[systemtap.git] / stap-authorize-cert

#!/bin/bash

# Add an existing server certificate to a
# database of trusted servers for the client.
#
# Copyright (C) 2008, 2009 Red Hat Inc.
#
# This file is part of systemtap, and is free software.  You can
# redistribute it and/or modify it under the terms of the GNU General
# Public License (GPL); either version 2, or (at your option) any
# later version.

certfile=$1
certdb=$2

# Obtain the filename of the certificate
if  test "X$certfile" = "X"; then
    echo "Certificate file must be specified" >&2
    exit 1
fi
if ! test -f $certfile; then
    echo "Cannot find certificate file $certfile" >&2
    exit 1
fi

# Obtain the certificate database directory name.
if  test "X$certdb" = "X"; then
    echo "Certificate database directory must be specified" >&2
    exit 1
fi
if ! test -d $certdb; then
    if ! mkdir -p -m 755 $certdb; then
	echo "Unable to find or create the client certificate database directory: $certdb" >&2
	exit 1
    fi
fi

# Add the certificate
if ! certutil -A -n stap-server -d $certdb -i $certfile -t "P,P,P" > /dev/null; then
    echo "Unable to add $certfile to the client certificate database $certdb" >&2
    exit 1
fi

# Ensure that the database is readable by others
if ! chmod +r $certdb/*.db; then
    echo "Warning: unable to make the client certificate database $certdb readable by others" >&2
fi

echo "Certificate $certfile added to database $certdb"

exit 0
Commit	Line	Data
46a8c85f DB	1	#!/bin/bash
46a8c85f DB	2
98f552c2	3	# Add an existing server certificate to a
46a8c85f DB	4	# database of trusted servers for the client.
46a8c85f DB	5	#
64aa100f	6	# Copyright (C) 2008, 2009 Red Hat Inc.
46a8c85f DB	7	#
	8	# This file is part of systemtap, and is free software. You can
	9	# redistribute it and/or modify it under the terms of the GNU General
	10	# Public License (GPL); either version 2, or (at your option) any
	11	# later version.
	12
98f552c2 DB	13	certfile=$1
	14	certdb=$2
	15
46a8c85f	16	# Obtain the filename of the certificate
98f552c2	17	if test "X$certfile" = "X"; then
46a8c85f DB	18	echo "Certificate file must be specified" >&2
	19	exit 1
	20	fi
98f552c2 DB	21	if ! test -f $certfile; then
98f552c2 DB	22	echo "Cannot find certificate file $certfile" >&2
46a8c85f DB	23	exit 1
	24	fi
	25
	26	# Obtain the certificate database directory name.
98f552c2	27	if test "X$certdb" = "X"; then
46a8c85f DB	28	echo "Certificate database directory must be specified" >&2
	29	exit 1
	30	fi
98f552c2 DB	31	if ! test -d $certdb; then
	32	if ! mkdir -p -m 755 $certdb; then
	33	echo "Unable to find or create the client certificate database directory: $certdb" >&2
64aa100f DB	34	exit 1
64aa100f DB	35	fi
46a8c85f DB	36	fi
46a8c85f DB	37
64aa100f	38	# Add the certificate
98f552c2 DB	39	if ! certutil -A -n stap-server -d $certdb -i $certfile -t "P,P,P" > /dev/null; then
98f552c2 DB	40	echo "Unable to add $certfile to the client certificate database $certdb" >&2
46a8c85f DB	41	exit 1
	42	fi
	43
64aa100f	44	# Ensure that the database is readable by others
98f552c2 DB	45	if ! chmod +r $certdb/*.db; then
98f552c2 DB	46	echo "Warning: unable to make the client certificate database $certdb readable by others" >&2
64aa100f	47	fi
64aa100f	48
2ba4c606 DB	49	echo "Certificate $certfile added to database $certdb"
2ba4c606 DB	50
46a8c85f	51	exit 0