-
Notifications
You must be signed in to change notification settings - Fork 4
/
stap-gen-cert.cxx
121 lines (101 loc) · 3.01 KB
/
stap-gen-cert.cxx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
Generate the SSL/signing certificate used by the Systemtap Compile Server.
Copyright (C) 2011 Red Hat Inc.
This file is part of systemtap, and is free software. You can
redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
extern "C" {
#include <getopt.h>
#include <nspr.h>
}
#include <string>
#include "util.h"
#include "nsscommon.h"
using namespace std;
// Called from methods within nsscommon.cxx.
extern "C"
void
nsscommon_error (const char *msg, int logit __attribute ((unused)))
{
clog << msg << endl;
}
/* getopt variables */
extern int optind;
/* File scope statics */
static bool use_db_password;
static string cert_db_path;
static string dnsNames;
static void
parse_options (int argc, char **argv)
{
// Examine the command line.
while (true)
{
int grc = getopt (argc, argv, "P");
if (grc < 0)
break;
switch (grc)
{
case 'P':
use_db_password = true;
break;
case '?':
// Invalid/unrecognized option given. Message has already been issued.
break;
default:
// Reached when one added a getopt option but not a corresponding switch/case:
if (optarg)
nsscommon_error (_F("%s : unhandled option '%c %s'", argv[0], (char)grc, optarg));
else
nsscommon_error (_F("%s : unhandled option '%c'", argv[0], (char)grc));
break;
}
}
if (optind < argc)
{
// The first non-option is the certificate database path.
cert_db_path = argv[optind];
++optind;
// All other non options are additional dns names for the certificate.
for (int i = optind; i < argc; i++)
{
if (! dnsNames.empty ())
dnsNames += ",";
dnsNames += argv[i];
}
}
}
int
main (int argc, char **argv) {
// Initial values.
dnsNames.clear ();
use_db_password = false;
// Parse the arguments.
parse_options (argc, argv);
// Where is the ssl certificate/key database?
if (cert_db_path.empty ())
cert_db_path = server_cert_db_path ();
// Make sure NSPR is initialized. Must be done before NSS is initialized
PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* Set the cert database password callback. */
PK11_SetPasswordFunc (nssPasswordCallback);
// Generate the certificate database.
int rc = gen_cert_db (cert_db_path, dnsNames, use_db_password);
if (rc != 0)
{
// NSS message already issued.
nsscommon_error (_("Unable to generate certificate"));
}
/* Exit NSPR gracefully. */
PR_Cleanup ();
return rc;
}