zxid
view release on metacpan or search on metacpan
zxlogview.c view on Meta::CPAN
/* zxlogview.c - Encrypted and signed log decoder
* Copyright (c) 2012 Synergetics NV (sampo@synergetics.be), All Rights Reserved.
* Copyright (c) 2010-2011 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved.
* Copyright (c) 2006-2009 Symlabs (symlabs@symlabs.com), All Rights Reserved.
* Author: Sampo Kellomaki (sampo@iki.fi)
* This is confidential unpublished proprietary source code of the author.
* NO WARRANTY, not even implied warranties. Contains trade secrets.
* Distribution prohibited unless authorized in writing.
* Licensed under Apache License 2.0, see file COPYING.
* $Id: zxlogview.c,v 1.15 2009-11-24 23:53:40 sampo Exp $
*
* 19.11.2006, started --Sampo
* 29.8.2009, added hmac chaining field --Sampo
* 6.9.2012, added tests for receipts --Sampo
*
* TODO Ideas
*
* 1. DONE: Decrypt log lines and validate signatures
* 2. Add some form of summary report gathered from the processed log lines.
* - sig failures
* - other errors
* - activity by IdP
* - activity by user (name ID)
* - activity in timeline
* - activity by operation
* 3. Using /var/zxid/cot dereference the sha1 names to entity IDs
* 4. Using /var/zxid/log/rely (and issue) chase the referenced
* assertions and validate them (sig, conditions, etc.) and
* extract statistics from them.
* 5. Simple decryptor and signature verificator for encrypted
* files (e.g. rely assertions) (gpg or other standard compatible?)
* 6. Regression test mode
*/
#include "platform.h"
#include "errmac.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#ifdef USE_OPENSSL
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <openssl/aes.h>
#endif
#include "zx.h"
#include "zxid.h"
#include "zxidutil.h"
#include "c/zxidvers.h"
/*
zxlogview -rv sign-nopw-cert.pem receipt body # Check receipt\n\
zxlogview -rg sign-nopw-cert.pem receipt body # Generate receipt\n\
-rv CERT RCPT BODY Receipt verification mode.\n\
-rg PRIV RCPT BODY Receipt generation mode.\n\
*/
char* help =
"zxlogview - Decrypt logs and validate log signatures - R" ZXID_REL "\n\
SAML 2.0 is a standard for federated identity and Single Sign-On.\n\
Copyright (c) 2012 Synergetics NV (sampo@synergetics.be), All Rights Reserved.\n\
Copyright (c) 2010-2011 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved.\n\
Copyright (c) 2006-2009 Symlabs (symlabs@symlabs.com), All Rights Reserved.\n\
Author: Sampo Kellomaki (sampo@iki.fi)\n\
NO WARRANTY, not even implied warranties. Licensed under Apache License v2.0\n\
See http://www.apache.org/licenses/LICENSE-2.0\n\
Send well researched bug reports to the author. Home: zxid.org\n\
\n\
Usage: zxlogview [options] logsign-nopw-cert.pem logenc-nopw-cert.pem <loglines\n\
zxlogview -t sign-nopw-cert.pem sign-nopw-cert.pem\n\
-t Test mode. The certificates are interpretted from enc & sign perspective.\n\
-v Verbose messages.\n\
-q Be extra quiet.\n\
-d Turn on debugging.\n\
-license Show licensing and NO WARRANTY details.\n\
-h This help message\n\
-- End of options\n";
#define DIE(reason) MB fprintf(stderr, "%s\n", reason); exit(2); ME
int verbose = 1;
extern int errmac_debug;
int leak_free = 0;
X509* log_verify_cert;
EVP_PKEY* log_decrypt_pkey;
char log_symkey[20];
char buf[4096];
( run in 0.670 second using v1.01-cache-2.11-cpan-df04353d9ac )