source: creddy/verify.c @ f89b991

mei_rt2
Last change on this file since f89b991 was e3c7769, checked in by Mei <mei@…>, 11 years ago

1) wrap up java interface with swig/jni/abac linkup
2) java regression tests
3) update doc related to new java implmentation
  • Property mode set to 100644
File size: 1.9 KB
Line 
1/***
2   verify.c
3
4   to verify attribute credential to see if the issuer is valid,
5   validity time is still within range and signature is valid
6   if attrcert is supplied, it will do signature verification, if
7   both attrcert and cert are of the same, then a self-signing
8   signature verification is done implicitly
9***/
10
11#include "creddy_internal.h"
12
13extern certificate_t *abac_attribute_cert_from_file(char *filename);
14
15void verify_main(options_t *opts) {
16    certificate_t *subject_cert = NULL;
17
18    if (opts->cert == NULL)
19        usage(opts);
20
21    abac_id_t *issuer = abac_id_from_file(opts->cert);
22    if (issuer == NULL)
23        errx(1, "Can't load issuer cert from %s", opts->cert);
24    certificate_t *cert = abac_id_cert(issuer); 
25
26    if (opts->attrcert != NULL) {
27        subject_cert = abac_attribute_cert_from_file(opts->attrcert);
28        if(subject_cert == NULL)
29           errx(1, "Can't load attribute cert from %s", opts->cert);
30    }
31
32    int good = 0;
33    if(subject_cert == NULL ) {
34        if (cert->get_validity(cert, NULL, NULL, NULL)) {
35            puts("certificates valid");
36            good=1;
37        } else puts("certificate not valid now");
38        } else {
39/** XXX 5.0.1
40            if (subject_cert->issued_by(subject_cert, cert, NULL)) {
41*/
42            if (subject_cert->issued_by(subject_cert, cert)) {
43                if (subject_cert->get_validity(subject_cert, NULL, NULL, NULL)) {
44                    if (cert->get_validity(cert, NULL, NULL, NULL)) {
45                        puts("signature good, certificates valid");
46                        good = 1;
47                    } else puts("signature good, issuer cert not valid now");
48                } else puts("signature good, cert not valid now");
49            } else puts("signature invalid");
50    }
51
52    if (subject_cert != NULL)
53        DESTROY_IF(subject_cert);
54    abac_id_free(issuer);
55
56    exit(good ? 0 : 1);
57}
Note: See TracBrowser for help on using the repository browser.