}
/**
- * Load and parse an X.509 certificate file
- */
-static x509_t* x509_create_from_file(char *path, char *label, x509_flag_t flag)
-{
-
- bool pgp = FALSE;
- chunk_t chunk;
- x509_t *x509;
- certificate_t *cert;
- time_t notBefore, notAfter, now;
-
- if (!pem_asn1_load_file(path, NULL, &chunk, &pgp))
- {
- DBG1(" could not load %s file '%s'", label, path);
- return NULL;
- }
- x509 = (x509_t*)lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB_ASN1_DER, chunk,
- BUILD_X509_FLAG, flag,
- BUILD_END);
- if (x509 == NULL)
- {
- DBG1(" could not parse loaded %s file '%s'",label, path);
- return NULL;
- }
- DBG1(" loaded %s file '%s'", label, path);
-
- /* check validity */
- cert = &x509->interface;
- now = time(NULL);
- cert->get_validity(cert, &now, ¬Before, ¬After);
- if (now > notAfter)
- {
- DBG1(" certificate expired at %T, discarded", ¬After);
- cert->destroy(cert);
- return NULL;
- }
- if (now < notBefore)
- {
- DBG1(" certificate not valid before %T", ¬Before);
- }
- return x509;
-}
-
-/**
* global variables accessible by both main() and build.c
*/
int main(int argc, char **argv)
{
certificate_t *attr_cert = NULL;
- certificate_t *user_cert = NULL;
- certificate_t *signer_cert = NULL;
- private_key_t *signer_key = NULL;
+ certificate_t *userCert = NULL;
+ certificate_t *signerCert = NULL;
+ private_key_t *signerKey = NULL;
time_t notBefore = UNDEFINED_TIME;
time_t notAfter = UNDEFINED_TIME;
/* load the signer's RSA private key */
if (keyfile != NULL)
{
- signer_key = private_key_create_from_file(keyfile, &passphrase);
+ signerKey = private_key_create_from_file(keyfile, &passphrase);
- if (signer_key == NULL)
+ if (signerKey == NULL)
{
goto end;
}
{
goto end;
}
- signer_cert = &x509->interface;
+ signerCert = &x509->interface;
}
/* load the users's X.509 certificate */
{
goto end;
}
- user_cert = &x509->interface;
+ userCert = &x509->interface;
}
/* compute validity interval */
notAfter = (notAfter == UNDEFINED_TIME) ? time(NULL) + validity : notAfter;
/* build and parse attribute certificate */
- if (user_cert != NULL && signer_cert != NULL && signer_key != NULL)
+ if (userCert != NULL && signerCert != NULL && signerKey != NULL)
{
/* read the serial number and increment it by one */
serial = read_serial();
attr_cert = lib->creds->create(lib->creds,
- CRED_CERTIFICATE, CERT_X509_AC,
- BUILD_CERT, user_cert,
- BUILD_NOT_BEFORE_TIME, notBefore,
- BUILD_NOT_AFTER_TIME, notAfter,
- BUILD_SERIAL, serial,
- BUILD_IETF_GROUP_ATTR, groups,
- BUILD_SIGNING_CERT, signer_cert,
- BUILD_SIGNING_KEY, signer_key,
- BUILD_END);
+ CRED_CERTIFICATE, CERT_X509_AC,
+ BUILD_CERT, userCert->get_ref(userCert),
+ BUILD_NOT_BEFORE_TIME, notBefore,
+ BUILD_NOT_AFTER_TIME, notAfter,
+ BUILD_SERIAL, serial,
+ BUILD_IETF_GROUP_ATTR, groups,
+ BUILD_SIGNING_CERT, signerCert->get_ref(signerCert),
+ BUILD_SIGNING_KEY, signerKey->get_ref(signerKey),
+ BUILD_END);
if (!attr_cert)
{
goto end;
end:
/* delete all dynamically allocated objects */
- DESTROY_IF(signer_key);
- DESTROY_IF(signer_cert);
- DESTROY_IF(user_cert);
+ DESTROY_IF(signerKey);
+ DESTROY_IF(signerCert);
+ DESTROY_IF(userCert);
DESTROY_IF(attr_cert);
free(attr_chunk.ptr);
free(serial.ptr);