1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <errno.h>
13 #include <string.h>
14 #include <stdlib.h>
15 #include <sys/stat.h>
16 #include <gmssl/x509.h>
17 #include <gmssl/x509_crl.h>
18
19
20 static const char *options = "-in file -cacert file\n";
21
crlverify_main(int argc,char ** argv)22 int crlverify_main(int argc, char **argv)
23 {
24 int ret = 1;
25 char *prog = argv[0];
26 char *infile = NULL;
27 char *cacertfile = NULL;
28 FILE *infp = NULL;
29 FILE *cacertfp = NULL;
30 uint8_t *in = NULL;
31 size_t inlen;
32 struct stat st;
33 const uint8_t *pin;
34 const uint8_t *crl = NULL;
35 size_t crllen;
36 const uint8_t *subject;
37 size_t subject_len;
38 uint8_t cacert[1024];
39 size_t cacertlen;
40 int rv;
41
42 argc--;
43 argv++;
44
45 if (argc < 1) {
46 fprintf(stderr, "usage: %s %s\n", prog, options);
47 return 1;
48 }
49
50 while (argc > 0) {
51 if (!strcmp(*argv, "-help")) {
52 printf("usage: %s %s\n", prog, options);
53 ret = 0;
54 goto end;
55 } else if (!strcmp(*argv, "-in")) {
56 if (--argc < 1) goto bad;
57 infile = *(++argv);
58 if (!(infp = fopen(infile, "r"))) {
59 fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno));
60 goto end;
61 }
62 } else if (!strcmp(*argv, "-cacert")) {
63 if (--argc < 1) goto bad;
64 cacertfile = *(++argv);
65 if (!(cacertfp = fopen(cacertfile, "r"))) {
66 fprintf(stderr, "%s: open '%s' failure : %s\n", prog, cacertfile, strerror(errno));
67 goto end;
68 }
69 } else {
70 fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
71 goto end;
72 bad:
73 fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv);
74 goto end;
75 }
76
77 argc--;
78 argv++;
79 }
80
81 if (!infile) {
82 fprintf(stderr, "%s: '-in' option required\n", prog);
83 goto end;
84 }
85 if (!cacertfile) {
86 fprintf(stderr, "%s: '-cacert' option required\n", prog);
87 goto end;
88 }
89
90
91 if (fstat(fileno(infp), &st) < 0) {
92 fprintf(stderr, "%s: access file error : %s\n", prog, strerror(errno));
93 goto end;
94 }
95 if ((inlen = st.st_size) <= 0) {
96 fprintf(stderr, "%s: invalid input length\n", prog);
97 goto end;
98 }
99 if (!(in = malloc(inlen))) {
100 fprintf(stderr, "%s: malloc failure\n", prog);
101 goto end;
102 }
103 if (fread(in, 1, inlen, infp) != inlen) {
104 fprintf(stderr, "%s: read file error : %s\n", prog, strerror(errno));
105 goto end;
106 }
107 pin = in;
108 if (x509_crl_from_der(&crl, &crllen, &pin, &inlen) != 1
109 || asn1_length_is_zero(inlen) != 1) {
110 fprintf(stderr, "%s: read CRL failure\n", prog);
111 goto end;
112 }
113
114 if (x509_crl_get_issuer(crl, crllen, &subject, &subject_len) != 1) {
115 fprintf(stderr, "%s: inner error\n", prog);
116 goto end;
117 }
118 if (x509_cert_from_pem_by_subject(cacert, &cacertlen, sizeof(cacert), subject, subject_len, cacertfp) != 1) {
119 fprintf(stderr, "%s: read certificate failure\n", prog);
120 goto end;
121 }
122 if ((rv = x509_crl_verify_by_ca_cert(crl, crllen, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) {
123 fprintf(stderr, "%s: verification inner error\n", prog);
124 goto end;
125 }
126
127 printf("Verification %s\n", rv ? "success" : "failure");
128 if (rv == 1) ret = 0;
129
130 end:
131 if (infile && infp) fclose(infp);
132 if (cacertfp) fclose(cacertfp);
133 if (in) free(in);
134 return ret;
135 }
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157