add --verify option to ssotool

4f9671df · ale · efdc520f · 4f9671df
Commit 4f9671df authored Sep 12, 2015 by ale
--- a/src/sso/ssotool.c
+++ b/src/sso/ssotool.c
@@ -99,6 +99,25 @@ void ssotool_sign(const char *secret_key_file,
  printf("%s\n", out);
 }

+void ssotool_verify(const char *public_key_file,
+                    const char *service,
+                    const char *domain,
+                    const char *ticket) {
+  unsigned char *public_key = NULL;
+  sso_ticket_t t = NULL;
+  size_t sz;
+
+  sz = read_from_file(public_key_file, &public_key);
+  if (sz < 0) {
+    fprintf(stderr, "Error: could not read public key\n");
+    exit(2);
+  }
+
+  CHECK_OK(sso_ticket_open(&t, ticket, public_key));
+  CHECK_OK(sso_validate(t, service, domain, NULL));
+  printf("ok\n");
+}
+
 void show_help() {
  fprintf(stderr,
          "Usage: ssotool {--sign|--gen-keys} [<options>...]\n"
@@ -106,6 +125,7 @@ void show_help() {
          "  --help             show this help message\n"
          "  --gen-keys, -k     generate a new public/secret keypair\n"
          "  --sign, -s         create and sign a new ticket\n"
+          "  --verify, -v       verify a ticket\n"
          "\n"
          "Options for --gen-keys:\n"
          "\n"
@@ -135,6 +155,7 @@ void die_and_help(const char *msg) {

 int main(int argc, char **argv) {
  int do_sign = 0;
+  int do_verify = 0;
  int do_gen_keys = 0;
  const char *public_key_file = "public.key";
  const char *secret_key_file = "secret.key";
@@ -147,6 +168,7 @@ int main(int argc, char **argv) {
    static struct option long_options[] = {
      {"help", 0, 0, 'h'},
      {"sign", 0, 0, 's'},
+      {"verify", 0, 0, 'v'},
      {"gen-keys", 0, 0, 'k'},
      {"public-key", 1, 0, 'P'},
      {"secret-key", 1, 0, 'S'},
@@ -168,6 +190,9 @@ int main(int argc, char **argv) {
    case 's':
      do_sign = 1;
      break;
+    case 'v':
+      do_verify = 1;
+      break;
    case 'k':
      do_gen_keys = 1;
      break;
@@ -191,14 +216,22 @@ int main(int argc, char **argv) {
    }
  }

-  if (!do_sign && !do_gen_keys) {
-    die("Specify one of --sign or --gen-keys!");
-  }
-  if (do_sign && do_gen_keys) {
-    die("Can't specify both --sign and --gen-keys!");
+  if (((int)do_sign + (int)do_gen_keys + (int)do_verify) != 1) {
+    die("Specify one of --sign, --verify or --gen-keys!");
  }

-  if (do_sign) {
+  if (do_verify) {
+    if (!public_key_file) {
+      die("Specify the location of the public key with --public-key");
+    }
+    if (!service || !domain) {
+      die("Both --service and --domain must be specified");
+    }
+    if (argc - optind != 1) {
+      die("One argument is required");
+    }
+    ssotool_verify(public_key_file, service, domain, argv[optind]);
+  } else if (do_sign) {
    if (argc != optind) {
      die("Too many arguments.");
    }