#!/usr/bin/env escript %% -*- erlang -*- %%! -pa lib/catlfish-0.8.0-dev.ez/catlfish-0.8.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin write_reply(Bin) -> Length = size(Bin), file:write(standard_io, <<Length:32, Bin/binary>>). verify(RootCerts, DBEntry) -> try Chain = catlfish:chain_from_entry(DBEntry), %% XXX: doesn't verify that MTL is derived from Chain case x509:normalise_chain(RootCerts, Chain) of {ok, _} -> write_reply(<<0:8>>); {error, Reason} -> ReasonBin = list_to_binary(io_lib:format("~p", [Reason])), write_reply(<<1:8, ReasonBin/binary>>) end catch Type:What -> [CrashFunction | Stack] = erlang:get_stacktrace(), ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])), write_reply(<<2:8, ErrorBin/binary>>) end. loop(RootCerts) -> {ok, LengthBin} = file:read(standard_io, 4), <<Length:32>> = list_to_binary(LengthBin), case Length of 0 -> none; _ -> {ok, DBEntry} = file:read(standard_io, Length), verify(RootCerts, list_to_binary(DBEntry)), loop(RootCerts) end. main([KnownRoots]) -> Certs = x509:read_pemfiles_from_dir(KnownRoots), loop(Certs).