]>
Commit | Line | Data |
---|---|---|
aeb9cc10 DB |
1 | /* |
2 | Generate the SSL/signing certificate used by the Systemtap Compile Server. | |
3 | ||
4 | Copyright (C) 2011 Red Hat Inc. | |
5 | ||
6 | This file is part of systemtap, and is free software. You can | |
7 | redistribute it and/or modify it under the terms of the GNU General Public | |
8 | License as published by the Free Software Foundation; either version 2 of the | |
9 | License, or (at your option) any later version. | |
10 | ||
11 | This program is distributed in the hope that it will be useful, | |
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | GNU General Public License for more details. | |
15 | ||
16 | You should have received a copy of the GNU General Public License | |
e8daaf60 | 17 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
aeb9cc10 DB |
18 | */ |
19 | #include "config.h" | |
20 | ||
21 | extern "C" { | |
22 | #include <getopt.h> | |
23 | #include <nspr.h> | |
24 | } | |
25 | #include <string> | |
26 | ||
27 | #include "util.h" | |
28 | #include "nsscommon.h" | |
29 | ||
30 | using namespace std; | |
31 | ||
32 | // Called from methods within nsscommon.cxx. | |
33 | extern "C" | |
34 | void | |
35 | nsscommon_error (const char *msg, int logit __attribute ((unused))) | |
36 | { | |
37 | clog << msg << endl; | |
38 | } | |
39 | ||
40 | /* getopt variables */ | |
41 | extern int optind; | |
42 | ||
43 | /* File scope statics */ | |
44 | static bool use_db_password; | |
45 | static string cert_db_path; | |
46 | static string dnsNames; | |
47 | ||
48 | static void | |
49 | parse_options (int argc, char **argv) | |
50 | { | |
51 | // Examine the command line. | |
52 | while (true) | |
53 | { | |
54 | int grc = getopt (argc, argv, "P"); | |
55 | if (grc < 0) | |
56 | break; | |
57 | switch (grc) | |
58 | { | |
59 | case 'P': | |
60 | use_db_password = true; | |
61 | break; | |
62 | case '?': | |
63 | // Invalid/unrecognized option given. Message has already been issued. | |
64 | break; | |
65 | default: | |
66 | // Reached when one added a getopt option but not a corresponding switch/case: | |
67 | if (optarg) | |
68 | nsscommon_error (_F("%s : unhandled option '%c %s'", argv[0], (char)grc, optarg)); | |
69 | else | |
70 | nsscommon_error (_F("%s : unhandled option '%c'", argv[0], (char)grc)); | |
71 | break; | |
72 | } | |
73 | } | |
74 | ||
75 | if (optind < argc) | |
76 | { | |
77 | // The first non-option is the certificate database path. | |
78 | cert_db_path = argv[optind]; | |
79 | ++optind; | |
80 | ||
81 | // All other non options are additional dns names for the certificate. | |
82 | for (int i = optind; i < argc; i++) | |
83 | { | |
84 | if (! dnsNames.empty ()) | |
85 | dnsNames += ","; | |
86 | dnsNames += argv[i]; | |
87 | } | |
88 | } | |
89 | } | |
90 | ||
91 | int | |
92 | main (int argc, char **argv) { | |
93 | // Initial values. | |
94 | dnsNames.clear (); | |
95 | use_db_password = false; | |
96 | ||
97 | // Parse the arguments. | |
98 | parse_options (argc, argv); | |
99 | ||
100 | // Where is the ssl certificate/key database? | |
101 | if (cert_db_path.empty ()) | |
102 | cert_db_path = server_cert_db_path (); | |
103 | ||
104 | // Make sure NSPR is initialized. Must be done before NSS is initialized | |
105 | PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); | |
106 | /* Set the cert database password callback. */ | |
107 | PK11_SetPasswordFunc (nssPasswordCallback); | |
108 | ||
109 | // Generate the certificate database. | |
110 | int rc = gen_cert_db (cert_db_path, dnsNames, use_db_password); | |
111 | if (rc != 0) | |
112 | { | |
113 | // NSS message already issued. | |
114 | nsscommon_error (_("Unable to generate certificate")); | |
115 | } | |
116 | ||
117 | /* Exit NSPR gracefully. */ | |
118 | PR_Cleanup (); | |
119 | ||
120 | return rc; | |
121 | } |