stap-gen-cert.cxx - systemtap

Global variables defined

cert_db_path
dnsNames
use_db_password
Functions defined

main
nsscommon_error
parse_options
Source code

/*

  Generate the SSL/signing certificate used by the Systemtap Compile Server.



  Copyright (C) 2011 Red Hat Inc.



  This file is part of systemtap, and is free software.  You can

  redistribute it and/or modify it under the terms of the GNU General Public

  License as published by the Free Software Foundation; either version 2 of the

  License, or (at your option) any later version.



  This program is distributed in the hope that it will be useful,

  but WITHOUT ANY WARRANTY; without even the implied warranty of

  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  GNU General Public License for more details.



  You should have received a copy of the GNU General Public License

  along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/

#include "config.h"



extern "C" {

#include <getopt.h>

#include <nspr.h>

}

#include <string>



#include "util.h"

#include "nsscommon.h"



using namespace std;



// Called from methods within nsscommon.cxx.

extern "C"

void

‌nsscommon_error (const char *msg, int logit __attribute ((unused)))

{

  clog << msg << endl;

}



/* getopt variables */

extern int optind;



/* File scope statics */

‌static bool use_db_password;

‌static string cert_db_path;

‌static string dnsNames;



static void

‌parse_options (int argc, char **argv)

{

  // Examine the command line.

  while (true)

    {

      int grc = getopt (argc, argv, "P");

      if (grc < 0)

        break;

      switch (grc)

        {

        case 'P':

      use_db_password = true;

      break;

    case '?':

      // Invalid/unrecognized option given. Message has already been issued.

      break;

        default:

          // Reached when one added a getopt option but not a corresponding switch/case:

          if (optarg)

        nsscommon_error (_F("%s : unhandled option '%c %s'", argv[0], (char)grc, optarg));

          else

        nsscommon_error (_F("%s : unhandled option '%c'", argv[0], (char)grc));

      break;

    }

    }



  if (optind < argc)

    {

      // The first non-option is the certificate database path.

      cert_db_path = argv[optind];

      ++optind;



      // All other non options are additional dns names for the certificate.

      for (int i = optind; i < argc; i++)

    {

      if (! dnsNames.empty ())

        dnsNames += ",";

      dnsNames += argv[i];

    }

    }

}



int

‌main (int argc, char **argv) {

  // Initial values.

  dnsNames.clear ();

  use_db_password = false;



  // Parse the arguments.

  parse_options (argc, argv);



  // Where is the ssl certificate/key database?

  if (cert_db_path.empty ())

    cert_db_path = server_cert_db_path ();



  // Make sure NSPR is initialized. Must be done before NSS is initialized

  PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);

  /* Set the cert database password callback. */

  PK11_SetPasswordFunc (nssPasswordCallback);



  // Generate the certificate database.

  int rc = gen_cert_db (cert_db_path, dnsNames, use_db_password);

  if (rc != 0)

    {

      // NSS message already issued.

      nsscommon_error (_("Unable to generate certificate"));

    }



  /* Exit NSPR gracefully. */

  PR_Cleanup ();



  return rc;

}