[systemtap.git] / stap-gen-cert.cxx

/*
  Generate the SSL/signing certificate used by the Systemtap Compile Server.

  Copyright (C) 2011 Red Hat Inc.

  This file is part of systemtap, and is free software.  You can
  redistribute it and/or modify it under the terms of the GNU General Public
  License as published by the Free Software Foundation; either version 2 of the
  License, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"

extern "C" {
#include <getopt.h>
#include <nspr.h>
}
#include <string>

#include "util.h"
#include "nsscommon.h"

using namespace std;

// Called from methods within nsscommon.cxx.
extern "C"
void
nsscommon_error (const char *msg, int logit __attribute ((unused)))
{
  clog << msg << endl;
}

/* getopt variables */
extern int optind;

/* File scope statics */
static bool use_db_password;
static string cert_db_path;
static string dnsNames;

static void
parse_options (int argc, char **argv)
{
  // Examine the command line.
  while (true)
    {
      int grc = getopt (argc, argv, "P");
      if (grc < 0)
        break;
      switch (grc)
        {
        case 'P':
	  use_db_password = true;
	  break;
	case '?':
	  // Invalid/unrecognized option given. Message has already been issued.
	  break;
        default:
          // Reached when one added a getopt option but not a corresponding switch/case:
          if (optarg)
	    nsscommon_error (_F("%s : unhandled option '%c %s'", argv[0], (char)grc, optarg));
          else
	    nsscommon_error (_F("%s : unhandled option '%c'", argv[0], (char)grc));
	  break;
	}
    }
  
  if (optind < argc)
    {
      // The first non-option is the certificate database path.
      cert_db_path = argv[optind];
      ++optind;

      // All other non options are additional dns names for the certificate.
      for (int i = optind; i < argc; i++)
	{
	  if (! dnsNames.empty ())
	    dnsNames += ",";
	  dnsNames += argv[i];
	}
    }
}

int
main (int argc, char **argv) {
  // Initial values.
  dnsNames.clear ();
  use_db_password = false;

  // Parse the arguments.
  parse_options (argc, argv);

  // Where is the ssl certificate/key database?
  if (cert_db_path.empty ())
    cert_db_path = server_cert_db_path ();

  // Make sure NSPR is initialized. Must be done before NSS is initialized
  PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
  /* Set the cert database password callback. */
  PK11_SetPasswordFunc (nssPasswordCallback);

  // Generate the certificate database.
  int rc = gen_cert_db (cert_db_path, dnsNames, use_db_password);
  if (rc != 0)
    {
      // NSS message already issued.
      nsscommon_error (_("Unable to generate certificate"));
    }
  
  /* Exit NSPR gracefully. */
  PR_Cleanup ();

  return rc;
}
Commit	Line	Data
aeb9cc10 DB	1	/*
	2	Generate the SSL/signing certificate used by the Systemtap Compile Server.
	3
	4	Copyright (C) 2011 Red Hat Inc.
	5
	6	This file is part of systemtap, and is free software. You can
	7	redistribute it and/or modify it under the terms of the GNU General Public
	8	License as published by the Free Software Foundation; either version 2 of the
	9	License, or (at your option) any later version.
	10
	11	This program is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	GNU General Public License for more details.
	15
	16	You should have received a copy of the GNU General Public License
e8daaf60	17	along with this program. If not, see <http://www.gnu.org/licenses/>.
aeb9cc10 DB	18	*/
	19	#include "config.h"
	20
	21	extern "C" {
	22	#include <getopt.h>
	23	#include <nspr.h>
	24	}
	25	#include <string>
	26
	27	#include "util.h"
	28	#include "nsscommon.h"
	29
	30	using namespace std;
	31
	32	// Called from methods within nsscommon.cxx.
	33	extern "C"
	34	void
	35	nsscommon_error (const char *msg, int logit __attribute ((unused)))
	36	{
	37	clog << msg << endl;
	38	}
	39
	40	/* getopt variables */
	41	extern int optind;
	42
	43	/* File scope statics */
	44	static bool use_db_password;
	45	static string cert_db_path;
	46	static string dnsNames;
	47
	48	static void
	49	parse_options (int argc, char **argv)
	50	{
	51	// Examine the command line.
	52	while (true)
	53	{
	54	int grc = getopt (argc, argv, "P");
	55	if (grc < 0)
	56	break;
	57	switch (grc)
	58	{
	59	case 'P':
	60	use_db_password = true;
	61	break;
	62	case '?':
	63	// Invalid/unrecognized option given. Message has already been issued.
	64	break;
	65	default:
	66	// Reached when one added a getopt option but not a corresponding switch/case:
	67	if (optarg)
	68	nsscommon_error (_F("%s : unhandled option '%c %s'", argv[0], (char)grc, optarg));
	69	else
	70	nsscommon_error (_F("%s : unhandled option '%c'", argv[0], (char)grc));
	71	break;
	72	}
	73	}
	74
	75	if (optind < argc)
	76	{
	77	// The first non-option is the certificate database path.
	78	cert_db_path = argv[optind];
	79	++optind;
	80
	81	// All other non options are additional dns names for the certificate.
82	for (int i = optind; i < argc; i++)
83	{
84	if (! dnsNames.empty ())
85	dnsNames += ",";
86	dnsNames += argv[i];
87	}
88	}
89	}
90
91	int
92	main (int argc, char **argv) {
93	// Initial values.
94	dnsNames.clear ();
95	use_db_password = false;
96
97	// Parse the arguments.
98	parse_options (argc, argv);
99
100	// Where is the ssl certificate/key database?
101	if (cert_db_path.empty ())
102	cert_db_path = server_cert_db_path ();
103
104	// Make sure NSPR is initialized. Must be done before NSS is initialized
105	PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
106	/* Set the cert database password callback. */
107	PK11_SetPasswordFunc (nssPasswordCallback);
108
109	// Generate the certificate database.
110	int rc = gen_cert_db (cert_db_path, dnsNames, use_db_password);
111	if (rc != 0)
112	{
113	// NSS message already issued.
114	nsscommon_error (_("Unable to generate certificate"));
115	}
116
117	/* Exit NSPR gracefully. */
118	PR_Cleanup ();
119
120	return rc;
121	}