int
main (int argc, char **argv)
{
  int arg_idx = 0;
  char *privcert_file = NULL;
  char *pubcert_file = NULL;
  char *priv_file = NULL;
  char *pub_file = NULL;
  char *priv_id = NULL;
  char *pub_id = NULL;
  char *label = DEFAULT_LABEL;
  dckey *priv = NULL;
  dckey *pub = NULL;
  cert *priv_cert = NULL;
  cert *pub_cert = NULL;
  
  printf("argc count is: %d\n", argc);
  if((argc < 7) || (argc > 8))
  {
   printf("Invalid number of arguments!!!\n");
   usage (argv[0], argc);
  }
  printf("argc value is: %d\n", argc);
  ri ();

  priv_file = argv[++arg_idx];
  privcert_file = argv[++arg_idx];
  priv_id = argv[++arg_idx];
  pub_file  = argv[++arg_idx];
  pubcert_file = argv[++arg_idx];
  pub_id = argv[++arg_idx];
  if (argc - 2 == arg_idx) {
    /* there was a label */
    label = argv[++arg_idx];
  }

  pub_cert = pki_check(pubcert_file, pub_file, pub_id);
  /* check above won't return if something was wrong */
  pub = pub_cert->public_key;

  if (!cert_verify (priv_cert = cert_read (privcert_file))) {
      printf ("%s: trouble reading certificate from %s, "
	      "or certificate expired\n", getprogname (), privcert_file);
      perror (getprogname ());

      exit (-1);
  } else if (!dcareequiv(pub_cert->issuer,priv_cert->issuer)) {
    printf ("%s: certificates issued by different CAs.\n",
	    getprogname ());
    printf ("\tOwn (%s's) certificate in %s\n", priv_id, privcert_file);
    printf ("\tOther (%s's) certificate in %s\n", pub_id, pubcert_file);
  } else {
    priv = priv_from_file (priv_file);
    
    nidh (priv, pub, priv_id, pub_id, label);
  }

  return 0;
}
Пример #2
0
/* Verifies the validity of a certificate */
void 
pki_check(char *cert_file, char *pk_file, char *id)
{
  cert *c = cert_read (cert_file);
  dckey *pk = pk_from_file (pk_file);

  if (!c) {
    printf ("Error reading the certificate from %s\n", cert_file);
    
    exit (1);
  }

  if (!pk) {
    printf ("Error reading the public key from %s\n", pk_file);
    
    exit (1);
  }

  if (!cert_verify (c)) {
    printf ("Certificate invalid or expired\n");
    
    exit (1);
  }

  if (!dcareequiv (c->public_key, pk)) {
    printf ("The certificate in %s does not refer to the public key in %s\n",
	    cert_file, pk_file);
    
    exit (1);
  }
  
  if (strcmp (c->identity, id) != 0) {
    printf ("The certificate in %s does not refer to identity %s\n",
	    cert_file, id);
    
    exit (1);
  }

  /* everything checked out */
  printf ("Valid certificate\n");
  
  exit (0);
}