1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 *
21 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
22 */
23
24 #include <stdio.h>
25 #include <strings.h>
26 #include <ctype.h>
27 #include <libgen.h>
28 #include <libintl.h>
29 #include <locale.h>
30
31 #include <kmfapiP.h>
32
33 #include "util.h"
34
35 /*
36 * The verbcmd construct allows genericizing information about a verb so
37 * that it is easier to manipulate. Makes parsing code easier to read,
38 * fix, and extend with new verbs.
39 */
40 typedef struct verbcmd_s {
41 char *verb;
42 int (*action)(int, char *[]);
43 char *synopsis;
44 } verbcmd;
45
46 int kc_list(int argc, char *argv[]);
47 int kc_delete(int argc, char *argv[]);
48 int kc_create(int argc, char *argv[]);
49 int kc_modify(int argc, char *argv[]);
50 int kc_export(int argc, char *argv[]);
51 int kc_import(int argc, char *argv[]);
52 int kc_install(int argc, char *argv[]);
53 int kc_uninstall(int argc, char *argv[]);
54
55 static int kc_help();
56
57 static verbcmd cmds[] = {
58 { "list", kc_list,
59 "list [dbfile=dbfile] [policy=policyname]\n"
60 "\tlist plugin" },
61 { "delete", kc_delete, "delete [dbfile=dbfile] "
62 "policy=policyname" },
63 { "create", kc_create,
64 "create [dbfile=dbfile] policy=policyname\n"
65 "\t\t[ignore-date=true|false]\n"
66 "\t\t[ignore-unknown-eku=true|false]\n"
67 "\t\t[ignore-trust-anchor=true|false]\n"
68 "\t\t[validity-adjusttime=adjusttime]\n"
69 "\t\t[ta-name=trust anchor subject DN]\n"
70 "\t\t[ta-serial=trust anchor serial number]\n"
71 "\t\t[ocsp-responder=URL]\n"
72 "\t\t[ocsp-proxy=URL]\n"
73 "\t\t[ocsp-use-cert-responder=true|false]\n"
74 "\t\t[ocsp-response-lifetime=timelimit]\n"
75 "\t\t[ocsp-ignore-response-sign=true|false]\n"
76 "\t\t[ocsp-responder-cert-name=Issuer DN]\n"
77 "\t\t[ocsp-responder-cert-serial=serial number]\n"
78 "\t\t[crl-basefilename=basefilename]\n"
79 "\t\t[crl-directory=directory]\n"
80 "\t\t[crl-get-crl-uri=true|false]\n"
81 "\t\t[crl-proxy=URL]\n"
82 "\t\t[crl-ignore-crl-sign=true|false]\n"
83 "\t\t[crl-ignore-crl-date=true|false]\n"
84 "\t\t[keyusage=digitalSignature|nonRepudiation\n\t"
85 "\t\t|keyEncipherment | dataEncipherment |\n\t"
86 "\t\tkeyAgreement |keyCertSign |\n\t"
87 "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n"
88 "\t\t[ekunames=serverAuth | clientAuth |\n\t"
89 "\t\tcodeSigning | emailProtection |\n\t"
90 "\t\tipsecEndSystem | ipsecTunnel |\n\t"
91 "\t\tipsecUser | timeStamping |\n\t"
92 "\t\tOCSPSigning],[...]\n"
93 "\t\t[ekuoids=OID,OID,OID...]\n"
94 "\t\t[mapper-name=name of mapper library]\n"
95 "\t\t[mapper-directory=dir where mapper library resides]\n"
96 "\t\t[mapper-path=full pathname of mapper library]\n"
97 "\t\t[mapper-options=mapper options]\n"},
98 { "modify", kc_modify,
99 "modify [dbfile=dbfile] policy=policyname\n"
100 "\t\t[ignore-date=true|false]\n"
101 "\t\t[ignore-unknown-eku=true|false]\n"
102 "\t\t[ignore-trust-anchor=true|false]\n"
103 "\t\t[validity-adjusttime=adjusttime]\n"
104 "\t\t[ta-name=trust anchor subject DN | search]\n"
105 "\t\t[ta-serial=trust anchor serial number]\n"
106 "\t\t[ocsp-responder=URL]\n"
107 "\t\t[ocsp-proxy=URL]\n"
108 "\t\t[ocsp-use-cert-responder=true|false]\n"
109 "\t\t[ocsp-response-lifetime=timelimit]\n"
110 "\t\t[ocsp-ignore-response-sign=true|false]\n"
111 "\t\t[ocsp-responder-cert-name=Issuer DN]\n"
112 "\t\t[ocsp-responder-cert-serial=serial number]\n"
113 "\t\t[ocsp-none=true|false]\n"
114 "\t\t[crl-basefilename=basefilename]\n"
115 "\t\t[crl-directory=directory]\n"
116 "\t\t[crl-get-crl-uri=true|false]\n"
117 "\t\t[crl-proxy=URL]\n"
118 "\t\t[crl-ignore-crl-sign=true|false]\n"
119 "\t\t[crl-ignore-crl-date=true|false]\n"
120 "\t\t[crl-none=true|false]\n"
121 "\t\t[keyusage=digitalSignature|nonRepudiation\n\t"
122 "\t\t|keyEncipherment | dataEncipherment |\n\t"
