From 5f4f7b0ab71e04c79e5a0424304d4517314dbfea Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 6 Jun 2018 22:48:31 +0200
Subject: [PATCH] use list to model certificate chain

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
---
 ucert.c | 55 +++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 39 insertions(+), 16 deletions(-)

diff --git a/ucert.c b/ucert.c
index b932b09..6a83053 100644
--- a/ucert.c
+++ b/ucert.c
@@ -76,14 +76,19 @@ enum certtype_id {
 };
 
 static const struct blobmsg_policy cert_payload_policy[CERT_PL_ATTR_MAX] = {
-	[CERT_PL_ATTR_CERTTYPE] = { .name = "certtype", .type = BLOBMSG_TYPE_INT8 },
-	[CERT_PL_ATTR_CERTID] = { .name = "certid", .type = BLOBMSG_TYPE_INT64 },
+	[CERT_PL_ATTR_CERTTYPE] = { .name = "certtype", .type = BLOBMSG_TYPE_INT32 },
+	[CERT_PL_ATTR_CERTID] = { .name = "certid", .type = BLOBMSG_TYPE_INT32 },
 	[CERT_PL_ATTR_VALIDFROMTIME] = { .name = "validfrom", .type = BLOBMSG_TYPE_INT64 },
 	[CERT_PL_ATTR_EXPIRETIME] = { .name = "expiresat", .type = BLOBMSG_TYPE_INT64 },
 	[CERT_PL_ATTR_PUBKEY] = { .name = "pubkey", .type = BLOBMSG_TYPE_STRING },
 	[CERT_PL_ATTR_KEY_FINGERPRINT] = { .name = "fingerprint", .type = BLOBMSG_TYPE_STRING },
 };
 
+struct cert_object {
+	struct list_head list;
+	struct blob_attr **cert;
+};
+
 static int write_file(const char *filename, void *buf, size_t len, bool append) {
 	FILE *f;
 	size_t outlen;
@@ -97,10 +102,12 @@ static int write_file(const char *filename, void *buf, size_t len, bool append)
 	return (outlen == len);
 }
 
-static int cert_load(const char *certfile, struct blob_attr *certtb[]) {
+static int cert_load(const char *certfile, struct list_head *chain) {
 	FILE *f;
-	int ret = 0;
+	struct blob_attr *certtb[CERT_ATTR_MAX];
+	struct cert_object *cobj;
 	char filebuf[CERT_BUF_LEN];
+	int ret = 0;
 	int len;
 
 	f = fopen(certfile, "r");
@@ -113,8 +120,12 @@ static int cert_load(const char *certfile, struct blob_attr *certtb[]) {
 	if (ret)
 		return 1;
 	ret = blob_parse(filebuf, certtb, cert_policy, CERT_ATTR_MAX);
+	cobj = calloc(1, sizeof(*cobj));
+	cobj->cert = &certtb;
+	list_add_tail(&cobj->list, chain);
+
 	fprintf(stderr, "blob_parse return %d\n", ret);
-	return (ret != 0);
+	return (ret <= 0);
 }
 
 static int cert_append(const char *certfile, const char *pubkeyfile, const char *sigfile) {
@@ -122,17 +133,11 @@ static int cert_append(const char *certfile, const char *pubkeyfile, const char
 	return 1;
 }
 
-static int cert_dump(const char *certfile) {
-	struct blob_attr *certtb[CERT_ATTR_MAX];
+static void cert_dump_blob(struct blob_attr *cert[CERT_ATTR_MAX]) {
 	int i;
 
-	if (cert_load(certfile, certtb)) {
-		fprintf(stderr, "cannot parse cert\n");
-		return 1;
-	}
-
 	for (i = 0; i < CERT_ATTR_MAX; i++) {
-		struct blob_attr *v = certtb[i];
+		struct blob_attr *v = cert[i];
 
 		if (!v)
 			continue;
@@ -142,10 +147,24 @@ static int cert_dump(const char *certfile) {
 			fprintf(stdout, "signature: %s\n", blob_data(v));
 			break;
 		case BLOB_ATTR_NESTED:
-			fprintf(stdout, "payload:\n%s\n", blobmsg_format_json(blob_data(v), true));
+			fprintf(stdout, "payload:\n%s\n", blobmsg_format_json(blob_data(v), false));
 			break;
 		}
 	}
+}
+
+static int cert_dump(const char *certfile) {
+	struct cert_object *cobj;
+	static LIST_HEAD(certchain);
+
+	if (cert_load(certfile, &certchain)) {
+		fprintf(stderr, "cannot parse cert\n");
+		return 1;
+	}
+
+	list_for_each_entry(cobj, &certchain, list)
+		cert_dump_blob(cobj->cert);
+
 	return 0;
 }
 
@@ -156,6 +175,7 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *
 	struct stat st;
 	int pklen, siglen;
 	int revoker = 1;
+	void *c;
 
 	FILE *pkf, *sigf;
 	char pkb[512];
@@ -191,7 +211,8 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *
 
 	while (revoker >= 0) {
 		blob_buf_init(&payloadbuf, 0);
-		blobmsg_add_u8(&payloadbuf, "certtype", revoker?CERTTYPE_REVOKE:CERTTYPE_AUTH);
+		c = blobmsg_open_table(&payloadbuf, "ucert");
+		blobmsg_add_u32(&payloadbuf, "certtype", revoker?CERTTYPE_REVOKE:CERTTYPE_AUTH);
 		blobmsg_add_u64(&payloadbuf, "validfrom", tv.tv_sec);
 		if (!revoker) {
 			blobmsg_add_u64(&payloadbuf, "expiresat", tv.tv_sec + 60 * 60 * 24 * 365);
@@ -200,6 +221,8 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *
 			blobmsg_add_string(&payloadbuf, "fingerprint", pkfp);
 		}
 
+		blobmsg_close_table(&payloadbuf, c);
+
 		snprintf(fname, sizeof(fname) - 1, "%s/%s", tmpdir, revoker?"revoker":"payload");
 		write_file(fname, blob_data(payloadbuf.head), blob_len(payloadbuf.head), false);
 
@@ -225,7 +248,7 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *
 		blob_put(&certbuf, CERT_ATTR_SIGNATURE, sigb, siglen);
 		blob_put(&certbuf, CERT_ATTR_PAYLOAD, blob_data(payloadbuf.head), blob_len(payloadbuf.head));
 		snprintf(fname, sizeof(fname) - 1, "%s%s", certfile, revoker?".revoke":"");
-		write_file(fname, blob_data(certbuf.head), blob_len(certbuf.head), false);
+		write_file(fname, certbuf.head, blob_raw_len(certbuf.head), false);
 		revoker--;
 	}
 
-- 
2.25.1