1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#!/usr/bin/env escript
%% -*- erlang -*-
%%! -pa lib/catlfish-0.6.0.ez/catlfish-0.6.0/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin
write_reply(Bin) ->
Length = size(Bin),
file:write(standard_io, <<Length:32, Bin/binary>>).
verify(RootCerts, DBEntry) ->
try
Chain = catlfish:chain_from_entry(DBEntry),
%% XXX: doesn't verify that MTL is derived from Chain
case x509:normalise_chain(RootCerts, Chain) of
{ok, _} ->
write_reply(<<0:8>>);
{error, Reason} ->
ReasonBin = list_to_binary(io_lib:format("~p", [Reason])),
write_reply(<<1:8, ReasonBin/binary>>)
end
catch
Type:What ->
[CrashFunction | Stack] = erlang:get_stacktrace(),
ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])),
write_reply(<<2:8, ErrorBin/binary>>)
end.
loop(RootCerts) ->
{ok, LengthBin} = file:read(standard_io, 4),
<<Length:32>> = list_to_binary(LengthBin),
case Length of
0 ->
none;
_ ->
{ok, DBEntry} = file:read(standard_io, Length),
verify(RootCerts, list_to_binary(DBEntry)),
loop(RootCerts)
end.
main([KnownRoots]) ->
Certs = x509:read_pemfiles_from_dir(KnownRoots),
loop(Certs).
|
