summaryrefslogtreecommitdiff
path: root/verifycert.erl
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2015-04-07 16:37:53 +0200
committerLinus Nordberg <linus@nordberg.se>2015-04-07 17:12:35 +0200
commit5dee44b0cd945f74c4e17a2a78fc53c802f2e7d0 (patch)
tree7c2f36c319894b7f415c5e0d2a762702198fc19a /verifycert.erl
parent2267289c354e440efecfb8a6e19cb965bd1bbbbc (diff)
parentf364054054477ed7ac7c15dd1199b7bac2e1cef7 (diff)
Verify new entries when merging.
Minor tweaks on map/mergeverify2. Closes CATLFISH-36.
Diffstat (limited to 'verifycert.erl')
-rwxr-xr-xverifycert.erl41
1 files changed, 41 insertions, 0 deletions
diff --git a/verifycert.erl b/verifycert.erl
new file mode 100755
index 0000000..b9a3753
--- /dev/null
+++ b/verifycert.erl
@@ -0,0 +1,41 @@
+#!/usr/bin/env escript
+%% -*- erlang -*-
+%%! -pa ebin -pa lib/catlfish-0.6.0-dev.ez/catlfish-0.6.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin
+
+write_reply(Bin) ->
+ Length = size(Bin),
+ file:write(standard_io, <<Length:32, Bin/binary>>).
+
+verify(RootCerts, DBEntry) ->
+ try
+ Chain = catlfish:chain_from_entry(DBEntry),
+ %% XXX: doesn't verify that MTL is derived from Chain
+ case x509:normalise_chain(RootCerts, Chain) of
+ {ok, _} ->
+ write_reply(<<0:8>>);
+ {error, Reason} ->
+ ReasonBin = list_to_binary(io_lib:format("~p", [Reason])),
+ write_reply(<<1:8, ReasonBin/binary>>)
+ end
+ catch
+ Type:What ->
+ [CrashFunction | Stack] = erlang:get_stacktrace(),
+ ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])),
+ write_reply(<<2:8, ErrorBin/binary>>)
+ end.
+
+loop(RootCerts) ->
+ {ok, LengthBin} = file:read(standard_io, 4),
+ <<Length:32>> = list_to_binary(LengthBin),
+ case Length of
+ 0 ->
+ none;
+ _ ->
+ {ok, DBEntry} = file:read(standard_io, Length),
+ verify(RootCerts, list_to_binary(DBEntry)),
+ loop(RootCerts)
+ end.
+
+main(_) ->
+ Certs = x509:read_pemfiles_from_dir("tests/known_roots/"),
+ loop(Certs).