1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <stdio.h> 29 #include <strings.h> 30 #include <ctype.h> 31 #include <libgen.h> 32 #include <libintl.h> 33 #include <locale.h> 34 35 #include <kmfapiP.h> 36 37 #include "util.h" 38 39 /* 40 * The verbcmd construct allows genericizing information about a verb so 41 * that it is easier to manipulate. Makes parsing code easier to read, 42 * fix, and extend with new verbs. 43 */ 44 typedef struct verbcmd_s { 45 char *verb; 46 int (*action)(int, char *[]); 47 char *synopsis; 48 } verbcmd; 49 50 int kc_list(int argc, char *argv[]); 51 int kc_delete(int argc, char *argv[]); 52 int kc_create(int argc, char *argv[]); 53 int kc_modify(int argc, char *argv[]); 54 int kc_export(int argc, char *argv[]); 55 int kc_import(int argc, char *argv[]); 56 static int kc_help(); 57 58 static verbcmd cmds[] = { 59 { "list", kc_list, "list [dbfile=dbfile] " 60 "[policy=policyname]" }, 61 { "delete", kc_delete, "delete [dbfile=dbfile] " 62 "policy=policyname" }, 63 { "create", kc_create, 64 "create [dbfile=dbfile] policy=policyname\n" 65 "\t\t[ignore-date=true|false]\n" 66 "\t\t[ignore-unknown-eku=true|false]\n" 67 "\t\t[ignore-trust-anchor=true|false]\n" 68 "\t\t[validity-adjusttime=adjusttime]\n" 69 "\t\t[ta-name=trust anchor subject DN]\n" 70 "\t\t[ta-serial=trust anchor serial number]\n" 71 "\t\t[ocsp-responder=URL]\n" 72 "\t\t[ocsp-proxy=URL]\n" 73 "\t\t[ocsp-use-cert-responder=true|false]\n" 74 "\t\t[ocsp-response-lifetime=timelimit]\n" 75 "\t\t[ocsp-ignore-response-sign=true|false]\n" 76 "\t\t[ocsp-responder-cert-name=Issuer DN]\n" 77 "\t\t[ocsp-responder-cert-serial=serial number]\n" 78 "\t\t[crl-basefilename=basefilename]\n" 79 "\t\t[crl-directory=directory]\n" 80 "\t\t[crl-get-crl-uri=true|false]\n" 81 "\t\t[crl-proxy=URL]\n" 82 "\t\t[crl-ignore-crl-sign=true|false]\n" 83 "\t\t[crl-ignore-crl-date=true|false]\n" 84 "\t\t[keyusage=digitalSignature|nonRepudiation\n\t" 85 "\t\t|keyEncipherment | dataEncipherment |\n\t" 86 "\t\tkeyAgreement |keyCertSign |\n\t" 87 "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n" 88 "\t\t[ekunames=serverAuth | clientAuth |\n\t" 89 "\t\tcodeSigning | emailProtection |\n\t" 90 "\t\tipsecEndSystem | ipsecTunnel |\n\t" 91 "\t\tipsecUser | timeStamping |\n\t" 92 "\t\tOCSPSigning],[...]\n" 93 "\t\t[ekuoids=OID,OID,OID...]\n" }, 94 { "modify", kc_modify, 95 "modify [dbfile=dbfile] policy=policyname\n" 96 "\t\t[ignore-date=true|false]\n" 97 "\t\t[ignore-unknown-eku=true|false]\n" 98 "\t\t[ignore-trust-anchor=true|false]\n" 99 "\t\t[validity-adjusttime=adjusttime]\n" 100 "\t\t[ta-name=trust anchor subject DN]\n" 101 "\t\t[ta-serial=trust anchor serial number]\n" 102 "\t\t[ocsp-responder=URL]\n" 103 "\t\t[ocsp-proxy=URL]\n" 104 "\t\t[ocsp-use-cert-responder=true|false]\n" 105 "\t\t[ocsp-response-lifetime=timelimit]\n" 106 "\t\t[ocsp-ignore-response-sign=true|false]\n" 107 "\t\t[ocsp-responder-cert-name=Issuer DN]\n" 108 "\t\t[ocsp-responder-cert-serial=serial number]\n" 109 "\t\t[ocsp-none=true|false]\n" 110 "\t\t[crl-basefilename=basefilename]\n" 111 "\t\t[crl-directory=directory]\n" 112 "\t\t[crl-get-crl-uri=true|false]\n" 113 "\t\t[crl-proxy=URL]\n" 114 "\t\t[crl-ignore-crl-sign=true|false]\n" 115 "\t\t[crl-ignore-crl-date=true|false]\n" 