Context Navigation

source: libabac/abac_verifier.c @ 9937351

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 9937351 was 7727f26, checked in by Mei <mei@…>, 12 years ago

1) add environment variables DUMP_DB, ABAC_CN.

ABAC_CN will switch to using CNs for keyid insead of SHAs

2) add/modified couple of doc files.

Property mode set to 100644

File size: 19.0 KB

Line
1
2	// include the GNU extension of asprintf
3	#define _GNU_SOURCE
4
5	#include <assert.h>
6	#include <stdio.h>
7
8	#include <library.h>
9	#include <credentials/certificates/certificate.h>
10	#include <credentials/certificates/x509.h>
11	#include <credentials/certificates/ac.h>
12
13	#include "abac_verifier.h"
14
15	#include "abac_list.h"
16	#include "abac_util.h"
17	#include "abac_rt.h"
18
19	extern abac_role_t *abac_yy_get_rule_head_role();
20	extern abac_role_t *abac_yy_get_rule_tail_role();
21	extern abac_oset_t *abac_yy_get_rule_head_oset();
22	extern abac_oset_t *abac_yy_get_rule_tail_oset();
23	extern int abac_yy_get_rule_is_oset();
24	extern abac_list_t *abac_yy_get_rule_clauses();
25	extern char* abac_decode_string(char *);
26	extern void abac_yy_free_rule_clauses();
27	extern char generate_pl_type_clause(char , int);
28
29
30	/* keeping this a fixed enum is to have tighter control of
31	what are acceptabletypes of keyid are we allowing */
32	typedef enum _keyidtype_t {
33	e_KEYID = 1,
34	} keyidtype_t;
35
36	/* keyidname[keyidtype] */
37	static char * const keyidname[] =
38	{
39	"badidtype", "keyid", 0
40	};
41
42	typedef enum _credtype_t {
43	e_CREDTYPE_ROLE =1,
44	e_CREDTYPE_OSET =2,
45	} credtype_t;
46
47	static int keyidname_cnt=1;
48
49	struct _abac_id_cert_t {
50	char *keyid;
51	char *cn;
52	int type; /* keyidtype */
53	certificate_t *cert;
54	char *clause;
55
56	UT_hash_handle hh;
57	};
58
59	/* can store either role or oset */
60	struct _abac_credential_t {
61	int type;
62	void *head;
63	void *tail;
64	certificate_t *cert;
65	certificate_t *issuer;
66	abac_list_t *clauses;
67
68	int refcount;
69	};
70
71	typedef struct _abac_str_cred_t {
72	char *strid;
73	abac_credential_t *cred;
74
75	UT_hash_handle hh;
76	} abac_str_cred_t;
77
78	abac_id_cert_t *id_certs = NULL;
79	abac_str_cred_t *str_creds = NULL;
80
81	static int debug=0;
82	static void check_id_cert(abac_id_cert_t *id_cert);
83	extern void abac_print_role_string_with_condition(abac_role_t role, FILE);
84
85	//
86	void abac_print_cred_info(abac_credential_t cred, FILE fp)
87	{
88	if(fp == NULL)
89	fp=stdout;
90
91	if(debug) {
92	fprintf(fp,"---> printing out credential info cred(%d)..\n", (int) cred);
93	if(cred->head) {
94	fprintf(fp," head cred(%d):\n",(int)cred->head);
95	if(cred->type == e_CREDTYPE_ROLE)
96	abac_print_role_string_with_condition((abac_role_t*)cred->head,fp);
97	else
98	abac_print_oset_string_with_condition((abac_oset_t*)cred->head,fp);
