Commit 4f9671df authored by ale's avatar ale

add --verify option to ssotool

parent efdc520f
......@@ -99,6 +99,25 @@ void ssotool_sign(const char *secret_key_file,
printf("%s\n", out);
}
void ssotool_verify(const char *public_key_file,
const char *service,
const char *domain,
const char *ticket) {
unsigned char *public_key = NULL;
sso_ticket_t t = NULL;
size_t sz;
sz = read_from_file(public_key_file, &public_key);
if (sz < 0) {
fprintf(stderr, "Error: could not read public key\n");
exit(2);
}
CHECK_OK(sso_ticket_open(&t, ticket, public_key));
CHECK_OK(sso_validate(t, service, domain, NULL));
printf("ok\n");
}
void show_help() {
fprintf(stderr,
"Usage: ssotool {--sign|--gen-keys} [<options>...]\n"
......@@ -106,6 +125,7 @@ void show_help() {
" --help show this help message\n"
" --gen-keys, -k generate a new public/secret keypair\n"
" --sign, -s create and sign a new ticket\n"
" --verify, -v verify a ticket\n"
"\n"
"Options for --gen-keys:\n"
"\n"
......@@ -135,6 +155,7 @@ void die_and_help(const char *msg) {
int main(int argc, char **argv) {
int do_sign = 0;
int do_verify = 0;
int do_gen_keys = 0;
const char *public_key_file = "public.key";
const char *secret_key_file = "secret.key";
......@@ -147,6 +168,7 @@ int main(int argc, char **argv) {
static struct option long_options[] = {
{"help", 0, 0, 'h'},
{"sign", 0, 0, 's'},
{"verify", 0, 0, 'v'},
{"gen-keys", 0, 0, 'k'},
{"public-key", 1, 0, 'P'},
{"secret-key", 1, 0, 'S'},
......@@ -168,6 +190,9 @@ int main(int argc, char **argv) {
case 's':
do_sign = 1;
break;
case 'v':
do_verify = 1;
break;
case 'k':
do_gen_keys = 1;
break;
......@@ -191,14 +216,22 @@ int main(int argc, char **argv) {
}
}
if (!do_sign && !do_gen_keys) {
die("Specify one of --sign or --gen-keys!");
}
if (do_sign && do_gen_keys) {
die("Can't specify both --sign and --gen-keys!");
if (((int)do_sign + (int)do_gen_keys + (int)do_verify) != 1) {
die("Specify one of --sign, --verify or --gen-keys!");
}
if (do_sign) {
if (do_verify) {
if (!public_key_file) {
die("Specify the location of the public key with --public-key");
}
if (!service || !domain) {
die("Both --service and --domain must be specified");
}
if (argc - optind != 1) {
die("One argument is required");
}
ssotool_verify(public_key_file, service, domain, argv[optind]);
} else if (do_sign) {
if (argc != optind) {
die("Too many arguments.");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment