1 | /*** |
---|
2 | verify.c |
---|
3 | |
---|
4 | to verify attribute credential to see if the issuer is valid, |
---|
5 | validity time is still within range and signature is valid |
---|
6 | if attrcert is supplied, it will do signature verification, if |
---|
7 | both attrcert and cert are of the same, then a self-signing |
---|
8 | signature verification is done implicitly |
---|
9 | ***/ |
---|
10 | |
---|
11 | #include "creddy_internal.h" |
---|
12 | |
---|
13 | extern certificate_t *abac_attribute_cert_from_file(char *filename); |
---|
14 | |
---|
15 | void verify_main(options_t *opts) { |
---|
16 | certificate_t *subject_cert = NULL; |
---|
17 | |
---|
18 | if (opts->cert == NULL) |
---|
19 | usage(opts); |
---|
20 | |
---|
21 | abac_id_t *issuer = abac_id_from_file(opts->cert); |
---|
22 | if (issuer == NULL) |
---|
23 | errx(1, "Can't load issuer cert from %s", opts->cert); |
---|
24 | certificate_t *cert = abac_id_cert(issuer); |
---|
25 | |
---|
26 | if (opts->attrcert != NULL) { |
---|
27 | subject_cert = abac_attribute_cert_from_file(opts->attrcert); |
---|
28 | if(subject_cert == NULL) |
---|
29 | errx(1, "Can't load attribute cert from %s", opts->cert); |
---|
30 | } |
---|
31 | |
---|
32 | int good = 0; |
---|
33 | if(subject_cert == NULL ) { |
---|
34 | if (cert->get_validity(cert, NULL, NULL, NULL)) { |
---|
35 | puts("certificates valid"); |
---|
36 | good=1; |
---|
37 | } else puts("certificate not valid now"); |
---|
38 | } else { |
---|
39 | /** XXX 5.0.1 |
---|
40 | if (subject_cert->issued_by(subject_cert, cert, NULL)) { |
---|
41 | */ |
---|
42 | if (subject_cert->issued_by(subject_cert, cert)) { |
---|
43 | if (subject_cert->get_validity(subject_cert, NULL, NULL, NULL)) { |
---|
44 | if (cert->get_validity(cert, NULL, NULL, NULL)) { |
---|
45 | puts("signature good, certificates valid"); |
---|
46 | good = 1; |
---|
47 | } else puts("signature good, issuer cert not valid now"); |
---|
48 | } else puts("signature good, cert not valid now"); |
---|
49 | } else puts("signature invalid"); |
---|
50 | } |
---|
51 | |
---|
52 | if (subject_cert != NULL) |
---|
53 | DESTROY_IF(subject_cert); |
---|
54 | abac_id_free(issuer); |
---|
55 | |
---|
56 | exit(good ? 0 : 1); |
---|
57 | } |
---|