99	}
100	if(cred->tail) {
101	fprintf(fp,"\n tail cred(%d):\n",(int)cred->tail);
102	if(cred->type == e_CREDTYPE_ROLE)
103	abac_print_role_string_with_condition((abac_role_t*)cred->tail,fp);
104	else
105	abac_print_oset_string_with_condition((abac_oset_t*)cred->tail,fp);
106	}
107
108	abac_list_t *clauses=cred->clauses;
109	if (clauses != NULL) {
110	char *cur=NULL;
111	abac_list_foreach(clauses, cur,
112	fprintf(fp,"\n a clause(%d):\n",(int)cur);
113	if(cur)
114	fprintf(fp,"strlen(%d)loc(%d)(%s)\n", strlen(cur),(int)cur, cur);
115	);
116	}
117	} else {
118	fprintf(fp," ");
119	if(cred->type == e_CREDTYPE_ROLE)
120	abac_print_role_string_with_condition((abac_role_t *)cred->head,fp);
121	else abac_print_oset_string_with_condition((abac_oset_t *)cred->head,fp);
122	fprintf(fp," <- ");
123	if(cred->type == e_CREDTYPE_ROLE)
124	abac_print_role_string_with_condition((abac_role_t *)cred->tail,fp);
125	else abac_print_oset_string_with_condition((abac_oset_t *)cred->tail,fp);
126	fprintf(fp,"\n");
127	}
128	}
129
130	//
131	int abac_verify_keyid_type(char *type) {
132	int i;
133
134	if (type == NULL)
135	return 0;
136
137	for (i = 1; i <= keyidname_cnt ; i++)
138	if(strcmp(type,keyidname[i])==0)
139	return i;
140	return 0;
141	}
142
143	char *abac_keyid_type(int i)
144	{
145	return keyidname[i];
146	}
147
148	// convert a chunk to a lowercase binary string
149	// malloc's the string
150	static char *_chunk_to_string(chunk_t chunk) {
151	int i;
152
153	char ret = abac_xmalloc(chunk.len 2 + 1);
154
155	for (i = 0; i < chunk.len; ++i)
156	sprintf(ret + 2 * i, "%02x", chunk.ptr[i]);
157
158	return ret;
159	}
160
161	// verify that cert was issued by issuer
162	// cert and issuer can be the same, in which case the self-sig is validated
163	static int _verify_signature(certificate_t issuer, certificate_t cert) {
164	if (cert->issued_by(cert, issuer))
165	if (cert->get_validity(cert, NULL, NULL, NULL))
166	return 1;
167	return 0;
168	}
169
170	/**
171	* Init the verifier subsystem.
172	*/
173	void abac_verifier_init(void) {
174	// silence all debugging
175
176	if (!library_init(NULL))
177	exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
178
179	if (!lib->plugins->load(lib->plugins, NULL,
180	lib->settings->get_str(lib->settings, "pki.load", PLUGINS)))
181	exit(SS_RC_INITIALIZATION_FAILED);
182	}
183
184	/**
185	* Uninitialize the system, free up any allocated memory.
186	*/
187	void abac_verifier_deinit(void) {
188	abac_id_cert_t *id;
189	while ((id = id_certs) != NULL) {
190	HASH_DEL(id_certs, id);
191
192	free(id->keyid);
193	free(id->cn);
194	id->cert->destroy(id->cert);
195	free(id);
196	}
197
198	abac_str_cred_t *id2;
199	while ((id2 = str_creds) != NULL) {
200	HASH_DEL(str_creds, id2);
201
202	free(id2->strid);
203	free(id2);
204	}
205
206	library_deinit();
207	}
208
209	/**
210	* Load an ID certificate.
