#include <creddy.h>

#include "creddy_common.h"

// ugh, this needs to go away
// do so by replacing this with a call into libabac
#include "libcreddy_common.h"

void verify_main(options_t *opts) {
    certificate_t *subject_cert = NULL;

    if (opts->cert == NULL)
        usage(opts);

    creddy_id_t *issuer = creddy_id_from_file(opts->cert);
    if (issuer == NULL)
        errx(1, "Can't load issuer cert from %s", opts->cert);
    certificate_t *cert = creddy_id_cert(issuer); // replace this with a call into libabac

    if (opts->attrcert != NULL)
        subject_cert = attr_cert_from_file(opts->attrcert);
    else
        subject_cert = cert;

    int good = 0;
    if (subject_cert->issued_by(subject_cert, cert))
        if (subject_cert->get_validity(subject_cert, NULL, NULL, NULL))
            if (cert->get_validity(cert, NULL, NULL, NULL)) {
                puts("signature good, certificates valid");
                good = 1;
            }
            else
                puts("signature good, issuer cert not valid now");
        else
            puts("certificate not valid now");
    else
        puts("signature invalid");

    if (subject_cert != cert)
        DESTROY_IF(subject_cert);
    creddy_id_free(issuer);

    exit(good ? 0 : 1);
}