1*99ebb4caSwyllys /* 2*99ebb4caSwyllys * CDDL HEADER START 3*99ebb4caSwyllys * 4*99ebb4caSwyllys * The contents of this file are subject to the terms of the 5*99ebb4caSwyllys * Common Development and Distribution License (the "License"). 6*99ebb4caSwyllys * You may not use this file except in compliance with the License. 7*99ebb4caSwyllys * 8*99ebb4caSwyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*99ebb4caSwyllys * or http://www.opensolaris.org/os/licensing. 10*99ebb4caSwyllys * See the License for the specific language governing permissions 11*99ebb4caSwyllys * and limitations under the License. 12*99ebb4caSwyllys * 13*99ebb4caSwyllys * When distributing Covered Code, include this CDDL HEADER in each 14*99ebb4caSwyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*99ebb4caSwyllys * If applicable, add the following below this CDDL HEADER, with the 16*99ebb4caSwyllys * fields enclosed by brackets "[]" replaced with your own identifying 17*99ebb4caSwyllys * information: Portions Copyright [yyyy] [name of copyright owner] 18*99ebb4caSwyllys * 19*99ebb4caSwyllys * CDDL HEADER END 20*99ebb4caSwyllys */ 21*99ebb4caSwyllys /* 22*99ebb4caSwyllys * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23*99ebb4caSwyllys * Use is subject to license terms. 24*99ebb4caSwyllys */ 25*99ebb4caSwyllys 26*99ebb4caSwyllys #pragma ident "%Z%%M% %I% %E% SMI" 27*99ebb4caSwyllys 28*99ebb4caSwyllys #include <stdio.h> 29*99ebb4caSwyllys #include <strings.h> 30*99ebb4caSwyllys #include <ctype.h> 31*99ebb4caSwyllys #include <libgen.h> 32*99ebb4caSwyllys #include <libintl.h> 33*99ebb4caSwyllys #include <locale.h> 34*99ebb4caSwyllys 35*99ebb4caSwyllys #include <kmfapiP.h> 36*99ebb4caSwyllys 37*99ebb4caSwyllys #include "util.h" 38*99ebb4caSwyllys 39*99ebb4caSwyllys /* 40*99ebb4caSwyllys * The verbcmd construct allows genericizing information about a verb so 41*99ebb4caSwyllys * that it is easier to manipulate. Makes parsing code easier to read, 42*99ebb4caSwyllys * fix, and extend with new verbs. 43*99ebb4caSwyllys */ 44*99ebb4caSwyllys typedef struct verbcmd_s { 45*99ebb4caSwyllys char *verb; 46*99ebb4caSwyllys int (*action)(int, char *[]); 47*99ebb4caSwyllys char *synopsis; 48*99ebb4caSwyllys } verbcmd; 49*99ebb4caSwyllys 50*99ebb4caSwyllys int kc_list(int argc, char *argv[]); 51*99ebb4caSwyllys int kc_delete(int argc, char *argv[]); 52*99ebb4caSwyllys int kc_create(int argc, char *argv[]); 53*99ebb4caSwyllys int kc_modify(int argc, char *argv[]); 54*99ebb4caSwyllys int kc_export(int argc, char *argv[]); 55*99ebb4caSwyllys int kc_import(int argc, char *argv[]); 56*99ebb4caSwyllys static int kc_help(); 57*99ebb4caSwyllys 58*99ebb4caSwyllys static verbcmd cmds[] = { 59*99ebb4caSwyllys { "list", kc_list, "list [dbfile=dbfile] " 60*99ebb4caSwyllys "[policy=policyname]" }, 61*99ebb4caSwyllys { "delete", kc_delete, "delete [dbfile=dbfile] " 62*99ebb4caSwyllys "policy=policyname" }, 63*99ebb4caSwyllys { "create", kc_create, 64*99ebb4caSwyllys "create [dbfile=dbfile] policy=policyname\n" 65*99ebb4caSwyllys "\t\t[ignore-date=true|false]\n" 66*99ebb4caSwyllys "\t\t[ignore-unknown-eku=true|false]\n" 67*99ebb4caSwyllys "\t\t[ignore-trust-anchor=true|false]\n" 68*99ebb4caSwyllys "\t\t[validity-adjusttime=adjusttime]\n" 69*99ebb4caSwyllys "\t\t[ta-name=trust anchor subject DN]\n" 70*99ebb4caSwyllys "\t\t[ta-serial=trust anchor serial number]\n" 71*99ebb4caSwyllys "\t\t[ocsp-responder=URL]\n" 72*99ebb4caSwyllys "\t\t[ocsp-proxy=URL]\n" 73*99ebb4caSwyllys "\t\t[ocsp-use-cert-responder=true|false]\n" 74*99ebb4caSwyllys "\t\t[ocsp-response-lifetime=timelimit]\n" 75*99ebb4caSwyllys "\t\t[ocsp-ignore-response-sign=true|false]\n" 76*99ebb4caSwyllys "\t\t[ocsp-responder-cert-name=Issuer DN]\n" 77*99ebb4caSwyllys "\t\t[ocsp-responder-cert-serial=serial number]\n" 78*99ebb4caSwyllys "\t\t[crl-basefilename=basefilename]\n" 79*99ebb4caSwyllys "\t\t[crl-directory=directory]\n" 80*99ebb4caSwyllys "\t\t[crl-get-crl-uri=true|false]\n" 81*99ebb4caSwyllys "\t\t[crl-proxy=URL]\n" 82*99ebb4caSwyllys "\t\t[crl-ignore-crl-sign=true|false]\n" 83*99ebb4caSwyllys "\t\t[crl-ignore-crl-date=true|false]\n" 84*99ebb4caSwyllys "\t\t[keyusage=digitalSignature|nonRepudiation\n\t" 85*99ebb4caSwyllys "\t\t|keyEncipherment | dataEncipherment |\n\t" 86*99ebb4caSwyllys "\t\tkeyAgreement |keyCertSign |\n\t" 87*99ebb4caSwyllys "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n" 88*99ebb4caSwyllys "\t\t[ekunames=serverAuth | clientAuth |\n\t" 89*99ebb4caSwyllys "\t\tcodeSigning | emailProtection |\n\t" 90*99ebb4caSwyllys "\t\tipsecEndSystem | ipsecTunnel |\n\t" 91*99ebb4caSwyllys "\t\tipsecUser | timeStamping |\n\t" 92*99ebb4caSwyllys "\t\tOCSPSigning],[...]\n" 93*99ebb4caSwyllys "\t\t[ekuoids=OID,OID,OID...]\n" }, 94*99ebb4caSwyllys { "modify", kc_modify, 95*99ebb4caSwyllys "modify [dbfile=dbfile] policy=policyname\n" 96*99ebb4caSwyllys "\t\t[ignore-date=true|false]\n" 97*99ebb4caSwyllys "\t\t[ignore-unknown-eku=true|false]\n" 98*99ebb4caSwyllys "\t\t[ignore-trust-anchor=true|false]\n" 99*99ebb4caSwyllys "\t\t[validity-adjusttime=adjusttime]\n" 100*99ebb4caSwyllys "\t\t[ta-name=trust anchor subject DN]\n" 101*99ebb4caSwyllys "\t\t[ta-serial=trust anchor serial number]\n" 102*99ebb4caSwyllys "\t\t[ocsp-responder=URL]\n" 103*99ebb4caSwyllys "\t\t[ocsp-proxy=URL]\n" 104*99ebb4caSwyllys "\t\t[ocsp-use-cert-responder=true|false]\n" 105*99ebb4caSwyllys "\t\t[ocsp-response-lifetime=timelimit]\n" 106*99ebb4caSwyllys "\t\t[ocsp-ignore-response-sign=true|false]\n" 107*99ebb4caSwyllys "\t\t[ocsp-responder-cert-name=Issuer DN]\n" 108*99ebb4caSwyllys "\t\t[ocsp-responder-cert-serial=serial number]\n" 109*99ebb4caSwyllys "\t\t[ocsp-none=true|false]\n" 