211	*/
212	static int _load_id(certificate_t cert, abac_id_cert_t *id_cert_ret) {
213	abac_id_cert_t *id_cert = NULL;
214	char okeyid, keyid = NULL;
215	chunk_t id;
216	int ret;
217	x509_t x509 = (x509_t )cert;
218
219	assert(cert != NULL);
220
221	// get the key ID, add p to keyid SHA here */
222	id = x509->get_subjectKeyIdentifier(x509);
223	okeyid = _chunk_to_string(id);
224	asprintf(&keyid,"p%s",okeyid);
225
226	/* Mike said this is the way it is */
227	char *str;
228	int rv = asprintf(&str, "%Y", cert->get_issuer(cert));
229
230	/* add p to cn name here */
231	char cn=(char )abac_xmalloc(strlen(str)+2);
232	cn[0]='p';
233	int n=sscanf(str,"CN=%s", &(cn[1]));
234	if ( n!=1 ) {
235	ret = ABAC_CERT_BAD_CN;
236	goto error;
237	}
238
239	if(debug) {
240	printf ("DEBUG:keyid %s \n", keyid);
241	printf( "DEBUG:issuer '%s' \n", str);
242	printf ("DEBUG:cn %s \n", cn);
243	}
244	free(str);
245
246	// if we already have this cert 'error' with success
247	HASH_FIND_STR(id_certs, keyid, id_cert);
248	if (id_cert != NULL) {
249	ret = ABAC_CERT_SUCCESS;
250	goto error;
251	}
252
253	// validate sig
254	ret = _verify_signature(cert, cert);
255	if (!ret) {
256	ret = ABAC_CERT_BAD_SIG;
257	goto error;
258	}
259
260	// success, add the key to the map of certificates
261	id_cert = abac_xmalloc(sizeof(abac_id_cert_t));
262	id_cert->keyid = keyid;
263	id_cert->cert = cert;
264	id_cert->cn = cn;
265	id_cert->type = e_KEYID;
266	/* special handling here */
267	if(USE("ABAC_CN")) {
268	id_cert->clause = generate_pl_type_clause(cn, id_cert->type);
269	} else {
270	id_cert->clause=generate_pl_type_clause(keyid, id_cert->type);
271	}
272	HASH_ADD_KEYPTR(hh, id_certs, id_cert->keyid, strlen(id_cert->keyid), id_cert);
273	if(debug)
274	printf("-->adding into id_certs, (%s)..cnt(%d)\n",
275	id_cert->keyid, HASH_COUNT(id_certs));
276
277	*id_cert_ret=id_cert;
278
279	return ABAC_CERT_SUCCESS;
280
281	error:
282	if (keyid != NULL) free(keyid);
283	if (cn != NULL) free(cn);
284
285	return ret;
286	}
287
288	static void check_id_cert(abac_id_cert_t *id_cert)
289	{
290	if(id_cert) {
291	printf("checking on this id_cert location %d\n", (int)id_cert);
292	printf(" --> sha is (%s)\n", id_cert->keyid);
293	printf(" --> cn is (%s)\n", id_cert->cn);
294	}
295	}
296
297	/**
298	* Load an attribute cert as string.
299	* have minimum syntax & validity check
300	*/
301	static int _load_attribute_string(char* attr_string) {
302	printf("NOT implemented yet!!!");
303	return ABAC_CERT_INVALID;
304	}
305
306	/**
307	* Load an ID cert from a file.
308	*/
309	int abac_verifier_load_id_file(char filename, abac_id_cert_t *id_cert_ret) {
310	if (lib == NULL)
311	errx(1, "looks like you didn't call libabac_init() (lib is NULL)");
312
313	// load the cert
314	certificate_t *cert = lib->creds->create(
315	lib->creds, CRED_CERTIFICATE, CERT_X509,
316	BUILD_FROM_FILE, filename,
317	BUILD_X509_FLAG, X509_AA, // attribute authority, dumb
318	BUILD_END
319	);
320	if (cert == NULL)
321	return ABAC_CERT_INVALID;
322	return _load_id(cert,id_cert_ret);
323	}
324
325	/**
326	* Load an ID cert from a chunk.
