int
main (int argc, char **argv)
{
int arg_idx = 0;
char *privcert_file = NULL;
char *pubcert_file = NULL;
char *priv_file = NULL;
char *pub_file = NULL;
char *priv_id = NULL;
char *pub_id = NULL;
char *label = DEFAULT_LABEL;
dckey *priv = NULL;
dckey *pub = NULL;
cert *priv_cert = NULL;
cert *pub_cert = NULL;
printf("argc count is: %d\n", argc);
if((argc < 7) || (argc > 8))
{
printf("Invalid number of arguments!!!\n");
usage (argv[0], argc);
}
printf("argc value is: %d\n", argc);
ri ();
priv_file = argv[++arg_idx];
privcert_file = argv[++arg_idx];
priv_id = argv[++arg_idx];
pub_file = argv[++arg_idx];
pubcert_file = argv[++arg_idx];
pub_id = argv[++arg_idx];
if (argc - 2 == arg_idx) {
/* there was a label */
label = argv[++arg_idx];
}
pub_cert = pki_check(pubcert_file, pub_file, pub_id);
/* check above won't return if something was wrong */
pub = pub_cert->public_key;
if (!cert_verify (priv_cert = cert_read (privcert_file))) {
printf ("%s: trouble reading certificate from %s, "
"or certificate expired\n", getprogname (), privcert_file);
perror (getprogname ());
exit (-1);
} else if (!dcareequiv(pub_cert->issuer,priv_cert->issuer)) {
printf ("%s: certificates issued by different CAs.\n",
getprogname ());
printf ("\tOwn (%s's) certificate in %s\n", priv_id, privcert_file);
printf ("\tOther (%s's) certificate in %s\n", pub_id, pubcert_file);
} else {
priv = priv_from_file (priv_file);
nidh (priv, pub, priv_id, pub_id, label);
}
return 0;
}
int
main (int argc, char **argv)
{
int fdca, fdpk;
dckey *ca = NULL, *pk = NULL;
char *id = NULL;
char *cert_file = NULL, *pk_file = NULL;
int duration = -1;
ri ();
if (argc < 2)
usage (argv[0]);
else if (argc == 2) {
if (strcmp (argv[1], "init") != 0)
usage (argv[0]);
else {
setprogname (argv[0]);
pki_init ();
}
}
else if (argc == 5) {
if (strcmp (argv[1], "check") != 0)
usage (argv[0]);
else {
setprogname (argv[0]);
pki_check (argv[2], argv[3], argv[4]);
}
}
else if (strcmp (argv[1], "cert") != 0) {
usage (argv[0]);
}
else {
/* cert commnad */
setprogname (argv[0]);
/* first, let's take care of the options, if any */
parse_options (&pk, &cert_file, &duration, argc, argv);
/* the last two args are ID and PK-FILE */
pk_file = argv[argc - 2];
id = argv[argc - 1];
/* set up default values for parameters not affected by the options */
if (!cert_file) {
/* default cert_file is ID.cert */
if (cat_str (&cert_file, id)
|| cat_str (&cert_file, ".cert")) {
xfree (cert_file);
exit (1);
}
}
if (duration == -1)
/* default duration is 30 days */
duration = 30;
/* take care of the public key that we are certifying */
/* if the -g option was used, we have to write the pk to pk_file */
if (pk)
write_pkfile (pk_file, pk);
/* otherwise, import pk from pk_file */
else {
if ((fdpk = open (pk_file, O_RDONLY)) == -1) {
if (errno == ENOENT) {
usage (argv[0]);
}
else {
perror (argv[0]);
exit (1);
}
}
else if (!(pk = import_pub_from_file (fdpk))) {
fprintf (stderr, "%s: no public key found in %s\n", argv[0], pk_file);
close (fdpk);
exit (1);
}
close (fdpk);
fdpk = -1;
}
/* now read the ca private key from ./.pki/ca.priv */
if ((fdca = open ("./.pki/ca.priv", O_RDONLY)) == -1) {
if (errno == ENOENT) {
usage (argv[0]);
}
else {
perror (argv[0]);
exit (1);
}
}
else {
if (!(ca = import_priv_from_file (fdca))) {
fprintf (stderr, "%s: no private key found in %s\n",
argv[0], "./.pki/ca.priv");
close (fdca);
exit (1);
}
close (fdca);
fdca = -1;
/* prepare a cert, sign it and write it to cert_file */
switch (cert_sign_n_write (ca, id, pk, duration, cert_file)) {
case 0:
/* no error */
/* the ca signing key is not needed anymore: wipe it out */
dcfree (ca);
ca = NULL;
break;
case -1:
/* trouble with the write system call */
check_n_free (&cert_file);
dcfree (ca);
exit (1);
case -2:
/* trouble preparing/signinig the certificate */
check_n_free (&cert_file);
dcfree (ca);
exit (1);
default:
check_n_free (&cert_file);
dcfree (ca);
exit (1);
}
assert (cert_verify (cert_read (cert_file)));
dcfree (pk);
pk = NULL;
}
}
check_n_free (&cert_file);
return 0;
}
