kmfcfg.c revision 3089:8ddeb2ace8aa 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#pragma ident	"%Z%%M%	%I%	%E% SMI"
27
28#include <stdio.h>
29#include <strings.h>
30#include <ctype.h>
31#include <libgen.h>
32#include <libintl.h>
33#include <locale.h>
34
35#include <kmfapiP.h>
36
37#include "util.h"
38
39/*
40 * The verbcmd construct allows genericizing information about a verb so
41 * that it is easier to manipulate.  Makes parsing code easier to read,
42 * fix, and extend with new verbs.
43 */
44typedef struct verbcmd_s {
45	char    	*verb;
46	int		(*action)(int, char *[]);
47	char    	*synopsis;
48} verbcmd;
49
50int	kc_list(int argc, char *argv[]);
51int	kc_delete(int argc, char *argv[]);
52int	kc_create(int argc, char *argv[]);
53int	kc_modify(int argc, char *argv[]);
54int	kc_export(int argc, char *argv[]);
55int	kc_import(int argc, char *argv[]);
56static int	kc_help();
57
58static verbcmd cmds[] = {
59	{ "list",	kc_list,   "list [dbfile=dbfile] "
60		"[policy=policyname]" },
61	{ "delete",	kc_delete, "delete [dbfile=dbfile] "
62		"policy=policyname" },
63	{ "create",	kc_create,
64		"create [dbfile=dbfile] policy=policyname\n"
65		"\t\t[ignore-date=true|false]\n"
66		"\t\t[ignore-unknown-eku=true|false]\n"
67		"\t\t[ignore-trust-anchor=true|false]\n"
68		"\t\t[validity-adjusttime=adjusttime]\n"
69		"\t\t[ta-name=trust anchor subject DN]\n"
70		"\t\t[ta-serial=trust anchor serial number]\n"
71		"\t\t[ocsp-responder=URL]\n"
72		"\t\t[ocsp-proxy=URL]\n"
73		"\t\t[ocsp-use-cert-responder=true|false]\n"
74		"\t\t[ocsp-response-lifetime=timelimit]\n"
75		"\t\t[ocsp-ignore-response-sign=true|false]\n"
76		"\t\t[ocsp-responder-cert-name=Issuer DN]\n"
77		"\t\t[ocsp-responder-cert-serial=serial number]\n"
78		"\t\t[crl-basefilename=basefilename]\n"
79		"\t\t[crl-directory=directory]\n"
80		"\t\t[crl-get-crl-uri=true|false]\n"
81		"\t\t[crl-proxy=URL]\n"
82		"\t\t[crl-ignore-crl-sign=true|false]\n"
83		"\t\t[crl-ignore-crl-date=true|false]\n"
84		"\t\t[keyusage=digitalSignature|nonRepudiation\n\t"
85		"\t\t|keyEncipherment | dataEncipherment |\n\t"
86		"\t\tkeyAgreement |keyCertSign |\n\t"
87		"\t\tcRLSign | encipherOnly | decipherOnly],[...]\n"
88		"\t\t[ekunames=serverAuth | clientAuth |\n\t"
89		"\t\tcodeSigning | emailProtection |\n\t"
90		"\t\tipsecEndSystem | ipsecTunnel |\n\t"
91		"\t\tipsecUser | timeStamping |\n\t"
92		"\t\tOCSPSigning],[...]\n"
93		"\t\t[ekuoids=OID,OID,OID...]\n" },
94	{ "modify",	kc_modify,
95		"modify [dbfile=dbfile] policy=policyname\n"
96		"\t\t[ignore-date=true|false]\n"
97		"\t\t[ignore-unknown-eku=true|false]\n"
98		"\t\t[ignore-trust-anchor=true|false]\n"
99		"\t\t[validity-adjusttime=adjusttime]\n"
100		"\t\t[ta-name=trust anchor subject DN]\n"
101		"\t\t[ta-serial=trust anchor serial number]\n"
102		"\t\t[ocsp-responder=URL]\n"
103		"\t\t[ocsp-proxy=URL]\n"
104		"\t\t[ocsp-use-cert-responder=true|false]\n"
105		"\t\t[ocsp-response-lifetime=timelimit]\n"
106		"\t\t[ocsp-ignore-response-sign=true|false]\n"
107		"\t\t[ocsp-responder-cert-name=Issuer DN]\n"
108		"\t\t[ocsp-responder-cert-serial=serial number]\n"
109		"\t\t[ocsp-none=true|false]\n"
110		"\t\t[crl-basefilename=basefilename]\n"
111		"\t\t[crl-directory=directory]\n"
112		"\t\t[crl-get-crl-uri=true|false]\n"
113		"\t\t[crl-proxy=URL]\n"
114		"\t\t[crl-ignore-crl-sign=true|false]\n"
115		"\t\t[crl-ignore-crl-date=true|false]\n"
