xref: /illumos-gate/usr/src/cmd/cmd-crypto/kmfcfg/kmfcfg.c (revision 2e837a72011f54762249b6612c2a64f171efcd43)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  *
21  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
22  */
23 
24 /*
25  * Copyright (c) 2018, Joyent, Inc.
26  */
27 
28 #include <stdio.h>
29 #include <strings.h>
30 #include <ctype.h>
31 #include <libgen.h>
32 #include <libintl.h>
33 #include <locale.h>
34 
35 #include <kmfapiP.h>
36 
37 #include "util.h"
38 
39 /*
40  * The verbcmd construct allows genericizing information about a verb so
41  * that it is easier to manipulate.  Makes parsing code easier to read,
42  * fix, and extend with new verbs.
43  */
44 typedef struct verbcmd_s {
45 	char		*verb;
46 	int		(*action)(int, char *[]);
47 	char		*synopsis;
48 } verbcmd;
49 
50 int	kc_list(int argc, char *argv[]);
51 int	kc_delete(int argc, char *argv[]);
52 int	kc_create(int argc, char *argv[]);
53 int	kc_modify(int argc, char *argv[]);
54 int	kc_export(int argc, char *argv[]);
55 int	kc_import(int argc, char *argv[]);
56 int	kc_install(int argc, char *argv[]);
57 int	kc_uninstall(int argc, char *argv[]);
58 
59 static int	kc_help();
60 
61 static verbcmd cmds[] = {
62 	{ "list",	kc_list,
63 		"list [dbfile=dbfile] [policy=policyname]\n"
64 		"\tlist plugin" },
65 	{ "delete",	kc_delete, "delete [dbfile=dbfile] "
66 		"policy=policyname" },
67 	{ "create",	kc_create,
68 		"create [dbfile=dbfile] policy=policyname\n"
69 		"\t\t[ignore-date=true|false]\n"
70 		"\t\t[ignore-unknown-eku=true|false]\n"
71 		"\t\t[ignore-trust-anchor=true|false]\n"
72 		"\t\t[validity-adjusttime=adjusttime]\n"
73 		"\t\t[ta-name=trust anchor subject DN]\n"
74 		"\t\t[ta-serial=trust anchor serial number]\n"
75 		"\t\t[ocsp-responder=URL]\n"
76 		"\t\t[ocsp-proxy=URL]\n"
77 		"\t\t[ocsp-use-cert-responder=true|false]\n"
78 		"\t\t[ocsp-response-lifetime=timelimit]\n"
79 		"\t\t[ocsp-ignore-response-sign=true|false]\n"
80 		"\t\t[ocsp-responder-cert-name=Issuer DN]\n"
81 		"\t\t[ocsp-responder-cert-serial=serial number]\n"
82 		"\t\t[crl-basefilename=basefilename]\n"
83 		"\t\t[crl-directory=directory]\n"
84 		"\t\t[crl-get-crl-uri=true|false]\n"
85 		"\t\t[crl-proxy=URL]\n"
86 		"\t\t[crl-ignore-crl-sign=true|false]\n"
87 		"\t\t[crl-ignore-crl-date=true|false]\n"
88 		"\t\t[keyusage=digitalSignature|nonRepudiation\n\t"
89 		"\t\t|keyEncipherment | dataEncipherment |\n\t"
90 		"\t\tkeyAgreement |keyCertSign |\n\t"
91 		"\t\tcRLSign | encipherOnly | decipherOnly],[...]\n"
92 		"\t\t[ekunames=serverAuth | clientAuth |\n\t"
93 		"\t\tcodeSigning | emailProtection |\n\t"
94 		"\t\tipsecEndSystem | ipsecTunnel |\n\t"
95 		"\t\tipsecUser | timeStamping |\n\t"
96 		"\t\tOCSPSigning],[...]\n"
97 		"\t\t[ekuoids=OID,OID,OID...]\n"
98 		"\t\t[mapper-name=name of mapper library]\n"
99 		"\t\t[mapper-directory=dir where mapper library resides]\n"
100 		"\t\t[mapper-path=full pathname of mapper library]\n"
101 		"\t\t[mapper-options=mapper options]\n"},
102 	{ "modify",	kc_modify,
103 		"modify [dbfile=dbfile] policy=policyname\n"
104 		"\t\t[ignore-date=true|false]\n"
105 		"\t\t[ignore-unknown-eku=true|false]\n"
106 		"\t\t[ignore-trust-anchor=true|false]\n"
107 		"\t\t[validity-adjusttime=adjusttime]\n"
108 		"\t\t[ta-name=trust anchor subject DN | search]\n"
109 		"\t\t[ta-serial=trust anchor serial number]\n"
110 		"\t\t[ocsp-responder=URL]\n"
111 		"\t\t[ocsp-proxy=URL]\n"
112 		"\t\t[ocsp-use-cert-responder=true|false]\n"
113 		"\t\t[ocsp-response-lifetime=timelimit]\n"
114 		"\t\t[ocsp-ignore-response-sign=true|false]\n"
115 		"\t\t[ocsp-responder-cert-name=Issuer DN]\n"
116 		"\t\t[ocsp-responder-cert-serial=serial number]\n"
117 		"\t\t[ocsp-none=true|false]\n"
118 		"\t\t[crl-basefilename=basefilename]\n"
119 		"\t\t[crl-directory=directory]\n"
120 		"\t\t[crl-get-crl-uri=true|false]\n"
121 		"\t\t[crl-proxy=URL]\n"
122 		"\t\t[crl-ignore-crl-sign=true|false]\n"
123 		"\t\t[crl-ignore-crl-date=true|false]\n"
124 		"\t\t[crl-none=true|false]\n"
125 		"\t\t[keyusage=digitalSignature|nonRepudiation\n\t"