327	*/
328	int abac_verifier_load_id_chunk(chunk_t chunk, abac_id_cert_t **id_cert_ret) {
329	// load the cert
330	certificate_t *cert = lib->creds->create(
331	lib->creds, CRED_CERTIFICATE, CERT_X509,
332	BUILD_BLOB_ASN1_DER, chunk,
333	BUILD_X509_FLAG, X509_AA, // attribute authority, dumb
334	BUILD_END
335	);
336	if (cert == NULL)
337	return ABAC_CERT_INVALID;
338	return _load_id(cert,id_cert_ret);
339	}
340
341
342	void abac_print_clauses(abac_list_t clauses, FILE fp)
343	{
344	if (clauses != NULL) {
345	char *cur;
346	printf("total-- %d clauses\n", abac_list_size(clauses));
347	abac_list_foreach(clauses, cur,
348	if(cur) {
349	if(fp)
350	fprintf (fp,"a clause, %d(%s)\n", (int)cur,cur);
351	else printf ("a clause, %d(%s)\n", (int)cur,cur);
352	}
353	);
354	}
355	}
356
357	static int _verify_valid_role_credential(certificate_t *cert,
358	abac_credential_t *cred_ret, char encoded_attr_string)
359	{
360	abac_role_t *head_role = NULL;
361	abac_role_t *tail_role = NULL;
362	abac_list_t *clauses=NULL;
363	abac_id_cert_t *issuer;
364	int ret, i;
365
366	// get the attr
367	head_role = abac_yy_get_rule_head_role();
368	tail_role = abac_yy_get_rule_tail_role();
369	clauses = abac_yy_get_rule_clauses();
370
371	// get the issuer based on keyid
372	char *principalname = abac_role_principal_principalname(head_role);
373	if(debug) printf("LOOKING for %s\n", principalname);
374
375	HASH_FIND_STR(id_certs, principalname, issuer);
376	if (issuer == NULL) {
377	ret = ABAC_CERT_MISSING_ISSUER;
378	if(debug)
379	printf("can not find %s in id_certs\n", principalname);
380	goto error;
381	}
382
383	// make sure the issuer's signed it
384	ret = _verify_signature(issuer->cert, cert);
385	if (!ret) {
386	abac_yy_set_error_code(ABAC_RT_CERT_BAD_SIG);
387	goto error;
388	}
389
390	// at this point we know we have a good attribute cert
391	abac_credential_t *cred = abac_xmalloc(sizeof(abac_credential_t));
392	cred->type= e_CREDTYPE_ROLE;
393	cred->head = head_role;
394	cred->tail = tail_role;
395	cred->cert = cert;
396	cred->issuer = issuer->cert->get_ref(issuer->cert);
397	cred->clauses = clauses;
398	cred->refcount = 1;
399	*cred_ret = cred;
400
401	// success, add the key to the map of certificates
402	abac_str_cred_t *str_cred;
403	str_cred=abac_xmalloc(sizeof(abac_str_cred_t));
404	str_cred->strid=strdup(encoded_attr_string);
405	str_cred->cred=cred;
406	HASH_ADD_KEYPTR(hh, str_creds, str_cred->strid, strlen(str_cred->strid), str_cred);
407
408	return ABAC_CERT_SUCCESS;
409
410	error:
411	if (head_role) abac_role_free(head_role);
412	if (tail_role) abac_role_free(tail_role);
413	abac_yy_free_rule_clauses();
414
415	return ret;
416	}
417
418	static int _verify_valid_oset_credential(certificate_t *cert,
419	abac_credential_t *cred_ret, char encoded_attr_string)
420	{
421	abac_oset_t *head_oset = NULL;
422	abac_oset_t *tail_oset = NULL;
423	abac_list_t *clauses=NULL;
424	abac_id_cert_t *issuer;
425	int ret, i;
426
427	// get the attr
428	head_oset = abac_yy_get_rule_head_oset();
429	tail_oset = abac_yy_get_rule_tail_oset();
430	clauses = abac_yy_get_rule_clauses();
431
432	// get the issuer based on keyid
433	char *principalname = abac_oset_principal_principalname(head_oset);
434	HASH_FIND_STR(id_certs, principalname, issuer);
435	if (issuer == NULL) {
436	ret = ABAC_CERT_MISSING_ISSUER;
437	goto error;
438	}
439
440	// make sure the issuer's signed it
441	ret = _verify_signature(issuer->cert, cert);
442	if (!ret) {
443	abac_yy_set_error_code(ABAC_RT_CERT_BAD_SIG);
444	goto error;
445	}
446
447	// at this point we know we have a good attribute cert
448	abac_credential_t *cred = abac_xmalloc(sizeof(abac_credential_t));
449	cred->type= e_CREDTYPE_OSET;
450	cred->head = head_oset;
451	cred->tail = tail_oset;
452	cred->cert = cert;
453	cred->issuer = issuer->cert->get_ref(issuer->cert);
454	cred->clauses = clauses;
455	cred->refcount = 1;
456	*cred_ret = cred;
457
458	// success, add the key to the map of certificates
459	abac_str_cred_t *str_cred;
460	str_cred=abac_xmalloc(sizeof(abac_str_cred_t));
461	str_cred->strid=strdup(encoded_attr_string);
462	str_cred->cred=cred;
463	HASH_ADD_KEYPTR(hh, str_creds, str_cred->strid, strlen(str_cred->strid), str_cred);
464
465	return ABAC_CERT_SUCCESS;
466
467	error:
468	if (head_oset) abac_oset_free(head_oset);
469	if (tail_oset) abac_oset_free(tail_oset);
470	abac_yy_free_rule_clauses();
471
472	return ret;
473	}
474	/**
475	* Load an attribute cert.