116		"\t\t[crl-none=true|false]\n"
117		"\t\t[keyusage=digitalSignature|nonRepudiation\n\t"
118		"\t\t|keyEncipherment | dataEncipherment |\n\t"
119		"\t\tkeyAgreement |keyCertSign |\n\t"
120		"\t\tcRLSign | encipherOnly | decipherOnly],[...]\n"
121		"\t\t[keyusage-none=true|false]\n"
122		"\t\t[ekunames=serverAuth | clientAuth |\n\t"
123		"\t\tcodeSigning | emailProtection |\n\t"
124		"\t\tipsecEndSystem | ipsecTunnel |\n\t"
125		"\t\tipsecUser | timeStamping |\n\t"
126		"\t\tOCSPSigning],[...]\n"
127		"\t\t[ekuoids=OID,OID,OID...]\n"
128		"\t\t[eku-none=true|false]\n" },
129	{ "import",	kc_import, "import [dbfile=dbfile] policy=policyname "
130		"infile=inputdbfile\n" },
131	{ "export",	kc_export, "export [dbfile=dbfile] policy=policyname "
132		"outfile=newdbfile\n" },
133	{ "-?",		kc_help, 	"help"},
134	{ "help",	kc_help, 	""}
135};
136
137static int num_cmds = sizeof (cmds) / sizeof (verbcmd);
138static char *prog;
139
140static void
141usage(void)
142{
143	int i;
144
145	/* Display this block only in command-line mode. */
146	(void) fprintf(stdout, gettext("Usage:\n"));
147	(void) fprintf(stdout, gettext("\t%s -?\t(help and usage)\n"), prog);
148	(void) fprintf(stdout, gettext("\t%s subcommand [options...]\n"), prog);
149	(void) fprintf(stdout, gettext("where subcommands may be:\n"));
150
151	/* Display only those verbs that match the current tool mode. */
152	for (i = 0; i < num_cmds; i++) {
153		/* Do NOT i18n/l10n. */
154		(void) fprintf(stdout, "\t%s\n", cmds[i].synopsis);
155	}
156}
157
158static int
159kc_help()
160{
161	usage();
162	return (0);
163}
164
165int
166main(int argc, char *argv[])
167{
168	KMF_RETURN ret;
169	int found;
170	int i;
171
172	(void) setlocale(LC_ALL, "");
173#if !defined(TEXT_DOMAIN)		/* Should be defined by cc -D. */
174#define	TEXT_DOMAIN	"SYS_TEST"	/* Use this only if it isn't. */
175#endif
176	(void) textdomain(TEXT_DOMAIN);
177
178	prog = basename(argv[0]);
179	argv++; argc--;
180
181	if (argc == 0) {
182		usage();
183		exit(1);
184	}
185
186	if (argc == 1 && argv[0][0] == '-') {
187		switch (argv[0][1]) {
188			case '?':
189				return (kc_help());
190			default:
191				usage();
192				exit(1);
193		}
194	}
195
196	found = -1;
197	for (i = 0; i < num_cmds; i++) {
198		if (strcmp(cmds[i].verb, argv[0]) == 0) {
199			found = i;
200			break;
201		}
202	}
203
204	if (found < 0) {
205		(void) fprintf(stderr, gettext("Invalid command: %s\n"),
206		    argv[0]);
207		exit(1);
208	}
209
210	ret = (*cmds[found].action)(argc, argv);
211
212	switch (ret) {
213		case KC_OK:
214			break;
215		case KC_ERR_USAGE:
216			break;
217		case KC_ERR_LOADDB:
218			(void) fprintf(stderr,
219			    gettext("Error loading database\n"));
220			break;
221		case KC_ERR_FIND_POLICY:
222			break;
223		case KC_ERR_DELETE_POLICY:
224			(void) fprintf(stderr, gettext("Error deleting policy "
225			    "from database.\n"));
226			break;
227		case KC_ERR_ADD_POLICY:
228			break;
229		case KC_ERR_VERIFY_POLICY:
230			break;
231		case KC_ERR_INCOMPLETE_POLICY:
232			break;
233		case KC_ERR_MEMORY:
234			(void) fprintf(stderr, gettext("Out of memory.\n"));
235			break;
236		case KC_ERR_ACCESS:
237			break;
238		default:
239			(void) fprintf(stderr, gettext("%s operation failed. "
240			    "error 0x%02x\n"), cmds[found].verb, ret);
241			break;
242	}
243
244	return (ret);
245}
246