/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */


#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
#include <signal.h>
#include <locale.h>
#include <sys/param.h>
#include <openssl/bio.h>

#include <libinst.h>
#include <pkglib.h>
#include <pkgerr.h>
#include <keystore.h>
#include "pkgadm.h"
#include "pkgadm_msgs.h"

/*
 * Name:	listcert
 * Desc:  Lists one or more certificates from the keystore
 * Syntax:	listcert [-a app] [-f format] [-k keystore] \
 *	[-n name] [-o outfile] [-P passarg] [-R altroot]
 */
int
listcert(int argc, char **argv)
{
	int				i;
	char				keystore_file[MAXPATHLEN] = "";
	char				*keystore_base = NULL;
	char				*homedir;
	char				*passarg = NULL;
	char				*altroot = NULL;
	char				*prog = NULL;
	char				*format_str = NULL;
	keystore_encoding_format_t	format;
	char				*alias = NULL;
	char				*outfile_str = NULL;
	FILE				*outfile = NULL;
	int				ret = 1;
	PKG_ERR				*err = NULL;
	keystore_handle_t		keystore = NULL;

	while ((i = getopt(argc, argv, ":a:f:k:n:o:P:R:")) != EOF) {
		switch (i) {
		case 'a':
			prog = optarg;
			break;
		case 'f':
			format_str = optarg;
			break;
		case 'k':
			keystore_base = optarg;
			break;
		case 'n':
			alias = optarg;
			break;
		case 'o':
			outfile_str = optarg;
			break;
		case 'P':
			passarg = optarg;
			break;
		case 'R':
			altroot = optarg;
			break;
		case ':':
			log_msg(LOG_MSG_ERR, MSG_MISSING_OPERAND, optopt);
			/* fallthrough intentional */
		case '?':
		default:
			log_msg(LOG_MSG_ERR, MSG_USAGE);
			goto cleanup;
		}
	}

	/* should be no arguments left */
	if ((argc-optind) > 0) {
		log_msg(LOG_MSG_ERR, MSG_USAGE);
		goto cleanup;
	}

	/* figure out format */
	if (format_str == NULL) {
		format = KEYSTORE_FORMAT_TEXT;
	} else {
		if (ci_streq(format_str, "text")) {
			format = KEYSTORE_FORMAT_TEXT;
		} else if (ci_streq(format_str, "pem")) {
			format = KEYSTORE_FORMAT_PEM;
		} else if (ci_streq(format_str, "der")) {
			format = KEYSTORE_FORMAT_DER;
		} else {
			log_msg(LOG_MSG_ERR, MSG_BAD_FORMAT, format_str);
			goto cleanup;
		}
	}

	/* open output file */
	if (outfile_str == NULL) {
		outfile = stdout;
		outfile_str = "stdout";
	} else {
		if ((outfile = fopen(outfile_str, "w+")) == NULL) {
			log_msg(LOG_MSG_ERR, MSG_OPEN_WRITE, outfile_str);
			goto cleanup;
		}
	}

	/* set up proper keystore */
	if (altroot != NULL) {
	    if (strlcpy(keystore_file, altroot, MAXPATHLEN) >= MAXPATHLEN) {
		log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
		goto cleanup;
	    }

	    if (strlcat(keystore_file, "/", MAXPATHLEN) >= MAXPATHLEN) {
		log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
		goto cleanup;
	    }
	}

	if (keystore_base == NULL) {
		if (geteuid() == 0 || altroot != NULL) {
				/*
				 * If we have an alternate
				 * root, then we have no choice but to use
				 * root's keystore on that alternate root,
				 * since there is no way to resolve a
				 * user's home dir given an alternate root
				 */
			if (strlcat(keystore_file, PKGSEC,
			    MAXPATHLEN) >= MAXPATHLEN) {
				log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
				    keystore_file);
				goto cleanup;
			}
		} else {
			if ((homedir = getenv("HOME")) == NULL) {
				/*
				 * not superuser, but no home dir, so
				 * use superuser's keystore
				 */
				if (strlcat(keystore_file, PKGSEC,
				    MAXPATHLEN) >= MAXPATHLEN) {
					log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
					    keystore_file);
					goto cleanup;
				}
			} else {
				if (strlcat(keystore_file, homedir,
				    MAXPATHLEN) >= MAXPATHLEN) {
					log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
					    homedir);
					goto cleanup;
				}
				if (strlcat(keystore_file, "/.pkg/security",
				    MAXPATHLEN) >= MAXPATHLEN) {
					log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
					    keystore_file);
					goto cleanup;
				}
			}
		}
	} else {
		if (strlcat(keystore_file, keystore_base,
		    MAXPATHLEN) >= MAXPATHLEN) {
		    log_msg(LOG_MSG_ERR, MSG_TOO_LONG,
			keystore_base);
		    goto cleanup;
		}
	}
	err = pkgerr_new();

	/* now load the key store */
	log_msg(LOG_MSG_DEBUG, "Loading keystore <%s>", keystore_file);

	set_passphrase_prompt(MSG_KEYSTORE_PASSPROMPT);
	set_passphrase_passarg(passarg);
	if (open_keystore(err, keystore_file, prog,
	    pkg_passphrase_cb, KEYSTORE_DFLT_FLAGS,
	    &keystore) != 0) {
		log_pkgerr(LOG_MSG_ERR, err);
		log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
		goto cleanup;
	}

	/* list the certs */
	log_msg(LOG_MSG_DEBUG, "Listing certificates");
	if (print_certs(err, keystore, alias, format, outfile) != 0) {
		log_pkgerr(LOG_MSG_ERR, err);
	    log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
		goto cleanup;
	}

	/* now close it out */
	log_msg(LOG_MSG_DEBUG, "Closing keystore");
	set_passphrase_prompt(MSG_KEYSTORE_PASSOUTPROMPT);
	set_passphrase_passarg(passarg);
	if (close_keystore(err, keystore, pkg_passphrase_cb) != 0) {
		log_pkgerr(LOG_MSG_ERR, err);
		log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
		goto cleanup;
	}

	/* everything worked */
	ret = 0;

	/* fallthrough intentional */
cleanup:
	if (outfile != NULL)
		(void) fclose(outfile);

	if (err != NULL)
		pkgerr_free(err);

	return (ret);
}