110*99ebb4caSwyllys "\t\t[crl-basefilename=basefilename]\n" 111*99ebb4caSwyllys "\t\t[crl-directory=directory]\n" 112*99ebb4caSwyllys "\t\t[crl-get-crl-uri=true|false]\n" 113*99ebb4caSwyllys "\t\t[crl-proxy=URL]\n" 114*99ebb4caSwyllys "\t\t[crl-ignore-crl-sign=true|false]\n" 115*99ebb4caSwyllys "\t\t[crl-ignore-crl-date=true|false]\n" 116*99ebb4caSwyllys "\t\t[crl-none=true|false]\n" 117*99ebb4caSwyllys "\t\t[keyusage=digitalSignature|nonRepudiation\n\t" 118*99ebb4caSwyllys "\t\t|keyEncipherment | dataEncipherment |\n\t" 119*99ebb4caSwyllys "\t\tkeyAgreement |keyCertSign |\n\t" 120*99ebb4caSwyllys "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n" 121*99ebb4caSwyllys "\t\t[keyusage-none=true|false]\n" 122*99ebb4caSwyllys "\t\t[ekunames=serverAuth | clientAuth |\n\t" 123*99ebb4caSwyllys "\t\tcodeSigning | emailProtection |\n\t" 124*99ebb4caSwyllys "\t\tipsecEndSystem | ipsecTunnel |\n\t" 125*99ebb4caSwyllys "\t\tipsecUser | timeStamping |\n\t" 126*99ebb4caSwyllys "\t\tOCSPSigning],[...]\n" 127*99ebb4caSwyllys "\t\t[ekuoids=OID,OID,OID...]\n" 128*99ebb4caSwyllys "\t\t[eku-none=true|false]\n" }, 129*99ebb4caSwyllys { "import", kc_import, "import [dbfile=dbfile] policy=policyname " 130*99ebb4caSwyllys "infile=inputdbfile\n" }, 131*99ebb4caSwyllys { "export", kc_export, "export [dbfile=dbfile] policy=policyname " 132*99ebb4caSwyllys "outfile=newdbfile\n" }, 133*99ebb4caSwyllys { "-?", kc_help, "help"}, 134*99ebb4caSwyllys { "help", kc_help, ""} 135*99ebb4caSwyllys }; 136*99ebb4caSwyllys 137*99ebb4caSwyllys static int num_cmds = sizeof (cmds) / sizeof (verbcmd); 138*99ebb4caSwyllys static char *prog; 139*99ebb4caSwyllys 140*99ebb4caSwyllys static void 141*99ebb4caSwyllys usage(void) 142*99ebb4caSwyllys { 143*99ebb4caSwyllys int i; 144*99ebb4caSwyllys 145*99ebb4caSwyllys /* Display this block only in command-line mode. */ 146*99ebb4caSwyllys (void) fprintf(stdout, gettext("Usage:\n")); 147*99ebb4caSwyllys (void) fprintf(stdout, gettext("\t%s -?\t(help and usage)\n"), prog); 148*99ebb4caSwyllys (void) fprintf(stdout, gettext("\t%s subcommand [options...]\n"), prog); 149*99ebb4caSwyllys (void) fprintf(stdout, gettext("where subcommands may be:\n")); 150*99ebb4caSwyllys 151*99ebb4caSwyllys /* Display only those verbs that match the current tool mode. */ 152*99ebb4caSwyllys for (i = 0; i < num_cmds; i++) { 153*99ebb4caSwyllys /* Do NOT i18n/l10n. */ 154*99ebb4caSwyllys (void) fprintf(stdout, "\t%s\n", cmds[i].synopsis); 155*99ebb4caSwyllys } 156*99ebb4caSwyllys } 157*99ebb4caSwyllys 158*99ebb4caSwyllys static int 159*99ebb4caSwyllys kc_help() 160*99ebb4caSwyllys { 161*99ebb4caSwyllys usage(); 162*99ebb4caSwyllys return (0); 163*99ebb4caSwyllys } 164*99ebb4caSwyllys 165*99ebb4caSwyllys int 166*99ebb4caSwyllys main(int argc, char *argv[]) 167*99ebb4caSwyllys { 168*99ebb4caSwyllys KMF_RETURN