Skip to content

Commit

Permalink
Support for embedded certificate validation.
Browse files Browse the repository at this point in the history
  • Loading branch information
REinject committed Oct 9, 2024
1 parent 7adf209 commit ba7a291
Showing 1 changed file with 26 additions and 14 deletions.
40 changes: 26 additions & 14 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ fn cli() -> clap::Command {
arg!(--"no-check-time" "Ignore certificate validity time"),
arg!(--"ca-file" <FILE> "Trusted certificates file")
.value_parser(value_parser!(PathBuf)),
arg!(--embed "Verify embedded certificate"),
]),
)
.subcommand(
Expand Down Expand Up @@ -123,29 +124,40 @@ fn main() -> Result<(), Box<dyn Error>> {
let file = sub_matches.get_one::<PathBuf>("FILE").unwrap();
let check_time = !sub_matches.get_flag("no-check-time");
let trusted_ca_pem_file = sub_matches.get_one::<PathBuf>("ca-file");
let embedded = sub_matches.get_flag("embed");

let trusted_ca_pem = match trusted_ca_pem_file {
Some(trusted_ca_pem_file) => Some(std::fs::read_to_string(trusted_ca_pem_file)?),
None => None,
};

match PeSign::from_pe_path(file)? {
Some(pesign) => {
println!(
"{:?}",
pesign.verify_pe_path(
file,
&VerifyOption {
check_time,
trusted_ca_pem
}
)?
);
}
let pesign = match PeSign::from_pe_path(file)? {
Some(pesign) => match embedded {
true => match pesign.signed_data.signer_info.get_nested_signature()? {
Some(nested_pesign) => nested_pesign,
None => {
println!("The file is no nested signature!!");
return Ok(());
}
},
false => pesign,
},
None => {
println!("The file is no signed!!");
return Ok(());
}
}
};

println!(
"{:?}",
pesign.verify_pe_path(
file,
&VerifyOption {
check_time,
trusted_ca_pem
}
)?
);

Ok(())
}
Expand Down

0 comments on commit ba7a291

Please sign in to comment.