5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * CDDL HEADER START
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * The contents of this file are subject to the terms of the
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Common Development and Distribution License (the "License").
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * You may not use this file except in compliance with the License.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * or http://www.opensolaris.org/os/licensing.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * See the License for the specific language governing permissions
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * and limitations under the License.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * When distributing Covered Code, include this CDDL HEADER in each
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * If applicable, add the following below this CDDL HEADER, with the
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * fields enclosed by brackets "[]" replaced with your own identifying
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * information: Portions Copyright [yyyy] [name of copyright owner]
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * CDDL HEADER END
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Use is subject to license terms.
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Name: listcert
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Desc: Lists one or more certificates from the keystore
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * Syntax: listcert [-a app] [-f format] [-k keystore] \
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * [-n name] [-o outfile] [-P passarg] [-R altroot]
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland while ((i = getopt(argc, argv, ":a:f:k:n:o:P:R:")) != EOF) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_MISSING_OPERAND, optopt);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* fallthrough intentional */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* should be no arguments left */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* figure out format */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_BAD_FORMAT, format_str);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* open output file */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if ((outfile = fopen(outfile_str, "w+")) == NULL) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_OPEN_WRITE, outfile_str);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* set up proper keystore */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcpy(keystore_file, altroot, MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, "/", MAXPATHLEN) >= MAXPATHLEN) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_TOO_LONG, altroot);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * If we have an alternate
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * root, then we have no choice but to use
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * root's keystore on that alternate root,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * since there is no way to resolve a
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * user's home dir given an alternate root
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * not superuser, but no home dir, so
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland * use superuser's keystore
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (strlcat(keystore_file, "/.pkg/security",
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* now load the key store */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_DEBUG, "Loading keystore <%s>", keystore_file);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_prompt(MSG_KEYSTORE_PASSPROMPT);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (open_keystore(err, keystore_file, prog,
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* list the certs */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_DEBUG, "Listing certificates");
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (print_certs(err, keystore, alias, format, outfile) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* now close it out */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_DEBUG, "Closing keystore");
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland set_passphrase_prompt(MSG_KEYSTORE_PASSOUTPROMPT);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland if (close_keystore(err, keystore, pkg_passphrase_cb) != 0) {
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland log_msg(LOG_MSG_ERR, MSG_PRINT, outfile_str);
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* everything worked */
5c51f1241dbbdf2656d0e10011981411ed0c9673Moriah Waterland /* fallthrough intentional */