ret; 169*99ebb4caSwyllys int found; 170*99ebb4caSwyllys int i; 171*99ebb4caSwyllys 172*99ebb4caSwyllys (void) setlocale(LC_ALL, ""); 173*99ebb4caSwyllys #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D. */ 174*99ebb4caSwyllys #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it isn't. */ 175*99ebb4caSwyllys #endif 176*99ebb4caSwyllys (void) textdomain(TEXT_DOMAIN); 177*99ebb4caSwyllys 178*99ebb4caSwyllys prog = basename(argv[0]); 179*99ebb4caSwyllys argv++; argc--; 180*99ebb4caSwyllys 181*99ebb4caSwyllys if (argc == 0) { 182*99ebb4caSwyllys usage(); 183*99ebb4caSwyllys exit(1); 184*99ebb4caSwyllys } 185*99ebb4caSwyllys 186*99ebb4caSwyllys if (argc == 1 && argv[0][0] == '-') { 187*99ebb4caSwyllys switch (argv[0][1]) { 188*99ebb4caSwyllys case '?': 189*99ebb4caSwyllys return (kc_help()); 190*99ebb4caSwyllys default: 191*99ebb4caSwyllys usage(); 192*99ebb4caSwyllys exit(1); 193*99ebb4caSwyllys } 194*99ebb4caSwyllys } 195*99ebb4caSwyllys 196*99ebb4caSwyllys found = -1; 197*99ebb4caSwyllys for (i = 0; i < num_cmds; i++) { 198*99ebb4caSwyllys if (strcmp(cmds[i].verb, argv[0]) == 0) { 199*99ebb4caSwyllys found = i; 200*99ebb4caSwyllys break; 201*99ebb4caSwyllys } 202*99ebb4caSwyllys } 203*99ebb4caSwyllys 204*99ebb4caSwyllys if (found < 0) { 205*99ebb4caSwyllys (void) fprintf(stderr, gettext("Invalid command: %s\n"), 206*99ebb4caSwyllys argv[0]); 207*99ebb4caSwyllys exit(1); 208*99ebb4caSwyllys } 209*99ebb4caSwyllys 210*99ebb4caSwyllys ret = (*cmds[found].action)(argc, argv); 211*99ebb4caSwyllys 212*99ebb4caSwyllys switch (ret) { 213*99ebb4caSwyllys case KC_OK: 214*99ebb4caSwyllys break; 215*99ebb4caSwyllys case KC_ERR_USAGE: 216*99ebb4caSwyllys break; 217*99ebb4caSwyllys case KC_ERR_LOADDB: 218*99ebb4caSwyllys (void) fprintf(stderr, 219*99ebb4caSwyllys gettext("Error loading database\n")); 220*99ebb4caSwyllys break; 221*99ebb4caSwyllys case KC_ERR_FIND_POLICY: 222*99ebb4caSwyllys break; 223*99ebb4caSwyllys case KC_ERR_DELETE_POLICY: 224*99ebb4caSwyllys (void) fprintf(stderr, gettext("Error deleting policy " 225*99ebb4caSwyllys "from database.\n")); 226*99ebb4caSwyllys break; 227*99ebb4caSwyllys case KC_ERR_ADD_POLICY: 228*99ebb4caSwyllys break; 229*99ebb4caSwyllys case KC_ERR_VERIFY_POLICY: 230*99ebb4caSwyllys break; 231*99ebb4caSwyllys case KC_ERR_INCOMPLETE_POLICY: 232*99ebb4caSwyllys break; 233*99ebb4caSwyllys case KC_ERR_MEMORY: 234*99ebb4caSwyllys (void) fprintf(stderr, gettext("Out of memory.\n")); 235*99ebb4caSwyllys break; 236*99ebb4caSwyllys case KC_ERR_ACCESS: 237*99ebb4caSwyllys break; 238*99ebb4caSwyllys default: 239*99ebb4caSwyllys (void) fprintf(stderr, gettext("%s operation failed. " 240*99ebb4caSwyllys "error 0x%02x\n"), cmds[found].verb, ret); 241*99ebb4caSwyllys break; 242*99ebb4caSwyllys } 243*99ebb4caSwyllys 244*99ebb4caSwyllys return (ret); 245*99ebb4caSwyllys } 246