476	* Returns true only if the certificate is valid and is issued by the proper
477	* authority.
478	*/
479	static int _load_attribute_cert(certificate_t cert, abac_credential_t *cred_ret) {
480	ietf_attributes_t *attr_cert = NULL;
481	abac_id_cert_t *issuer;
482	int ret, i;
483
484	// get the attr
485	ac_t ac = (ac_t )cert;
486	attr_cert = ac->get_groups(ac);
487	if (attr_cert == NULL) {
488	ret = ABAC_CERT_INVALID;
489	goto error;
490	}
491
492	char *encoded_attr_string=attr_cert->get_string(attr_cert);
493	char *attr_string = abac_decode_string(encoded_attr_string);
494	if(debug)
495	printf("string to be yyparse..(%s)\n",attr_string);
496
497	if (attr_string == NULL) {
498	ret = ABAC_CERT_INVALID;
499	goto error;
500	}
501
502	/* call into yacc parser */
503	abac_reset_yyfptr(attr_string);
504	abac_yy_init();
505	int rc=yyparse();
506	if (rc) {
507	ret = ABAC_CERT_INVALID;
508	goto error;
509	}
510
511	if(abac_yy_get_rule_is_oset()) {
512	ret=_verify_valid_oset_credential(cert,cred_ret,encoded_attr_string);
513	} else {
514	ret=_verify_valid_role_credential(cert,cred_ret,encoded_attr_string);
515	}
516
517	// free up some crap
518	attr_cert->destroy(attr_cert);
519
520	return ABAC_CERT_SUCCESS;
521
522	error:
523	if (cert) cert->destroy(cert);
524	if (attr_cert) attr_cert->destroy(attr_cert);
525	return ret;
526	}
527
528	/**
529	* Load an attribute cert from a file.
530	*/
531	int abac_verifier_load_attribute_cert_file(char filename, abac_credential_t *cred) {
532	// load the cert
533	certificate_t *cert = lib->creds->create(
534	lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
535	BUILD_FROM_FILE, filename,
536	BUILD_END
537	);
538	if (cert == NULL)
539	return ABAC_CERT_INVALID;
540	return _load_attribute_cert(cert, cred);
541	}
542
543	/**
544	* Load attribute cert rules from a file. (this should only be used to test)
545	*/
546	int abac_verifier_load_certs_file(char *filename) {
547	size_t nbytes=0;
548	char *input=NULL;
549	FILE *fp;
550	int ret;
551
552	fp=fopen(filename, "r");
553
554	if(fp == NULL)
555	return ABAC_CERT_INVALID;
556
557	while( (ret=getline(&input, &nbytes, fp)) != -1 ) {
558	ret=_load_attribute_string(input);
559	free(input);
560	if(ret != ABAC_CERT_SUCCESS )
561	fclose(fp);
562	return ret;
563	}
564	fclose(fp);
565	return ABAC_CERT_SUCCESS;
566	}
567
568
569	/**
570	* Load an attribute cert from a chunk.
571	*/
572	int abac_verifier_load_attribute_cert_chunk(chunk_t chunk, abac_credential_t **cred) {
573	// load the cert
574	certificate_t *cert = lib->creds->create(
575	lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
576	BUILD_BLOB_ASN1_DER, chunk,
577	BUILD_END
578	);
579	if (cert == NULL)
580	return ABAC_CERT_INVALID;
581	return _load_attribute_cert(cert, cred);
582	}
583
584	/**
585	* Return the encoding of the attribute cert.
586	*/
587	abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred) {
588	chunk_t encoding = cred->cert->get_encoding(cred->cert);
589	abac_chunk_t ret = { encoding.ptr, encoding.len };
590	return ret;
591	}
592
593	/**
594	* Return the encoding of the issuer cert.
