puts("certificates valid"); |
---|
| 36 | good=1; |
---|
| 37 | } else puts("certificate not valid now"); |
---|
| 38 | } else { |
---|
[e3c7769] | 39 | /** XXX 5.0.1 |
---|
| 40 | if (subject_cert->issued_by(subject_cert, cert, NULL)) { |
---|
| 41 | */ |
---|
[240206f] | 42 | if (subject_cert->issued_by(subject_cert, cert)) { |
---|
| 43 | if (subject_cert->get_validity(subject_cert, NULL, NULL, NULL)) { |
---|
| 44 | if (cert->get_validity(cert, NULL, NULL, NULL)) { |
---|
| 45 | puts("signature good, certificates valid"); |
---|
| 46 | good = 1; |
---|
| 47 | } else puts("signature good, issuer cert not valid now"); |
---|
| 48 | } else puts("signature good, cert not valid now"); |
---|
| 49 | } else puts("signature invalid"); |
---|
| 50 | } |
---|
| 51 | |
---|
| 52 | if (subject_cert != NULL) |
---|
[784a398] | 53 | DESTROY_IF(subject_cert); |
---|
[2efdff5] | 54 | abac_id_free(issuer); |
---|
[784a398] | 55 | |
---|
[9335cfa] | 56 | exit(good ? 0 : 1); |
---|
[784a398] | 57 | } |
---|