enable debug level setting
[strongswan.git] / src / pki / commands / verify.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pki.h"
17
18 #include <credentials/certificates/certificate.h>
19 #include <credentials/certificates/x509.h>
20
21 /**
22 * Verify a certificate signature
23 */
24 static int verify(int argc, char *argv[])
25 {
26 certificate_t *cert, *ca;
27 char *file = NULL, *cafile = NULL;
28 bool good = FALSE;
29
30 while (TRUE)
31 {
32 switch (getopt_long(argc, argv, "", command_opts, NULL))
33 {
34 case 'h':
35 return command_usage(NULL);
36 case 'v':
37 dbg_level = atoi(optarg);
38 continue;
39 case 'i':
40 file = optarg;
41 continue;
42 case 'c':
43 cafile = optarg;
44 continue;
45 case EOF:
46 break;
47 default:
48 return command_usage("invalid --verify option");
49 }
50 break;
51 }
52
53 if (file)
54 {
55 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
56 BUILD_FROM_FILE, file, BUILD_END);
57 }
58 else
59 {
60 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
61 BUILD_FROM_FD, 0, BUILD_END);
62 }
63 if (!cert)
64 {
65 fprintf(stderr, "parsing certificate failed\n");
66 return 1;
67 }
68 if (cafile)
69 {
70 ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
71 BUILD_FROM_FILE, cafile, BUILD_END);
72 if (!ca)
73 {
74 fprintf(stderr, "parsing CA certificate failed\n");
75 return 1;
76 }
77 }
78 else
79 {
80 ca = cert;
81 }
82 if (cert->issued_by(cert, ca))
83 {
84 if (cert->get_validity(cert, NULL, NULL, NULL))
85 {
86 if (cafile)
87 {
88 if (ca->get_validity(ca, NULL, NULL, NULL))
89 {
90 printf("signature good, certificates valid\n");
91 good = TRUE;
92 }
93 else
94 {
95 printf("signature good, CA certificates not valid now\n");
96 }
97 }
98 else
99 {
100 printf("signature good, certificate valid\n");
101 good = TRUE;
102 }
103 }
104 else
105 {
106 printf("certificate not valid now\n");
107 }
108 }
109 else
110 {
111 printf("signature invalid\n");
112 }
113 if (cafile)
114 {
115 ca->destroy(ca);
116 }
117 cert->destroy(cert);
118
119 return good ? 0 : 2;
120 }
121
122 /**
123 * Register the command.
124 */
125 static void __attribute__ ((constructor))reg()
126 {
127 command_register((command_t) {
128 verify, 'v', "verify",
129 "verify a certificate using the CA certificate",
130 {"[--in file] [--ca file]"},
131 {
132 {"help", 'h', 0, "show usage information"},
133 {"in", 'i', 1, "x509 certifcate to verify, default: stdin"},
134 {"cacert", 'c', 1, "CA certificate, default: verify self signed"},
135 {"debug", 'v', 1, "set debug level, default: 1"},
136 }
137 });
138 }
139