2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 #include <credentials/certificates/certificate.h>
19 #include <credentials/certificates/x509.h>
22 * Verify a certificate signature
24 static int verify(int argc
, char *argv
[])
26 certificate_t
*cert
, *ca
;
27 char *file
= NULL
, *cafile
= NULL
;
32 switch (getopt_long(argc
, argv
, "", command_opts
, NULL
))
35 return command_usage(NULL
);
45 return command_usage("invalid --verify option");
52 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
53 BUILD_FROM_FILE
, file
, BUILD_END
);
57 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
58 BUILD_FROM_FD
, 0, BUILD_END
);
62 fprintf(stderr
, "parsing certificate failed\n");
67 ca
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
68 BUILD_FROM_FILE
, cafile
, BUILD_END
);
71 fprintf(stderr
, "parsing CA certificate failed\n");
79 if (cert
->issued_by(cert
, ca
))
81 if (cert
->get_validity(cert
, NULL
, NULL
, NULL
))
85 if (ca
->get_validity(ca
, NULL
, NULL
, NULL
))
87 printf("signature good, certificates valid\n");
92 printf("signature good, CA certificates not valid now\n");
97 printf("signature good, certificate valid\n");
103 printf("certificate not valid now\n");
108 printf("signature invalid\n");
120 * Register the command.
122 static void __attribute__ ((constructor
))reg()
124 command_register((command_t
) {
125 verify
, 'v', "verify",
126 "verify a certificate using the CA certificate",
127 {"[--in file] [--ca file]"},
129 {"help", 'h', 0, "show usage information"},
130 {"in", 'i', 1, "x509 certifcate to verify, default: stdin"},
131 {"cacert", 'c', 1, "CA certificate, default: verify self signed"},