123 "\t\tkeyAgreement |keyCertSign |\n\t"
124 "\t\tcRLSign | encipherOnly | decipherOnly],[...]\n"
125 "\t\t[keyusage-none=true|false]\n"
126 "\t\t[ekunames=serverAuth | clientAuth |\n\t"
127 "\t\tcodeSigning | emailProtection |\n\t"
128 "\t\tipsecEndSystem | ipsecTunnel |\n\t"
129 "\t\tipsecUser | timeStamping |\n\t"
130 "\t\tOCSPSigning],[...]\n"
131 "\t\t[ekuoids=OID,OID,OID...]\n"
132 "\t\t[eku-none=true|false]\n\n"
133 "\t\t[mapper-name=name of mapper library]\n"
134 "\t\t[mapper-directory=dir where mapper library resides]\n"
135 "\t\t[mapper-path=full pathname of mapper library]\n"
136 "\t\t[mapper-options=mapper options]\n"
137 "\tmodify plugin keystore=keystorename option=optionstring\n"},
138
139 { "import", kc_import, "import [dbfile=dbfile] policy=policyname "
140 "infile=inputdbfile\n" },
141 { "export", kc_export, "export [dbfile=dbfile] policy=policyname "
142 "outfile=newdbfile\n" },
143 { "install", kc_install, "install keystore=keystorename "
144 "modulepath=path [option=optionstring]\n"},
145 { "uninstall", kc_uninstall, "uninstall keystore=keystorename\n"},
146 { "-?", kc_help, "help"},
147 { "help", kc_help, ""}
148 };
149
150 static int num_cmds = sizeof (cmds) / sizeof (verbcmd);
151 static char *prog;
152
153 static void
154 usage(void)
155 {
156 int i;
157
158 /* Display this block only in command-line mode. */
159 (void) fprintf(stdout, gettext("Usage:\n"));
160 (void) fprintf(stdout, gettext("\t%s -?\t(help and usage)\n"), prog);
161 (void) fprintf(stdout, gettext("\t%s subcommand [options...]\n"), prog);
162 (void) fprintf(stdout, gettext("where subcommands may be:\n"));
163
164 /* Display only those verbs that match the current tool mode. */
165 for (i = 0; i < num_cmds; i++) {
166 /* Do NOT i18n/l10n. */
167 (void) fprintf(stdout, "\t%s\n", cmds[i].synopsis);
168 }
169 }
170
171 static int
172 kc_help()
173 {
174 usage();
175 return (0);
176 }
177
178 int
179 main(int argc, char *argv[])
180 {
181 int ret;
182 int found;
183 int i;
184
185 (void) setlocale(LC_ALL, "");
186 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D. */
187 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it isn't. */
188 #endif
189 (void) textdomain(TEXT_DOMAIN);
190
191 prog = basename(argv[0]);
192 argv++; argc--;
193
194 if (argc == 0) {
195 usage();
196 exit(1);
197 }
198
199 if (argc == 1 && argv[0][0] == '-') {
200 switch (argv[0][1]) {
201 case '?':
202 return (kc_help());
203 default:
204 usage();
205 exit(1);
206 }
207 }
208
209 found = -1;
210 for (i = 0; i < num_cmds; i++) {
211 if (strcmp(cmds[i].verb, argv[0]) == 0) {
212 found = i;
213 break;
214 }
215 }
216
217 if (found < 0) {
218 (void) fprintf(stderr, gettext("Invalid command: %s\n"),
219 argv[0]);
220 exit(1);
221 }
222
223 /*
224 * Note the action functions can return values from
225 * the key management framework, and those values can conflict
226 * with the utility error codes.
227 */
228 ret = (*cmds[found].action)(argc, argv);
229
230 switch (ret) {
231 case KC_OK:
232 break;
233 case KC_ERR_USAGE:
234 break;
235 case KC_ERR_LOADDB:
236 (void) fprintf(stderr,
237 gettext("Error loading database\n"));
238 break;
239 case KC_ERR_FIND_POLICY:
240 break;
241 case KC_ERR_DELETE_POLICY:
242 (void) fprintf(stderr, gettext("Error deleting policy "
243 "from database.\n"));
244 break;
245 case KC_ERR_ADD_POLICY:
246 break;
247 case KC_ERR_VERIFY_POLICY:
248 break;
249 case KC_ERR_INCOMPLETE_POLICY:
250 break;
251 case KC_ERR_MEMORY:
252 (void) fprintf(stderr, gettext("Out of memory.\n"));
253 break;
254 case KC_ERR_ACCESS:
255 break;
256 case KC_ERR_INSTALL:
257 break;
258 case KC_ERR_UNINSTALL:
259 break;
260 default:
261 (void) fprintf(stderr, gettext("%s operation failed. "
262 "error 0x%02x\n"), cmds[found].verb, ret);
263 break;
264 }
265
266 return (ret);
267 }