1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 22 */ 23 24#include <stdio.h> 25#include <strings.h> 26#include <ctype.h> 27#include <libgen.h> 28#include <libintl.h> 29#include <locale.h> 30 31#include <kmfapiP.h> 32 33#include "util.h" 34 35/* 36 * The verbcmd construct allows genericizing information about a verb so 37 * that it is easier to manipulate. Makes parsing code easier to read, 38 * fix, and extend with new verbs. 39 */ 40typedef struct verbcmd_s { 41 char *verb; 42 int (*action)(int, char *[]); 43 char *synopsis; 44} verbcmd; 45 46int kc_list(int argc, char *argv[]); 47int kc_delete(int argc, char *argv[]); 48int kc_create(int argc, char *argv[]); 49int kc_modify(int argc, char *argv[]); 50int kc_export(int argc, char *argv[]); 51int kc_import(int argc, char *argv[]); 52int kc_install(int argc, char *argv[]); 53int kc_uninstall(int argc, char *argv[]); 54 55static int kc_help(); 56 57static verbcmd cmds[] = { 58 { "list", kc_list, 59 "list [dbfile=dbfile] [policy=policyname]\n" 60 "\tlist plugin" }, 61 { "delete", kc_delete, "delete [dbfile=dbfile] " 62 "policy=policyname" }, 63 { "create", kc_create, 64 "create [dbfile=dbfile] policy=policyname\n" 65 "\t\t[ignore-date=true|false]\n" 66 "\t\t[ignore-unknown-eku=true|false]\n" 67 "\t\t[ignore-trust-anchor=true|false]\n" 68 "\t\t[validity-adjusttime=adjusttime]\n" 69 "\t\t[ta-name=trust anchor subject DN]\n" 70 "\t\t[ta-serial=trust anchor serial number]\n" 71 "\t\t[ocsp-responder=URL]\n" 72 "\t\t[ocsp-proxy=URL]\n" 73 "\t\t[ocsp-use-cert-responder=true|false]\n" 74 "\t\t[ocsp-response-lifetime=timelimit]\n" 75 "\t\t[ocsp-ignore-response-sign=true|false]\n" 76 "\t\t[ocsp-responder-cert-name=Issuer DN]\n" 77 "\t\t[ocsp-responder-cert-serial=serial number]\n" 78 "\t\t[crl-basefilename=basefilename]\n" 79 "\t\t[crl-directory=directory]\n" 80 "\t\t[crl-get-crl-uri=true|false]\n" 81 "\t\t[crl-proxy=URL]\n" 82 "\t\t[crl-ignore-crl-sign=true|false]\n" 83 "\t\t[crl-ignore-crl-date=true|false]\n" 84 "\t\t[keyusage=digitalSignature|nonRepudiation\n\t" 85 "\t\t|keyEncipherment | dataEncipherment |\n\t" 86 "\t\tkeyAgreement |keyCertSign |\n\t" 87 "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n" 88 "\t\t[ekunames=serverAuth | clientAuth |\n\t" 89 "\t\tcodeSigning | emailProtection |\n\t" 90 "\t\tipsecEndSystem | ipsecTunnel |\n\t" 91 "\t\tipsecUser | timeStamping |\n\t" 92 "\t\tOCSPSigning],[...]\n" 93 "\t\t[ekuoids=OID,OID,OID...]\n" 94 "\t\t[mapper-name=name of mapper library]\n" 95 "\t\t[mapper-directory=dir where mapper library resides]\n" 96 "\t\t[mapper-path=full pathname of mapper library]\n" 97 "\t\t[mapper-options=mapper options]\n"}, 98 { "modify", kc_modify, 99 "modify [dbfile=dbfile] policy=policyname\n" 100 "\t\t[ignore-date=true|false]\n" 101 "\t\t[ignore-unknown-eku=true|false]\n" 102 "\t\t[ignore-trust-anchor=true|false]\n" 103 "\t\t[validity-adjusttime=adjusttime]\n" 104 "\t\t[ta-name=trust anchor subject DN | search]\n" 105 "\t\t[ta-serial=trust anchor serial number]\n" 106 "\t\t[ocsp-responder=URL]\n" 107 "\t\t[ocsp-proxy=URL]\n" 108 "\t\t[ocsp-use-cert-responder=true|false]\n" 109 "\t\t[ocsp-response-lifetime=timelimit]\n" 110 "\t\t[ocsp-ignore-response-sign=true|false]\n" 111 "\t\t[ocsp-responder-cert-name=Issuer DN]\n" 112 "\t\t[ocsp-responder-cert-serial=serial number]\n" 113 "\t\t[ocsp-none=true|false]\n" 114 "\t\t[crl-basefilename=basefilename]\n" 115 "\t\t[crl-directory=directory]\n" 116 "\t\t[crl-get-crl-uri=true|false]\n" 117 "\t\t[crl-proxy=URL]\n" 118 "\t\t[crl-ignore-crl-sign=true|false]\n" 119 "\t\t[crl-ignore-crl-date=true|false]\n" 120 "\t\t[crl-none=true|false]\n" 121 "\t\t[keyusage=digitalSignature|nonRepudiation\n\t" 122 "\t\t|keyEncipherment | dataEncipherment |\n\t" 123 "\t\tkeyAgreement |keyCertSign |\n\t" 124 "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n" 125 "\t\t[keyusage-none=true|false]\n" 126 "\t\t[ekunames=serverAuth | clientAuth |\n\t" 127 "\t\tcodeSigning | emailProtection |\n\t" 128 "\t\tipsecEndSystem | ipsecTunnel |\n\t" 129 "\t\tipsecUser | timeStamping |\n\t" 130 "\t\tOCSPSigning],[...]