126 		"\t\t|keyEncipherment | dataEncipherment |\n\t"
127 		"\t\tkeyAgreement |keyCertSign |\n\t"
128 		"\t\tcRLSign | encipherOnly | decipherOnly],[...]\n"
129 		"\t\t[keyusage-none=true|false]\n"
130 		"\t\t[ekunames=serverAuth | clientAuth |\n\t"
131 		"\t\tcodeSigning | emailProtection |\n\t"
132 		"\t\tipsecEndSystem | ipsecTunnel |\n\t"
133 		"\t\tipsecUser | timeStamping |\n\t"
134 		"\t\tOCSPSigning],[...]\n"
135 		"\t\t[ekuoids=OID,OID,OID...]\n"
136 		"\t\t[eku-none=true|false]\n\n"
137 		"\t\t[mapper-name=name of mapper library]\n"
138 		"\t\t[mapper-directory=dir where mapper library resides]\n"
139 		"\t\t[mapper-path=full pathname of mapper library]\n"
140 		"\t\t[mapper-options=mapper options]\n"
141 		"\tmodify plugin keystore=keystorename option=optionstring\n"},
142 
143 	{ "import",	kc_import, "import [dbfile=dbfile] policy=policyname "
144 		"infile=inputdbfile\n" },
145 	{ "export",	kc_export, "export [dbfile=dbfile] policy=policyname "
146 		"outfile=newdbfile\n" },
147 	{ "install",	kc_install, "install keystore=keystorename "
148 		"modulepath=path [option=optionstring]\n"},
149 	{ "uninstall",	kc_uninstall, "uninstall keystore=keystorename\n"},
150 	{ "-?",		kc_help,	"help"},
151 	{ "help",	kc_help,	""}
152 };
153 
154 static int num_cmds = sizeof (cmds) / sizeof (verbcmd);
155 static char *prog;
156 
157 static void
158 usage(void)
159 {
160 	int i;
161 
162 	/* Display this block only in command-line mode. */
163 	(void) fprintf(stdout, gettext("Usage:\n"));
164 	(void) fprintf(stdout, gettext("\t%s -?\t(help and usage)\n"), prog);
165 	(void) fprintf(stdout, gettext("\t%s subcommand [options...]\n"), prog);
166 	(void) fprintf(stdout, gettext("where subcommands may be:\n"));
167 
168 	/* Display only those verbs that match the current tool mode. */
169 	for (i = 0; i < num_cmds; i++) {
170 		/* Do NOT i18n/l10n. */
171 		(void) fprintf(stdout, "\t%s\n", cmds[i].synopsis);
172 	}
173 }
174 
175 static int
176 kc_help()
177 {
178 	usage();
179 	return (0);
180 }
181 
182 int
183 main(int argc, char *argv[])
184 {
185 	int ret;
186 	int found;
187 	int i;
188 
189 	(void) setlocale(LC_ALL, "");
190 #if !defined(TEXT_DOMAIN)		/* Should be defined by cc -D. */
191 #define	TEXT_DOMAIN	"SYS_TEST"	/* Use this only if it isn't. */
192 #endif
193 	(void) textdomain(TEXT_DOMAIN);
194 
195 	prog = basename(argv[0]);
196 	argv++;
197 	argc--;
198 
199 	if (argc == 0) {
200 		usage();
201 		exit(1);
202 	}
203 
204 	if (argc == 1 && argv[0][0] == '-') {
205 		switch (argv[0][1]) {
206 			case '?':
207 				return (kc_help());
208 			default:
209 				usage();
210 				exit(1);
211 		}
212 	}
213 
214 	found = -1;
215 	for (i = 0; i < num_cmds; i++) {
216 		if (strcmp(cmds[i].verb, argv[0]) == 0) {
217 			found = i;
218 			break;
219 		}
220 	}
221 
222 	if (found < 0) {
223 		(void) fprintf(stderr, gettext("Invalid command: %s\n"),
224 		    argv[0]);
225 		exit(1);
226 	}
227 
228 	/*
229 	 * Note the action functions can return values from
230 	 * the key management framework, and those values can conflict
231 	 * with the utility error codes.
232 	 */
233 	ret = (*cmds[found].action)(argc, argv);
234 
235 	switch (ret) {
236 		case KC_OK:
237 			break;
238 		case KC_ERR_USAGE:
239 			break;
240 		case KC_ERR_LOADDB:
241 			(void) fprintf(stderr,
242 			    gettext("Error loading database\n"));
243 			break;
244 		case KC_ERR_FIND_POLICY:
245 			break;
246 		case KC_ERR_DELETE_POLICY:
247 			(void) fprintf(stderr, gettext("Error deleting policy "
248 			    "from database.\n"));
249 			break;
250 		case KC_ERR_ADD_POLICY:
251 			break;
252 		case KC_ERR_VERIFY_POLICY:
253 			break;
254 		case KC_ERR_INCOMPLETE_POLICY:
255 			break;
256 		case KC_ERR_MEMORY:
257 			(void) fprintf(stderr, gettext("Out of memory.\n"));
258 			break;
259 		case KC_ERR_ACCESS:
260 			break;
261 		case KC_ERR_INSTALL:
262 			break;
263 		case KC_ERR_UNINSTALL:
264 			break;
265 		default:
266 			(void) fprintf(stderr, gettext("%s operation failed. "
267 			    "error 0x%02x\n"), cmds[found].verb, ret);
268 			break;
269 	}
270 
271 	return (ret);
272 }
273