summaryrefslogtreecommitdiff
path: root/verifycert.erl
blob: d364adfbbe4c194ef97d0b33540ebd2aa2bb21cb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env escript
%% -*- erlang -*-
%%! -pa lib/catlfish-0.6.0-dev.ez/catlfish-0.6.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin

write_reply(Bin) ->
    Length = size(Bin),
    file:write(standard_io, <<Length:32, Bin/binary>>).

verify(RootCerts, DBEntry) ->
    try
        Chain = catlfish:chain_from_entry(DBEntry),
        %% XXX: doesn't verify that MTL is derived from Chain
        case x509:normalise_chain(RootCerts, Chain) of
            {ok, _} ->
                write_reply(<<0:8>>);
            {error, Reason} ->
                ReasonBin = list_to_binary(io_lib:format("~p", [Reason])),
            write_reply(<<1:8, ReasonBin/binary>>)
        end
    catch
        Type:What ->
            [CrashFunction | Stack] = erlang:get_stacktrace(),
            ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])),
            write_reply(<<2:8, ErrorBin/binary>>)
    end.

loop(RootCerts) ->
    {ok, LengthBin} = file:read(standard_io, 4),
    <<Length:32>> = list_to_binary(LengthBin),
    case Length of
        0 ->
            none;
        _ ->
            {ok, DBEntry} = file:read(standard_io, Length),
            verify(RootCerts, list_to_binary(DBEntry)),
            loop(RootCerts)
    end.

main([KnownRoots]) ->
    Certs = x509:read_pemfiles_from_dir(KnownRoots),
    loop(Certs).