116 "\t\t[crl-none=true|false]\n" 117 "\t\t[keyusage=digitalSignature|nonRepudiation\n\t" 118 "\t\t|keyEncipherment | dataEncipherment |\n\t" 119 "\t\tkeyAgreement |keyCertSign |\n\t" 120 "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n" 121 "\t\t[keyusage-none=true|false]\n" 122 "\t\t[ekunames=serverAuth | clientAuth |\n\t" 123 "\t\tcodeSigning | emailProtection |\n\t" 124 "\t\tipsecEndSystem | ipsecTunnel |\n\t" 125 "\t\tipsecUser | timeStamping |\n\t" 126 "\t\tOCSPSigning],[...]\n" 127 "\t\t[ekuoids=OID,OID,OID...]\n" 128 "\t\t[eku-none=true|false]\n" }, 129 { "import", kc_import, "import [dbfile=dbfile] policy=policyname " 130 "infile=inputdbfile\n" }, 131 { "export", kc_export, "export [dbfile=dbfile] policy=policyname " 132 "outfile=newdbfile\n" }, 133 { "-?", kc_help, "help"}, 134 { "help", kc_help, ""} 135 }; 136 137 static int num_cmds = sizeof (cmds) / sizeof (verbcmd); 138 static char *prog; 139 140 static void 141 usage(void) 142 { 143 int i; 144 145 /* Display this block only in command-line mode. */ 146 (void) fprintf(stdout, gettext("Usage:\n")); 147 (void) fprintf(stdout, gettext("\t%s -?\t(help and usage)\n"), prog); 148 (void) fprintf(stdout, gettext("\t%s subcommand [options...]\n"), prog); 149 (void) fprintf(stdout, gettext("where subcommands may be:\n")); 150 151 /* Display only those verbs that match the current tool mode. */ 152 for (i = 0; i < num_cmds; i++) { 153 /* Do NOT i18n/l10n. */ 154 (void) fprintf(stdout, "\t%s\n", cmds[i].synopsis); 155 } 156 } 157 158 static int 159 kc_help() 160 { 161 usage(); 162 return (0); 163 } 164 165 int 166 main(int argc, char *argv[]) 167 { 168 KMF_RETURN ret; 169 int found; 170 int i; 171 172 (void) setlocale(LC_ALL, ""); 173 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D. */ 174 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it isn't. */ 175 #endif 176 (void) textdomain(TEXT_DOMAIN); 177 178 prog = basename(argv[0]); 179 argv++; argc--; 180 181 if (argc == 0) { 182 usage(); 183 exit(1); 184 } 185 186 if (argc == 1 && argv[0][0] == '-') { 187 switch (argv[0][1]) { 188 case '?': 189 return (kc_help()); 190 default: 191 usage(); 192 exit(1); 193 } 194 } 195 196 found = -1; 197 for (i = 0; i < num_cmds; i++) { 198 if (strcmp(cmds[i].verb, argv[0]) == 0) { 199 found = i; 200 break; 201 } 202 } 203 204 if (found < 0) { 205 (void) fprintf(stderr, gettext("Invalid command: %s\n"), 206 argv[0]); 207 exit(1); 208 } 209 210 ret = (*cmds[found].action)(argc, argv); 211 212 switch (ret) { 213 case KC_OK: 214 break; 215 case KC_ERR_USAGE: 216 break; 217 case KC_ERR_LOADDB: 218 (void) fprintf(stderr, 219 gettext("Error loading database\n")); 220 break; 221 case KC_ERR_FIND_POLICY: 222 break; 223 case KC_ERR_DELETE_POLICY: 224 (void) fprintf(stderr, gettext("Error deleting policy " 225 "from database.\n")); 226 break; 227 case KC_ERR_ADD_POLICY: 228 break; 229 case KC_ERR_VERIFY_POLICY: 230 break; 231 case KC_ERR_INCOMPLETE_POLICY: 232 break; 233 case KC_ERR_MEMORY: 234 (void) fprintf(stderr, gettext("Out of memory.\n")); 235 break; 236 case KC_ERR_ACCESS: 237 break; 238 default: 239 (void) fprintf(stderr, gettext("%s operation failed. " 240 "error 0x%02x\n"), cmds[found].verb, ret); 241 break; 242 } 243 244 return (ret); 245 } 246