stap-authorize-cert.cxx

   1 /*
   2   Add the certificate contained in the given file to the given certificate database.
   3
   4   Copyright (C) 2011-2018 Red Hat Inc.
   5
   6   This file is part of systemtap, and is free software.  You can
   7   redistribute it and/or modify it under the terms of the GNU General Public
   8   License as published by the Free Software Foundation; either version 2 of the
   9   License, or (at your option) any later version.
  10
  11   This program is distributed in the hope that it will be useful,
  12   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14   GNU General Public License for more details.
  15
  16   You should have received a copy of the GNU General Public License
  17   along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 #include "config.h"
  20
  21 extern "C" {
  22 #include <nspr.h>
  23 }
  24 #include <string>
  25
  26 #include "util.h"
  27 #include "nsscommon.h"
  28
  29 using namespace std;
  30
  31 // Called by methods within nsscommon.
  32 extern "C"
  33 void
  34 nsscommon_error (const char *msg, int logit __attribute ((unused)))
  35 {
  36   clog << msg << endl << flush;
  37 }
  38
  39 static void
  40 fatal (const char *msg)
  41 {
  42   nsscommon_error (msg);
  43   exit (1);
  44 }
  45
  46 int
  47 main (int argc, char **argv) {
  48   // Obtain the filename of the certificate.
  49   if (argc < 2)
  50     {
  51       fatal (_("Certificate file must be specified"));
  52       return 1;
  53     }
  54   const char *certFileName = argv[1];
  55
  56   // Obtain the certificate database directory name.
  57   if (argc < 3)
  58     {
  59       fatal (_("Certificate database directory must be specified"));
  60       return 1;
  61     }
  62   const char *certDBName = argv[2];
  63
  64   // Make sure NSPR is initialized. Must be done before NSS is initialized
  65   PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
  66   /* Set the cert database password callback. */
  67   PK11_SetPasswordFunc (nssPasswordCallback);
  68
  69   // Add the certificate to the database.
  70   SECStatus secStatus = add_client_cert (certFileName, certDBName, db_nssinit);
  71   if (secStatus != SECSuccess)
  72     {
  73       // NSS message already issued.
  74       nsscommon_error (_("Unable to authorize certificate"));
  75     }
  76
  77   // Clean up.
  78   PR_Cleanup ();
  79
  80   return secStatus == SECSuccess;
  81 }