595	*/
596	abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred) {
597	chunk_t encoding = cred->issuer->get_encoding(cred->issuer);
598	abac_chunk_t ret = { encoding.ptr, encoding.len };
599	return ret;
600	}
601
602	/**
603	* Return the clause of the cert
604	*/
605	abac_list_t abac_credential_clauses(abac_credential_t cred) {
606	return cred->clauses;
607	}
608
609
610	/**
611	* Increase the ref count of a credential.
612	*/
613	abac_credential_t abac_credential_dup(abac_credential_t cred) {
614	assert(cred != NULL);
615
616	++cred->refcount;
617	return cred;
618	}
619
620	/**
621	* lookup for a credential.
622	*/
623	abac_credential_t abac_credential_lookup(char cred_string)
624	{
625	if(debug)
626	printf("DEBUG:doing abac_crendential_lookup ... (%s)\n", cred_string);
627	abac_str_cred_t *str_cred;
628	HASH_FIND_STR(str_creds, cred_string, str_cred);
629	if (str_cred == NULL) {
630	if(debug) printf("DEBUG:NOT FOUND..\n");
631	return NULL;
632	}
633	if(debug) printf("DEBUG:FOUND..(%d)\n", (int) str_cred->cred);
634	return str_cred->cred;
635	}
636
637	/**
638	* Decrease the reference count of a credential, freeing it when it reaches 0.
639	*/
640	void abac_credential_free(abac_credential_t *cred)
641	{
642	if(debug)
643	printf("DEBUG:freeing cred(%d)clause(%d)\n", (int)cred, (int)cred->clauses);
644
645	if (cred == NULL)
646	return;
647
648	--cred->refcount;
649	if (cred->refcount > 0)
650	return;
651
652	if(cred->type == e_CREDTYPE_ROLE) {
653	abac_role_free((abac_role_t *)cred->head);
654	abac_role_free((abac_role_t *)cred->tail);
655	} else {
656	abac_oset_free((abac_oset_t *)cred->head);
657	abac_oset_free((abac_oset_t *)cred->tail);
658	}
659	cred->cert->destroy(cred->cert);
660	cred->issuer->destroy(cred->issuer); // reference counted
661	/* no need to freeyap_clauses here */
662	free(cred);
663	}
664
665	char abac_id_clause(abac_id_cert_t id_cert)
666	{
667	if(id_cert)
668	return id_cert->clause;
669	return NULL;
670	}
671
672	/* retrieve the cn that is associated with this sha_string */
673	char abac_cn_with_sha(char sha_string) {
674
675	// get the issuer based on keyid
676	abac_id_cert_t *id_cert;
677	HASH_FIND_STR(id_certs, sha_string, id_cert);
678	if (id_cert == NULL) {
679	return NULL;
680	}
681	if(debug)
682	check_id_cert(id_cert);
683	return id_cert->cn;
684	}
685
686	/* retrieve the cn that is associated with the principal of this role */
687	char abac_cn_with_role(abac_role_t role) {
688
689	char *principal = abac_role_principal_principalname(role);
690	return abac_cn_with_sha(principal);
691	}
692
693	char abac_principalname_with_role(abac_role_t role) {
694
695	return abac_role_principal_principalname(role);
696	}
697
698
699	/* retrieve the cn that is associated with the principal of this oset */
700	char abac_cn_with_oset(abac_oset_t oset) {
701	char *principal = abac_oset_principal_principalname(oset);
702	return abac_cn_with_sha(principal);
703	}
704
705	char abac_principalname_with_oset(abac_oset_t oset) {
706	return abac_oset_principal_principalname(oset);
707	}
708
709	abac_role_t abac_credential_head(abac_credential_t cred) {
710	return (abac_role_t *) cred->head;
711	}
712
713	abac_role_t abac_credential_tail(abac_credential_t cred) {
714	return (abac_role_t *) cred->tail;
715	}
716
717	abac_oset_t abac_credential_head_oset(abac_credential_t cred) {
718	return (abac_oset_t *) cred->head;
719	}
720
721	abac_oset_t abac_credential_tail_oset(abac_credential_t cred) {
722	return (abac_oset_t *) cred->tail;
723	}
724	int abac_credential_holds_roles(abac_credential_t *cred) {
725	return (cred->type == e_CREDTYPE_ROLE);
726	}
727

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_verifier.c @ 9937351

Download in other formats: