source: creddy/verify.c @ 461541a

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 461541a was 461541a, checked in by Mei <mei@…>, 11 years ago

1) updated original rt0 to remove libstrongswan dependency

a) identity credential being made/accessed with openssl api calls

(X509/EVP_PKEY pem)

b) attribute credential being made/access via xmlsec1 (custom XML

structure)

2) refactored libcreddy into libabac and now one ABAC namespace for

libabac

3) added attribute_rule suboption to creddy's attribute as another way

to insert access rule

4) added some regression tests into example directory
5) updated some docs.
  • Property mode set to 100644
File size: 1.6 KB
Line 
1
2/* verify.c */
3
4#include <err.h>
5#include <string.h>
6
7#include <abac.h>
8#include "creddy_common.h"
9
10int debug=0;
11
12// verify can only valiate that the issuer and the attribute credential
13// are still valid currently and the issuer's keyid is the same as that
14// of the signing issuer id of the attribute credential
15static void _validate(abac_attribute_t *subjec_cert, abac_id_t *cert);
16
17void verify_main(options_t *opts) {
18    if (opts->cert == NULL)
19        usage(opts);
20
21    abac_id_t *issuer_id = abac_id_from_file(opts->cert);
22    if (issuer_id == NULL)
23        errx(1, "Can't load issuer cert from %s", opts->cert);
24    if (opts->attrcert != NULL) {
25        abac_list_t *attr_list = abac_attribute_certs_from_file(opts->attrcert);
26        abac_attribute_t *subject_attr=NULL;
27        abac_list_foreach(attr_list, subject_attr,
28            _validate(subject_attr, issuer_id);
29            abac_attribute_free(subject_attr);
30        );
31        abac_list_free(attr_list);
32    } 
33
34    abac_id_free(issuer_id);
35
36}
37
38static void _validate(abac_attribute_t *attr, abac_id_t *issuer)
39{
40    // checking for matching principal keyid
41    char *prin=abac_attribute_get_principal(attr);
42    char *keyid=abac_id_keyid(issuer);
43    if(strcmp(prin,keyid) != 0)
44        puts("issuer and attribute cert have mismatched principals\n");
45        else puts("issuer and attribute cert have matching principals\n");
46    free(prin);
47
48    if(!abac_id_still_valid(issuer))
49        puts("issuer cert not valid now");
50        else puts("issuer cert still valid");
51
52    if(!abac_attribute_still_valid(attr))
53        puts("attribute cert not valid now");
54        else puts("attribute cert still valid");
55}
Note: See TracBrowser for help on using the repository browser.