From 613e50c433a23aa1282453108859c8e590917729 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Mon, 6 Apr 2015 03:14:58 +0200 Subject: Verify that database entry actually contains the certificate --- verifycert.erl | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100755 verifycert.erl (limited to 'verifycert.erl') diff --git a/verifycert.erl b/verifycert.erl new file mode 100755 index 0000000..e501d6d --- /dev/null +++ b/verifycert.erl @@ -0,0 +1,41 @@ +#!/usr/bin/env escript +%% -*- erlang -*- +%%! -pa ebin -pa lib/catlfish-0.2.0-dev.ez/catlfish-0.2.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin + +write_reply(Bin) -> + Length = size(Bin), + file:write(standard_io, <>). + +verify(Certs, DBEntry) -> + try + Chain = catlfish:chain_from_entry(DBEntry), + %% XXX: doesn't verify that MTL is derived from Chain + case x509:normalise_chain(Certs, Chain) of + {ok, _} -> + write_reply(<<0:8>>); + {error, Reason} -> + ReasonBin = list_to_binary(io_lib:format("~p", [Reason])), + write_reply(<<1:8, ReasonBin/binary>>) + end + catch + Type:What -> + [CrashFunction | Stack] = erlang:get_stacktrace(), + ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])), + write_reply(<<2:8, ErrorBin/binary>>) + end. + +loop(Certs) -> + {ok, LengthBin} = file:read(standard_io, 4), + <> = list_to_binary(LengthBin), + case Length of + 0 -> + none; + _ -> + {ok, DBEntry} = file:read(standard_io, Length), + verify(Certs, list_to_binary(DBEntry)), + loop(Certs) + end. + +main(_) -> + Certs = x509:read_pemfiles_from_dir("tests/known_roots/"), + loop(Certs). -- cgit v1.1 From f364054054477ed7ac7c15dd1199b7bac2e1cef7 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 7 Apr 2015 16:36:39 +0200 Subject: catlfish version is 0.6.0-dev. Also, call the list of root certs RootCerts. --- verifycert.erl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'verifycert.erl') diff --git a/verifycert.erl b/verifycert.erl index e501d6d..b9a3753 100755 --- a/verifycert.erl +++ b/verifycert.erl @@ -1,16 +1,16 @@ #!/usr/bin/env escript %% -*- erlang -*- -%%! -pa ebin -pa lib/catlfish-0.2.0-dev.ez/catlfish-0.2.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin +%%! -pa ebin -pa lib/catlfish-0.6.0-dev.ez/catlfish-0.6.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin write_reply(Bin) -> Length = size(Bin), file:write(standard_io, <>). -verify(Certs, DBEntry) -> +verify(RootCerts, DBEntry) -> try Chain = catlfish:chain_from_entry(DBEntry), %% XXX: doesn't verify that MTL is derived from Chain - case x509:normalise_chain(Certs, Chain) of + case x509:normalise_chain(RootCerts, Chain) of {ok, _} -> write_reply(<<0:8>>); {error, Reason} -> @@ -24,7 +24,7 @@ verify(Certs, DBEntry) -> write_reply(<<2:8, ErrorBin/binary>>) end. -loop(Certs) -> +loop(RootCerts) -> {ok, LengthBin} = file:read(standard_io, 4), <> = list_to_binary(LengthBin), case Length of @@ -32,8 +32,8 @@ loop(Certs) -> none; _ -> {ok, DBEntry} = file:read(standard_io, Length), - verify(Certs, list_to_binary(DBEntry)), - loop(Certs) + verify(RootCerts, list_to_binary(DBEntry)), + loop(RootCerts) end. main(_) -> -- cgit v1.1