splitted PKI tool to a file per command
[strongswan.git] / src / pki / commands / verify.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pki.h"
17
18 #include <credentials/certificates/certificate.h>
19 #include <credentials/certificates/x509.h>
20
21 /**
22 * Verify a certificate signature
23 */
24 static int verify(int argc, char *argv[])
25 {
26 certificate_t *cert, *ca;
27 char *file = NULL, *cafile = NULL;
28 bool good = FALSE;
29
30 while (TRUE)
31 {
32 switch (getopt_long(argc, argv, "", command_opts, NULL))
33 {
34 case 'h':
35 return command_usage(CMD_VERIFY, NULL);
36 case 'i':
37 file = optarg;
38 continue;
39 case 'c':
40 cafile = optarg;
41 continue;
42 case EOF:
43 break;
44 default:
45 return command_usage(CMD_VERIFY, "invalid --verify option");
46 }
47 break;
48 }
49
50 if (file)
51 {
52 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
53 BUILD_FROM_FILE, file, BUILD_END);
54 }
55 else
56 {
57 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
58 BUILD_FROM_FD, 0, BUILD_END);
59 }
60 if (!cert)
61 {
62 fprintf(stderr, "parsing certificate failed\n");
63 return 1;
64 }
65 if (cafile)
66 {
67 ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
68 BUILD_FROM_FILE, cafile, BUILD_END);
69 if (!ca)
70 {
71 fprintf(stderr, "parsing CA certificate failed\n");
72 return 1;
73 }
74 }
75 else
76 {
77 ca = cert;
78 }
79 if (cert->issued_by(cert, ca))
80 {
81 if (cert->get_validity(cert, NULL, NULL, NULL))
82 {
83 if (cafile)
84 {
85 if (ca->get_validity(ca, NULL, NULL, NULL))
86 {
87 printf("signature good, certificates valid\n");
88 good = TRUE;
89 }
90 else
91 {
92 printf("signature good, CA certificates not valid now\n");
93 }
94 }
95 else
96 {
97 printf("signature good, certificate valid\n");
98 good = TRUE;
99 }
100 }
101 else
102 {
103 printf("certificate not valid now\n");
104 }
105 }
106 else
107 {
108 printf("signature invalid\n");
109 }
110 if (cafile)
111 {
112 ca->destroy(ca);
113 }
114 cert->destroy(cert);
115
116 return good ? 0 : 2;
117 }
118
119 /**
120 * Register the command.
121 */
122 static void __attribute__ ((constructor))reg()
123 {
124 command_register(CMD_VERIFY, (command_t) {
125 verify, 'v', "verify",
126 "verify a certificate using the CA certificate",
127 {"[--in file] [--ca file]"},
128 {
129 {"help", 'h', 0, "show usage information"},
130 {"in", 'i', 1, "x509 certifcate to verify, default: stdin"},
131 {"cacert", 'c', 1, "CA certificate, default: verify self signed"},
132 }
133 });
134 }
135