\n" 131 "\t\t[ekuoids=OID,OID,OID...]\n" 132 "\t\t[eku-none=true|false]\n\n" 133 "\t\t[mapper-name=name of mapper library]\n" 134 "\t\t[mapper-directory=dir where mapper library resides]\n" 135 "\t\t[mapper-path=full pathname of mapper library]\n" 136 "\t\t[mapper-options=mapper options]\n" 137 "\tmodify plugin keystore=keystorename option=optionstring\n"}, 138 139 { "import", kc_import, "import [dbfile=dbfile] policy=policyname " 140 "infile=inputdbfile\n" }, 141 { "export", kc_export, "export [dbfile=dbfile] policy=policyname " 142 "outfile=newdbfile\n" }, 143 { "install", kc_install, "install keystore=keystorename " 144 "modulepath=path [option=optionstring]\n"}, 145 { "uninstall", kc_uninstall, "uninstall keystore=keystorename\n"}, 146 { "-?", kc_help, "help"}, 147 { "help", kc_help, ""} 148}; 149 150static int num_cmds = sizeof (cmds) / sizeof (verbcmd); 151static char *prog; 152 153static void 154usage(void) 155{ 156 int i; 157 158 /* Display this block only in command-line mode. */ 159 (void) fprintf(stdout, gettext("Usage:\n")); 160 (void) fprintf(stdout, gettext("\t%s -?\t(help and usage)\n"), prog); 161 (void) fprintf(stdout, gettext("\t%s subcommand [options...]\n"), prog); 162 (void) fprintf(stdout, gettext("where subcommands may be:\n")); 163 164 /* Display only those verbs that match the current tool mode. */ 165 for (i = 0; i < num_cmds; i++) { 166 /* Do NOT i18n/l10n. */ 167 (void) fprintf(stdout, "\t%s\n", cmds[i].synopsis); 168 } 169} 170 171static int 172kc_help() 173{ 174 usage(); 175 return (0); 176} 177 178int 179main(int argc, char *argv[]) 180{ 181 KMF_RETURN ret; 182 int found; 183 int i; 184 185 (void) setlocale(LC_ALL, ""); 186#if !defined(TEXT_DOMAIN) /* Should be defined by cc -D. */ 187#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it isn't. */ 188#endif 189 (void) textdomain(TEXT_DOMAIN); 190 191 prog = basename(argv[0]); 192 argv++; argc--; 193 194 if (argc == 0) { 195 usage(); 196 exit(1); 197 } 198 199 if (argc == 1 && argv[0][0] == '-') { 200 switch (argv[0][1]) { 201 case '?': 202 return (kc_help()); 203 default: 204 usage(); 205 exit(1); 206 } 207 } 208 209 found = -1; 210 for (i = 0; i < num_cmds; i++) { 211 if (strcmp(cmds[i].verb, argv[0]) == 0) { 212 found = i; 213 break; 214 } 215 } 216 217 if (found < 0) { 218 (void) fprintf(stderr, gettext("Invalid command: %s\n"), 219 argv[0]); 220 exit(1); 221 } 222 223 ret = (*cmds[found].action)(argc, argv); 224 225 switch (ret) { 226 case KC_OK: 227 break; 228 case KC_ERR_USAGE: 229 break; 230 case KC_ERR_LOADDB: 231 (void) fprintf(stderr, 232 gettext("Error loading database\n")); 233 break; 234 case KC_ERR_FIND_POLICY: 235 break; 236 case KC_ERR_DELETE_POLICY: 237 (void) fprintf(stderr, gettext("Error deleting policy " 238 "from database.\n")); 239 break; 240 case KC_ERR_ADD_POLICY: 241 break; 242 case KC_ERR_VERIFY_POLICY: 243 break; 244 case KC_ERR_INCOMPLETE_POLICY: 245 break; 246 case KC_ERR_MEMORY: 247 (void) fprintf(stderr, gettext("Out of memory.\n")); 248 break; 249 case KC_ERR_ACCESS: 250 break; 251 case KC_ERR_INSTALL: 252 break; 253 case KC_ERR_UNINSTALL: 254 break; 255 default: 256 (void) fprintf(stderr, gettext("%s operation failed. " 257 "error 0x%02x\n"), cmds[found].verb, ret); 258 break; 259 } 260 261 return (ret); 262} 263