int main(int argc, char* argv[]) { GError *err = NULL; GOptionContext *context; context = g_option_context_new ("trust-file"); g_option_context_add_main_entries (context, option_entries, GETTEXT_PACKAGE); if (!g_option_context_parse (context, &argc, &argv, &err)) barf_and_die (egg_error_message (err), NULL); g_option_context_free (context); if (argc != 2) barf_and_die ("specify trust-file", NULL); if (((create_for_file ? 1 : 0) + (refer_for_file ? 1 : 0) + (add_trust_purpose ? 1 : 0)) > 1) barf_and_die ("incompatible options specified", NULL); if (create_for_file) create_trust_file_for_certificate (argv[1], create_for_file); else if (refer_for_file) create_trust_file_for_issuer_and_serial (argv[1], refer_for_file); else if (add_trust_purpose) add_trust_purpose_to_file (argv[1], add_trust_purpose); g_free (create_for_file); g_free (refer_for_file); g_free (add_trust_purpose); return 0; }
int main(int argc, char* argv[]) { GError *err = NULL; gchar *contents; gsize n_contents; GNode *asn, *node; gint i, count; if (argc != 2) { g_printerr ("usage: dump-trust-file file\n"); return 2; } if (!g_file_get_contents (argv[1], &contents, &n_contents, &err)) barf_and_die ("couldn't load file", egg_error_message (err)); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, 1); if (!egg_asn1x_decode (asn, contents, n_contents)) barf_and_die ("couldn't parse file", egg_asn1x_message (asn)); /* Print out the certificate we refer to first */ node = egg_asn1x_node (asn, "reference", "certReference", NULL); if (egg_asn1x_have (node)) { dump_certificate_reference (node); } else { node = egg_asn1x_node (asn, "reference", "certComplete", NULL); if (egg_asn1x_have (node)) dump_certificate_complete (node); else barf_and_die ("unsupported certificate reference", NULL); } /* Then the assertions */ count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL)); for (i = 0; i < count; ++i) { node = egg_asn1x_node (asn, "assertions", i + 1, NULL); dump_assertion (node); } egg_asn1x_destroy (asn); g_free (contents); return 0; }
static void create_trust_file_for_certificate (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GBytes *bytes, *result; gchar *data; gsize n_data; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certComplete", NULL); if (!egg_asn1x_set_choice (ref, choice) || !egg_asn1x_set_any_raw (choice, bytes)) g_return_if_reached (); g_bytes_unref (bytes); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); egg_asn1x_destroy (cert); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
static void add_trust_purpose_to_file (const gchar *filename, const gchar *purpose) { GError *err = NULL; gchar *data; GBytes *result; gsize n_data; GNode *asn, *assertion; GBytes *bytes; if (!g_file_get_contents (filename, &data, &n_data, &err)) barf_and_die ("couldn't read trust file", egg_error_message (err)); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* And parse it */ bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (asn, bytes)) barf_and_die ("couldn't parse trust file", egg_asn1x_message (asn)); g_bytes_unref (bytes); assertion = egg_asn1x_append (egg_asn1x_node (asn, "assertions", NULL)); g_return_if_fail (assertion); if (!egg_asn1x_set_string_as_utf8 (egg_asn1x_node (assertion, "purpose", NULL), g_strdup (purpose), g_free)) g_return_if_reached (); egg_asn1x_set_enumerated (egg_asn1x_node (assertion, "level", NULL), g_quark_from_string ("trusted")); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode trust file", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
static void dump_certificate_complete (GNode *asn) { GNode *cert; gchar *issuer, *serial, *subject; gconstpointer element; gpointer data; gsize n_data, n_element; /* Parse the certificate out */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); element = egg_asn1x_get_raw_element (asn, &n_element); g_return_if_fail (element); if (!egg_asn1x_decode (cert, element, n_element)) barf_and_die ("couldn't parse certificate", egg_asn1x_message (cert)); issuer = egg_dn_read (egg_asn1x_node (asn, "issuer", NULL)); g_return_if_fail (issuer); subject = egg_dn_read (egg_asn1x_node (asn, "subject", NULL)); g_return_if_fail (subject); data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data); g_return_if_fail (data && n_data); serial = egg_hex_encode (data, n_data); g_free (data); g_print ("Complete\n"); g_print (" issuer: %s\n", issuer); g_print (" subject: %s\n", subject); g_print (" serial: 0x%s\n", serial); egg_asn1x_destroy (cert); g_free (data); g_free (serial); g_free (issuer); g_free (subject); }
static void dump_certificate_reference (GNode *asn) { gchar *issuer, *serial; gpointer data; gsize n_data; GNode *name; gconstpointer element; gsize n_element; /* Parse the name out */ name = egg_asn1x_create (pkix_asn1_tab, "Name"); g_return_if_fail (name); element = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "issuer", NULL), &n_element); g_return_if_fail (element); if (!egg_asn1x_decode (name, element, n_element)) barf_and_die ("couldn't parse certificate", egg_asn1x_message (name)); issuer = egg_dn_read (name); g_return_if_fail (issuer); data = egg_asn1x_get_integer_as_raw (egg_asn1x_node (asn, "serial", NULL), NULL, &n_data); g_return_if_fail (data && n_data); serial = egg_hex_encode (data, n_data); g_free (data); g_print ("Reference\n"); g_print (" issuer: %s\n", issuer); g_print (" serial: 0x%s\n", serial); egg_asn1x_destroy (name); g_free (data); g_free (serial); g_free (issuer); }
static void create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GNode *issuer, *serial; gchar *data; GBytes *result; GBytes *value; GBytes *element; gsize n_data; GBytes *bytes; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); g_bytes_unref (bytes); /* Dig out the issuer and serial */ issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL); serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL); g_return_if_fail (issuer && serial); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* Setup the type of trust assertion */ ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certReference", NULL); if (!egg_asn1x_set_choice (ref, choice)) g_return_if_reached (); /* Copy over the serial and issuer */ element = egg_asn1x_get_element_raw (issuer); if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element)) g_return_if_reached (); g_bytes_unref (element); value = egg_asn1x_get_integer_as_raw (serial); egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value); g_bytes_unref (value); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); g_free (data); egg_asn1x_destroy (cert); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }