verifycert.in 2.42 KB
Newer Older
1 2
#!/usr/bin/perl -w
#
3
# Copyright (c) 2008-2018 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
# 
# {{{GENIPUBLIC-LICENSE
# 
# GENI Public License
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
# 
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
# 
# }}}
#
use strict;
use English;
use Getopt::Std;
use Data::Dumper;

#
# Verify a certificate is signed by someone in the bundle.
#
sub usage()
{
40
    print STDERR "Usage: $0 [-e] <cert file>\n";
41 42
    exit(1);
}
43 44
my $optlist   = "e";
my $chainonly = 0;
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

# Configure ...
my $TB		   = "@prefix@";
my $EMULAB_PEMFILE = "$TB/etc/emulab.pem";

use lib '@prefix@/lib';
use GeniCertificate;
use GeniHRN;

sub fatal($)
{
    my ($msg) = @_;

    die("*** $0:\n".
	"    $msg\n");
}

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
70 71 72
if (defined($options{"e"})) {
    $chainonly = 1;
}
73 74 75 76 77 78 79 80 81 82 83
usage()
    if (@ARGV != 1);
my $certfile = $ARGV[0];

my $certificate = GeniCertificate->LoadFromFile($certfile);
if (!defined($certificate)) {
    fatal("Could not parse certificate");
}
if ($certificate->VerifySSLChain()) {
    fatal("Could not verify certificate");
}
84 85
exit(0)
    if ($chainonly);
86 87 88 89 90 91 92 93 94 95 96
#
# We now know the the root cert, make sure its us.
#
my $ourcert = GeniCertificate->LoadFromFile($EMULAB_PEMFILE);
if (!defined($ourcert)) {
    fatal("Could not load $EMULAB_PEMFILE");
}
if (!$ourcert->SameCert($certificate->rootcert())) {
    fatal("We did not sign this certificate!");
}
exit(0);