int main (int argc, char **argv) { int arg_idx = 0; char *privcert_file = NULL; char *pubcert_file = NULL; char *priv_file = NULL; char *pub_file = NULL; char *priv_id = NULL; char *pub_id = NULL; char *label = DEFAULT_LABEL; dckey *priv = NULL; dckey *pub = NULL; cert *priv_cert = NULL; cert *pub_cert = NULL; printf("argc count is: %d\n", argc); if((argc < 7) || (argc > 8)) { printf("Invalid number of arguments!!!\n"); usage (argv[0], argc); } printf("argc value is: %d\n", argc); ri (); priv_file = argv[++arg_idx]; privcert_file = argv[++arg_idx]; priv_id = argv[++arg_idx]; pub_file = argv[++arg_idx]; pubcert_file = argv[++arg_idx]; pub_id = argv[++arg_idx]; if (argc - 2 == arg_idx) { /* there was a label */ label = argv[++arg_idx]; } pub_cert = pki_check(pubcert_file, pub_file, pub_id); /* check above won't return if something was wrong */ pub = pub_cert->public_key; if (!cert_verify (priv_cert = cert_read (privcert_file))) { printf ("%s: trouble reading certificate from %s, " "or certificate expired\n", getprogname (), privcert_file); perror (getprogname ()); exit (-1); } else if (!dcareequiv(pub_cert->issuer,priv_cert->issuer)) { printf ("%s: certificates issued by different CAs.\n", getprogname ()); printf ("\tOwn (%s's) certificate in %s\n", priv_id, privcert_file); printf ("\tOther (%s's) certificate in %s\n", pub_id, pubcert_file); } else { priv = priv_from_file (priv_file); nidh (priv, pub, priv_id, pub_id, label); } return 0; }
/* Verifies the validity of a certificate */ void pki_check(char *cert_file, char *pk_file, char *id) { cert *c = cert_read (cert_file); dckey *pk = pk_from_file (pk_file); if (!c) { printf ("Error reading the certificate from %s\n", cert_file); exit (1); } if (!pk) { printf ("Error reading the public key from %s\n", pk_file); exit (1); } if (!cert_verify (c)) { printf ("Certificate invalid or expired\n"); exit (1); } if (!dcareequiv (c->public_key, pk)) { printf ("The certificate in %s does not refer to the public key in %s\n", cert_file, pk_file); exit (1); } if (strcmp (c->identity, id) != 0) { printf ("The certificate in %s does not refer to identity %s\n", cert_file, id); exit (1); } /* everything checked out */ printf ("Valid certificate\n"); exit (0); }